System and method for firewall protection of dynamically introduced routes
US-2022286379-A1 · Sep 8, 2022 · US
System and method for firewall policy rule management
US12224986B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12224986-B2 |
| Application number | US-202318461417-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 5, 2023 |
| Priority date | Jun 29, 2023 |
| Publication date | Feb 11, 2025 |
| Grant date | Feb 11, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method may update network policies by determining, among a set of hosts, a subset of hosts to have network policies updated; for each host in the subset of hosts, determining a set of policies relevant to the host; and for each of the subset of hosts, installing the set of policies relevant to the host. The subset of hosts may be determined based on a category or division such as the time zone corresponding to the location of each host in the subset of hosts. The policies relevant to the host may be received from a database and saved to a file with the set of policies relevant to the host; the host may then access the file.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for updating network policies, the method comprising: determining, from a set of hosts, a subset of hosts to have network policies updated; for each host in the subset of hosts, a calculator service among a plurality of calculator services determining a set of policies relevant to the host, the policies relevant to the host indexed with the hostname for the host; wherein determining a set of policies relevant to a host comprises: a calculator service from the plurality of calculator services receiving, from a database, a set of policies relevant to the host and producing a file with the set of policies relevant to the host, the calculator services operating at overlapping time periods, the plurality of calculator services producing a plurality of files; and for each of the subset of hosts, installing, using a process different from a calculator service, from the file with the set of policies relevant to the host, the set of policies relevant to the host. 2. The method of claim 1 , wherein the subset of hosts is determined based on the time zone corresponding to the location of each host in the subset of hosts. 3. The method of claim 1 , wherein the identities of the subset of hosts to have network policies updated are communicated, via a message bus, to a plurality of processes operating to determine a set of policies. 4. The method of claim 1 , wherein each policy determines whether a host is prevented or allowed to connect to another host. 5. The method of claim 1 , wherein each host accesses the file with the set of policies relevant to the host via a reader process. 6. A system for updating network policies, the system comprising: at least one memory; and a plurality of processors, wherein: at least one processor among the plurality of processors is configured to determine, from a set of hosts, a subset of hosts to have network policies updated; a calculator service, among a plurality of calculator services, and executed by at least one processor among the plurality of processors, is to determine a set of policies relevant to the host, the policies relevant to the host indexed with the hostname for the host; wherein determining a set of policies relevant to a host comprises: a calculator service from the plurality of calculator services receiving, from a database, a set of policies relevant to the host and producing a file with the set of policies relevant to the host, the calculator services operating at overlapping time periods, the plurality of calculator services producing a plurality of files; and at least one processor among the plurality of processors is configured to install, using a process different from a calculator service, from the file with the set of policies relevant to the host, a set of policies relevant to a host. 7. The system of claim 6 , wherein the subset of hosts is determined based on the time zone corresponding to the location of each host in the subset of hosts. 8. The system of claim 6 , wherein the identities of the subset of hosts to have network policies updated are communicated, via a message bus, to a plurality of processes operating to determine a set of policies. 9. The system of claim 6 , wherein each policy determines whether a host is prevented or allowed to connect to another host. 10. A method for updating network policies, the method comprising: determining a subset of hosts to have network policies updated; for each host in the subset of hosts, a calculator service among a plurality of calculator services receiving from a database a set of policies relevant to the host, the policies relevant to the host indexed with the hostname for the host, the calculator service for each host in the subset of hosts storing in a file a set of policies relevant to the host, the calculator services operating at overlapping time periods, the plurality of calculator services producing a plurality of files; and for each of the subset of hosts, installing, using a process different from a calculator service, from the file with the set of policies relevant to the host, the set of policies relevant to the host. 11. The method of claim 10 , wherein the subset of hosts is determined based on the time zone corresponding to the location of each host in the subset of hosts. 12. The method of claim 10 , wherein the identities of the subset of hosts to have network policies updated are communicated, via a message bus, to a plurality of processes operating to determine a set of policies for each host in the subset. 13. The method of claim 10 , wherein each policy determines whether a host is prevented or allowed to connect to another host.
Assignees
Inventors
Classifications
- H04L63/0236Primary
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/0263Primary
Rule management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12224986B2 cover?
- A system and method may update network policies by determining, among a set of hosts, a subset of hosts to have network policies updated; for each host in the subset of hosts, determining a set of policies relevant to the host; and for each of the subset of hosts, installing the set of policies relevant to the host. The subset of hosts may be determined based on a category or division such as t…
- Who is the assignee on this patent?
- Morgan Stanley Services Group Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0236. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).