Context management with audit capability
First Claim
1. A method for auditing data-access events occurring in a context management system, the method comprising:
- (A) collecting context data from a plurality of applications that use the context management system;
(B) storing data corresponding to the collected context data on a centralized storage location; and
(C) extracting audit information by processing at least a subset of the data stored on the centralized storage location.
1 Assignment
0 Petitions
Accused Products
Abstract
A context management framework is given that provides in various embodiments, numerous advantages over previously-existing systems. In some instances, an architecture having a centralized storage location coupled to a context manager is provided for servicing and logging context events from a plurality of sources. This type of system uses a synchronization scheme to perform orderly storage and retrieval of data to and from the centralized storage location. In other instances, information stored in the centralized storage location or signals from the context manager are used to achieve an auditing capability for reviewing and acting on context data events and gestures. Selective blocking or allowance of impending context gestures or data-access events is accomplished based on a rule set or lookup table containing rules or other data to make such access-control decisions. Access to private data and other security measures may thus be implemented using the teachings presented herein. Furthermore, a communication paradigm, using a Web-proxy, which identifies ordinarily-unidentified applications to a context manager is provided according to some embodiments of the invention.
-
Citations
86 Claims
-
1. A method for auditing data-access events occurring in a context management system, the method comprising:
-
(A) collecting context data from a plurality of applications that use the context management system;
(B) storing data corresponding to the collected context data on a centralized storage location; and
(C) extracting audit information by processing at least a subset of the data stored on the centralized storage location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method for storing context data, from a plurality of sources in a context management system, onto a centralized storage location, comprising:
-
(A) receiving context data from the plurality of sources;
(B) synchronizing the context data using a context manager; and
(C) storing the context data in the centralized storage location;
wherein (C) is performed according to a synchronization scheme, that includes context data from at least two sources. - View Dependent Claims (37, 38, 39, 40, 41)
-
-
42. A method for controlling access to a stored data object, comprising:
- determining whether a data-access event is authorized under a predetermined rule, wherein a context manager is operable to allow or deny execution of said data-access event based on (i) context data, corresponding to the data-access event, and (ii) the predetermined rule.
- View Dependent Claims (43, 44, 45)
-
46. A method for assessing compliance with the HIPAA, in a context management system, the method comprising:
-
(A) collecting context data from a plurality of applications that use the context management system;
(B) storing data corresponding to the collected context data on a centralized storage location; and
(C) extracting audit information by processing at least a subset of the data stored on the centralized storage location, the audit information suitable for making an assessment of compliance with a provision of the HIPAA. - View Dependent Claims (47, 48)
-
-
49. A method for auditing data access events in a data processing system, comprising:
-
(A) transferring context information from a first software application executing in the data processing system to a second software application executing in the data processing system;
(B) storing the context data in a centralized storage location; and
(C) extracting from the centralized storage location information indicative of data access events occurring in the data processing system.
-
-
50. A data processing system for auditing data access events in a context management framework, comprising:
-
a plurality of software applications executing in the data processing system;
a context manager coupled to the software applications that manages context data exchanges between the software applications;
a centralized storage location, coupled to the context manager, that stores a central record of the context data exchanges; and
an auditor, coupled to the centralized storage location, that retrieves information from the centralized storage location indicative of data access events occurring in the data processing system. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. A machine-readable medium having thereon instructions, which when executed:
-
(A) collect context data from a plurality of applications that use a context management system;
(B) store data corresponding to the collected context data on a centralized storage location; and
(C) extract audit information by processing at least a subset of the data stored on the centralized storage location. - View Dependent Claims (73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
-
85. A method for identifying an application in a context management environment, wherein the application is coupled to a context manager, comprising:
-
(A) associating the application with an information tag when the application invokes a method that carries application-identifying information;
(B) augmenting a URL, passing between the context manager and the application, with the information tag, yielding a compound URL containing the URL and the information tag;
(C) parsing a communication from the application containing the compound URL to extract information corresponding to the information tag therefrom when the application invokes a method that does not carry application-identifying information; and
(D) looking up the identity of the application corresponding to the information tag. - View Dependent Claims (86)
-
Specification