Automated model management methods
US-10209974-B1 · Feb 19, 2019 · US
Efficient updating of device-level security configuration based on changes to security intent policy model
US12284218B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12284218-B2 |
| Application number | US-202218070948-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 29, 2022 |
| Priority date | Nov 29, 2022 |
| Publication date | Apr 22, 2025 |
| Grant date | Apr 22, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system may identify a security intent policy model associated with an initial time. The system may generate one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time. The system may determine that the system is to deploy an updated version of the security intent policy model to a device and may thereby determine a previous deployment time at which the system deployed a previous version of the security intent policy model to the device. The system may generate, based on the one or more delta snapshots and the previous deployment time, a cumulative delta snapshot, and may thereby update a low-level security intent policy model associated with the device. The system may generate, based on the low-level security intent policy model, device-level security configuration information for the device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: identifying, by a system, a security intent policy model associated with an initial time; generating, by the system, one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time; determining, by the system, that the system is to deploy an updated version of the security intent policy model to a device; determining, by the system and based on determining that the system is to deploy the updated version of the security intent policy model, a previous deployment time at which the system deployed a previous version of the security intent policy model to the device; generating, by the system, and based on the one or more delta snapshots and the previous deployment time, a cumulative delta snapshot; updating, by the system and based on the cumulative delta snapshot, a low-level security intent policy model associated with the device; and generating, by the system and based on the low-level security intent policy model, device-level security configuration information for the device. 2. The method of claim 1 , wherein the security intent policy model is represented as a graph having a plurality of nodes connected by a plurality of edges, wherein: the plurality of nodes includes a policy node that is associated with a policy; and the plurality of nodes includes one or more rule nodes that are connected to the policy node via one or more has edges of the plurality of edges, wherein each rule node is associated with a rule of the policy, and the plurality of nodes includes one or more security object nodes that are connected to the one or more rule nodes via one or more reference edges of the plurality of edges, wherein each security object node is associated with a security object of the policy. 3. The method of claim 2 , wherein each node, of the plurality of nodes of the security intent policy model, includes information that indicates at least one of: a name of the node, an identifier associated with the node, a type of the node, a version indication associated with the node, or a time of previous update of the node. 4. The method of claim 2 , wherein each security object node, of the one or more security object nodes, includes information that indicates at least one of: a total number of rule nodes, of the one or more rule nodes, that are connected to the security object node, or an identifier associated with each rule node that is connected to the security object node. 5. The method of claim 1 , wherein the low-level security intent policy model includes one or more security object nodes, wherein each security object node includes information that indicates at least one of: a name of the security object node, a type of the security object node, an identifier associated with the security object node, a version indication associated with the security object node, a time of previous update of the security object node, a total number of rules that are associated with the security object node, or an identifier associated with each rule that is associated with the security object node. 6. The method of claim 1 , wherein updating the low-level security intent policy model comprises: identifying a delete operation in the cumulative delta snapshot that indicates a security object and a rule; and updating information included in a security object node in the low-level security intent policy model that is associated with the security object by: removing an identifier associated with the rule, decrementing a total number of rules that are associated with the security object node by one, and updating a time of previous update of the security object node. 7. The method of claim 1 , wherein updating the low-level security intent policy model comprises: identifying a create operation in the cumulative delta snapshot that indicates a security object and a rule; generating a security object node in the low-level security intent policy model that is associated with the security object; and updating information included in the security object node by: including an identifier associated with the rule, setting a total number of rules that are associated with the security object node to one, and updating a time of previous update of the security object node. 8. The method of claim 1 , wherein updating the low-level security intent policy model comprises: identifying an update operation in the cumulative delta snapshot that indicates a security object and a rule; and updating information included in a security object node in the low-level security intent policy model that is associated with the security object by: updating an identifier associated with the rule, and updating a time of previous update of the security object node. 9. The method of claim 1 , wherein generating the device-level security configuration information for the device comprises: identifying one or more security object nodes in the low-level security intent policy model that have been updated since the previous deployment time; and generating, based on the one or more security object nodes, the device-level provisioning configuration information. 10. The method of claim 1 , further comprising: providing the device-level security configuration information to the device, wherein providing the device-level security configuration information permits the updated version of the security intent policy model to be deployed on the device. 11. A non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a system, cause the system to: generate one or more delta snapshots that respectively indicate one or more incremental changes to a security intent policy model at times subsequent to an initial time; determine that the system is to deploy an updated version of the security intent policy model to a device; generate, based on determining that the system is to deploy the updated version of the security intent policy model to the device and based on the one or more delta snapshots, a cumulative delta snapshot; update, based on the cumulative delta snapshot, a low-level security intent policy model associated with the device; and generate, based on the low-level security intent policy model, device-level security configuration information for the device. 12. The non-transitory computer-readable medium of claim 11 , wherein the one or more instructions, that cause the system to generate the cumulative delta snapshot, cause the system to: determine, based on determining that the system is to deploy the updated version of the security intent policy model, a previous deployment time at which the system deployed a previous version of the security intent policy model to the device; identify a set of one or more delta snapshots, of the one or more delta snapshots, that were generated since the previous deployment time; and generate, based on the set of one or more delta snapshots, the cumulative delta snapshot. 13. The non-transitory computer-readable medium of claim 11 , wherein the one or more instructions, that cause the system to update the low-level security intent policy model, cause the system to: identify a delete operation in the cumulative delta snapshot that indicates a security object and a rule; and update information included in a security object node in the low-level security intent policy model that is associated with the security object by: removing an ide
Assignees
Inventors
Classifications
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
Policy-based network configuration management · CPC title
Assignment of logical groups to network elements · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12284218B2 cover?
- A system may identify a security intent policy model associated with an initial time. The system may generate one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time. The system may determine that the system is to deploy an updated version of the security intent policy model to a device an…
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 22 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).