XML message validation in a network infrastructure element

US 8,090,839 B2
Filed: 06/21/2006
Issued: 01/03/2012
Est. Priority Date: 06/21/2005
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus, comprising:

a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;

one or more processors;

a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;

logic which when executed by the one or more processors is operable to cause;

prior to receiving, over the data network, an application-layer message that comprises the one or more packets;

receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation;

receiving and storing the XML schema and one or more XML element objects that represent XML elements of the XML schema and comprise a corresponding constructor method which when executed returns a data type of one of the XML element objects;

computing hash codes for each of the XML element objects in the XML schema, and storing the hash codes in a hashtable;

wherein a hash code for an XML element object is computed by hashing a plurality of characters in the XML element object;

wherein the hashtable comprises hash codes for all the XML element objects in the XML schema;

upon receiving, over the data network, the application-layer message comprising the one or more of packets;

identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules;

in response to finding a name of the particular XML element in the XML payload of the application-layer message in the hashtable, invoking the corresponding constructor method to return the data type of the particular XML element;

determining whether the particular XML element in the XML payload and the data type of the particular XML element conform to the XML schema by hashing a plurality of characters in an XML element object of the particular XML element to compute a particular hash value and comparing the particular hash value for the particular XML element with the hash codes stored in the hashtable; and

performing a responsive action based on whether the particular XML element conforms to the XML schema.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network infrastructure element such as a router or switch performs transparent and optimized validation of XML schemas of XML payloads received in the network element. The network element comprises logic for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation; receiving and storing the XML schema; receiving over the network an application-layer message comprising one or more of the packets; identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules; determining whether the particular XML element conforms to the XML schema; and performing a responsive action based on whether the particular XML element conforms to the XML schema.

173 Citations

44 Claims

1. A data processing apparatus, comprising:
- a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;
  
  one or more processors;
  
  a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  logic which when executed by the one or more processors is operable to cause;
  
  prior to receiving, over the data network, an application-layer message that comprises the one or more packets;
  
  receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation;
  
  receiving and storing the XML schema and one or more XML element objects that represent XML elements of the XML schema and comprise a corresponding constructor method which when executed returns a data type of one of the XML element objects;
  
  computing hash codes for each of the XML element objects in the XML schema, and storing the hash codes in a hashtable;
  
  wherein a hash code for an XML element object is computed by hashing a plurality of characters in the XML element object;
  
  wherein the hashtable comprises hash codes for all the XML element objects in the XML schema;
  
  upon receiving, over the data network, the application-layer message comprising the one or more of packets;
  
  identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules;
  
  in response to finding a name of the particular XML element in the XML payload of the application-layer message in the hashtable, invoking the corresponding constructor method to return the data type of the particular XML element;
  
  determining whether the particular XML element in the XML payload and the data type of the particular XML element conform to the XML schema by hashing a plurality of characters in an XML element object of the particular XML element to compute a particular hash value and comparing the particular hash value for the particular XML element with the hash codes stored in the hashtable; and
  
  performing a responsive action based on whether the particular XML element conforms to the XML schema.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data processing apparatus of claim 1, wherein the logic when executed by the one or more processors is operable to cause:
    - invoking the constructor method of a particular element object that corresponds to the particular XML element; and
      
      performing a responsive action based on whether invoking the constructor method succeeds.
  - 3. The data processing apparatus of claim 1, wherein one of the validation scope rules defines all of the XML schema for validation.
  - 4. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to cause:
    - receiving one or more constraint functions for one or more of the XML element objects, wherein each of the constraint functions specifies a constraint to which a valid XML element must conform;
      
      storing the one or more constraint functions in executable form in the one or more XML element objects.
  - 5. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to cause:
    - storing portions of the XML schema corresponding to the XML element objects associated with the hash codes, and the one or more XML element objects in the apparatus in the hashtable.
  - 6. The data processing apparatus of claim 5, wherein the logic when executed by the one or more processors is operable to cause:
    - invoking the constructor method of a particular element object that is found in the hashtable and that corresponds to the particular XML element.
  - 7. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to cause discarding the received application-layer message when invoking the constructor method fails.
  - 8. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to cause forwarding the received application-layer message to a next hop when invoking the constructor method succeeds for all XML elements in the XML payload of the application-layer message.
  - 9. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to perform, based on whether the constructor method succeeds, any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.
  - 10. The data processing apparatus of claim 2, wherein the logic when executed by the one or more processors is operable to perform receiving the XML element objects after the XML element objects have been compiled by a compiler of an object-oriented programming language that generates objects having data types.
  - 11. The data processing apparatus of claim 1, wherein the responsive action comprises any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.

12. A data processing apparatus, comprising:
- a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;
  
  one or more processors;
  
  a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  means, executed prior to receiving, over the data network, an application-layer message that comprises the one or more packets;
  
  for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation;
  
  for receiving and storing the XML schema and one or more XML element objects that represent XML elements of the XML schema and comprise a constructor method which when executed returns a data type of one of the XML element objects;
  
  for computing hash codes for each of the XML element objects in the XML schema, and storing the hash codes in a hashtable;
  
  wherein a hash code for an XML element object is computed by hashing a plurality of characters in the XML element object;
  
  wherein the hashtable comprises hash codes for all the XML element objects in the XML schema;
  
  means for receiving over the data network the application-layer message comprising the one or more of packets;
  
  means, executed upon receiving, over the data network, the application-layer message, comprising the one or more packets;
  
  for identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules;
  
  for invoking the corresponding constructor method to return the data type of the particular XML element in response to finding a name of the particular XML element in the XML payload of the application-layer message in the hashtable;
  
  for determining whether the particular XML element and the type of the XML element for the particular XML element conform to the XML schema by hashing a plurality of characters in an XML element object of the particular XML element to compute a particular hash value and comparing the particular hash value for the particular XML element with the hash code stored in the hashtable; and
  
  for performing a responsive action based on whether the particular XML element conforms to the XML schema.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The data processing apparatus of claim 12, further comprising:
    - means for invoking the constructor method of a particular element object that corresponds to the particular XML element; and
      
      means for performing a responsive action based on whether invoking the constructor method succeeds.
  - 14. The data processing apparatus of claim 12, wherein one of the validation scope rules defines all of the XML schema for validation.
  - 15. The data processing apparatus of claim 13, further comprising:
    - means for receiving one or more constraint functions for one or more of the element objects, wherein each of the constraint functions specifies a constraint to which a valid XML element must conform;
      
      means for storing the one or more constraint functions in executable form in the one or more XML element objects.
  - 16. The data processing apparatus of claim 13, further comprising:
    - means for storing portions of the XML schema corresponding to the XML element objects associated with the hash codes, and the one or more XML element objects in the apparatus in the hashtable.
  - 17. The data processing apparatus of claim 16, further comprising:
    - means for invoking the constructor method of a XML particular element object that is found in the hashtable and that corresponds to the particular XML element.
  - 18. The data processing apparatus of claim 13, further comprising means for discarding the received application-layer message when invoking the constructor method fails.
  - 19. The data processing apparatus of claim 13, further comprising means for forwarding the received application-layer message to a next hop when invoking the constructor method succeeds for all XML elements in the XML payload of the application-layer message.
  - 20. The data processing apparatus of claim 13, means for performing, based on whether the constructor method succeeds, any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.
  - 21. The data processing apparatus of claim 13, further comprising means for receiving the XML element objects after the XML element objects have been compiled by a compiler of an object-oriented programming language that generates objects having data types.
  - 22. The data processing apparatus of claim 12, wherein the responsive action comprises any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.

23. A computer-implemented method, comprising:
- prior to receiving, over a data network, an application-layer message that comprises one or more packets;
  
  receiving, in a network infrastructure element comprising a plurality of network interfaces that are coupled to the data network for receiving the one or more packets therefrom and sending the one or more packets thereto, one or more processors, and a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface, one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation;
  
  receiving and storing the XML schema and one or more XML element objects that represent XML elements of the XML schema and comprise a constructor method which, when executed, returns a data type of one of the XML element objects;
  
  computing hash codes for each of the XML element objects in the XML schema, and storing the hash codes in a hashtable;
  
  wherein a hash code for an XML element object is computed by hashing a plurality of characters in the XML element object;
  
  wherein the hashtable comprises hash codes for all the XML element objects in the XML schema;
  
  upon receiving, over the data network, the application-layer message, comprising the one or more packets;
  
  identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules;
  
  in response to finding a name of the particular XML element in the XML payload of the application-layer message in the hashtable, invoking the corresponding constructor method to return the data type of the particular XML element;
  
  determining whether the particular XML element and the data type of the particular XML element conform to the XML schema by hashing a plurality of characters in an XML element object of the particular XML element to compute a particular hash value and comparing the hash value for the particular XML element with the hash codes stored in the hashtable; and
  
  performing a responsive action based on whether the particular XML element conforms to the XML schema;
  
  wherein the method is performed by one or more processors.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The method of claim 23, further comprising:
    - invoking the constructor method of a particular element object that corresponds to the particular XML element; and
      
      performing a responsive action based on whether invoking the constructor method succeeds.
  - 25. The method of claim 23, wherein one of the validation scope rules defines all of the XML schema for validation.
  - 26. The method of claim 24, further comprising:
    - receiving one or more constraint functions for one or more of the XML element objects, wherein each of the constraint functions specifies a constraint to which a valid XML element must conform;
      
      storing the one or more constraint functions in executable form in the one or more XML element objects.
  - 27. The method of claim 24, further comprising:
    - storing portions of the XML schema corresponding to the XML element objects associated with the hash codes, and the one or more XML element objects in the apparatus in the hashtable.
  - 28. The method of claim 27, further comprising:
    - invoking the constructor method of a particular element object that is found in the hashtable and that corresponds to the particular XML element.
  - 29. The method of claim 24, further comprising discarding the received application-layer message when invoking the constructor method fails.
  - 30. The method of claim 24, further comprising forwarding the received application-layer message to a next hop when invoking the constructor method succeeds for all XML elements in the XML payload of the application-layer message.
  - 31. The method of claim 24, further comprising performing, based on whether the constructor method succeeds, any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.
  - 32. The method of claim 24, further comprising receiving the XML element objects after the XML element objects have been compiled by a compiler of an object-oriented programming language that generates objects having data types.
  - 33. The method of claim 23, wherein the responsive action comprises any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.

34. A non-transitory computer-readable volatile or non-volatile storage medium comprising one or more sequences of instructions, which when executed by one or more processors, cause performing:
- prior to receiving, over a data network, an application-layer message that comprises one or more packets;
  
  receiving, in a network infrastructure device comprising a plurality of network interfaces that are coupled to the data network for receiving the one or more packets therefrom and sending the one or more packets thereto, the one or more processors, and a switching system coupled to the one or more more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface, one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation;
  
  receiving and storing the XML schema and one or more XML element objects that represent XML elements of the XML schema and comprise a constructor method which, when executed, returns a data type of one of the XML element objects;
  
  computing hash codes for each of the XML element objects in the XML schema, and storing the hash codes in a hashtable;
  
  wherein a hash code for an XML element object is computed by hashing a plurality of characters in the element object;
  
  wherein the hashtable comprises hash codes for all the XML element objects in the XML schema;
  
  upon receiving, over the data network, the application-layer message, comprising the one or more packets;
  
  identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules;
  
  in response to finding a name of the particular XML element in the XML payload of the application-layer message in the hashtable, invoking the corresponding constructor method to return the data type of the particular XML element;
  
  determining whether the particular XML element and the data type of the particular XML element conform to the XML schema by hashing a plurality of characters in an XML element object of the particular XML element to compute a particular hash value and comparing the particular hash value for the particular XML element with the hash codes stored in the hashtable; and
  
  performing a responsive action based on whether the particular XML element conforms to the XML schema.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The computer-readable medium of claim 34, wherein the one or more sequences of instructions when executed by the one or more processors cause:
    - invoking the constructor method of a particular element object that corresponds to the particular XML element; and
      
      performing a responsive action based on whether invoking the constructor method succeeds.
  - 36. The computer-readable medium of claim 34, wherein one of the validation scope rules defines all of the XML schema for validation.
  - 37. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause:
    - receiving one or more constraint functions for one or more of the XML element objects, wherein each of the constraint functions specifies a constraint to which a valid XML element must conform;
      
      storing the one or more constraint functions in executable form in the one or more XML element objects.
  - 38. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause:
    - storing portions of the XML schema corresponding to the XML element objects associated with the hash codes, and the one or more XML element objects in the apparatus in the hashtable.
  - 39. The computer-readable medium of claim 38, wherein the one or more sequences of instructions when executed by the one or more processors cause:
    - invoking the constructor method of a particular element object that is found in the hashtable and that corresponds to the particular XML element.
  - 40. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause discarding the received application-layer message when invoking the constructor method fails.
  - 41. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause forwarding the received application-layer message to a next hop when invoking the constructor method succeeds for all XML elements in the XML payload of the application-layer message.
  - 42. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause, based on whether the constructor method succeeds, any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.
  - 43. The computer-readable medium of claim 35, wherein the one or more sequences of instructions when executed by the one or more processors cause receiving the XML element objects after the XML element objects have been compiled by a compiler of an object-oriented programming language that generates objects having data types.
  - 44. The computer-readable medium of claim 34, wherein the responsive action comprises any one of:
    - discarding the received application-layer message;
      
      forwarding the received application-layer message to a next hop;
      
      generating a notification message; and
      
      creating a log file entry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Kumar, Sandeep, Ramarao, Karempudi, Jiang, Yuquan, Jin, Yi, Anthias, Tefcros
Primary Examiner(s)
Backer, Firmin
Assistant Examiner(s)
Chambers, Michael A

Application Number

US11/472,796
Publication Number

US 20070005786A1
Time in Patent Office

2,022 Days
Field of Search

709/230, 709/227, 715/513, 707/102, 707/1, 370/389
US Class Current

709/227
CPC Class Codes

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/656   while running

H04L 41/026   using e-messaging for trans...

H04L 41/06   Management of faults, event...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5009   Determining service level p...

H04L 41/5012   determining service availab...

H04L 41/5096   wherein the managed service...

H04L 43/0811   by checking connectivity

H04L 45/00   Routing or path finding of ...

H04L 45/56   Routing software

H04L 45/563   Software download or update

H04L 63/0245   Filtering by information in...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/12 : Applying verification of th...

H04L 67/02 : based on web technology, e....

H04L 67/34 : involving the movement of s...

H04L 69/22 : Parsing or analysis of headers

H04L 9/40 : Network security protocols

View All

XML message validation in a network infrastructure element

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

XML message validation in a network infrastructure element

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links