Object-relation user interface for viewing security configurations of network security devices

US 9,948,679 B2
Filed: 12/21/2015
Issued: 04/17/2018
Est. Priority Date: 08/21/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

generating an object-relation user interface for viewing security configurations of network security devices on a display, wherein the generating includes;

generating for display by a computer device and displaying selectable device icons that represent respective network security devices;

responsive to a selection of one of the displayed device icons, generating for display by the computer device and displaying selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;

responsive to a selection of one of the displayed interface icons, generating for display by a computer device and displaying selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values;

responsive to a selection of one of the displayed policy icons, generating for display by a computer device and displaying selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon;

responsive to a selection of one of the displayed object group icons, generating for display by the computer device and displaying for the security rule objects in the group of objects represented by the selected object group icon respective object values in an editable form that permits editing of the object values, including adding a new object value, deleting one of the object values, or modifying one of the object values of the object-relation user interface for viewing the security configurations of the network security devices;

generating for concurrent display a selectable identical filter, a selectable similar filter, and the object group icons;

receiving a selection of either the identical filter or the similar filter;

in response to a selection of the identical filter being received;

identifying identical objects among the object groups represented by the object group icons, andgenerating for display the identical objects; and

in response to a selection of the similar filter being received;

identifying similar objects among the object groups represented by the object group icons, andgenerating for display the similar objects.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer implemented method, selectable device icons that represent respective network security devices are generated for display. Responsive to a selection of one of the device icons, selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon are generated for display. Responsive to a selection of one of the interface icons, selectable policy icons that represent respective security polices applied to the network interface represented by the selected interface icon are generated for display. Responsive to a selection of one of the policy icons, selectable object group icons that represent respective groups of security rule objects used in the network security policy represented by the selected policy icon are generated for display.

46 Citations

View as Search Results

22 Claims

1. A computer implemented method comprising:
- generating an object-relation user interface for viewing security configurations of network security devices on a display, wherein the generating includes;
  
  generating for display by a computer device and displaying selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the displayed device icons, generating for display by the computer device and displaying selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the displayed interface icons, generating for display by a computer device and displaying selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values;
  
  responsive to a selection of one of the displayed policy icons, generating for display by a computer device and displaying selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon;
  
  responsive to a selection of one of the displayed object group icons, generating for display by the computer device and displaying for the security rule objects in the group of objects represented by the selected object group icon respective object values in an editable form that permits editing of the object values, including adding a new object value, deleting one of the object values, or modifying one of the object values of the object-relation user interface for viewing the security configurations of the network security devices;
  
  generating for concurrent display a selectable identical filter, a selectable similar filter, and the object group icons;
  
  receiving a selection of either the identical filter or the similar filter;
  
  in response to a selection of the identical filter being received;
  
  identifying identical objects among the object groups represented by the object group icons, andgenerating for display the identical objects; and
  
  in response to a selection of the similar filter being received;
  
  identifying similar objects among the object groups represented by the object group icons, andgenerating for display the similar objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 3. The method of claim 1, wherein each interface icon indicates, for the network interface represented by the interface icon, a network interface name, a name of the network security device that uses the network interface, and at least one of a number of security policies used by the network interface or a number of objects in the security policy.
  - 4. The method of claim 1, wherein each policy icon indicates, for the security policy represented by the policy icon, a name of the security policy, and a number of objects in the security policy.
  - 5. The method of claim 1, wherein each object group icon indicates, for the group of objects represented by the object group icon, a name of the group of objects, a name of a network interface that uses the group of objects, and a number of objects in the group of objects.
  - 6. The method of claim 1, further comprising:
    - generating for concurrent display the device icons and the interface icons; and
      
      generating for concurrent display the interface icons and the policy icons.
  - 7. The method of claim 6, further comprising:
    - generating for concurrent display the policy icons and the object group icons; and
      
      generating for concurrent display the object group icons and the object values.
  - 8. The method of claim 1, further comprising:
    - generating for concurrent display a selectable permit filter, a selectable deny filter, and the selectable policy icons;
      
      receiving, in addition to the selection of the policy icon, a selection of either the permit filter or the deny filter;
      
      if the permit filter is selected, identifying in the security policy represented by the selected policy icon security rules configured to permit access to a network resource; and
      
      if the deny filter is selected, identifying in the security policy represented by the selected policy icon security rules configured to deny access to a network resource; and
      
      generating for display objects used by the identified security rules.

9. An apparatus comprising:
- a network interface unit configured to enable communications over a network; and
  
  a hardware processor, coupled to the network interface unit, configured to generate an object-relation user interface for viewing security configurations of network security devices on a display, wherein the processor is configured to;
  
  generate for display selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the device icons, generate for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the interface icons, generate for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values;
  
  responsive to a selection of one of the policy icons, generate for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon;
  
  responsive to a selection of one of the object group icons, generate for display for the security rule objects in the group of objects represented by the selected object group icon respective object values in an editable form that permits editing of the object values, including adding a new object value, deleting one of the object values, or modifying one of the object values of the object-relation user interface for viewing the security configurations of the network security devices;
  
  generating for concurrent display a selectable identical filter, a selectable similar filter, and the object group icons;
  
  receiving a selection of either the identical filter or the similar filter;
  
  in response to a selection of the identical filter being received;
  
  identifying identical objects among the object groups represented by the object group icons, andgenerating for display the identical objects; and
  
  in response to a selection of the similar filter being received;
  
  identifying similar objects among the object groups represented by the object group icons, andgenerating for display the similar objects.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 11. The apparatus of claim 9, wherein the processor is further configured to:
    - generate for concurrent display the device icons and the interface icons; and
      
      generate for concurrent display the interface icons and the policy icons.
  - 12. The apparatus of claim 11, wherein the processor is further configured to:
    - generate for concurrent display the policy icons and the object group icons; and
      
      generate for concurrent display the object group icons and the object values.
  - 13. The apparatus of claim 9, wherein each interface icon indicates, for the network interface represented by the interface icon, a network interface name, a name of the network security device that uses the network interface, and at least one of a number of security policies used by the network interface or a number of objects in the security policy.
  - 14. The apparatus of claim 9, wherein each policy icon indicates, for the security policy represented by the policy icon, a name of the security policy, and a number of objects in the security policy.
  - 15. The apparatus of claim 9, wherein each object group icon indicates, for the group of objects represented by the object group icon, a name of the group of objects, a name of a network interface that uses the group of objects, and a number of objects in the group of objects.

16. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform:
- generating an object-relation user interface for viewing security configurations of network security devices on a display, wherein the generating includes;
  
  generating for display selectable device icons that represent respective network security devices;
  
  responsive to a selection of one of the device icons, generating for display selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon;
  
  responsive to a selection of one of the interface icons, generating for display selectable policy icons that represent respective security polices used by the network interface represented by the selected interface icon, the security policies including security rules, each security rule including objects arranged according to a predetermined rule syntax to control access to a resource, at least some of the objects having respective object values;
  
  responsive to a selection of one of the policy icons, generating for display selectable object group icons that represent respective groups of objects used in the security policy represented by the selected policy icon;
  
  responsive to a selection of one of the object group icons, generating for display for the security rule objects in the group of objects represented by the selected object group icon respective object values in an editable form that permits editing of the object values, including adding a new object value, deleting one of the object values, or modifying one of the object values of the object-relation user interface for viewing the security configurations of the network security devices;
  
  generating for concurrent display a selectable identical filter, a selectable similar filter, and the object group icons;
  
  receiving a selection of either the identical filter or the similar filter;
  
  in response to a selection of the identical filter being received;
  
  identifying identical objects among the object groups represented by the object group icons, andgenerating for display the identical objects; and
  
  in response to a selection of the similar filter being received;
  
  identifying similar objects among the object groups represented by the object group icons, andgenerating for display the similar objects.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer readable storage media of claim 16, wherein each device icon indicates, for the network security device represented by the device icon:
    - a type of network security device;
      
      a network security device name; and
      
      at least one of;
      
      a number of network interfaces of the network security device;
      
      ora number of network security policies used by the network security device and a number of security rule objects in the network security policies.
  - 18. The computer readable storage media of claim 16, further comprising instructions to cause the processor to further perform:
    - generating for concurrent display the device icons and the interface icons; and
      
      generating for concurrent display the interface icons and the policy icons.
  - 19. The computer readable storage media of claim 18, further comprising instructions to cause the processor to further perform:
    - generating for concurrent display the policy icons and the object group icons; and
      
      generating for concurrent display the object group icons and the object values.
  - 20. The non-transitory computer readable storage media of claim 16, wherein each interface icon indicates, for the network interface represented by the interface icon, a network interface name, a name of the network security device that uses the network interface, and at least one of a number of security policies used by the network interface or a number of objects in the security policy.
  - 21. The non-transitory computer readable storage media of claim 16, wherein each policy icon indicates, for the security policy represented by the policy icon, a name of the security policy, and a number of objects in the security policy.
  - 22. The non-transitory computer readable storage media of claim 16, wherein each object group icon indicates, for the group of objects represented by the object group icon, a name of the group of objects, a name of a network interface that uses the group of objects, and a number of objects in the group of objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Siswick, Zachary D, Miglani, Umesh Kumar, Hollingshead, Daniel, Catubig, Karyll, Dotan, Yedidya, Knjazihhin, Denis
Primary Examiner(s)
Holder, Bradley

Application Number

US14/976,338
Publication Number

US 20170054757A1
Time in Patent Office

848 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

H04L 63/02   for separating internal fro...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Object-relation user interface for viewing security configurations of network security devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Object-relation user interface for viewing security configurations of network security devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links