Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets

US 20040225524A1
Filed: 04/22/2004
Published: 11/11/2004
Est. Priority Date: 01/09/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for enforcing policies that govern the behavior of assets within a system, comprising:

detecting an attempted interaction involving multiple assets;

interrupting the attempted interaction;

determining whether the interaction is permitted in accordance with policies associated with the respective assets involved in the interaction; and

if the interaction is permitted, dynamically generating a license governing the interaction of the assets in accordance with the policies associated with the respective assets participating in the interaction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system can be used to enforce policy driven interactions among any set of objects. The availability of objects within a system is monitored and policies applicable to the objects are enforced. Objects within the system such as users, devices, processes and information assets are assigned unique identifiers and their presence is periodically reported to a server by client agents running in the devices. The availability of an object for a specific interaction may be determined through analysis of the presence of the object in the system and the presence and attributes of objects required to facilitate the interaction. Policies are associated with each of the objects. When an attempted interaction of objects is detected by a client agent, a license governing the attempted interaction is dynamically generated in accordance with policies associated with each of the objects participating in the interaction. The interaction is thereafter regulated by the client agent in accordance with the dynamically generated license.

85 Citations

View as Search Results

38 Claims

1. A method for enforcing policies that govern the behavior of assets within a system, comprising:
- detecting an attempted interaction involving multiple assets;
  
  interrupting the attempted interaction;
  
  determining whether the interaction is permitted in accordance with policies associated with the respective assets involved in the interaction; and
  
  if the interaction is permitted, dynamically generating a license governing the interaction of the assets in accordance with the policies associated with the respective assets participating in the interaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method claimed in claim 1, wherein said policies associated with the assets involved in the interaction represent security policies applicable to the respective assets.
  - 3. The method claimed in claim 1, wherein the license dynamically generated for governing the interaction of the assets is expressed using one of XrML and ODRL.
  - 4. The method claimed in claim 1, wherein the attempted interaction is accessing of a document at a device by a user, wherein the document, the device and the user are assets participating in the attempted interaction, and wherein a license governing the accessing of the document is dynamically generated in accordance with policies associated with the document, policies associated with the user, and policies associated with the device.
  - 5. The method claimed in claim 1, wherein the attempted interaction is an exchange of an information asset between users at respective devices, wherein the users, the respective devices and the information asset are assets participating in the attempted interaction, and wherein the license governing the exchange of the information asset is dynamically generated in accordance with policies associated with the users, policies associated with the devices, and policies associated with the information asset.
  - 6. The method claimed in claim 5, further comprising:
    - encapsulating the license governing the exchange of the information asset with an instance of the information asset to form an encapsulated information asset; and
      
      exchanging the encapsulated information asset between the users.
  - 7. The method claimed in claim 6, wherein the information asset comprises an electronic document.
  - 8. The method claimed in claim 6, wherein the information asset comprises an email message.
  - 9. The method claimed in claim 6, wherein the information asset comprises at least one of video data and audio data.
  - 10. The method claimed in claim 6, wherein the information asset is real time data.
  - 11. The method claimed in claim 10, wherein the real time data is one of a data stream and buffered data.
  - 12. The method claimed in claim 6, wherein the information asset is exchanged in accordance with the session initiation protocol (SIP protocol), thereby incorporating enforcement of policies with SIP message exchange.
  - 13. The method claimed in claim 1, wherein each of the assets is one of a user, a device, a process and an information asset.

14. A device for providing user access to information assets, the device comprising an agent for enforcing policies that govern the behavior of system assets including the user, the device and information assets accessed by the device, the agent performing processing comprising:
- detecting an attempt by the user to interact with an information asset using the device;
  
  interrupting the attempted interaction;
  
  obtaining a dynamically generated a license governing the attempted interaction in accordance with policies associated with the device, policies associated with the user and policies associated with the information asset; and
  
  regulating the interaction in accordance with the dynamically generated license.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The device claimed in claim 14, wherein the dynamically generated license is obtained by dynamically generating the license locally at the programmable device.
  - 16. The device claimed in claim 14, wherein the dynamically generated license is obtained by:
    - informing a server of identities of the user, the device and the information asset; and
      
      receiving the dynamically generated license from the server.
  - 17. The device claimed in claim 14, wherein the device is a computing device.
  - 18. The device claimed in claim 17, wherein the information asset comprises an electronic document.
  - 19. The device claimed in claim 17, wherein the information asset is real time data.
  - 20. The device claimed in claim 19, wherein the real time data is one of a data stream and buffered data.
  - 21. The device claimed in claim 17, wherein the information asset comprises a data file.
  - 22. The device claimed in claim 17, wherein the information asset comprises at least one of an audio data stream and a video data stream.
  - 23. The device claimed in claim 17, wherein the information asset comprises an email message.
  - 24. The device claimed in claim 14, wherein the device is a mobile communication device.

25. A device for enforcing policies that govern the behavior of assets within a system, the device comprising an agent performing processing comprising dynamically generating a license governing an attempted interaction of assets of the system in accordance with policies associated with the respective assets participating in the attempted interaction.

26. A programmable device comprising an agent for providing a context-specific determination of the availability of an asset within a system for an interaction with other assets of the system, the agent performing processing comprising:
- identifying an interaction for which an asset'"'"'s availability is to be determined;
  
  confirming the presence of the asset within the system;
  
  confirming the presence of additional assets within the system that are required to facilitate the interaction; and
  
  analyzing respective policies associated with each of the asset and the respective additional assets to determine whether the policies allow the asset to be available for interaction with the additional assets.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The device claimed in claim 26, wherein, if the asset is available, the asset is indicated to a user as being available for said interaction.
  - 28. The device claimed in claim 27, wherein the asset is indicated as being available by display of an icon to a user.
  - 29. The device claimed in claim 26, wherein the interaction for which the asset'"'"'s availability is to be determined is identified in accordance with a policy associated with an asset requiring the interaction.
  - 30. The device claimed in claim 26, wherein the presence of the asset within the system is confirmed from presence information stored in a proxy server database.
  - 31. The device claimed in claim 26, wherein the presence of additional assets within the system that are required to facilitate the interaction is confirmed from presence information for said assets stored in a proxy server database.
  - 32. The device claimed in claim 31, wherein the presence of additional assets within the system that are required to facilitate the interaction is further confirmed from attribute information for said assets stored in a proxy server database.
  - 33. The device claimed in claim 26, wherein the interaction for which an asset'"'"'s availability is to be determined is a voice communication to a user, wherein confirming the presence of the asset within the system comprises determining that the user is present in the system, and wherein confirming the presence of additional assets within the system comprises determining that devices and connections required to establish a voice communication with the user are present in the system.
  - 34. The device claimed in claim 26, wherein the interaction for which an asset'"'"'s availability is to be determined is access to a data file, wherein confirming the presence of the asset within the system comprises determining that the data file is present in the system, and wherein confirming the presence of additional assets within the system comprises determining that devices and connections required to access the data file are present in the system.
  - 35. The device claimed in claim 26, wherein the interaction for which an asset'"'"'s availability is to be determined is a voice communication with a user to approve changes made to a data file, wherein confirming the presence of the asset within the system comprises determining that the user is present in the system, and wherein confirming the presence of additional assets within the system comprises determining that devices and connections required to establish a voice communication with the user are present in the system and that devices and connections required to enable the user to view the data file are present in the system.
  - 36. The device claimed in claim 26, wherein said processing further comprises dynamically generating a license governing the interaction in accordance with policies associated with assets participating in the interaction.

37. A method for providing a context-specific determination of the availability of an asset within a system for an interaction with other system assets, comprising:
- identifying an interaction for which an asset'"'"'s availability is to be determined;
  
  confirming the presence of the asset within the system;
  
  confirming the presence of additional assets within the system that are required to facilitate the interaction; and
  
  analyzing policies associated with each of the asset and the respective additional assets to determine whether the policies allow the asset to be available for interaction with the additional assets.
- View Dependent Claims (38)
- - 38. The method claimed in claim 37, wherein said processing further comprises dynamically generating a license governing the interaction in accordance with policies associated with assets participating in the interaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innerpresence Networks Incorporated
Original Assignee
Innerpresence Networks Incorporated
Inventors
Myersdorf, Doron, Narasimhan, Anand

Application Number

US10/830,370
Publication Number

US 20040225524A1
Time in Patent Office

Days
Field of Search
US Class Current

705/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/55   Detecting local intrusion o...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

H04L 2463/101   applying security measures ...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links