CENTRALLY ACCESSIBLE POLICY REPOSITORY

US 20090300706A1
Filed: 05/29/2008
Published: 12/03/2009
Est. Priority Date: 05/29/2008
Status: Active Grant

First Claim

Patent Images

1. A repository within an organization, the repository for protecting the resources of the organization, the repository including:

a central policy database for the organization, the central policy database storing the organization'"'"'s policies for protecting the organization'"'"'s resources, the central policy database including a plurality of centrally accessible policy items,some of the plurality of centrally accessible policy items containing;

a protection policy that can be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at computer systems;

at least one of the plurality of centrally accessible policy items containing;

a policy selection policy indicating how to identify at least one protection policy that is to be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at other computer systems.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization'"'"'s protection policies within different organizational units, even when protection policies change.

47 Citations

View as Search Results

20 Claims

1. A repository within an organization, the repository for protecting the resources of the organization, the repository including:
- a central policy database for the organization, the central policy database storing the organization'"'"'s policies for protecting the organization'"'"'s resources, the central policy database including a plurality of centrally accessible policy items,some of the plurality of centrally accessible policy items containing;
  
  a protection policy that can be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at computer systems;
  
  at least one of the plurality of centrally accessible policy items containing;
  
  a policy selection policy indicating how to identify at least one protection policy that is to be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at other computer systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The repository as recited in claim 1, wherein some of the plurality of centrally accessible policy items containing a protection policy that can be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at computer systems comprises some of the plurality of centrally accessible policy items containing code that can be used to derive a protection policy.
  - 3. The repository as recited in claim 1, wherein some of the plurality of centrally accessible policy items containing a protection policy that can be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at computer systems comprises some of the plurality of centrally accessible policy items containing a corresponding friendly name used to indicate the purpose of the protection policy.
  - 4. The repository as recited in claim 1, wherein some of the plurality of centrally accessible policy items containing a protection policy that can be applied to a resource to consistently protect the resource when the resource is transferred between and utilized at computer systems comprises some of the plurality of centrally accessible policy items containing a corresponding policy handle used to identify the protection policy.
  - 5. The repository as recited in claim 4, wherein at least one of the plurality of centrally accessible policy items containing a policy selection policy indicating how to identify at least one protection policy that is to be applied to a resource comprises at least one of the centrally accessible policy items containing a policy selection policy that maps policy context data to one or more of protection policies and policy handles.
  - 6. A repository as recited in claim 1, the repository further including a policy identification module, the policy identification module configured to identify protection policies stored in a central policy database based on received data.
  - 7. A repository as recited in claim 6, the policy identification module configured to identify protection policies stored in a central policy database based on received data comprises the policy identification module configured to identify protection policies stored in central policy database based on policy context data.
  - 8. A repository as recited in claim 7, wherein the policy identification module configured to identify protection policies stored in a central policy database based on policy context data comprises the policy identification module being configured to:
    - receive policy context data from protection software, the policy context data corresponding to resources that the protection software is to protect;
      
      compare the policy context data to policy context data of policy items in the central repository; and
      
      based on the comparisons, identify one or more protection policies that are potentially appropriate for protecting the resource.
  - 9. A repository as recited in claim 6, the policy identification module configured to identify protection policies stored in a central policy database based on received data comprises the policy identification module configured to identify protection policies stored in central policy database based on policy handles.
  - 10. A repository as recited in claim 9, the policy identification module configured to identify protection policies stored in a central policy database based on policy handles comprises the policy identification module being configured to:
    - receive a policy handle from protection software;
      
      compare the received policy handle to policy handles of policy items in the central repository; and
      
      identify the protection policy having a policy handle that matches the received policy handle.

11. At a computer system, a method for determining how to protect a resource of an organization, the method comprising:
- an act of accessing an indication that a specified resource of the organization is to be protected for use at a computer system;
  
  an act of accessing policy context data for the specified resource, the policy context data indicating the context for protecting the specified resource;
  
  an act of accessing a policy selection policy from a central policy database for the organization, the policy selection policy indicating protection policies within the central policy database that can be applied to a resource based on the policy context data for the resource so that protection policies are consistently applied to resources of the organization when the resources of the organization are utilized;
  
  an act of identifying one or more appropriate protection policies to apply to the specified resource based on the indications in the policy selection policy and based on the accessed policy context data; and
  
  an act of receiving a selection of at least one of the one or more appropriate protection policies to apply to the specified resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method as recited in claim 11, wherein the act of accessing an indication that a specified resource of the organization is to be protected for use at a computer system comprises an act of a central repository accessing an indication that a specified resource of the organization is to be protected.
  - 13. The method as recited in claim 11, wherein the act of accessing an indication that a specified resource of the organization is to be protected for use at a computer system comprises an act of protection software at the computer system accessing an indication that a specified resource of the organization is to be protected.
  - 14. The method as recited in claim 11, wherein the act of accessing policy context data for the specified resource, the policy context data indicating the context for protecting the specified resource comprises an act of formulating policy context data based on one or more of:
    - the resource, user and group identities, application type, machine health, roles, and document class.
  - 15. The method as recited in claim 11, wherein an act of accessing a policy selection policy from a central policy database for the organization comprises:
    - an act of sending a protection request to a central repository housing the central policy database; and
      
      an act of receiving the policy selection policy from the central repository in response to the protection request.
  - 16. The method as recited in claim 11, wherein the act of identifying one or more appropriate protection policies to apply to the specified resource comprises an act of identifying a plurality of appropriate protection policies to apply to the specified resource.
  - 17. The method as recited in claim 11, wherein the act of receiving a selection of at least one of the one or more appropriate protection policies to apply to the specified resource comprises an act of receiving a selection of plurality of appropriate protection policies to apply to the specified resource.
  - 18. The method as recited in claim 11, further comprising:
    - an act of applying the selected one or more appropriate protection policies to the specified resource to protect the resource.
  - 19. The method as recited in claim 18, wherein the act of applying the selected one or more appropriate protection policies to the specified resource to protect the resource comprises:
    - an act of sending a file handle for each of the one or more appropriate protection policies to central repository; and
      
      an act of receiving each of the one or more appropriate protection policies from the central repository.

20. A resource protection system, the resource protection system including:
- a central repository, the central repository includinga policy database, the policy database including a plurality of policy items, each policy item including;
  
  a protection policy that can be applied to a resource to consistently protect the resource when other computer systems request access to the resource; and
  
  policy context data that can be used to identify the protection policy of the policy item as the protection policy that is to be applied to a resource; and
  
  a policy identification module, the policy identification module configured to;
  
  receive resource context data from protection software, the policy context data corresponding to resources that the protection software is to protect;
  
  compare the policy context data to policy context data of policy items in the central repository;
  
  based on the comparisons, identify one or more protection policies that are potentially appropriate for protecting the resource; and
  
  return the one or more identified protection policies to the protection software; and
  
  a plurality of computer systems configured to protect resources, each computer system including;
  
  one or more processors;
  
  system memory; and
  
  one or more computer-readable media having stored thereon protection software, the protection software configured to;
  
  access resources that are to be protected;
  
  formulate content context data corresponding to accessed resources, the content context data indicating the context for protecting accessed resourcessend the policy context data to the central repository to request a protection policy for protecting an accessed resource;
  
  receive one or one more protection policies from the central repository, the one or one more received protection policies identified as potential protection policies for protecting the accessed resource;
  
  select a specified protection policy, from among the one or more received protection policies, to protect the accessed content;
  
  protect the accessed resource in accordance with the specified protection policy to provide consistent protection to the accessed resource across the plurality of computer systems; and
  
  attach at least a handle to the specific protection policy to the resource such that a receiving computer system can access the specified protection policy from the central repository to consistently protect the resource in accordance with the specified protection policy during subsequent access to the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kanade, Abhijat, Brintzenhofe, Keith S., Ray, Kenneth D., Yarmolenko, Vladimir, Cottrille, Scott C., Kostal, Gregory, Malaviarachchi, Rushmi U.

Granted Patent

US 8,141,129 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/20   for managing network securi...

CENTRALLY ACCESSIBLE POLICY REPOSITORY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CENTRALLY ACCESSIBLE POLICY REPOSITORY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links