Network policy evaluation
First Claim
Patent Images
1. A device, comprising:
- an interface to;
send network communication policy information to an evaluation module, where the network communication policy information is related to a plurality of network policies,receive a plurality of results from the evaluation module, where the plurality of results indicates whether a status of a network source device complies with the plurality of network policies, andsend an instruction to a network destination device that is to implement at least a subset of the network policies with respect to the network source device based on the instruction.
12 Assignments
0 Petitions
Accused Products
Abstract
A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the group of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.
-
Citations
38 Claims
-
1. A device, comprising:
an interface to; send network communication policy information to an evaluation module, where the network communication policy information is related to a plurality of network policies, receive a plurality of results from the evaluation module, where the plurality of results indicates whether a status of a network source device complies with the plurality of network policies, and send an instruction to a network destination device that is to implement at least a subset of the network policies with respect to the network source device based on the instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A network device, comprising:
an interface to; receive instructions related to network policies determined by a server with respect to a protected network device, where the instructions are related to policy results produced by an evaluation module operating in conjunction with the server, receive a message from an endpoint, where the message is intended for the protected network device, and forward the message to the protected network device when the endpoint complies with at least a subset of the network policies. - View Dependent Claims (15, 16)
-
17. A module, comprising:
-
interface logic to; receive network communication information identifying a plurality of network policies related to a network client device, and send policy results to a host device, where the policy results are related to the network client device; and evaluation logic to; process policy contents based on the network communication information, and produce the network policy results based on the processing of the policy contents, where the network policy results are used by the host device to implement the network policies with respect to a network destination device when the network client device attempts to communicate with the network destination device. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method, comprising:
-
sending network communication policy information to a module via an interface; receiving network policy results from the module in response to sending the network communication policy information; and sending an enforcement instruction to a network device based on the received network policy results, where the enforcement instruction causes the network device to allow a device to access a network resource when the device complies with at least one of a plurality of network policies that are related to the network communication policy information. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A device, comprising:
a module to; receive network device measurements, retrieve information related to a plurality of network communication policies pertaining to the health of the network device, retrieve at least a subset of the network communication policies based on the information, process the measurements with the at least a subset of the network communication policies to determine the health of the network device, generate network policy results representing the health of the network device based on the processing, and send the network policy results to a component in the device, where the results are used by the component to allow the network device to perform an operation when the health of the network device meets a determined threshold.
-
31. A computer readable memory device that stores instructions executable by a processing device, the computer readable memory device comprising:
-
instructions for receiving network communication policy information; instructions for retrieving a plurality of network policies based on the network communication policy information; instructions for determining whether a network device complies with the plurality of network policies; instructions for producing policy results based on the determining; and instructions for sending the policy results to a policy decision point that is to implement at least a subset of the network policies on behalf of a destination.
-
-
32. A device, comprising:
-
means for receiving measurements from a network source device via a first network; means for sending the measurements and network policy information to a module; means for receiving a plurality of network policy results from the module, where the plurality of network policy results are based on processing the measurements with a plurality of network policies identified by network policy information; and means for sending network policy enforcement instructions to a network device to allow the network source device to communicate with a network protected device via a second network when the network source device complies with at least a subset of the plurality of network policies.
-
-
33. A module, comprising:
-
interface logic to; receive measurements related to a client device, where the measurements are used to enforce a network policy with respect to the client device, receive network communication information identifying a plurality of network policies related to the client device, and send network policy results to a host device, where the network policy results are related to the client device; storage logic to; store or retrieve network policy contents for the plurality of network policies; and evaluation logic to; process the measurements and the network policy contents based on the network communication information, and produce the network policy results based on the processing, where the network policy results are used by the host device to implement the network policies with respect to a destination device and with respect to the client device.
-
-
34. A network device, comprising:
a module to; retrieve data communication information related to a plurality of network policies pertaining to the health of the network device, retrieve at least a subset of the policies based on the data communication information, determine the health of the network device using the subset of the network policies, generate policy results representing the health of the network device, and send the policy results to a component in the network device, where the results are used by the component to allow the network device to perform an operation when the health of the network device meets a determined threshold.
-
35. A method, comprising:
-
receiving policy information related to a network source device used to transmit information via an interface; identifying a plurality of policies related to the policy information; processing the policy information using the plurality of policies; determining policy results based on the processing; and sending the policy results to a destination for use in enforcing at least a subset of the plurality of policies with respect to the network source device. - View Dependent Claims (36, 37, 38)
-
Specification