Method and apparatus for providing policy-based document control

US 20060075463A1
Filed: 10/01/2004
Published: 04/06/2006
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A system of granting access to resources comprising:

(a) a client node requesting access to a resource;

(b) a collection agent gathering information about the client node;

(c) a policy engine receiving the gathered information and making an access control decision based on the received information; and

(d) a transformation server receiving the request for the file from the policy engine, transforming the contents of the file from a native format to a second format, and presenting the transformed contents of the file to the client node.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing policy-based document control includes a client node, a collection agent, a policy engine, and a transformation server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information and makes an access control decision based on the received information. The transformation server transforms the contents of the file from a native format to a second format and presents the transformed contents of the file to the client node.

Citations

42 Claims

1. A system of granting access to resources comprising:
- (a) a client node requesting access to a resource;
  
  (b) a collection agent gathering information about the client node;
  
  (c) a policy engine receiving the gathered information and making an access control decision based on the received information; and
  
  (d) a transformation server receiving the request for the file from the policy engine, transforming the contents of the file from a native format to a second format, and presenting the transformed contents of the file to the client node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1 wherein the transformation server receives the request for the file from the policy engine via proxy server.
  - 3. The system of claim 1 wherein the policy engine makes an access control decision based on applying a policy to the gathered information.
  - 4. The system of claim 1 wherein the policy engine further comprises a database.
  - 5. The system of claim 1 wherein the policy engine further comprises a logon agent.
  - 6. The logon agent of claim 5 wherein the logon agent receives the gathered information from the collection agent.
  - 7. The system of claim 1 wherein the collection agent executes on the client node.
  - 8. The system of claim 1 wherein the policy engine transmits the collection agent to the client node.
  - 9. The system of claim 1 wherein the collection agent comprises at least one script.
  - 10. The system of claim 1 wherein the collection agent comprises bytecode.
  - 11. The system of claim 1 wherein the policy engine transmits instructions to the collection agent determining the type of information the collection agent gathers.
  - 12. The system of claim 1 wherein the collection agent gathers the information by running at least one script on the client node.
  - 13. The system of claim 1 wherein the collection agent gathers information regarding the client node device type.
  - 14. The system of claim 1 wherein the collection agent gathers information regarding the client node network connection.
  - 15. The system of claim 1 wherein the collection agent gathers information comprising browser type.
  - 16. The system of claim 1 wherein the collection agent gathers information comprising operating system type.

17. A method of granting access to resources, the method comprising:
- (a) requesting, by a client node, access to a file;
  
  (b) gathering, by a collection agent, information about the client node;
  
  (c) receiving, by the policy engine, the gathered information;
  
  (d) making an access control decision based on the received information;
  
  (e) transforming, by the transformation server, the contents of the file from a native format to a second format; and
  
  (f) presenting, by the transformation server, the transformed contents of the file to the client node.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The method of claim 17 further comprising transmitting, by the policy engine, the request for the file to a transformation server
  - 19. The method of claim 17 further comprising routing the request for the file to the transformation server through a proxy server.
  - 20. The method of claim 17 further comprising routing, by the policy engine, the request for the file to the transformation server through a proxy server.
  - 21. The method of claim 17 wherein step (a) further comprises requesting the resource over a network connection.
  - 22. The method of claim 17 wherein step (b) further comprises gathering, by the collection agent, the information over a network connection.
  - 23. The method of claim 17 wherein step (b) further comprises gathering, by the collection agent, information by executing at least one script on the client node.
  - 24. The method of claim 17 wherein step (c) further comprises determining, by the policy engine, if the received information satisfies a condition.
  - 25. The method of claim 17 further comprising determining, by the policy engine, if the received information satisfies a condition by comparing the received information to at least one condition.
  - 26. The method of claim 25 wherein step (d) further comprises making, by the policy engine, an access control decision by applying a policy to the condition.

27. A policy engine comprising:
- a first component receiving information about a client node, and generating a data set from the received information;
  
  a second component receiving the data set, and providing to the first component an enumeration of resources available to the client based on the data set.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The policy engine of claim 27 wherein the first component receives the information from a collection agent.
  - 29. The policy engine of claim 27 wherein the first component includes at least one condition to which received information is compared.
  - 30. The policy engine of claim 27 wherein the second component further comprises a database.
  - 31. The policy engine of claim 30 wherein the database stores at least one policy.
  - 32. The policy engine of claim 31 wherein the second component further comprises identifying available resources by applying the at least one policy to the data set.

33. A method of granting access with a policy engine, the method comprising:
- (a) receiving, by a first component, information about a client node;
  
  (b) generating, by the first component, a data set from the information; and
  
  (c) providing, by a second component, an enumeration of resources available to the client.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The method of claim 33 further comprising the step of identifying, by a second component, resources available to the client node based on the data set.
  - 35. The method of claim 34 further comprising identifying available resources by applying a policy to the received data set.
  - 36. The method of claim 33 further comprising the step of requesting information about the client node.
  - 37. The method of claim 33 further comprising the step of receiving further information about the client node.
  - 38. The method of claim 33 wherein step (b) further comprises applying, by the first component, a policy to the received information to determine access methods available to the client node.
  - 39. The method of claim 33 wherein step (c) further comprises providing, by the second component, an enumeration of a subset of available resources to the client node.
  - 40. The method of claim 33 wherein step (c) further comprises receiving, by the first component, the enumeration of available resources.
  - 41. The method of claim 40 wherein step (c) further comprises providing, by the first component, the enumeration to the client node.
  - 42. The method of claim 40 wherein step (c) further comprises providing, by the first component, the enumeration to the client node on an HTML page.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Simmons, Timothy Ernest, Braddy, Ricky Gene, Calvin, Phillip N.

Granted Patent

US 7,870,294 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 16/88   Mark-up to mark-up conversi...

G06F 16/9535   Search customisation based ...

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 4/18   Information format or conte...

Method and apparatus for providing policy-based document control

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing policy-based document control

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links