Method and system to distribute policies

US 9,281,993 B2
Filed: 05/17/2013
Issued: 03/08/2016
Est. Priority Date: 12/11/2003
Status: Active Grant

First Claim

Patent Images

1. A method to distribute policies, comprising:

defining, by a policy processor, a policy template associated with each policy;

assigning, by the policy processor, a unique identification (ID) to each policy template;

storing, by the policy processor, each policy template and assigned ID in a policy template repository;

transmitting, by the policy processor, only the assigned ID to an enforcement point for each policy to be enforced by the enforcement point;

determining, by the enforcement point, if the policy template corresponding to each transmitted ID is present at the enforcement point;

receiving a query from the enforcement point for each policy template that is not present at the enforcement point, wherein the query includes the ID for the policy template not present at the enforcement point;

transmitting the policy template from the policy template repository to the enforcement point in response to the query including the ID for the policy template;

identifying at least one set of parameters to be associated with each policy template;

transmitting the one set of parameters to be used in each associated policy template for enforcement to the enforcement point;

binding the parameters to each associated template; and

implementing the policy associated with each policy template.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to distribute policies may include transmitting one of an identification (ID) assigned to a policy template or the policy template associated with each policy to an enforcement point or selected enforcement points for enforcement. The method may also include transmitting one set of parameters to be used in each policy template to the enforcement point.

11 Citations

View as Search Results

15 Claims

1. A method to distribute policies, comprising:
- defining, by a policy processor, a policy template associated with each policy;
  
  assigning, by the policy processor, a unique identification (ID) to each policy template;
  
  storing, by the policy processor, each policy template and assigned ID in a policy template repository;
  
  transmitting, by the policy processor, only the assigned ID to an enforcement point for each policy to be enforced by the enforcement point;
  
  determining, by the enforcement point, if the policy template corresponding to each transmitted ID is present at the enforcement point;
  
  receiving a query from the enforcement point for each policy template that is not present at the enforcement point, wherein the query includes the ID for the policy template not present at the enforcement point;
  
  transmitting the policy template from the policy template repository to the enforcement point in response to the query including the ID for the policy template;
  
  identifying at least one set of parameters to be associated with each policy template;
  
  transmitting the one set of parameters to be used in each associated policy template for enforcement to the enforcement point;
  
  binding the parameters to each associated template; and
  
  implementing the policy associated with each policy template.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing each one of the at least one set of parameters by name and type.
  - 3. The method of claim 1, wherein the policy template includes a form of “
    - if a first parameter then a second parameter”
      
      , the policy template and the parameters being transmitted separately to reduce use of communication resources by factoring the template and parameters to be used in the template and to permit different parameters to be transmitted from time to time to replace previous parameters in the policy template to change the policy associated with the policy template without the need of transmitting the entire policy or policy template again to further reduce use of communication resources.
  - 4. The method of claim 1, further comprising applying asynchronous, out-of-band communication to query the repository and transmit any templates.
  - 5. The method of claim 1, further comprising compressing each template before transmitting to the enforcement point.
  - 6. The method of claim 1, further comprising forming each policy template in a structured document.
  - 7. The method of claim 1, further comprising forming each policy template in a mark-up language.

8. A system to distribute policies, comprising:
- a policy administrator to define policy templates and to transmit one of an identification (ID) assigned to a policy template or the policy template associated with each policy to be enforced;
  
  an enforcement point to receive the ID assigned to the policy template or the policy template for each policy and to enforce each policy; and
  
  a storage device to store each policy template and assigned ID, wherein the enforcement point determines if the policy template is present at the enforcement point in response to receiving the ID assigned to the policy template and the enforcement point transmits a query to the storage device in response to the policy template not being present at the enforcement point.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein each policy administrator comprises a processor to transmit one of the ID assigned to the policy template or the policy template associated with each policy.
  - 10. The system of claim 8, wherein each enforcement point comprises:
    - a processor to receive the IDs assigned to each policy template; and
      
      a data source to store each policy template for enforcement and assigned ID, wherein the processor forms and transmits the query in response to each policy template corresponding to any transmitted IDs not present in the data source.
  - 11. The system of claim 8, further comprising a server to interface between each policy administrator, each enforcement point and the repository.

12. A computer program product to distribute policies, the computer program product comprising:
- a non-transitory computer readable storage medium comprising hardware having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to determine if a policy template is present at an enforcement point in response to receiving an identification (ID) assigned to the policy template at the enforcement point, wherein the enforcement point determines if the policy template is present at the enforcement point;
  
  computer readable program code configured to receive a query from the enforcement point in response to the policy template not being present at the enforcement point, wherein the query includes the ID assigned to the policy template and the repository stores a plurality of policy templates and ID assigned to each polity template;
  
  computer readable program code configured to receive the policy template at the enforcement point, wherein the policy template is transmitted by the repository in response to the query;
  
  computer readable program code configured to receive a set of parameters to be used in the policy template at the enforcement point, wherein the set of parameters are transmitted separately from the policy template;
  
  computer readable program code configured to bind the parameters to the policy template; and
  
  computer readable program code configured to implement the policy associated with the policy template.
- View Dependent Claims (13, 14)
- - 13. The computer program product of claim 12, further comprising computer readable program code configured to apply asynchronous, out-of-band communication to transmit the query and any policy templates.
  - 14. The computer program product of claim 12, further comprising compressing the policy template before transmitting to the enforcement point or any selected enforcement points.

15. A method to distribute policies, comprising:
- receiving, by an enforcement point, only the assigned ID for each policy to be enforced by the enforcement point;
  
  determining, by the enforcement point, if a policy template corresponding to each transmitted ID is present at the enforcement point;
  
  transmitting, by the enforcement point, a query to a policy template repository for each policy template that is not present at the enforcement point, wherein the query includes the ID for the policy template not present at the enforcement point; and
  
  receiving, by the enforcement point, each policy template from the policy template repository in response to the query including the ID for each policy template that is not present at the enforcement point;
  
  receiving, by the enforcement point, a set of parameters to be used in each associated policy template that is present at the enforcement point for enforcement by the enforcement point;
  
  binding, by the enforcement point, the set of parameters to each associated policy template; and
  
  implementing, by the enforcement point, a policy associated with each policy template present at the enforcement point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kaminsky, David L., Born, Christina, Cheng, Carrie S., Kirschstein, Eric
Primary Examiner(s)
MADAMBA, GLENFORD J

Application Number

US13/897,044
Publication Number

US 20130262688A1
Time in Patent Office

1,026 Days
Field of Search

709/217, 709/225, 709/229, 705/1
US Class Current

1/1
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 41/00   Arrangements for maintenanc...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/344   Out-of-band transfers

Method and system to distribute policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and system to distribute policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others