Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
2006-04-18
2006-04-18
Wiley, David (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S202000, C709S207000, C709S213000, C709S228000, C709S233000, C707S793000
Reexamination Certificate
active
07032022
ABSTRACT:
A unified policy management system for an organization including a central policy server and remotely situated policy enforcers. A central database and policy enforcer databases storing policy settings are configured as LDAP databases adhering to a hierarchical object oriented structure. Such structure allows the policy settings to be defined in an intuitive and extensible fashion. Changes in the policy settings made at the central policy server are automatically transferred to the policy enforcers for updating their respective databases. Each policy enforcer collects and transmits health and status information in a predefined log format and transmits it to the policy server for efficient monitoring by the policy server. For further efficiencies, the policy enforcement functionalities of the policy enforcers are effectively partitioned so as to be readily implemented in hardware. The system also provides for dynamically routed VPNs where VPN membership lists are automatically created and shared with the member policy enforcers. Updates to such membership lists are also automatically transferred to remote VPN clients. The system further provides for fine grain access control of the traffic in the VPN by allowing definition of firewall rules within the VPN. In addition, policy server and policy enforcers may be configured for high availability by maintaining a backup unit in addition to a primary unit. The backup unit becomes active upon failure of the primary unit.
REFERENCES:
patent: 5029206 (1991-07-01), Martino, Jr. et al.
patent: 5448724 (1995-09-01), Hayashi
patent: 5579222 (1996-11-01), Bains et al.
patent: 5677905 (1997-10-01), Bigham et al.
patent: 5758083 (1998-05-01), Singh et al.
patent: 5835481 (1998-11-01), Akyol et al.
patent: 5872779 (1999-02-01), Vaudreuil
patent: 5884325 (1999-03-01), Bauer et al.
patent: 5951639 (1999-09-01), MacInnis
patent: 5987376 (1999-11-01), Olsen et al.
patent: 5987508 (1999-11-01), Agraharam et al.
patent: 5991771 (1999-11-01), Falls et al.
patent: 6070243 (2000-05-01), See et al.
patent: 6073175 (2000-06-01), Tavs et al.
patent: 6088451 (2000-07-01), He et al.
patent: 6101541 (2000-08-01), Ellesson et al.
patent: 6104700 (2000-08-01), Haddock et al.
patent: 6128296 (2000-10-01), Daruwalla et al.
patent: 6141686 (2000-10-01), Jackowski et al.
patent: 6148336 (2000-11-01), Thomas et al.
patent: 6148410 (2000-11-01), Baskey et al.
patent: 6157955 (2000-12-01), Narad et al.
patent: 6158010 (2000-12-01), Moriconi et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6170009 (2001-01-01), Mandal et al.
patent: 6210272 (2001-04-01), Brown
patent: 6243749 (2001-06-01), Sitaraman et al.
patent: 6272648 (2001-08-01), Findlay et al.
patent: 6286052 (2001-09-01), McCloghrie et al.
patent: 6311205 (2001-10-01), Dutcher et al.
patent: 6363498 (2002-03-01), Howell
patent: 6374295 (2002-04-01), Farrow et al.
patent: 6408399 (2002-06-01), Baughman
patent: 6430710 (2002-08-01), Moriyama et al.
patent: 6442713 (2002-08-01), Block et al.
patent: 6449650 (2002-09-01), Westfall et al.
patent: 6466941 (2002-10-01), Rowe et al.
patent: 6487594 (2002-11-01), Bahlmann
patent: 6502131 (2002-12-01), Vaid et al.
patent: 6516314 (2003-02-01), Birkler et al.
patent: 6523064 (2003-02-01), Akatsu et al.
patent: 6529499 (2003-03-01), Doshi et al.
patent: 6549902 (2003-04-01), Iwai
patent: 6584454 (2003-06-01), Hummel, Jr. et al.
patent: 6587466 (2003-07-01), Bhattacharya et al.
patent: 2003/0115346 (2003-06-01), McHenry et al.
patent: 0 909 074 (1999-04-01), None
patent: WO 9529544 (1995-11-01), None
patent: WO 9828880 (1998-07-01), None
“Policy-Based Networking: Working Hand in Hand with DEN.” Nov., 1998, ENTmag.com.
“Today's Policy Management Scenarios.” 1998, Derminisitic.com.
Nomura et al. “A Policy Based Networking Architecture for Enterprise Networks.” 1999, IEEE, pp. 636-640.
Blight et al. “Policy-Based Networking Architecture for QoS Ineterworking in IP Management.” 1999, IEEE, pp. 813-826.
Apostolopoulos, T.K., Daskalou, V.C., Katsikas, S.K., and Moulinos, K.D., “Enforcing Security Policies in Large Scale Communication Networks,” Reliable Distributed Systems Proceedings, Seventeenth IEEE Symposium on West Lafayette, IN., USA, Oct. 20-23, 1998, pp. 393-397, IEEE Comput. Soc, Los Alamitos, CA., USA.
Marriot, Damian and Sloman, Morris, “Management Policy Service for Distributed Systems,” Services in Distributed and Networked Environments, Proceedings of Third International Workshop on Macau, Jun. 3-4, 1996, pp. 2-9, IEEE Comput. Soc, Los Alamitos, CA., USA.
Blight, David D, and Hamada, Takeo, “Policy-Based Networking Architecture for QoS Internetworking in IP management—Scalable Architecture for Large-Scale Enterprise-Public Interoperation,” Integrated Network Management, Distributed Management for the Networked Millennium, Proceedings of the Sixth IFIP/IEEE International Symposium on Boston, MA., USA, May 24-28, 1999, pp. 813-823, IEEE, Piscataway, NJ., USA.
“Cisco Secure Policy Manager,” Internet Article, Online, May 8, 1999, pp. 1-4, Retrieved from the Internet: <URL:http://web.archive.org.web/2000312094232/cisco.com/warp/public/cc/cisco/mkt/security/csm/prodit/secmn ov.htm>, Retrieved on Sep. 25, 2003.
Strassner, J., Ellesso, E., and Moore, B. “Policy Framework Core Information Model,” Network Working Group, Internet Draft, Online, May 17, 1999, pp. 1-55, Retrieved from the Internet: <URL:http://www.watersprings.org/pub/id/draft-ietf-policy-core-schema-03.txt>, Retrieved on Sep. 23, 2003.
Ford, William R., “Administration in a Mulitple Policy/Domain Environment: The Administration and Melding of Disparate Policies,” New Security Paradigms Workshop, Proceedings La Jolla, CA., USA, Aug. 22-25, 1995, pp. 42-52, IEEE Comput. Soc, Los Alamitos, CA., USA.
“Maintaining Cisco Security Manager,” Tutorial: Online, Cisco Security Manager, Chapter 7, May 8, 1999, pp. 1-10, Retrieved from the Internet: <URL:http://web.archive.org/web/20031014070948/http://www.cisco.com/univercd/cc/td/doc/product/ismg/security/tutorial/maintain.pdf>, Retrieved on Oct. 14, 2003.
Li, T., Morton, J., and Li, D., “Cisco Hot Standby Router Protocol (HSRP),” Network Working Group—RFC 2281, Mar. 1998, pp. 1-17, Retrieved from the Internet: <URL:http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2281.txt>, Retrieved on Apr. 19, 2002.
Estrin, Deborah and Steensrup, Martha, “Inter Domain Policy Routing: Overview of Architecture and Protocols,” Computer Communications Review, 1991, pp. 71-78, vol. 21, No. 1, Association for Computing Machinery, New York, USA.
Braun, T., Gunter, M., Kasumi, M, and Khalil, I, “Virtual Private Network Architecture,” CATI—Charging and Accounting Technology for the Internet, Jan. 8, 1999, pp. 1-30, XPOO2239239.
PCT Search Report for PCT corresponding application, Application No. PCT/US00/16246, including two cited articles.
Sun, N., “Internal Firewalls Can Protect Subnetworks form Unauthorized Access,” Computer Technology Review, Westworld Production Co.: Los Angeles, vol. 17, No. 6, Jun. 1, 1997, pp 14, 16, 18, XP000740492.
Common Information Model(CIM)Specification; Specification; Version 2.2; Distributed Management Task Force, Inc.; Jun. 14, 1999; pp-1-97.
Directory-enabled Networks, Information Model and Base Schema; Version 3.0c5; pp. 1-113.
DMTF LDAP Schema for the CIM 2.4 Core Information Model v1.0, May 6, 2002; DMTF Specification, DSP0117; Distributed Management Task Force, Inc. (DMTF) 2000; pp. 1-55.
Dynamic Host Configuration Protocol(DHCP)Service; Version 0.0-1; Feb. 18, 1998; 7 pp.
Network Services—Internet Protocol Security; Version 0.0-2; Feb. 17, 1998; 7 pp.
Signaled Quality of Service; Version0.0-14; Jan. 12, 1998; 6 pp.
Simple Network Management Protocol; posted Feb. 20, 2002; pp. 1-10.
Biswas, Debasish;Application Class of Service Schemata; Berkeley Networks Inc.; Feb. 19, 1998; pp. 1-7.
Iyer Mahadevan
Jain Saurabh
Kale Rahul P.
Shanumgam Udayakumar
Alcatel
Boutah Alina
Brooks PC Michael Blaine
Hoersten Craig A.
Sewell V. Lawrence
LandOfFree
Statistics aggregation for policy-based network does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Statistics aggregation for policy-based network, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Statistics aggregation for policy-based network will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3562490