Token processing
First Claim
1. A computer-implemented method performed by data processing apparatus, the method comprising:
- determining that a particular one of a plurality of tokens is included in one or more packets of network traffic;
identifying a particular set of security checks corresponding to the particular token, the set of security checks including one or more security checks of a plurality of security checks, wherein each security check includes one or more security processes of a plurality of security processes, and each security process includes one or more security operations of a plurality of security operations, and wherein each security process corresponds to an alert condition satisfied based on results of the respective set of security operations;
using a data structure mapping of security checks to security operations to identify for each security check in the particular set of security checks a respective set of processes, and for each security process in the set of security processes a respective set of security operations to be applied to data of the one or more packets, wherein a particular security operation is reused between at least two, but less than all, of the plurality of security checks, and the data structure includes a check data structure including entries for each of the security checks in the plurality of security checks, each security check entry referencing entries of a security process data structure corresponding to the set of security processes included in the respective security check, the security process data structure including, for each security process, a reference to entries of a security operation data structure corresponding to the set of security operations of the respective security process.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for mapping security processing rules into a data structure that facilitates a more efficient processing of the security processing rules. In one aspect, a method includes receiving security processing rules, each of the security processing rules defining one or more security checks and security operations corresponding to the security checks and that are to be performed when the security checks occur; and generating from the security processing rules a mapping of security checks to security operations, the mapping including a security check entry for each security check that is defined in one or more of the security processing rules, and each security check entry being mapped to one or more security operations that the security processing rules define as corresponding to the security check.
11 Citations
15 Claims
-
1. A computer-implemented method performed by data processing apparatus, the method comprising:
-
determining that a particular one of a plurality of tokens is included in one or more packets of network traffic; identifying a particular set of security checks corresponding to the particular token, the set of security checks including one or more security checks of a plurality of security checks, wherein each security check includes one or more security processes of a plurality of security processes, and each security process includes one or more security operations of a plurality of security operations, and wherein each security process corresponds to an alert condition satisfied based on results of the respective set of security operations; using a data structure mapping of security checks to security operations to identify for each security check in the particular set of security checks a respective set of processes, and for each security process in the set of security processes a respective set of security operations to be applied to data of the one or more packets, wherein a particular security operation is reused between at least two, but less than all, of the plurality of security checks, and the data structure includes a check data structure including entries for each of the security checks in the plurality of security checks, each security check entry referencing entries of a security process data structure corresponding to the set of security processes included in the respective security check, the security process data structure including, for each security process, a reference to entries of a security operation data structure corresponding to the set of security operations of the respective security process. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
-
determining that a particular one of a plurality of tokens is included in one or more packets of network traffic; identifying a particular set of security checks corresponding to the particular token, the set of security checks including one or more security checks of a plurality of security checks, wherein each security check includes one or more security processes of a plurality of security processes, and each security process includes one or more security operations of a plurality of security operations, and wherein each security process corresponds to an alert condition satisfied based on results of the respective set of security operations; using a data structure mapping of security checks to security operations to identify for each security check in the particular set of security checks a respective set of processes, and for each security process in the set of security processes a respective set of security operations to be applied to data of the one or more packets, wherein a particular security operation is reused between at least two, but less than all, of the plurality of security checks, the data structure includes a check data structure including entries for each of the security checks in the plurality of security checks, each security check entry referencing entries of a security process data structure corresponding to the set of security processes included in the respective security check, the security process data structure including, for each security process, a reference to entries of a security operation data structure corresponding to the set of security operations of the respective security process. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more computers, and; a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising; determining that a particular one of a plurality of tokens is included in one or more packets of network traffic; identifying a particular set of security checks corresponding to the particular token, the set of security checks including one or more security checks of a plurality of security checks, wherein each security check includes one or more security processes of a plurality of security processes, and each security process includes one or more security operations of a plurality of security operations, and wherein each security process corresponds to an alert condition satisfied based on results of the respective set of security operations; using a data structure mapping of security checks to security operations to identify for each security check in the particular set of security checks a respective set of processes, and for each security process in the set of security processes a respective set of security operations to be applied to data of the one or more packets, wherein a particular security operation is reused between at least two, but less than all, of the plurality of security checks, and the data structure includes a check data structure including entries for each of the security checks in the plurality of security checks, each security check entry referencing entries of a security process data structure corresponding to the set of security processes included in the respective security check, the security process data structure including, for each security process, a reference to entries of a security operation data structure corresponding to the set of security operations of the respective security process.
-
Specification