Enforcing Application and Access Control Policies in an Information Management System with Two or More Interactive Enforcement Points
First Claim
1. A method of controlling application usage and document access in a plurality of computers the method comprising:
- evaluating at least one rule pertaining to an occurrence of an event;
wherein the at least one rule is among a plurality of rules stored on a first computer;
wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action;
communicating with a plurality of computers as indicated by the at least one rule; and
instructing the plurality of computers to perform an action as indicated by the at least one rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.
-
Citations
4 Claims
-
1. A method of controlling application usage and document access in a plurality of computers the method comprising:
-
evaluating at least one rule pertaining to an occurrence of an event; wherein the at least one rule is among a plurality of rules stored on a first computer; wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action; communicating with a plurality of computers as indicated by the at least one rule; and instructing the plurality of computers to perform an action as indicated by the at least one rule.
-
-
2. A method of controlling application usage and document access in a plurality of computers the method comprising:
-
evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating step to decide whether to perform an action; communicating with a plurality of computers as indicated by the at least one rule; and instructing the plurality of computers to evaluate at least one rule.
-
-
3. An apparatus for controlling application usage and document access in a plurality of computers comprising:
-
a module for evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating module to decide whether to perform an action; a module for communicating with a plurality of computers as indicated by the at least one rule; and a module for instructing the plurality of computers to perform an action as indicated by the at least one rule.
-
-
4. An apparatus for controlling application usage and document access in a plurality of computers comprising:
-
a module for evaluating at least one rule pertaining to an occurrence of an event, wherein the at least one rule is among a plurality of rules stored on a first computer, and wherein the at least one rule contains at least one expression used by the evaluating module to decide whether to perform an action; a module for communicating with a plurality of computers as indicated by the at least one rule; and a module for instructing the plurality of computers to evaluate at least one rule.
-
Specification