[특허]Efficient evaluation of rules

Efficient evaluation of rules 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-017/00
출원번호	US-0878093 (2001-06-08)
발명자 / 주소	Cooper,Geoffrey Sherlock,Kieran G. Shaw,Bob Valente,Luis
출원인 / 주소	Security, Inc.
대리인 / 주소	Glenn Patent Group
인용정보	피인용 횟수 : 59 인용 특허 : 10

초록

A method and apparatus uses a proprietary algorithm for organizing network security policy rules in a way that minimizes the number of rules considered when determining the set of rules applicable to a given protocol event.

대표청구항 ▼

The invention claimed is: 1. A computer-implemented method for a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said method comprising the steps of: providing a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said policy engine; creating a first associative array having a first key and a first value, wherein said first key corresponds to an agent descriptor and said first value is a reference to a second associative array having a second key and a second value; creating a second associative array, wherein said second key corresponds to a protocol name and said second value is a reference to a third associative array having a third key and a third value; creating a third associative array, wherein said third key corresponds to a protocol action and said third value is a reference to a fourth associative array having a fourth key and a fourth value; creating a fourth associative array, wherein said fourth key corresponds to a set of policy rules and said fourth value is a rank number associated with said any of said policy rules; upon receiving at runtime an incoming protocol event comprising an associated agent descriptor, an associated protocol name, and an associated protocol action, selecting said first associative array, wherein said first key corresponds to said associated agent descriptor and said first value is a reference to said second associative array; selecting said second associative array, wherein said second key corresponds to said associated protocol name and said second value is a reference to said third associative array; selecting said third associative array, wherein said third key corresponds to said associated protocol action and said third value is a reference to said fourth associative array; and selecting said fourth associative array, wherein said fourth key corresponds to any of said policy rules and said fourth value is a said rank number associated with said any of said policy rules, wherein said rank number is a relative value dependent on, and does not have to be unique with respect to, other rank numbers in said fourth associative array. 2. The computer-implemented method of claim 1, further comprising ordering said policy rules in decreasing order of rank number. 3. The computer-implemented method of claim 2, further comprising incorporating constraints into said ordering. 4. The computer-implemented method of claim 2, further comprising ordering in lexical order rules having a same rank number. 5. The computer-implemented method of claim 1, wherein said any of said policy rules is referenced by a plurality of said fourth associative arrays. 6. A computer system for a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said computer system comprising: at least one computer with accessibly coupled computer memory; a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action contains program code segments residing in said computer memory accessibly coupled to said computer of said computer system comprised of: a program code segment supporting creating a first associative array having a first key and a first value, wherein said first key corresponds to an agent descriptor and said first value is a reference to a second associative array having a second key and a second value; a program code segment supporting creating a second associative array, wherein said second key corresponds to a protocol name and said second value is a reference to a third associative array having a third key and a third value; a program code segment supporting creating a third associative array, wherein said third key corresponds to a protocol action and said third value is a reference to a fourth associative array having a fourth key and a fourth value; a program code segment supporting creating a fourth associative array, wherein said fourth key corresponds to a set of policy rules and said fourth value is a rank number associated with said any of said policy rules; a program code segment supporting, upon receiving at runtime an incoming protocol event comprising an associated agent descriptor, an associated protocol name, and an associated protocol action, selecting said first associative array, wherein said first key corresponds to said associated agent descriptor and said first value is a reference to a said second associative array; a program code segment supporting selecting said second associative array, wherein said second key corresponds to said associated protocol name and said second value is a reference to said third associative array; a program code segment supporting selecting said third associative array, wherein said third key corresponds to said associated protocol action and said third value is a reference to said fourth associative array; and a program code segment supporting selecting said fourth associative array, wherein said fourth key corresponds to any of said policy rules and said fourth value is said rank number associated with said any of said policy rules, wherein said rank number is a relative value dependent on, and does not have to be unique with respect to, other rank numbers in said fourth associative array. 7. The computer system of claim 6, further comprising a program code segment supporting ordering said policy rules in decreasing order of rank number. 8. The computer system of claim 7, further comprising a program code segment supporting incorporating constraints into said ordering. 9. The computer system of claim 7, further comprising a program code segment supporting ordering in lexical order rules having a same rank number. 10. The computer system of claim 6, wherein said any of said policy rules is referenced, by a plurality of said fourth associative arrays.

이 특허에 인용된 특허 (10)

Krishnan, P.; Raz, Danny; Sugla, Binay, Adaptive re-ordering of data packet filter rules.
상세보기
Johnson Woodrow W. ; Atkins Christine J. ; Yoh Jon, Electronic rights management and authorization system.
상세보기
Shrader Theodore Jack London, Filter rule validation and administration for firewalls.
상세보기
Scott L. Wiegel, Graphical network security policy management.
상세보기
Jiyang Xu ; Rodolphe Jean Nassif ; Joan Marie Swinney ; Connie Dell Winston, Method and system for correcting customer service orders.
상세보기
Coss Michael John ; Majette David L. ; Sharp Ronald L., Methods and apparatus for a computer network firewall with dynamic rule processing with the ability to dynamically alter the operations of rules.
상세보기
Robert T. Baum ; Edward M. Eggerl ; William R. Burton ; Leo C. Cloutier, Real time firewall security.
상세보기
Kloth, Axel K., Rule based IP data processing.
상세보기
Attwood, Kira Sterling; Godwin, James Russell; Overby, Jr., Linwood Hugh; Perry, Brian Sean; Wierbowski, David John, Security rule database searching in a network security environment.
상세보기
Godwin, James Russell; Jones, David Andrew; Overby, Jr., Linwood Hugh; Wenklar, Richard Allen, Security rule processing for connectionless protocols.
상세보기

이 특허를 인용한 특허 (59)

Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and sensor triggered AR eyepiece interface to external devices.
상세보기
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and sensor triggered control of AR eyepiece applications.
상세보기
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and user action control of external applications.
상세보기
Haddick, John D.; Osterhout, Ralph F.; Lohse, Robert Michael, Adjustable extension for temple arm.
상세보기
Poling, Robert; Pugh, Richard S., Automatic discovery of users associated with screen names.
상세보기
Hajost, Brian H.; Jaramillo, Fredi, Automating the creation and maintenance of policy compliant environments.
상세보기
Sharpe, Richard; Taylor, John Richard; Chou, Randy Yen-pang, Avoiding client timeouts in a distributed filesystem.
상세보기
Hill, Duncan Christopher, Cloud computing gateway, cloud computing hypervisor, and methods for implementing same.
상세보기
Hill, Duncan Christopher, Cloud computing gateway, cloud computing hypervisor, and methods for implementing same.
상세보기
Hill, Duncan Christopher, Cloud computing gateway, cloud computing hypervisor, and methods for implementing same.
상세보기
Veeraraghavan, Venkatesh; Huang, Lin; Tennisberg, Targo; Fink, Nathan, Content targeting with audiences.
상세보기
Nadalin, Anthony J.; Wesley, Ajamu A., Context-sensitive confidentiality within federated environments.
상세보기
Nadalin, Anthony J.; Wesley, Ajamu A., Context-sensitive confidentiality within federated environments.
상세보기
Nadalin, Anthony J.; Wesley, Ajamu A., Context-sensitive confidentiality within federated environments.
상세보기
Valente,Luis Filipe Pereira; Cooper,Geoffrey Howard; Shaw,Robert Allen; Sherlock,Kieran Gerard, Declarative language for specifying a security policy.
상세보기
Schneider, Kenneth; McCorkendale, Bruce, Distributed platform for testing filtering rules.
상세보기
Kashyap, Vivek, Dynamically defining network access rules.
상세보기
Kashyap, Vivek, Dynamically defining rules for network access.
상세보기
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Border, John N.; Miller, Gregory D.; Stovall, Ross W., Eyepiece with uniformly illuminated reflective display.
상세보기
Maufer,Thomas A.; Gyugyi,Paul J.; Nanda,Sameer; Sidenblad,Paul J., Fragment processing utilizing cross-linked tables.
상세보기
Miller, Gregory D.; Border, John N.; Osterhout, Ralph F., Grating in a light transmissive illumination system for see-through near-eye display glasses.
상세보기
Border, John N.; Bietry, Joseph; Haddick, John D.; Lohse, Robert Michael, Light control in head mounted displays.
상세보기
Osterhout, Ralph F.; Lohse, Robert Michael, Method and apparatus for biometric data capture.
상세보기
Cooper, Geoffrey; Sherlock, Kieran G.; Hoy, Mark, Method and apparatus for rate limiting.
상세보기
Harrison, Reuven, Method and system for mapping between connectivity requests and a security rule set.
상세보기
Harrison, Reuven, Method and system for mapping between connectivity requests and a security rule set.
상세보기
Stevenson, Thomas Edward; Matyger, Jr., Allan Michael; Smith, Paul; Sachen, Sean, Method and system for providing information from third party applications to devices.
상세보기
Elzur, Uri, Method and system for traffic engineering in secured networks.
상세보기
Elzur, Uri, Method and system for traffic engineering in secured networks.
상세보기
Elzur, Uri, Method and system for traffic engineering in secured networks.
상세보기
Krig, Scott A., Method, apparatus, and device for protecting against programming attacks and/or data corruption.
상세보기
Cooper,Geoffrey; Shaw,Robert Allen; Valente,Luis Filipe Pereira; Sherlock,Kieran Gerard, Network monitor internals description.
상세보기
Miller, Gregory D.; Border, John N.; Osterhout, Ralph F., Optical imperfections in a light transmissive illumination system for see-through near-eye display glasses.
상세보기
Stephens, Gregory D., Passively attributing anonymous network events to their associated users.
상세보기
Davis, Andrew P.; Taylor, John Richard; Chou, Randy Yen-pang, Performing deduplication in a distributed filesystem.
상세보기
Igakura, Tomohiro, Policy processing system, method, and program.
상세보기
Johnson, Stephen L.; Guo, Jinhong Katherine; Park, Il-Pyung, Security architecture and mechanism to access and use security components in operating system.
상세보기
Border, John N.; Haddick, John D.; Lohse, Robert Michael; Osterhout, Ralph F., See-through near-eye display glasses including a modular image source.
상세보기
Border, John N.; Osterhout, Ralph F., See-through near-eye display glasses including an auto-brightness control for the display brightness based on the brightness in the environment.
상세보기
Border, John N.; Osterhout, Ralph F., See-through near-eye display glasses with a fast response photochromic film system for quick transition from dark to clear.
상세보기
Border, John N.; Haddick, John D.; Osterhout, Ralph F., See-through near-eye display glasses with a light transmissive wedge shaped illumination system.
상세보기
Border, John N.; Haddick, John D.; Osterhout, Ralph F., See-through near-eye display glasses with a small scale image source.
상세보기
Border, John N.; Haddick, John D.; Lohse, Robert Michael; Osterhout, Ralph F., See-through near-eye display glasses with the optical assembly including absorptive polarizers or anti-reflective coatings to reduce stray light.
상세보기
Thario, James E., Software vulnerability notification via icon decorations.
상세보기
Thario, James E., Software vulnerability notification via icon decorations.
상세보기
Martinez, Frank R.; Pulier, Eric, System and method for a cloud computing abstraction layer with security zone facilities.
상세보기
Martinez, Frank; Pulier, Eric, System and method for a cloud computing abstraction with self-service portal for publishing resources.
상세보기
Haddick, John D.; Osterhout, Ralph F., System and method for delivering content to a group of see-through near eye display eyepieces.
상세보기
Jackson, Eric S.; Song, Douglas J.; Fleis, Lawrence Benjamin; Dysart, Aidan Christopher; Malan, Gerald R., System and method for managing computer networks.
상세보기
Haddick, John D.; Osterhout, Ralph F.; Lohse, Robert Michael, System and method for social networking gaming with an augmented reality.
상세보기
Miller, Randy; Poling, Robert; Pugh, Richard S.; Shapiro, Dmitry, Systems and methods for a protocol gateway.
상세보기
Miller, Randy; Poling, Robert; Pugh, Richard S.; Shapiro, Dmitry, Systems and methods for authentication of target protocol screen names.
상세보기
Miller, Randy; Poling, Robert; Pugh, Richard S.; Shapiro, Dmitry, Systems and methods for implementing protocol enforcement rules.
상세보기
Poling, Robert; Nielsen, Mary; Scott, Robert, Systems and methods for implementing protocol enforcement rules.
상세보기
Miller, Randy; Poling, Robert; Pugh, Richard S.; Shapiro, Dmitry, Systems and methods for managing messages in an enterprise network.
상세보기
Miller, Randy; Poling, Robert; Pugh, Richard S.; Shapiro, Dmitry, Systems and methods for managing messages in an enterprise network.
상세보기
Miller,Randy; Poling,Robert; Pugh,Richard S.; Shapiro,Dmitry, Systems and methods for reflecting messages associated with a target protocol within a network.
상세보기
Shastri, Vijnan; Lee, Lisa; Tran, Trung, Systems and methods for remote rogue protocol enforcement.
상세보기
Eckert, Toerless; Wei, Liming; Farinacci, Dino, URL based communication protocol from a client computer to a network device.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Efficient evaluation of rules 원문보기

초록

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (10)

이 특허를 인용한 특허 (59)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Efficient evaluation of rules 원문보기

초록

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (10)

이 특허를 인용한 특허 (59)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트