Delayed policy evaluation

US 7,603,333 B2
Filed: 06/14/2006
Issued: 10/13/2009
Est. Priority Date: 06/14/2006
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for communicating between a rules engine implemented in a firewall and a plurality of criteria providers, the method comprising:

(a) determining, via the processor, the plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule;

(b) providing a call from the rules engine to each criteria provider of the plurality of criteria providers for information indicative of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein;

if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the called for information from the respective criteria provider to the rules engine; and

if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved;

(c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.

18 Citations

View as Search Results

14 Claims

1. A processor-implemented method for communicating between a rules engine implemented in a firewall and a plurality of criteria providers, the method comprising:
- (a) determining, via the processor, the plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule;
  
  (b) providing a call from the rules engine to each criteria provider of the plurality of criteria providers for information indicative of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein;
  
  if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the called for information from the respective criteria provider to the rules engine; and
  
  if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved;
  
  (c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method in accordance with claim 1, further comprising:
    - if an evaluation of unresolved criterion is no longer needed, ceasing providing the call to the respective criteria provider.
  - 3. A method in accordance with claim 1, further comprising registering new criteria providers without requiring a change to the rules engine.
  - 4. A method in accordance with claim 1, further comprising:
    - receiving from a one criteria provider, a notification indicative of an evaluation thereby being complete;
      
      responsive to the notification, providing an indication of the notification to the rules engine; and
      
      providing the called for information from the one criteria provider to the rules engine.
  - 5. A method in accordance with claim 1, wherein:
    - the rules engine is implemented in a firewall;
      
      a policy is enforced by the rules engine; and
      
      the plurality of criteria providers is determined in accordance with the policy enforced by the rules engine of the firewall.

6. A system comprising:
- a processor;
  
  a rules engine, implemented on the processor, that determines a plurality of criteria providers to enforce a policy, wherein each criterion of the plurality is associated with a respective criteria provider; and
  
  the plurality of criteria providers, each criteria provider;
  
  evaluating a respective criterion of a rule;
  
  determining if criteria received thereby is adequate for completing a respective evaluation;
  
  providing a notification indicative of the adequacy of the received criteria; and
  
  making a decision in accordance with the respective evaluation; and
  
  a policy manger;
  
  providing a call from the rules engine to each criteria provider of the plurality for information indicative of an evaluation of criteria received thereby;
  
  if criteria received by a criteria provider is adequate for completing a respective evaluation, providing the called for information from the respective criteria provider to the rules engine;
  
  if the criteria received by a criteria provider is not adequate for completing the evaluation, marking the respective criterion as unresolved; and
  
  for each unresolved criterion, providing a call from the rules engine to each criteria provider of the plurality for information indicative of an evaluation of criteria received thereby wherein, if the received criteria is adequate for completing the evaluation by the respective criteria provider, the queried for information is provided to the rules engine and the unresolved criterion no longer unresolved.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. A system in accordance with claim 6, the rules engine further determining an appropriate action in accordance with information provided by at least one of the plurality of criteria providers.
  - 8. A system in accordance with claim 6, the policy manager further:
    - if an evaluation of a specific unresolved criterion is no longer needed, ceasing providing a call to the specific criteria provider.
  - 9. A system in accordance with claim 6, the policy manager further registering new criteria providers without requiring a change in the rules engine.
  - 10. A system in accordance with claim 6, wherein the rules engine is implemented in a firewall.
  - 11. A system in accordance with claim 6, the policy manager further:
    - receiving from a one criteria provider, a notification indicative of an evaluation thereby being complete;
      
      responsive to the notification, providing an indication of the notification to the rules engine; and
      
      providing the called for information from the one criteria provider to the rules engine.

12. A processor-implemented method for evaluating a criteria provider, the method comprising:
- (a) determining, via the processor, a plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule;
  
  (b) querying each criteria provider of the plurality for information of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein;
  
  if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the queried for information; and
  
  if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved; and
  
  (c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved.
- View Dependent Claims (13, 14)
- - 13. A method in accordance with claim 12, further comprising:
    - if an evaluation of unresolved criterion is no longer needed, ceasing querying of the specific criteria provider.
  - 14. A method in accordance with claim 12, further comprising:
    - receiving from a one criteria provider, a notification indicative of an evaluation thereby being complete; and
      
      responsive to the notification, providing the queried for information from the one criteria provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Caspi, Ziv, Dinerstein, Yosef, Lifschitz, Avihai, Finkelstein, Amit
Primary Examiner(s)
Vincent; David R
Assistant Examiner(s)
BUSS, BENJAMIN J

Application Number

US11/454,042
Publication Number

US 20070294198A1
Time in Patent Office

1,217 Days
Field of Search

706 46- 48, 709/225
US Class Current

706/48
CPC Class Codes

G06N 5/025 Extracting rules from data

Delayed policy evaluation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Delayed policy evaluation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links