MANAGING CHANGE EVENTS FOR DEVICES IN AN ENTERPRISE SYSTEM

US 20170207985A1
Filed: 03/31/2017
Published: 07/20/2017
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining an action to be performed on a plurality of remote devices;

adding, on a queue, a first change event entry for each remote device in a first set of remote devices of the plurality of remote devices and a second change event entry for each remote device in a second set of remote devices of the plurality of remote devices, thereby adding multiple change event entries to the queue, wherein each remote device in the first set of remote devices is different from each remote device in the second set of remote devices, and wherein each of the first change event entry and the second change event entry includes information about a change event for a change in access to a computing system for each remote device in the first set of remote devices and each remote device in the second set of remote devices;

assigning, from the queue to a first computing node, a first change event entry corresponding to the first set of remote devices, wherein the first change event entry includes first information identifying each remote device in the first set of remote devices to be notified about the change event;

instantiating a first metadata object for the first change event entry and storing first metadata identifying each of the first set of remote devices in the first metadata object;

instructing, from the first computing node, the action to be taken on each of the first set of remote devices based on the first metadata object, wherein instructing the action to be taken on each of the first set of remote devices causes each remote device in the first set of remote devices to adjust access to the computing system based on the change event indicated by the first change event entry corresponding to the first metadata object;

assigning, from the queue to a second computing node, a second change event entry corresponding to the second set of remote devices, wherein the second change event entry includes second information identifying each remote device in the second set of remote devices to be notified about the change event;

instantiating a second metadata object for the second change event entry and storing second metadata identifying each of the second set of remote devices in the second metadata object; and

instructing, from the second computing node, the action to be taken on each of the second set of remote devices based on the second metadata object, wherein instructing the action to be taken on each of the second set of remote devices causes each remote device in the second set of remote devices to adjust access to the computing system based on the change event indicated by the second change event entry corresponding to the second metadata object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for communicating to remote devices information about change events related to changes in access to an enterprise system. A device access management system may facilitate communication about a change event to the remote devices. Information about a change event may be stored in a change event object based on the type of change event (e.g., a policy change, an application change, and a settings change). A change event queue may persistently store information corresponding to change events. One or more computing nodes may be scheduled to execute an action process for each change event based on the type of the change event. A computing node may communicate information (e.g., an instruction to implement adjust access) about a change event to remote devices. A change event may persist on the queue until all remote devices are notified about the change event.

34 Citations

View as Search Results

20 Claims

1. A method comprising:
- determining an action to be performed on a plurality of remote devices;
  
  adding, on a queue, a first change event entry for each remote device in a first set of remote devices of the plurality of remote devices and a second change event entry for each remote device in a second set of remote devices of the plurality of remote devices, thereby adding multiple change event entries to the queue, wherein each remote device in the first set of remote devices is different from each remote device in the second set of remote devices, and wherein each of the first change event entry and the second change event entry includes information about a change event for a change in access to a computing system for each remote device in the first set of remote devices and each remote device in the second set of remote devices;
  
  assigning, from the queue to a first computing node, a first change event entry corresponding to the first set of remote devices, wherein the first change event entry includes first information identifying each remote device in the first set of remote devices to be notified about the change event;
  
  instantiating a first metadata object for the first change event entry and storing first metadata identifying each of the first set of remote devices in the first metadata object;
  
  instructing, from the first computing node, the action to be taken on each of the first set of remote devices based on the first metadata object, wherein instructing the action to be taken on each of the first set of remote devices causes each remote device in the first set of remote devices to adjust access to the computing system based on the change event indicated by the first change event entry corresponding to the first metadata object;
  
  assigning, from the queue to a second computing node, a second change event entry corresponding to the second set of remote devices, wherein the second change event entry includes second information identifying each remote device in the second set of remote devices to be notified about the change event;
  
  instantiating a second metadata object for the second change event entry and storing second metadata identifying each of the second set of remote devices in the second metadata object; and
  
  instructing, from the second computing node, the action to be taken on each of the second set of remote devices based on the second metadata object, wherein instructing the action to be taken on each of the second set of remote devices causes each remote device in the second set of remote devices to adjust access to the computing system based on the change event indicated by the second change event entry corresponding to the second metadata object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein instantiating the first metadata object is performed on the first computing node, and wherein instantiating the second metadata object is performed on the second computing node.
  - 3. The method of claim 1, further comprising:
    - selecting, based on a processing load of each of a plurality of computing nodes, a set of computing nodes of the plurality of computing nodes to initiate the action for the change in access, wherein the set of computing nodes includes the first computing node and the second computing node.
  - 4. The method of claim 3, further comprising:
    - computing the processing load for each of the plurality of computing nodes, wherein a processing load of a computing node is computed based on a number of actions the computing node has initiated, and wherein the first computing node is selected for the set of computing nodes based on an action threshold, and wherein each of the set of computing nodes is selected based on the processing load for each of the set of computing nodes satisfying the action threshold.
  - 5. The method of claim 1, further comprising:
    - determining a type of change event corresponding to the change event for the change in access to the computing system for each remote device in the first set of remote devices and each remote device in the second set of remote devices, wherein each of the first change event entry and the second change event entry indicates the type of change event.
  - 6. The method of claim 5, wherein the first metadata object is instantiated based on the type of change event, and wherein the second metadata object is instantiated based on the type of change event.
  - 7. The method of claim 5, wherein the type of change event includes a policy change, the policy change including a change in a compliance policy, a change in an enrollment policy, a change in a workspace policy, a change in a device policy, or a combination thereof.
  - 8. The method of claim 5, wherein the type of change event includes an application change, the application change including adding an application to a catalog of applications accessible to the plurality of remote devices, removing an application from the catalog of applications, modifying a version of an application in the catalog of applications, or a combination thereof.
  - 9. The method of claim 5, wherein the type of change event includes a change in a synchronization setting related to accessing the computing system.
  - 10. The method of claim 5, further comprising:
    - determining, based on the type of change event, an action process to perform for the action.
  - 11. The method of claim 1, wherein instructing, from the first computing node, the action to be taken on each of the first set of remote devices is performed concurrently with instructing, from the second computing node, the action to be taken on each of the second set of remote devices.
  - 12. The method of claim 1, wherein the first metadata object for the first change event entry includes the information about the change event for the change in access to the computing system, and wherein the second metadata object for the second change event entry includes the information about the change event for the change in access to the computing system.
  - 13. The method of claim 1, wherein instructing the action to be taken on each remote device in the first set of remote devices includes sending a first instruction indicating the action to each of the first set of remote devices to identified by the first information included in the first change event entry corresponding to the first metadata object, and wherein instructing the action to be taken on each remote device in the second set of remote devices includes sending a second instruction indicating the action to each of the second set of remote devices to identified by the second information included in the second change event entry corresponding to the second metadata object.
  - 14. The method of claim 1, further comprising:
    - removing, from the queue, the first change event entry for the first set of remote devices upon receiving a response from each of the first set of remote devices, the response indicating that each of the first set of remote devices has adjusted access to the computing system based on the information about the change event included in the first change event entry.
  - 15. The method of claim 14, wherein the response is a first response, and wherein the method further comprises:
    - removing, from the queue, the second change event entry for the second set of remote devices upon receiving a second response from each of the second set of remote devices, the second response indicating that each of the second set of remote devices has adjusted access to the computing system based on the information about the change event included in the second change event entry.

16. A system comprising:
- one or more processors; and
  
  a memory storing one or more instructions which, upon execution by the one or more processors, causes the one or more processors to;
  
  determine an action to be performed on a plurality of remote devices;
  
  add, on a queue, a first change event entry for each remote device in a first set of remote devices of the plurality of remote devices and a second change event entry for each remote device in a second set of remote devices of the plurality of remote devices, thereby adding multiple change event entries to the queue, wherein each remote device in the first set of remote devices is different from each remote device in the second set of remote devices, and wherein each of the first change event entry and the second change event entry includes information about a change event for a change in access to a computing system for each remote device in the first set of remote devices and each remote device in the second set of remote devices;
  
  assign, from the queue to a first computing node, a first change event entry corresponding to the first set of remote devices, wherein the first change event entry includes first information identifying each remote device in the first set of remote devices to be notified about the change event;
  
  instantiate a first metadata object for the first change event entry and storing first metadata identifying each of the first set of remote devices in the first metadata object;
  
  instruct, from the first computing node, the action to be taken on each of the first set of remote devices based on the first metadata object, wherein instructing the action to be taken on each of the first set of remote devices causes each remote device in the first set of remote devices to adjust access to the computing system based on the change event indicated by the first change event entry corresponding to the first metadata object;
  
  assign, from the queue to a second computing node, a second change event entry corresponding to the second set of remote devices, wherein the second change event entry includes second information identifying each remote device in the second set of remote devices to be notified about the change event;
  
  instantiate a second metadata object for the second change event entry and storing second metadata identifying each of the second set of remote devices in the second metadata object; and
  
  instruct, from the second computing node, the action to be taken on each of the second set of remote devices based on the second metadata object, wherein instructing the action to be taken on each of the second set of remote devices causes each remote device in the second set of remote devices to adjust access to the computing system based on the change event indicated by the second change event entry corresponding to the second metadata object.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16, wherein instructing the action to be taken on each remote device in the first set of remote devices includes sending a first instruction indicating the action to each of the first set of remote devices to identified by the first information included in the first change event entry corresponding to the first metadata object, and wherein instructing the action to be taken on each remote device in the second set of remote devices includes sending a second instruction indicating the action to each of the second set of remote devices to identified by the second information included in the second change event entry corresponding to the second metadata object.
  - 18. The system of claim 16, wherein the first metadata object for the first change event entry includes the information about the change event for the change in access to the computing system, and wherein the second metadata object for the second change event entry includes the information about the change event for the change in access to the computing system.

19. A non-transitory computer-readable medium comprising one or more instructions stored thereon, that upon execution by one or more processors, causes the one or more processors to:
- determine an action to be performed on a plurality of remote devices;
  
  add, on a queue, a first change event entry for each remote device in a first set of remote devices of the plurality of remote devices and a second change event entry for each remote device in a second set of remote devices of the plurality of remote devices, thereby adding multiple change event entries to the queue, wherein each remote device in the first set of remote devices is different from each remote device in the second set of remote devices, and wherein each of the first change event entry and the second change event entry includes information about a change event for a change in access to a computing system for each remote device in the first set of remote devices and each remote device in the second set of remote devices;
  
  assign, from the queue to a first computing node, a first change event entry corresponding to the first set of remote devices, wherein the first change event entry includes first information identifying each remote device in the first set of remote devices to be notified about the change event;
  
  instantiate a first metadata object for the first change event entry and storing first metadata identifying each of the first set of remote devices in the first metadata object;
  
  instruct, from the first computing node, the action to be taken on each of the first set of remote devices based on the first metadata object, wherein instructing the action to be taken on each of the first set of remote devices causes each remote device in the first set of remote devices to adjust access to the computing system based on the change event indicated by the first change event entry corresponding to the first metadata object;
  
  assign, from the queue to a second computing node, a second change event entry corresponding to the second set of remote devices, wherein the second change event entry includes second information identifying each remote device in the second set of remote devices to be notified about the change event;
  
  instantiate a second metadata object for the second change event entry and storing second metadata identifying each of the second set of remote devices in the second metadata object; and
  
  instruct, from the second computing node, the action to be taken on each of the second set of remote devices based on the second metadata object, wherein instructing the action to be taken on each of the second set of remote devices causes each remote device in the second set of remote devices to adjust access to the computing system based on the change event indicated by the second change event entry corresponding to the second metadata object.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the one or more instructions, that upon execution by the one or more processors, further causes the one or more processors to:
    - remove, from the queue, the first change event entry for the first set of remote devices upon receiving a response from each of the first set of remote devices, the response indicating that each of the first set of remote devices has adjusted access to the computing system based on the information about the change event included in the first change event entry; and
      
      remove, from the queue, the second change event entry for the second set of remote devices upon receiving a second response from each of the second set of remote devices, the second response indicating that each of the second set of remote devices has adjusted access to the computing system based on the information about the change event included in the second change event entry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Jayanti Venkata, Bhagavati Kumar, Maheshwari, Harsh, Das, Sidhartha

Granted Patent

US 10,129,109 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 8/71   Version control security ar...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 41/082   the condition being updates...

H04L 41/0895   Configuration of virtualise...

H04L 41/20   Network management software...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 41/5096   wherein the managed service...

H04L 47/125   by balancing the load, e.g....

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/20 : for managing network securi...

H04L 63/205 : involving negotiation or de...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/12 : specially adapted for propr...

H04L 67/306 : User profiles

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

H04L 9/3268 : using certificate validatio...

H04W 12/06 : Authentication

H04W 12/33 : using wearable devices, e.g...

H04W 16/06 : Hybrid resource partitionin...

H04W 4/08 : User group management

H04W 4/50 : Service provisioning or rec...

H04W 4/60 : Subscription-based services...

H04W 4/70 : Services for machine-to-mac...

View All

MANAGING CHANGE EVENTS FOR DEVICES IN AN ENTERPRISE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING CHANGE EVENTS FOR DEVICES IN AN ENTERPRISE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links