Prior art — US Patent 10511572

Here's an analysis of the most relevant prior art for US Patent 10,511,572, based on the provided patent text and focusing on the core inventive concepts of rule swapping in a packet network. The priority date of US 10,511,572 is January 11, 2013.

The core innovative aspects of US 10,511,572, particularly articulated in independent claims 1, 9, and 17, revolve around:

Receiving and modifying (e.g., preprocessing/optimizing) both a first and a second rule set. The modification of the second rule set occurs before the actual switch to it.
A specific, synchronized method for reconfiguring a network device (especially one with multiple processors) from the first rule set to the second rule set while handling live packet traffic. This method includes:
- Ceasing processing of current packets upon receiving a signal to switch.
- Caching any unprocessed packets.
- Reconfiguring the device/processors to the second rule set.
- After reconfiguration, processing the cached packets with the newly active second rule set.

Below are the most relevant prior art documents, including those explicitly referenced in the detailed description of US 10,511,572, along with their potential anticipation of its claims.

Most Relevant Prior Art for US 10,511,572

1. US 2006/0195896 A1

Full Citation: US20060195896A1, "Method, systems, and computer program products for implementing function-parallel network firewall," Fulp et al., Wake Forest University.
Publication/Filing Date: Priority: 2004-12-22, Publication: 2006-08-31.
Brief Description: This patent describes techniques for enhancing network firewall performance through function-parallel processing of network traffic using multiple processing units. It details methods for optimizing firewall rule sets, such as merging or reordering rules, to improve efficiency in applying a firewall policy.
Potential Anticipation (35 U.S.C. § 102):
- This reference likely anticipates the general steps of "receiving a first rule set," "modifying the first rule set" (e.g., merging/reordering rules), "configuring the network device to process packets in accordance with the first rule set," and "processing a first portion of the plurality of packets in accordance with the first rule set" as described in Claims 1, 9, and 17. It establishes the concept of optimizing and applying rule sets in a high-performance network device. However, it does not clearly describe the specific "rule swapping" mechanism of US 10,511,572, particularly the synchronized steps of ceasing processing, caching unprocessed packets, reconfiguring to a second rule set, and then processing cached packets with the second rule set.

2. US 2006/0248580 A1

Full Citation: US20060248580A1, "Methods, systems, and computer program products for network firewall policy optimization," Fulp et al., Wake Forest University.
Publication/Filing Date: Priority: 2005-03-28, Publication: 2006-11-09. (Note: This is the U.S. counterpart to WO2006105093A2, which is listed in the provided patent's "Citations" list with the same priority date and title.)
Brief Description: This patent focuses on optimizing firewall policies by identifying and resolving redundancies or conflicts within rule sets and reordering rules to improve their application efficiency. It specifically addresses preprocessing rule sets to enhance performance.
Potential Anticipation (35 U.S.C. § 102):
- Similar to US20060195896A1, this reference strongly anticipates the "modifying" step (optimizing) of rule sets mentioned in Claims 1, 9, and 17. The concept of preprocessing rule sets to improve performance is well-covered. However, it lacks disclosure of the specific dynamic rule swapping between two distinct, pre-modified rule sets, and the detailed synchronized process of handling live packet traffic (cease, cache, reconfigure, process cached) during such a switch, as claimed in US 10,511,572.

3. US 2011/0055916 A1

Full Citation: US20110055916A1, "Method, system and computer program product for managing security policies," Ahn David K, Centripetal Networks Inc.
Publication/Filing Date: Priority: 2009-08-31, Publication: 2011-03-03.
Brief Description: This patent describes methods and systems for managing security policies in a network environment. It covers aspects of generating, modifying, and deploying rule sets to control network traffic. David K. Ahn is also an inventor on US 10,511,572, indicating a foundational relationship.
Potential Anticipation (35 U.S.C. § 102):
- This reference likely anticipates the broad concepts of "receiving a first/second rule set," "modifying" (managing) rule sets, "configuring the network device" and "processing packets" within Claims 1, 9, and 17. As prior art from a common inventor and assignee, it represents existing technology in managing security policies and applying rules. However, the unique, detailed method for fast, synchronized rule swapping during live packet processing, including ceasing, caching, and post-reconfiguration processing of cached packets, is the distinguishing feature of US 10,511,572 that would need explicit disclosure in US20110055916A1 to be fully anticipated.

4. US 2006/0048142 A1

Full Citation: US20060048142A1, "System and method for rapid response network policy implementation," Roese John J, Cisco Technology, Inc.
Publication/Filing Date: Priority: 2004-09-02, Publication: 2006-03-02.
Brief Description: This patent describes systems and methods enabling the rapid implementation of network policies, such as firewall rules, particularly in response to detected threats or changes in network conditions. It addresses the need for quick policy changes in dynamic network security environments.
Potential Anticipation (35 U.S.C. § 102):
- This reference anticipates the underlying problem and the general goal of "rapid response network policy implementation," which aligns with the "fast rule swapping" in US 10,511,572, especially when a switch is initiated "based on one or more detected network conditions indicating a network attack" (Claim 5). It also broadly anticipates "receiving a second rule set" and preparing for its implementation. However, the specific, synchronized multi-processor mechanism (cease, cache, reconfigure, process cached) for handling in-flight packets during the actual transition (as detailed in Claims 1, 9, and 17) differentiates US 10,511,572.

5. US 2009/0328219 A1

Full Citation: US20090328219A1, "Dynamic policy provisioning within network security devices," Padhye Parag K et al., Juniper Networks, Inc.
Publication/Filing Date: Priority: 2008-06-27, Publication: 2009-12-31.
Brief Description: This patent discloses methods for dynamically provisioning security policies in network security devices. It addresses the efficient activation and deactivation of policies in response to various triggers, suggesting mechanisms for managing multiple policy configurations.
Potential Anticipation (35 U.S.C. § 102):
- This reference anticipates the general concept of "dynamic policy provisioning," encompassing "receiving rule sets," "modifying" (preparing) them, and "configuring" devices for their application. This directly relates to the broader context of Claims 1, 9, and 17. While it teaches dynamic policy changes, the specific, fine-grained, synchronized steps of ceasing processing, caching packets, reconfiguring, and then processing cached packets with the new rule set, are the distinguishing features of US 10,511,572 not explicitly found in a general description of dynamic policy provisioning.

6. EP 1006701 A2

Full Citation: EP1006701A2, "Adaptive re-ordering of data packet filter rules," Nallur Venkata C K M, Lucent Technologies Inc.
Publication/Filing Date: Priority: 1998-12-03, Publication: 2000-06-07.
Brief Description: This patent describes a method to adaptively reorder data packet filter rules. By moving frequently matched rules to the top of the rule list, the system improves the efficiency of packet classification and processing. This constitutes a form of rule set optimization or "modification."
Potential Anticipation (35 U.S.C. § 102):
- This reference specifically anticipates the "modifying a particular rule set comprises reordering one or more rules included in the particular rule set" described in Claims 1, 6, 8, 9, 14, 16, 17, 22, and 24 of US 10,511,572. It addresses optimizing the structure of a rule set. However, it does not disclose the unique fast rule swapping mechanism between two distinct rule sets with the synchronized cease-cache-reconfigure-process cached sequence, which is a key distinguishing feature of US 10,511,572.

7. US 6,611,875 B1

Full Citation: US6611875B1, "Control system for high speed rule processors," Ramakrishnan Kadangode K et al., Pmc-Sierra, Inc.
Publication/Filing Date: Priority: 1998-12-31, Publication: 2003-08-26.
Brief Description: This patent describes a control system designed for high-speed rule processors to efficiently apply rule sets, often in environments utilizing multiple processors. It aims to optimize throughput and reduce latency in network devices that classify and process packets according to defined rules.
Potential Anticipation (35 U.S.C. § 102):
- This reference broadly anticipates aspects related to "high speed" and "multi-processor" environments for "processing packets in accordance with a rule set," relevant to Claims 1, 9, and 17. It provides context for efficient rule application within a network device with multiple processors. However, it does not describe the specific problem of rapidly swapping between different rule sets during live traffic and the intricate synchronization, caching, and post-reconfiguration processing of cached packets, which is a central innovation in US 10,511,572.