Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules
First Claim
1. A method of controlling usage of network resources on a communications network based on the identity of an authenticated user, the method comprising acts of:
- creating, with a relationship management module, one or more packet rules for use on one or more network devices of the communications network, each rule including a condition and action to be taken as part of providing a service of the communications network if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet;
storing the one or more packet rules in the communications network;
creating, with the relationship management module, one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction capable of being assigned a set of one or more service abstractions to be provided to the user associated with the represented role;
creating, with the relationship management module, the one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service;
storing the one or more service abstractions in the communications network;
storing the one or more role abstractions in the communications network;
associating, with the relationship management module, the one or more role abstractions with the identity of the authenticated user of the communications network; and
in response to receipt of a packet at any of the network devices from the authenticated user, using, by any of the network devices, the one or more service abstractions associated with the identity of the authenticated user to control usage of network resources on the communications network, the using including applying the packet rules in the one or more service abstractions to the packet.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for controlling usage of network resources on a communications network. The method comprising acts of: (a) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (b) creating one or more service abstractions associated with a user of the communication network, each service abstraction representing a named set of one or more of the packet rules. In some embodiments one or more role abstractions may be created, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one or more packet rules, and possibly one or more service abstractions.
45 Citations
34 Claims
-
1. A method of controlling usage of network resources on a communications network based on the identity of an authenticated user, the method comprising acts of:
-
creating, with a relationship management module, one or more packet rules for use on one or more network devices of the communications network, each rule including a condition and action to be taken as part of providing a service of the communications network if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; storing the one or more packet rules in the communications network; creating, with the relationship management module, one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction capable of being assigned a set of one or more service abstractions to be provided to the user associated with the represented role; creating, with the relationship management module, the one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; storing the one or more service abstractions in the communications network; storing the one or more role abstractions in the communications network; associating, with the relationship management module, the one or more role abstractions with the identity of the authenticated user of the communications network; and in response to receipt of a packet at any of the network devices from the authenticated user, using, by any of the network devices, the one or more service abstractions associated with the identity of the authenticated user to control usage of network resources on the communications network, the using including applying the packet rules in the one or more service abstractions to the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 25, 30)
-
-
8. A system for enabling a network manager to control usage of network resources on a communications network based on the identity of an authenticated user, the system comprising:
-
a rule editing module enabling the network manager to edit one or more packet rules for use on one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; a service editing module enabling the network manager to edit one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; a role editing module enabling the network manager to edit one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction capable of being assigned a set of one or more of the service abstractions representing communications network services to be provided to the user associated with the represented role; a user management module enabling the network manager to associate the users of the communications network with one or more of the role abstractions; and storage means comprising memory for storing one or more of the service abstractions, one or more of the packet rules, one or more of the role abstractions or one or more of the associations between the users of the communications network and one or more of the role abstractions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product, comprising:
- a non-transitory computer readable medium; and
computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network based on the identity of an authenticated user, the process comprising acts of;creating one or more packet rules for use on one or more devices of the communication network, each rule including a condition and action to be taken as part of providing a service of the communications network if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; storing the one or more packet rules; creating one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; storing the one or more service abstractions; creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction capable of being assigned a set of one or more of the service abstractions representing communications network services to be provided to the users associated with the represented role; storing the one or more role abstractions; and associating the one or more role abstractions with the identity of the authenticated user of the communications network.
- a non-transitory computer readable medium; and
-
16. A method of controlling usage of network resources on a communications network based on the identity of an authenticated user, the method comprising acts of:
-
(a) defining one or more packet rules for use on one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; (b) providing the one or more packet rules; (c) defining one or more service abstractions, each service abstraction representing a communications network service to be provided to a user of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; (d) providing the one or more services abstractions; (e) in response to a user, defining one or more role abstractions associated with an authenticated user, each role abstraction representing a role of the authenticated user with respect to the communications network for controlling usage of network resources on the communications network by the authenticated user, and each role abstraction capable of being assigned a set of one or more of the service abstractions; (f) providing the one or more role abstractions; and (g) associating the one or more role abstractions with the identity of the authenticated user of the communications network. - View Dependent Claims (17, 18, 19)
-
-
20. A system for controlling usage of network resources on a communications network based on the identity of an authenticated user, the system comprising:
-
a rule editing module to create one or more packet rules for use on one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; a service editing module to create one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; a role editing module to create, in response to a user, one or more role abstractions associated with an authenticated user, each role abstraction representing a role of an authenticated user with respect to the communications network for controlling usage of network resources on the communications network by the authenticated user, and each role abstraction capable of being assigned a set of one or more of the service abstractions; a user management module to associate the one or more role abstractions with the identity of the authenticated user of the communications network; and storage means comprising memory for storing the one or more created role abstractions, the one or more created service abstractions, or the one or more created packet rules. - View Dependent Claims (21, 22, 23)
-
-
24. A computer program product, comprising:
- a non-transitory computer readable medium; and
computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network based on the identity of an authenticated user, the process comprising acts of;(a) editing one or more packet rules for use on one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; (b) storing the one or more packet rules; (c) editing one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; (d) in response to a user, editing one or more role abstractions associated with an authenticated user, each role abstraction representing a role of an authenticated user with respect to the communications network for controlling usage of network resources on the communications network by the authenticated user, and each role abstraction capable of being assigned a set of one or more of the service abstractions; (e) associating the users of the communications network with one or more of the role abstractions; and (f) saving the one or more role abstractions and the one or more service abstractions.
- a non-transitory computer readable medium; and
-
26. A method of controlling usage of network resources on a communications network based on the identity of an authenticated user, the method comprising acts of:
-
creating, with at least one computer, one or more packet rules for analyzing packets received at one or more network devices of the communications network, each rule including a condition and action to be taken as part of providing a service of the communications network if a packet received at a device satisfies the condition, wherein the one or more packet rules are defined to examine any portion of a packet; storing, with at least one computer, the one or more packet rules; creating, with at least one computer, one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; storing, with at least one computer, the one or more service abstractions; associating, by at least one computer and by the one or more service abstractions, with the identity of the authenticated user of the communications network; in response to receipt of a packet at any of the network devices from the authenticated user, using, by one of the network devices, the one or more service abstractions associated with the identity of the authenticated user to control usage of network resources on the communications network, the using including applying the packet rules in the one or more service abstractions to the packet; and creating, with at least one computer, one or more role abstractions, each role abstraction representing a role of users with respect to the communications network, and each role abstraction including a set of one or more service abstractions representing communications network services to be provided to users associated with the represented role, and wherein the act of associating one or more service abstractions with the identity of the authenticated user includes associating the identity of the authenticated user with one or more of the role abstractions. - View Dependent Claims (27, 28, 29)
-
-
31. A system for enabling a network manager to control usage of network resources on a communications network based on the identity of an authenticated user, the system comprising:
-
a rule editing module enabling the network manager to edit one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; a service editing module enabling the network manager to edit one or more service abstractions, each service abstraction representing a communications network service to be provided to users of the communications network, each service abstraction including a named set of one or more of the packet rules that, in combination, provide the represented communications network service; a user management module enabling the network manager to associate users of the communications network with one or more of the service abstractions; storage means comprising memory for storing one or more of the service abstractions, one or more of the packet rules or one or more of the associations between users of the communications network and one or more of the service abstractions; and a role editing module enabling the network manager to edit one or more role abstractions, each role abstraction representing a role of users with respect to the communications network, and each role abstraction including a set of one or more service abstractions representing communications network services to be provided to users associated with the represented role, and wherein the user management module further enables the network manager to associate users of the communications network with one or more of the role abstractions. - View Dependent Claims (32, 33, 34)
-
Specification