Enforcing Control Policies in an Information Management System
First Claim
1. A method of controlling application usage in a plurality of computers using centrally managed rules, the method comprising the computer-implemented step of:
- controlling usage of an application program on a computer system, wherein the controlling step limits the application program'"'"'s operational functionality in accordance to at least one rule stored on the computer system, and wherein the at least one rule contains at least one expression used by the controlling step to control application program operation.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.
409 Citations
71 Claims
-
1. A method of controlling application usage in a plurality of computers using centrally managed rules, the method comprising the computer-implemented step of:
-
controlling usage of an application program on a computer system, wherein the controlling step limits the application program'"'"'s operational functionality in accordance to at least one rule stored on the computer system, and wherein the at least one rule contains at least one expression used by the controlling step to control application program operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of controlling document access in a plurality of computers using centrally managed rules, the method comprising the computer-implemented step of:
-
controlling, on a computer system, access to documents, wherein the controlling step limits the document access operation in accordance to at least one rule stored on the computer system, and wherein the at least one rule contains at least one expression used by the controlling step to control document access operation. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method comprising the computer-implemented steps of:
-
controlling usage, at a client system, of an application program, wherein the controlling step limits the application program'"'"'s operational functionality in accordance to at least one rule stored on the client system, and wherein the at least one rule contains at least one expression used by the controlling step to control application program operation; and
controlling access, at a server, to documents, wherein the controlling step limits document access operation in accordance to at least one rule stored on the server, and wherein the at least one rule contains at least one expression used by the controlling step to control document access operation. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. An apparatus for controlling application usage in a plurality of computers using centrally managed rules, comprising:
-
a module for controlling usage of an application program on a computer system, wherein the controlling module limits the application program'"'"'s operational functionality in accordance to at least one rule stored on the computer system, and wherein the at least one rule contains at least one expression used by the controlling module to control application program operation.
-
-
66. An apparatus for controlling document access in a plurality of computers using centrally managed rules, comprising:
-
a module for controlling, on a computer system, access to documents, wherein the controlling module limits the document access operation in accordance to at least one rule stored on the computer system, and wherein the at least one rule contains at least one expression used by the controlling module to control document access operation.
-
-
67. An apparatus comprising:
-
a module for controlling usage, at a client system, of an application program, wherein the controlling module limits the application program'"'"'s operational functionality in accordance to at least one rule stored on the client system, and wherein the at least one rule contains at least one expression used by the controlling module to control application program operation;
a module for controlling access, at a server, to documents, wherein the controlling module limits document access operation in accordance to at least one rule stored on the server, and wherein the at least one rule contains at least one expression used by the controlling module to control document access operation.
-
-
68. A method of controlling application usage and document access in a plurality of computers using centrally managed rules, the method comprising the computer-implemented steps of:
-
controlling usage of an application program on a computer system, wherein the controlling usage step limits the application program'"'"'s operational functionality in accordance with at least one rule stored on the computer system, and wherein the at least one rule comprises a first expression used by the controlling usage step to control application program operation; and
controlling, on a computer system, access to documents, wherein the controlling access step limits the document access operation in accordance with the at least one rule stored on the computer system, and wherein the at least one rule comprises a second expression used by the controlling access step to control access to documents. - View Dependent Claims (69, 70)
-
-
71. A method of controlling application usage and document access in a plurality of computers using centrally managed rules, the method comprising the computer-implemented steps of:
-
controlling usage of an application program on a computer system, wherein the controlling usage step limits the application program'"'"'s operational functionality in accordance with a rule stored on the computer system, and wherein the rule comprises an expression used by the controlling usage step to control application program operation; and
controlling, on a computer system, access to documents, wherein the controlling access step limits the document access operation in accordance with the rule stored on the computer system, and wherein the expression of the rule is used by the controlling access step to control access to documents.
-
Specification