Enforcing Universal Access Control in an Information Management System
First Claim
1. A method of controlling document access using centrally managed rules, the method comprising:
- distributing a first plurality of rules to a client system from a central rule database,wherein the first plurality of rules distributed to the client system contain at least one expression used by the client system to perform access control for documents accessed by the client system, andwherein the client system rule distributing step dynamically selects the first plurality of rules for the client system;
distributing a second plurality of rules to a server from the central rule database,wherein the second plurality of rules distributed to the server contain at least one expression used by the server to perform access control for documents stored on the server,wherein the server rule distributing step dynamically selects the second plurality of rules for the server, andwherein rules in the central rule database are maintained by a central rule server.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.
228 Citations
25 Claims
-
1. A method of controlling document access using centrally managed rules, the method comprising:
-
distributing a first plurality of rules to a client system from a central rule database, wherein the first plurality of rules distributed to the client system contain at least one expression used by the client system to perform access control for documents accessed by the client system, and wherein the client system rule distributing step dynamically selects the first plurality of rules for the client system; distributing a second plurality of rules to a server from the central rule database, wherein the second plurality of rules distributed to the server contain at least one expression used by the server to perform access control for documents stored on the server, wherein the server rule distributing step dynamically selects the second plurality of rules for the server, and wherein rules in the central rule database are maintained by a central rule server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification