Deploying Policies and Allowing Off-Line Policy Evaluations
First Claim
Patent Images
1. A method of operating an information management system comprising:
- providing a device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a second set of policies to replace the first set of policies; and
after receiving the second set of policies at the device, using the decision engine to manage information accessible via the device according to the second set of policies, whether the device is connected or disconnected from the network.
3 Assignments
0 Petitions
Accused Products
Abstract
In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.
173 Citations
36 Claims
-
1. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a second set of policies to replace the first set of policies; and
after receiving the second set of policies at the device, using the decision engine to manage information accessible via the device according to the second set of policies, whether the device is connected or disconnected from the network. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
2. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to control application operation on the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a second set of policies to replace the first set of policies; and
after receiving the second set of policies at the device, using the decision engine to control application operation on the device according to the second set of policies.
-
-
3. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a second set of policies; and
after receiving the second set of policies at the device, using the decision engine to manage information accessible via the device according to a combination of the first and second set of policies. - View Dependent Claims (7)
-
-
4. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a second set of policies; and
after receiving the second set of policies at the device, using the decision engine to manage information accessible via the device according to a combination of the first and second set of policies, whether the device is connected or disconnected from the network.
-
-
5. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a set of policy alterations;
on the device, altering the first set of policies based on the set of policy alterations to obtain a second set of policies; and
after altering the first set of policies, using the decision engine to manage information accessible via the device according to the second set of policies, whether the device is connected or disconnected from the network.
-
-
6. A method of operating an information management system comprising:
-
providing a device comprising a decision engine to control application operation on the device according to a first set of policies stored on the device;
connecting of the device to a network with a server having access to a policy database;
via the server, sending the device a set of policy alterations;
on the device, altering the first set of policies based on the set of policy alterations to obtain a second set of policies; and
after altering the first set of policies, using the decision engine to control application operation on the device according to the second set of policies.
-
-
18. A method of managing information of a network comprising:
-
providing a server handling a first policy language having access to a policy database;
providing a first device comprising a decision engine to manage information accessible via the device according to a first set of policies stored on the device, wherein the first set of policies is associated with the first policy language;
providing a second device that handles a second policy language;
translating a first policy of the policy database into the second policy language; and
transferring the first policy in the second policy language to the second device. - View Dependent Claims (20, 21, 22, 23)
-
-
19. A method of managing information of a network comprising:
-
providing a server handling a first policy language having access to a policy database;
providing a first device comprising a decision engine to control application operation on the device according to a first set of policies stored on the device, wherein the first set of policies is associated with the first policy language;
providing a second device that handles a second policy language;
translating a first policy of the policy database into the second policy language; and
transferring the first policy in the second policy language to the second device.
-
-
24. A method of managing information of a network comprising:
-
providing a plurality of rules, wherein a rule comprises an expression;
providing a device having a target profile;
determining a subset of the plurality of rules relevant to the target profile, wherein the target profile indicates applications available on the device;
transferring the subset of rules to the device having the target profile; and
controlling access to the information based on the subset of rules. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method of managing information of a network comprising:
-
providing a plurality of policies on a server;
selecting a subset of policies of the server to transfer to a device based on attributes associated with the device;
transferring the subset of policies to the device; and
controlling access of information by the device using the subset of policies. - View Dependent Claims (30)
-
-
31. A method comprising:
-
providing a first policy having an expression where an evaluation of the expression requires information provided by a first device of a network;
when a second device is connected to a network, deploying the first policy on the second device comprising;
altering the first policy to obtain a second policy by removing a reference in the expression to the information provided by the first device of the network; and
transferring the second policy to the second device; and
enforcing the second policy on the second device, where enforcement of the second policy does not request information from the first device. - View Dependent Claims (32, 33, 34)
-
-
35. A method comprising:
-
providing a first policy having an expression where an evaluation of the expression requires information provided by a first device of a network;
when a user logs onto a second device, which is connected to a network, deploying the first policy on the second device comprising;
altering the first policy to obtain a second policy by removing a reference in the expression to the information provided by the first device of the network; and
transferring the second policy to the second device; and
enforcing the second policy on the second device, where enforcement of the second policy does not request information from the first device. - View Dependent Claims (36)
-
Specification