Method and apparatus for policy management in a network device

US 7,555,552 B2
Filed: 02/07/2007
Issued: 06/30/2009
Est. Priority Date: 03/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing policies within a network intermediary device, comprising:

opening a network connection between a client and the network intermediary device when said connection is permitted by a policy comprising a first rule set relating to network connections;

processing a transaction over the network connection according to at least one additional policy, said additional policy comprising a second rule set for processing data received at the intermediary device for the transaction, said second rule set being different from the first rule set, the transaction comprising a request received from a client over the network connection;

utilizing a policy ticket describing actions and properties to be taken during a communication, said actions and properties corresponding to a version of policy rules current at a beginning of the communication and updated thereafter, as the policy ticket is transported between a plurality of checkpoints defining a flow of the communication and according to determinations, at any of the plurality of checkpoints, of actions to be taken during the communication;

upon completion of the transaction, closing the network connection when an evaluation determines that the connection should be closed, and not closing the connection when an evaluation determines that the connection should not be closed; and

in the event the connection is not closed, reusing, subject to the at least one additional policy, the connection for further transactions with the client.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for policy management in a network intermediary device. One embodiment of the invention, includes establishing a session between a client and an intermediary device on a network to enable processing of a communication between the client and the intermediary device. Then, the communication is processed by the intermediary device while maintaining a consistent version of policy throughout the communication. Finally, after the communication is complete, the intermediary terminates the communication. The intermediary device may maintain consistent policy by utilizing a policy ticket upon which transactional information is stored and that references the version of policy that was current when the communication first began. The policy ticket may be transported throughout the intermediary device according to a “checkpoint” scheme, and at each checkpoint, evaluating the policy rules, if necessary, to determine appropriate actions to be taken based on current client and network information as applied to the policy rules.

20 Citations

View as Search Results

8 Claims

1. A method for managing policies within a network intermediary device, comprising:
- opening a network connection between a client and the network intermediary device when said connection is permitted by a policy comprising a first rule set relating to network connections;
  
  processing a transaction over the network connection according to at least one additional policy, said additional policy comprising a second rule set for processing data received at the intermediary device for the transaction, said second rule set being different from the first rule set, the transaction comprising a request received from a client over the network connection;
  
  utilizing a policy ticket describing actions and properties to be taken during a communication, said actions and properties corresponding to a version of policy rules current at a beginning of the communication and updated thereafter, as the policy ticket is transported between a plurality of checkpoints defining a flow of the communication and according to determinations, at any of the plurality of checkpoints, of actions to be taken during the communication;
  
  upon completion of the transaction, closing the network connection when an evaluation determines that the connection should be closed, and not closing the connection when an evaluation determines that the connection should not be closed; and
  
  in the event the connection is not closed, reusing, subject to the at least one additional policy, the connection for further transactions with the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the communication is any one of a connection or a transaction.
  - 3. The method of claim 1, wherein determinations of actions to be taken during the communications comprise evaluations of the policy rules according to information stored on the policy ticket or other pertinent information available to the network device.
  - 4. The method of claim 1, further comprising performing operations to the policy ticket in anticipation of evaluation at other checkpoints.
  - 5. The method of claim 4, wherein performing operations in anticipation of evaluation at other checkpoints includes executing the actions.
  - 6. The method of claim 4, wherein performing operations in anticipation of evaluation at other checkpoints includes storing on the policy ticket the actions to be subsequently executed by a transactor.
  - 7. The method of claim 4, wherein performing operations in anticipation of evaluation at other checkpoints includes maintaining evaluation states for the other checkpoints.
  - 8. The method of claim 4, wherein performing operations in anticipation of evaluation at other checkpoints includes marking the policy ticket for future checkpoints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Porter, Kevin, Maxted, Mark, Zuercher, Chris, Thurston, Matthew, Moen, Doug
Primary Examiner(s)
Winder; Patrice
Assistant Examiner(s)
Duong; Thomas

Application Number

US11/672,497
Publication Number

US 20070192827A1
Time in Patent Office

874 Days
Field of Search

709/225, 709/227
US Class Current

709/225
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/0281 Proxies

Method and apparatus for policy management in a network device

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for policy management in a network device

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links