AUTOMATED MULTI-LEVEL FEDERATION AND ENFORCEMENT OF INFORMATION MANAGEMENT POLICIES IN A DEVICE NETWORK

US 20140165134A1
Filed: 08/02/2013
Published: 06/12/2014
Est. Priority Date: 08/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing a plurality of disparate computer application and data control policies on a computing device, comprising:

providing at least one policy distribution point, said at least one policy distribution point including at least one information management policy;

providing a plurality of policy enforcement points, including a first policy enforcement point operating at first policy enforcement level, and a second policy enforcement point operating at second policy enforcement level;

allocating a first policy element to said first policy enforcement point, and a second policy element to said second policy enforcement point; and

providing a management compartment in computer memory in communication with said computing device, said management compartment including one or more computer applications, data, and metadata specified and controlled by said at least one information management policy.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, systems, and non-transitory computer-readable media for managing a plurality of disparate computer application and data control policies on a computing device, especially a computing device connected to a computer network, are described. In one example, at least one policy distribution point is provided that includes least one policy distribution point including at least one information management policy. A plurality of policy enforcement points, including a first policy enforcement point operating at a first policy enforcement level, and a second enforcement point operating at second policy enforcement level, are also provided. A first policy element to the first policy enforcement point, and a second policy element to the second policy enforcement point, are allocated. A management compartment in computer memory in communication with said computing device including one or more computer applications, data, and metadata specified and controlled by the information management policy is also provided.

Citations

28 Claims

1. A method for managing a plurality of disparate computer application and data control policies on a computing device, comprising:
- providing at least one policy distribution point, said at least one policy distribution point including at least one information management policy;
  
  providing a plurality of policy enforcement points, including a first policy enforcement point operating at first policy enforcement level, and a second policy enforcement point operating at second policy enforcement level;
  
  allocating a first policy element to said first policy enforcement point, and a second policy element to said second policy enforcement point; and
  
  providing a management compartment in computer memory in communication with said computing device, said management compartment including one or more computer applications, data, and metadata specified and controlled by said at least one information management policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising defining the management of said one or more computer applications, data, and metadata in said management compartment for at least one of a rest state, a motion state, and a use state.
  - 3. The method of claim 2, further comprising defining the management of computer applications that access data or metadata contained in said management compartment.
  - 4. The method of claim 1, further comprising defining the management of computer applications, data, and metadata contained within said management compartment.
  - 5. The method of claim 1, further comprising defining the management of computer applications, data, and metadata contained in two or more different management compartments.
  - 6. The method of claim 1, further comprising defining the management of computer applications, data, and metadata contained in two or more different instances of said management compartment.
  - 7. The method of claim 1, further comprising distributing said at least one information management policy through said one or more policy distribution points.

8. A system for managing a plurality of disparate computer application and data control policies on one or more computing devices, comprising:
- at least one policy distribution point, said at least one policy distribution point comprising at least one information management policy;
  
  a plurality of policy enforcement points, including a first policy enforcement point operating at first policy enforcement level and enforcing at least a first policy element of said at least one information management policy, and a second policy enforcement point operating at second policy enforcement level and enforcing at least a second policy element of said at least one information management policy; and
  
  a management compartment in computer memory in communication with said computing device, said management compartment including one or more computer applications, data, and metadata specified and controlled by said at least one information management policy.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the management of said one or more computer applications, data, and metadata in said management compartment is defined for at least one of a rest state, a motion state, and a use state.
  - 10. The system of claim 9, wherein said management compartment is configured to manage computer applications that access data or metadata contained in said management compartment.
  - 11. The system of claim 8, wherein said management compartment is configured to manage computer applications, data, and metadata contained within said management compartment.
  - 12. The system of claim 8, wherein said management compartment is configured to manage computer applications, data, and metadata contained in two or more different management compartments.
  - 13. The system of claim 8, further comprising defining the management of computer applications, data, and metadata contained in two or more different instances of said management compartment.
  - 14. The system of claim 8, further comprising distributing said at least one information management policy through said one or more policy distribution points.

15. An apparatus for managing a plurality of disparate computer application and data control policies on at least one computing device, comprising:
- a plurality of policy enforcement points configured to receive at least one information management policy, comprising at least a first policy element and a second policy element, from one or more policy distribution points, said policy enforcement points further including a first policy enforcement point operating at first policy enforcement level, and a second enforcement point operating at second policy enforcement level, said first policy element being allocated to said first policy enforcement point, and said second policy element being allocated to a second policy enforcement point; and
  
  at least one management compartment in computer memory in communication with said computing device, each such management compartment including one or more computer applications, data, and metadata specified and controlled by one of said at least one information management policies.
- View Dependent Claims (16, 18, 19, 20, 21)
- - 16. The apparatus of claim 15, further comprising a capability for defining the management of said one or more computer applications, data, and metadata in each of said management compartments for at least one of a rest state, a motion state, and a use state.
  - 18. The apparatus of claim 15, further comprising a capability for defining the management of computer applications, data, and metadata contained within each of said management compartments.
  - 19. The apparatus of claim 15, further comprising a capability for defining the management of computer applications, data, and metadata contained in two or more disparate management compartments.
  - 20. The apparatus of claim 15, further comprising a capability for defining the management of computer applications, data, and metadata contained in two or more disparate instances of at least one of said management compartments.
  - 21. The apparatus of claim 15, further comprising a capability for distributing said at least one information management policy through said one or more policy distribution points.

17. The apparatus of claim 17, further comprising a capability for defining the management of computer applications that access data or metadata contained in each of said management compartments.

22. A non-transitory computer readable medium containing a computer program product providing data and instructions configured to enable a computer to manage a plurality of disparate computer application and data control policies on at least one computing device, said computer program product comprising instructions to enable said computer to:
- establish and operate a plurality of policy enforcement points configured to receive at least one information management policy provided by one or more policy distribution points, said policy enforcement points further including a first policy enforcement point operating at first policy enforcement level, and a second enforcement point operating at second policy enforcement level, said first policy element being allocated to said first policy enforcement point, and said second policy element being allocated to a second policy enforcement point; and
  
  establish and operate at least one management compartment in computer memory in communication with said computing device, said management compartment including one or more computer applications, data, and metadata specified and controlled by said at least one information management policy.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The non-transitory computer readable medium of claim 22, further comprising defining the management of said one or more computer applications, data, and metadata in said management compartment for at least one of a rest state, a motion state, and a use state.
  - 24. The non-transitory computer readable medium of claim 22, further comprising defining the management of computer applications that access data or metadata contained in said management compartment.
  - 25. The non-transitory computer readable medium of claim 22, further comprising defining the management of computer applications, data, and metadata contained within said management compartment.
  - 26. The non-transitory computer readable medium of claim 22, further comprising defining the management of computer applications, data, and metadata contained in two or more different management compartments.
  - 27. The non-transitory computer readable medium of claim 22, further comprising defining the management of computer applications, data, and metadata contained in two or more different instances of said management compartment.
  - 28. The non-transitory computer readable medium of claim 22, further comprising distributing said at least one information management policy through said one or more policy distribution points.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Cellsec Limited
Inventors
Goldschlag, David, Ginter, Karl, Weiss, Yoav, Bartman, Michael

Granted Patent

US 9,171,172 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/086   using security domains

AUTOMATED MULTI-LEVEL FEDERATION AND ENFORCEMENT OF INFORMATION MANAGEMENT POLICIES IN A DEVICE NETWORK

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED MULTI-LEVEL FEDERATION AND ENFORCEMENT OF INFORMATION MANAGEMENT POLICIES IN A DEVICE NETWORK

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links