Device for managing data filters

US 8,914,339 B2
Filed: 04/22/2003
Issued: 12/16/2014
Est. Priority Date: 04/23/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A data processing device, including computer-executable instructions stored on a non-transitory computer-readable medium, installed in a data processing server, said device comprising:

a first table storing sets of at least one primary metarule in a parameterizable form and in corresponding relationship to primary identifiers;

a second table storing at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to at least one primary identifier, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule; and

management module which is coupled to a firewall module of said data processing server and, on receipt of auxiliary data representing operating parameters that request reconfiguration of the firewall module, the auxiliary data delivered by said firewall module after reception by the data processing server of secondary data that requires reconfiguration of the firewall module, selects at least one of the primary identifiers in the first table and associates said auxiliary data therewith so as to define dedicated processes of said firewall module;

wherein the management module reconfigures the firewall module so that a current configuration of the firewall module is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events,wherein said firewall module applies said defined dedicated processes to process primary data received by said data processing server, said data processing server transmitting said primary data based on said processing; and

wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined,wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing device (1) is installed in a data processing server (2) adapted to receive primary data and to transmit said primary data after application by control means (5) of dedicated processing based on primary rules. The device comprises, firstly, a first table (T1) in which are stored sets of at least one primary rule, called “primary metarules”, in a parameterizable form, in corresponding relationship to primary identifiers, and, secondly, management means (8) intended to be coupled to the control means (5) and adapted, on receipt of auxiliary data representing operating parameters delivered by the control means (5) after the reception by the server (2) of secondary data, to select at least one of the primary identifiers in the first table (T1) and associate the auxiliary data therewith in such a manner as to define the dedicated processes.

19 Citations

20 Claims

1. A data processing device, including computer-executable instructions stored on a non-transitory computer-readable medium, installed in a data processing server, said device comprising:
- a first table storing sets of at least one primary metarule in a parameterizable form and in corresponding relationship to primary identifiers;
  
  a second table storing at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to at least one primary identifier, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule; and
  
  management module which is coupled to a firewall module of said data processing server and, on receipt of auxiliary data representing operating parameters that request reconfiguration of the firewall module, the auxiliary data delivered by said firewall module after reception by the data processing server of secondary data that requires reconfiguration of the firewall module, selects at least one of the primary identifiers in the first table and associates said auxiliary data therewith so as to define dedicated processes of said firewall module;
  
  wherein the management module reconfigures the firewall module so that a current configuration of the firewall module is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events,wherein said firewall module applies said defined dedicated processes to process primary data received by said data processing server, said data processing server transmitting said primary data based on said processing; and
  
  wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined,wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The device according to claim 1, wherein the second table is accessible to said management module and at least one selected primary identifier is associated with auxiliary data.
  - 3. The device according to claim 2, wherein certain selected primary metarules in the second table are grouped into secondary metarules represented by secondary identifiers.
  - 4. The device according to claim 2, wherein said management module is adapted, on receipt of said auxiliary data communicated by the server to add, delete, or modify primary or secondary metarules or auxiliary data in the second table associated with said primary or secondary metarules.
  - 5. The device according to claim 1, wherein said management module, on receipt of said auxiliary data, determines whether the at least one selected primary identifier corresponding to the type of said auxiliary data is present in the second table, and associates the at least one selected primary identifier with new auxiliary data as to adapt said dedicated processes.
  - 6. The device according to claim 1, wherein said management module comprise a multiplicity of management submodules each of which manage the association of auxiliary data with at least one primary or secondary metarule and, on receipt of said auxiliary data, determine which of said management submodules corresponds thereto.
  - 7. The device according to claim 1, wherein said management module and said tables are part of metafirewall which manages a firewall equipping said server.
  - 8. A firewall comprising the device according to claim 1.
  - 9. The data processing device according to claim 1, wherein the primary metarule comprises one of definitions and prototypes of sets of the at least one primary rule.
  - 10. The device according to claim 1, wherein the auxiliary data comprises data or values assigned to operating parameters of the primary rule implemented in the firewall module.
  - 11. The device according to claim 1, wherein the secondary data comprises information received by the data processing server which is required for reconfiguration of the firewall module.

12. A data processing method, comprising:
- storing in a first table sets of at least one primary metarule in a parameterized form and in corresponding relationship to primary identifiers;
  
  storing in a second table at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to primary identifiers, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule;
  
  on receipt of auxiliary data representing operational parameters that request reconfiguration of a control means, the auxiliary data delivered by the server after the receipt of secondary data that requires reconfiguration of the control means, selecting at least one of the primary identifiers in the first table;
  
  associating said auxiliary data with said selected primary identifier so as to define said dedicated processes; and
  
  applying said dedicated processes based on primary rules to process primary data received by a data processing server, and transmitted by said data processing server based on said processing;
  
  wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined,wherein the control means is a firewall and a management means configures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events,wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method according to claim 12, wherein each of the secondary identifiers is in corresponding relationship to at least one selected primary identifier associated with auxiliary data.
  - 14. The method according to claim 13, wherein on receipt of the auxiliary data, it is determined whether the at least one selected primary identifier that corresponds to the type of the auxiliary data is present in the second table, and to associate the at least one selected primary identifier with new auxiliary data so as to adapt said dedicated process.
  - 15. The method according to claim 13, wherein certain primary metarules in the second table are grouped into secondary metarules represented by secondary identifiers.
  - 16. The method according to claim 12, wherein there are executed in parallel the selection of the primary or secondary metarules in the first table and the modifications of the auxiliary data in the second table associated with the secondary identifier representing the selected primary or secondary metarules.
  - 17. The method according to claim 12, wherein on receipt of complementary data communicated by said server, primary or secondary metarules are added to, deleted from or modified in the second table.

18. A network data processing device, comprising:
- an engine;
  
  a management module coupled to said engine, said management module comprising;
  
  a first memory containing a first table, said first table containing primary identifiers associated with at least one parameterized rule for providing direction to said engine when one or more of said primary identifiers and said at least one parameterized rule are associated with at least one parameter value; and
  
  a second memory containing a second table, said second table containing at least one secondary metarule associated with secondary identifiers, each secondary identifier associated with at least one of said primary identifiers, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule,wherein the management module includes a configuration module which decides when to make modifications to a current configuration of a firewall,wherein the management module reconfigures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events,wherein said engine, in response to receiving said direction, manages network data according to said direction; and
  
  wherein said at least one parameterized rule is specified according to a string of characters containing a place-holder for each parameter of said parameterized rule that is not statically defined, wherein the place-holder is relevant to the rule, andwherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes.
- View Dependent Claims (19)
- - 19. The device according to claim 18, wherein secondary identifiers are further associated with one or more respective parameter values.

20. A method of processing network data, comprising:
- storing, as entries in a first table, first primary identifiers, each with one or more associated first parameterized rules for configuring a firewall;
  
  storing as entries in a second table, second parameterized rules, each associated with secondary identifiers, each secondary identifier with one or more second primary identifiers and one or more associated parameter values;
  
  receiving data comprising at least one new parameter value;
  
  determining at least one associable second primary identifier which said new parameter value can be associated with;
  
  storing said new parameter value is association with said associable second primary identifier;
  
  determining current associated parameter values and corresponding parameterized rules for each of said secondary identifiers;
  
  based on priority levels installed between the first parameterized rules and the second parameterized rules, making a combination of said current associated parameter values and at least one of the first parameterized rules and the second parameterized rules for directing an engine; and
  
  communicating said combination to said engine so as to direct management of network data by said engine;
  
  wherein each of said associated parameterized rules is specified according to a string of characters containing a place-holder for each parameter of said associated parameterized rule that is not statically defined, wherein the place-holder is relevant to the rule; and
  
  wherein a management module reconfigures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of said engine, an operating configuration of said engine and an occurrence of internal and external events,wherein the first primary identifiers comprise alphabetical characters designing a set of primary rule prototypes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Offredo, Gatan, Pennerath, Frdric
Primary Examiner(s)
Btit, Jacob F
Assistant Examiner(s)
KIM, CHRISTY Y

Application Number

US10/511,898
Publication Number

US 20050182815A1
Time in Patent Office

4,256 Days
Field of Search

713/201, 705/10, 717/101, 717/103, 709/229, 709/225, 709/238, 709/219, 709/220, 709/203, 726/11, 726/12, 726/4, 711/118, 707/694
US Class Current

707/694
CPC Class Codes

H04L 63/0263 Rule management

Device for managing data filters

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device for managing data filters

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links