Security policy update supporting at least one security service provider
First Claim
Patent Images
1. A method, implemented in a computing device, the method comprising:
- accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be implemented by the plurality of security engines in place of a current security policy, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine;
identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engine;
processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules;
returning, via each of the plurality of security engines, a fail value when it determines that it has not successfully processed the identified set of rules;
returning, via each of the plurality of security engines, a pass value when it determines that it has successfully processed the identified set of rules;
receiving an indication to ignore the new set of rules and continue operating each of the plurality of security engines according to the previous rules when at least one of the plurality of security engines has returned a fail value; and
switching, after receiving a pass value from each of the plurality of security engines, each of the plurality of security engines to the new rules substantially concurrently.
2 Assignments
0 Petitions
Accused Products
Abstract
Security policy update supporting at least one security service provider includes each of one or more security service providers receiving a set of new rules to be enforced as part of a new security policy. Each security service provider processes the new rules in order to be ready to begin using the new rules, but continues to use the previous set of rules until instructed to begin using the new rules. When all of the one or more security service providers are ready to begin using the new rules, they are instructed to begin using the new rules at which point all of the security service providers begin using the set of new rules substantially concurrently.
37 Citations
28 Claims
-
1. A method, implemented in a computing device, the method comprising:
-
accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be implemented by the plurality of security engines in place of a current security policy, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine; identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engine; processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules; returning, via each of the plurality of security engines, a fail value when it determines that it has not successfully processed the identified set of rules; returning, via each of the plurality of security engines, a pass value when it determines that it has successfully processed the identified set of rules; receiving an indication to ignore the new set of rules and continue operating each of the plurality of security engines according to the previous rules when at least one of the plurality of security engines has returned a fail value; and switching, after receiving a pass value from each of the plurality of security engines, each of the plurality of security engines to the new rules substantially concurrently. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer readable storage media storing one or more instructions that, when executed by one or more processors, causes the one or more processors to:
-
receive information of a new security policy to be used by a plurality of security engines, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine; identify, by a rule set generator, which set of rules is used by which type of security engines; process, via each of the plurality of security engines, the identified set of rules specific to its type to generate new rules having associated data for operation of the security engine; use a previous set of rules and associated data when each of the plurality of security engines determines that it has not successfully processed the identified set of rules; and use, upon receiving an indication that each of the plurality of security engines determines that it has successfully processed the identified set of rules, the new set of rules and associated data on each of the plurality of security engines substantially concurrently. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method, implemented in a computing device, the method comprising:
-
receiving a new security policy to be enforced by a plurality of security engines of the computing device, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine; identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engines; processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules; and enforcing, in response to receipt of an indication that each of the plurality of security engines has determined that it has successfully processed the identified set of rules, the new rules on each of the plurality of security engines substantially concurrently. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification