In the prior art, policy enforcement is performed by counting packets traveling from their source to their destination. Most policy enforcement implementations ignore the content of the packets traversing the system. If the amount of traffic between source and destination Internet Protocol (IP) addresses becomes excessive, the policy enforcement implementation applies a limit to the packet flow.
One policy enforcement implementation (Layer 7) ostensibly considers the semantic content of the packets crossing the system. Layer 7 looks at tags in the header of the packet. If too many packets having a particular tag are crossing the system, Layer 7 restricts the flow of packets. But Layer 7 only considers tags in the packet header, and does not actually look at the semantic content of the packets. Thus, a program that sought to bypass the policy enforcement of Layer 7 only has to fraudulently label the tag in the header of the packet, and the policy will not be enforced against the packet.
U.S. patent application Ser. No. 09/653,713, titled “INTENTIONAL-STANCE CHARACTERIZATION OF A GENERAL CONTENT STREAM OR REPOSITORY,” filed simultaneously herewith, incorporated by reference herein, and referred to as “the Intentional Stance application,” describes how users can listen to a content stream and set up response actions according to the content. Templates that include a set of state vectors in a topological vector space define the trigger. When the semantic content of the content stream comes close enough to the template, the action is triggered. But the Intentional Stance application does not describe how a network policy can be enforced using templates.
The present invention addresses these and other problems associated with the prior art.