Enforcing Application and Access Control Policies in an Information Management System with Two or More Interactive Enforcement Points
First Claim
Patent Images
1. A method of controlling application usage and document access in a plurality of computers the method comprising:
- evaluating at least one rule pertaining to an occurrence of an event;
wherein the at least one rule is among a plurality of rules stored on a first computer;
wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action;
communicating with a plurality of computers as indicated by the at least one rule; and
instructing the plurality of computers to perform an action as indicated by the at least one rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.
-
Citations
4 Claims
-
1. A method of controlling application usage and document access in a plurality of computers the method comprising:
-
evaluating at least one rule pertaining to an occurrence of an event; wherein the at least one rule is among a plurality of rules stored on a first computer; wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action; communicating with a plurality of computers as indicated by the at least one rule; and instructing the plurality of computers to perform an action as indicated by the at least one rule.
-
-
2. A method of controlling application usage and document access in a plurality of computers the method comprising:
-
evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action; communicating with a plurality of computers as indicated by the at least one rule; and instructing the plurality of computers to evaluate at least one rule.
-
-
3. An apparatus for controlling application usage and document access in a plurality of computers comprising:
-
a module for evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating module to decide whether to perform an action; a module for communicating with a plurality of computers as indicated by the at least one rule; and a module for instructing the plurality of computers to perform an action as indicated by the at least one rule.
-
-
4. An apparatus for controlling application usage and document access in a plurality of computers comprising:
-
a module for evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating module to decide whether to perform an action; a module for communicating with a plurality of computers as indicated by the at least one rule; and a module for instructing the plurality of computers to evaluate at least one rule.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeBlue Jungle
-
Original AssigneeBlue Jungle
-
InventorsLim, Keng
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current706/47
-
CPC Class CodesG06F 21/00 Security arrangements for p...G06F 21/51 at application loading time...G06F 21/554 involving event detection a...G06F 21/6281 at program execution time, ...G06F 2221/2141 Access rights, e.g. capabil...G06F 9/468 Specific access rights for ...H04L 2463/101 applying security measures ...H04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...H04L 41/28 Restricting access to netwo...H04L 63/00 Network architectures or ne...H04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...H04L 63/30 for supporting lawful inter...H04L 67/01 Protocols
