The present invention relates to network security administration and, more particularly, to an interface that uses natural language understanding to assist a network security administrator in handling requests for adjusting the security policy of a computer network.
Network security configuration software is used extensively by network security administrators for implementing network security policies. There are many implementations of such software, but all of them share the following features:                The user (the network security administrator) defines network security policy elements (security policy building blocks) such as server names, network names, network user names, security rules, network services and IP addresses. Such network security policy elements are called “objects” herein.        The software presents the user a set of one or more fields to fill in, in the form of a form, a graphical user interface dialog, or one or more command lines. To create a valid object, the user must fill in the field(s).        Some forms of the software help the user to achieve a task that includes multiple objects or steps by using “wizards” that guide the user through all the necessary configuration steps.        
One example of such a prior art software package that uses a graphical user interface is Smart Dashboard™, available from Check Point Software Technologies Ltd. of Tel Aviv, Israel.
These software packages do not extract configuration elements from natural language text and do not attempt to guess what the user would like to do with the objects that are named in such text, actions such as looking for existing system security configuration elements that include a certain IP address or creating a new system security configuration element that includes a certain IP address.
The present invention is a novel application of the well-known technology of natural language understanding. As evidenced by the appearance of the phrase “natural language understanding” in the titles of the following 29 published US patent applications:
US 2011/0179032
US 2010/0151889
US 2010/0042404
US 2009/0259459
US 2008/0312905
US 2008/0310718
US 2008/0208586
US 2008/0154581
US 2008/0109210
US 2007/0225969
US 2007/0156392
US 2007/0143099
US 2007/0129936
US 2007/0112556
US 2007/0112555
US 2007/0033004
US 2006/0074631
US 2005/0096913
US 2005/0049874
US 2004/0220809
US 2004/0220797
US 2004/0111253
US 2004/0030557
US 2003/0212544
US 2003/0212543
US 2003/0055623
US 2002/0196679
US 2002/0103837
US 2002/0042711
natural language understanding is a well-developed field, so that there is no need to present herein any details of that field. All of these patent applications are incorporated by reference for all purposes as if fully set forth herein. The object(s) could be (an) IP address(es), (a) server name(s), (a) network user name(s) and/or (a) network service(s).