Device for managing data filters
First Claim
1. A data processing device, including computer-executable instructions stored on a non-transitory computer-readable medium, installed in a data processing server, said device comprising:
- a first table storing sets of at least one primary metarule in a parameterizable form and in corresponding relationship to primary identifiers;
a second table storing at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to at least one primary identifier, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule; and
management module which is coupled to a firewall module of said data processing server and, on receipt of auxiliary data representing operating parameters that request reconfiguration of the firewall module, the auxiliary data delivered by said firewall module after reception by the data processing server of secondary data that requires reconfiguration of the firewall module, selects at least one of the primary identifiers in the first table and associates said auxiliary data therewith so as to define dedicated processes of said firewall module;
wherein the management module reconfigures the firewall module so that a current configuration of the firewall module is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events,wherein said firewall module applies said defined dedicated processes to process primary data received by said data processing server, said data processing server transmitting said primary data based on said processing; and
wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined,wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes.
4 Assignments
0 Petitions
Accused Products
Abstract
A data processing device (1) is installed in a data processing server (2) adapted to receive primary data and to transmit said primary data after application by control means (5) of dedicated processing based on primary rules. The device comprises, firstly, a first table (T1) in which are stored sets of at least one primary rule, called “primary metarules”, in a parameterizable form, in corresponding relationship to primary identifiers, and, secondly, management means (8) intended to be coupled to the control means (5) and adapted, on receipt of auxiliary data representing operating parameters delivered by the control means (5) after the reception by the server (2) of secondary data, to select at least one of the primary identifiers in the first table (T1) and associate the auxiliary data therewith in such a manner as to define the dedicated processes.
19 Citations
20 Claims
-
1. A data processing device, including computer-executable instructions stored on a non-transitory computer-readable medium, installed in a data processing server, said device comprising:
-
a first table storing sets of at least one primary metarule in a parameterizable form and in corresponding relationship to primary identifiers; a second table storing at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to at least one primary identifier, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule; and management module which is coupled to a firewall module of said data processing server and, on receipt of auxiliary data representing operating parameters that request reconfiguration of the firewall module, the auxiliary data delivered by said firewall module after reception by the data processing server of secondary data that requires reconfiguration of the firewall module, selects at least one of the primary identifiers in the first table and associates said auxiliary data therewith so as to define dedicated processes of said firewall module; wherein the management module reconfigures the firewall module so that a current configuration of the firewall module is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events, wherein said firewall module applies said defined dedicated processes to process primary data received by said data processing server, said data processing server transmitting said primary data based on said processing; and wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined, wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A data processing method, comprising:
-
storing in a first table sets of at least one primary metarule in a parameterized form and in corresponding relationship to primary identifiers; storing in a second table at least one secondary metarule associated with secondary identifiers, each secondary identifier is in corresponding relationship to primary identifiers, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule; on receipt of auxiliary data representing operational parameters that request reconfiguration of a control means, the auxiliary data delivered by the server after the receipt of secondary data that requires reconfiguration of the control means, selecting at least one of the primary identifiers in the first table; associating said auxiliary data with said selected primary identifier so as to define said dedicated processes; and applying said dedicated processes based on primary rules to process primary data received by a data processing server, and transmitted by said data processing server based on said processing; wherein said at least one primary metarule is specified according to a string of characters containing a place-holder for each parameter of said primary metarule that is not statically defined, wherein the control means is a firewall and a management means configures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events, wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A network data processing device, comprising:
-
an engine; a management module coupled to said engine, said management module comprising; a first memory containing a first table, said first table containing primary identifiers associated with at least one parameterized rule for providing direction to said engine when one or more of said primary identifiers and said at least one parameterized rule are associated with at least one parameter value; and a second memory containing a second table, said second table containing at least one secondary metarule associated with secondary identifiers, each secondary identifier associated with at least one of said primary identifiers, wherein at least one priority level is installed between the at least one primary metarule and the at least one secondary metarule, wherein the management module includes a configuration module which decides when to make modifications to a current configuration of a firewall, wherein the management module reconfigures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of the data processing server, an operating configuration of the data processing server and an occurrence of internal and external events, wherein said engine, in response to receiving said direction, manages network data according to said direction; and wherein said at least one parameterized rule is specified according to a string of characters containing a place-holder for each parameter of said parameterized rule that is not statically defined, wherein the place-holder is relevant to the rule, and wherein the primary identifier comprises alphabetical characters designating a set of primary rule prototypes. - View Dependent Claims (19)
-
-
20. A method of processing network data, comprising:
-
storing, as entries in a first table, first primary identifiers, each with one or more associated first parameterized rules for configuring a firewall; storing as entries in a second table, second parameterized rules, each associated with secondary identifiers, each secondary identifier with one or more second primary identifiers and one or more associated parameter values; receiving data comprising at least one new parameter value; determining at least one associable second primary identifier which said new parameter value can be associated with; storing said new parameter value is association with said associable second primary identifier; determining current associated parameter values and corresponding parameterized rules for each of said secondary identifiers; based on priority levels installed between the first parameterized rules and the second parameterized rules, making a combination of said current associated parameter values and at least one of the first parameterized rules and the second parameterized rules for directing an engine; and communicating said combination to said engine so as to direct management of network data by said engine; wherein each of said associated parameterized rules is specified according to a string of characters containing a place-holder for each parameter of said associated parameterized rule that is not statically defined, wherein the place-holder is relevant to the rule; and wherein a management module reconfigures the firewall so that a current configuration of the firewall is modified, based on hardware characteristics of said engine, an operating configuration of said engine and an occurrence of internal and external events, wherein the first primary identifiers comprise alphabetical characters designing a set of primary rule prototypes.
-
Specification