Policy management, enforcement, and audit for data security

US 10,367,824 B2
Filed: 09/28/2018
Issued: 07/30/2019
Est. Priority Date: 03/04/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a policy enforcement point of a policy appliance, a data request from an application, the request including a user specification specifying the user and a data specification specifying a data item to be accessed, the policy enforcement point being connected to a first database having a first database format and a second database having a second database format;

submitting, by the policy enforcement point, the user specification and the data specification to a policy decision point of the policy appliance, the policy decision point being configured to decide whether the user is permitted to access at least a portion of the data item according to a policy that defines an access privilege of the user on data;

receiving, by the policy enforcement point and from the policy decision point, a data access decision that is made by the policy decision point according to the policy, the data access decision specifying that the user is permitted to access a portion of the data item;

customizing, by the policy enforcement point, the data request for each of the databases based on the data access decision and a respective database format, including changing the data request into a first customized query according to the first database format and changing the data request into a second customized query according to the second database format, the customized query preventing at least a first portion of the data item from being retrieved from the databases;

retrieving, by the policy enforcement point, a second portion of the data item from the databases as a response to the customized query, the second portion being different from the first portion; and

providing, by the policy enforcement point to the application, the second portion of the data item,wherein the policy appliance, including the policy decision point, and the policy enforcement point, executes in a container on a system that includes one or more computer processors.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.

Citations

19 Claims

1. A method, comprising:
- receiving, by a policy enforcement point of a policy appliance, a data request from an application, the request including a user specification specifying the user and a data specification specifying a data item to be accessed, the policy enforcement point being connected to a first database having a first database format and a second database having a second database format;
  
  submitting, by the policy enforcement point, the user specification and the data specification to a policy decision point of the policy appliance, the policy decision point being configured to decide whether the user is permitted to access at least a portion of the data item according to a policy that defines an access privilege of the user on data;
  
  receiving, by the policy enforcement point and from the policy decision point, a data access decision that is made by the policy decision point according to the policy, the data access decision specifying that the user is permitted to access a portion of the data item;
  
  customizing, by the policy enforcement point, the data request for each of the databases based on the data access decision and a respective database format, including changing the data request into a first customized query according to the first database format and changing the data request into a second customized query according to the second database format, the customized query preventing at least a first portion of the data item from being retrieved from the databases;
  
  retrieving, by the policy enforcement point, a second portion of the data item from the databases as a response to the customized query, the second portion being different from the first portion; and
  
  providing, by the policy enforcement point to the application, the second portion of the data item,wherein the policy appliance, including the policy decision point, and the policy enforcement point, executes in a container on a system that includes one or more computer processors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the container is a virtual container that includes a Java virtual machine or a virtual container that includes a Linux container, and the database is hosted on a respective node or a cluster of nodes as in a Hadoop Distributed File System (HDFS).
  - 3. The method of claim 1, wherein the container is a virtualized server that provides an isolated, self-contained, and individually configured user space in a cloud-computing environment.
  - 4. The method of claim 1, wherein the first portion of the data item include content that, according to the policy, the user has no access privilege.
  - 5. The method of claim 1, further comprising:
    - obtaining, by an audit module of the policy appliance, a respective audit log for each of the policy decision point and the policy enforcement point; and
      
      providing an aggregation of the audit logs for administrator review.
  - 6. The method of claim 1, wherein the policy enforcement point is coupled to the first and the second databases, and the policy is applied to data stored on each of the databases.
  - 7. The method of claim 1, wherein the policy decision point, and the policy enforcement point have a one-to-one relationship, wherein one policy decision point corresponds to one policy enforcement point.
  - 8. The method of claim 1, wherein the policy decision point, and the policy enforcement point have a one-to-many relationship, wherein one policy decision point corresponds to a plurality of policy enforcement points.

9. A system comprising:
- one or more processors; and
  
  a non-transitory storage device storing computer instructions operable to cause the one or more processors to perform operations comprising;
  
  receiving, by a policy enforcement point of a policy appliance, a data request from an application, the request including a user specification specifying the user and a data specification specifying a data item to be accessed, the policy enforcement point being connected to a first database having a first database format and a second database having a second database format;
  
  submitting, by the policy enforcement point, the user specification and the data specification to a policy decision point of the policy appliance, the policy decision point being configured to decide whether the user is permitted to access at least a portion of the data item according to a policy that defines an access privilege of the user on data;
  
  receiving, by the policy enforcement point and from the policy decision point, a data access decision that is made by the policy decision point according to the policy, the data access decision specifying that the user is permitted to access a portion of the data item;
  
  customizing, by the policy enforcement point, the data request for each of the databases based on the data access decision and a respective database format, including changing the data request into a first customized query according to the first database format and changing the data request into a second customized query according to the second database format, the customized query preventing at least a first portion of the data item from being retrieved from the databases;
  
  retrieving, by the policy enforcement point, a second portion of the data item from the databases as a response to the customized query, the second portion being different from the first portion; and
  
  providing, by the policy enforcement point to the application, the second portion of the data item,wherein the policy appliance, including the policy decision point, and the policy enforcement point, executes in a container on a system that includes one or more computer processors.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the container is a virtual container that includes a Java virtual machine or a virtual container that includes a Linux container, and the database is hosted on a respective node or a cluster of nodes as in a Hadoop Distributed File System (HDFS).
  - 11. The system of claim 9, wherein the container is a virtualized server that provides an isolated, self-contained, and individually configured user space in a cloud-computing environment.
  - 12. The system of claim 9, wherein the first portion of the data item include content that, according to the policy, the user has no access privilege.
  - 13. The system of claim 9, the operations comprising:
    - obtaining, by an audit module of the policy appliance, a respective audit log for each of the policy decision point and the policy enforcement point; and
      
      providing an aggregation of the audit logs for administrator review.
  - 14. The system of claim 9, wherein the policy enforcement point is coupled to the first and the second databases, and the policy is applied to data stored on each of the databases.

15. A non-transitory storage device storing computer instructions operable to cause one or more processors to perform operations comprising:
- receiving, by a policy enforcement point of a policy appliance, a data request from an application, the request including a user specification specifying the user and a data specification specifying a data item to be accessed, the policy enforcement point being connected to a first database having a first database format and a second database having a second database format;
  
  submitting, by the policy enforcement point, the user specification and the data specification to a policy decision point of the policy appliance, the policy decision point being configured to decide whether the user is permitted to access at least a portion of the data item according to a policy that defines an access privilege of the user on data;
  
  receiving, by the policy enforcement point and from the policy decision point, a data access decision that is made by the policy decision point according to the policy, the data access decision specifying that the user is permitted to access a portion of the data item;
  
  customizing, by the policy enforcement point, the data request for each of the databases based on the data access decision and a respective database format, including changing the data request into a first customized query according to the first database format and changing the data request into a second customized query according to the second database format, the customized query preventing at least a first portion of the data item from being retrieved from the databases;
  
  retrieving, by the policy enforcement point, a second portion of the data item from the databases as a response to the customized query, the second portion being different from the first portion; and
  
  providing, by the policy enforcement point to the application, the second portion of the data item,wherein the policy appliance, including the policy decision point, and the policy enforcement point, executes in a container on a system that includes one or more computer processors.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The non-transitory storage device of claim 15, wherein the container is a virtual container that includes a Java virtual machine or a virtual container that includes a Linux container, and the database is hosted on a respective node or a cluster of nodes as in a Hadoop Distributed File System (HDFS).
  - 17. The non-transitory storage device of claim 15, wherein the container is a virtualized server that provides an isolated, self-contained, and individually configured user space in a cloud-computing environment.
  - 18. The non-transitory storage device of claim 15, wherein the first portion of the data item include content that, according to the policy, the user has no access privilege.
  - 19. The non-transitory storage device of claim 15, the operations further comprising:
    - obtaining, by an audit module of the policy appliance, a respective audit log for each of the policy decision point, and the policy enforcement point; and
      
      providing an aggregation of the audit logs for administrator review.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
BlueTalon, Inc. (Microsoft Corporation)
Inventors
Weintraub, Benjamin L., Verma, Pratik
Primary Examiner(s)
Chang, Kenneth W

Application Number

US16/147,364
Publication Number

US 20190036941A1
Time in Patent Office

305 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Policy management, enforcement, and audit for data security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Policy management, enforcement, and audit for data security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links