Rule engine

a rule engine and rule technology, applied in the field of computer network integrated policy enforcement systems, can solve the problems of affecting the performance of firewalls, affecting and illegitimate users can change data, etc., to achieve the effect of improving the efficiency of rule mesh traversal

Inactive Publication Date: 2007-02-15
IPOLICY NETWORKS
View PDF10 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0018] Still another object of the present invention is to improve efficiency of rule mesh traversal for subsequent packets of a se...

Problems solved by technology

Such information exchange poses a security risk as the organization's intranet becomes accessible to outsiders.
Illegitimate users can change data, gain unauthorized access to data, destroy data, or make unauthorized use of computer resources.
These security issues require organizations to implement safeguards that ensure security of their networks.
Hence, the performance of a firewall suffers with an increase in the number of rules, because each data packet has to be checked against an increased number of rules.
Moreover, an increase in the volume of network traffic increases the number of pack...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule engine
  • Rule engine
  • Rule engine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

Definitions

[0029] Data packets: This term refers to units of data that are sent on any packet switched network or the like, and encompasses Transmission Control Protocol / Internet Protocol (TCP / IP) packets, User Datagram Protocol (UDP) packets, which may also be referred to as datagrams, or any other such units of data.

[0030] Expression: An expression denotes a property of network traffic whose value determines the outcome of a condition. Examples of expressions include source IP address, destination IP address, and layer 3 protocols.

[0031] Rule mesh: A data structure, which is a combination of two types of data structures namely, tree and graph. The data structure starts as a tree, the leaf nodes of tree end into a graph.

[0032] Tree data structure: A tree data structure is a data structure comprising nodes and edges. A node can be root node, leaf node or an internal node. The root node is the starting node of a tree. There is only one root node in a tree. On traversing the tree...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A rule engine for a computer network traverses a rule mesh having path nodes and path edges in form of a tree part and a graph part. The rule engine evaluates data packets flowing through a network to determine rules matched for every packet. Subsequent packets having same expression values as an already checked packet are not rechecked against the same nodes in the rule mesh through the use of a session entry. The rule engine performs a search on every path node of rule mesh to determine the next path edge to traverse. A Tree-Id and Rule Confirmation Bitmap that are indicative of path traversed and rules matched by a packet are generated at the end of rule mesh traversal. These are appended in the packet extension for subsequent modules of Policy Agent.

Description

CROSS REFERENCE TO RELATED APPLICATION [0001] This application is a continuation application of U.S. application Ser. No. 10 / 264,803, filed Oct. 4, 2002, entitled, ‘Rule Engine’ by Parekh, et alBACKGROUND [0002] The invention relates to integrated policy enforcement systems for computer networks. In particular the invention provides a method and system for evaluating data packets against configured rules and mapping the packets to the rules that have matched for an integrated policy enforcement system. [0003] The emergence and advancement of networks and networking technologies has revolutionized information exchange between organizations. A network may be defined as a group of computers and associated devices that are connected via communication links. These communication links can be wireless communication links. All the devices connected over a network are capable of communicating (i.e. sending and receiving information) with other devices connected to the network. [0004] A netwo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F15/173
CPCH04L45/48H04L69/22H04L63/0263H04L63/0254
Inventor PAREKH, PANKAJGUPTA, SANDEEPMAMTANI, VIJAY
Owner IPOLICY NETWORKS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap