SUPER POLICY IN INFORMATION PROTECTION SYSTEMS

US 20090222879A1
Filed: 03/03/2008
Published: 09/03/2009
Est. Priority Date: 03/03/2008
Status: Abandoned Application

First Claim

Patent Images

1. In a computing system, a method of providing access to information based on policy, the method comprising:

receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information;

accessing the author policy;

processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy;

evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information;

determining that the requester is authorized to access the information based on the composite policy; and

as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing access to information based on super policy. Information is associated with author policy expressing restrictions on use of the information The author policy is processed using super policy programmatic code to generate a composite policy. The composite policy includes a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy. A request for the information is evaluated. This includes evaluating information about the requester against the composite policy to determine if the requester is authorized to access the information. A determination is made that the requester is authorized to access the information based on the composite policy, where after the requester is authorized to access the information based on the composite policy, access is granted to the information to the requester.

127 Citations

View as Search Results

20 Claims

1. In a computing system, a method of providing access to information based on policy, the method comprising:
- receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information;
  
  accessing the author policy;
  
  processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy;
  
  evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information;
  
  determining that the requester is authorized to access the information based on the composite policy; and
  
  as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the author policy is provided by the author of the information.
  - 3. The method of claim 1, wherein the super policy is defined in a same language as the author policy;
  - 4. The method of claim 1, wherein the super policy is defined through workflows.
  - 5. The method of claim 1, wherein the super policy is defined by an organization distributing the information.
  - 6. The method of claim 1, further comprising generating logging information indicating that access was grated to the requester based on application of super policy.
  - 7. The method of claim 1, wherein processing the author policy using super policy programmatic code comprises evaluating environmental conditions and adding or removing restrictions based on the environmental conditions.
  - 8. The method of claim 1, wherein processing the author policy using super policy programmatic code comprises evaluating contextual information and adding or removing restrictions based on the contextual information.
  - 9. The method of claim 1, wherein processing the author policy using super policy programmatic code comprises evaluating organization business logic and adding or removing restrictions based on the organization business logic.
  - 10. The method of claim 1, wherein processing the author policy using super policy programmatic code comprises using event driven programmatic modules to process the author policy.
  - 11. The method of claim 1, wherein the author policy is provided by an author of the information while the super policy programmatic code is provided by a consumer of the information, which is an entity distinct and separate from the author of the information.
  - 12. The method of claim 1, wherein processing the author policy using super policy programmatic code comprises iteratively processing policy using a plurality of super policy programmatic code modules, wherein each programmatic code module is configured to add or remove restrictions.
  - 13. The method of claim 12, further comprising prioritizing the super policy programmatic code modules prior to iteratively processing policy using the programmatic code modules.
  - 14. The method of claim 1, wherein restrictions being added to or removed from the author policy comprises extending the validity time or removing the validity time.
  - 15. The method of claim 1, wherein restrictions being added to or removed from the author policy comprises extending the activities that can be performed on the information.
  - 16. The method of claim 1, further comprising providing an indication that access is being granted based on super policy.
  - 17. The method of claim 1, further comprising providing an indication to a user indicating the policy in the composite policy.

18. In a computing system, a method of providing access to information based on policy, the method comprising:
- displaying a user interface, the user interface configured to receive input from a user to define super policy for information,accessing author policy, wherein the author policy is associated with the information, the author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information;
  
  generating super policy programmatic code from the user input;
  
  processing the author policy using the super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy; and
  
  using the composite policy to evaluate requests to access the information.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising, indicating through the user interface all of the restrictions enforced by the composite policy.

20. In a computing environment, a physical computer readable medium comprising computer executable instructions that when executed by a processor are configured to cause the following:
- receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information;
  
  accessing the author policy;
  
  processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy;
  
  evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information;
  
  determining that the requester is authorized to access the information based on the composite policy; and
  
  as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cottrille, Scott C., Kostal, Gregory, Malaviarachchi, Rushmi U.

Application Number

US12/041,444
Publication Number

US 20090222879A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

SUPER POLICY IN INFORMATION PROTECTION SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SUPER POLICY IN INFORMATION PROTECTION SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others