Methods and systems for context-aware policy determination and enforcement

US 7,072,956 B2
Filed: 12/22/2000
Issued: 07/04/2006
Est. Priority Date: 12/22/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computing device comprising:

one or more processors;

memory operably associated with the one or more processors;

one or more applications loadable in the memory and executable on the one or more processors; and

the one or more processors being configured to;

receive context information from externally of the device, the context information pertaining to one or more current device contexts;

automatically determine one or more current contexts from the context information using one or more hierarchical traversable tree structures, wherein the tree structures comprise individual nodes individual ones of which being associated with a context, wherein said one or more current contexts are determined by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;

locally evaluate a collection of policies in connection with the one or more current contexts to provide a resultant set of policies; and

enforce the resultant set of policies on the one or more applications.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Context aware computing systems and methods are described. In one described embodiment, devices and methods are provided that are context-aware (in one example—location-aware) in that they provide for the application and enforcement of various policies as a function of context. Specifically, various computing devices, through the described methodologies and structures, are able to automatically determine their context. Once context is determined, a collection of policies can be evaluated to provide a resultant set of policies that apply to the given context. The resultant set of policies are then enforced, typically via the device'"'"'s operating system. Policy enforcement can involve promulgating new settings or state to applications that are executing on or off the device. Advantageously, the devices and methodologies can adapt the resultant set of policies as the device'"'"'s context changes so that the policies can be dynamically determined and enforced automatically as the device'"'"'s context changes.

184 Citations

86 Claims

1. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  receive context information from externally of the device, the context information pertaining to one or more current device contexts;
  
  automatically determine one or more current contexts from the context information using one or more hierarchical traversable tree structures, wherein the tree structures comprise individual nodes individual ones of which being associated with a context, wherein said one or more current contexts are determined by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluate a collection of policies in connection with the one or more current contexts to provide a resultant set of policies; and
  
  enforce the resultant set of policies on the one or more applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The device of claim 1, wherein the device is configured to receive context information from multiple different context providers that provide different types of context information.
  - 3. The device of claim 1, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the one or more current contexts.
  - 4. The device of claim 1, wherein the one or more hierarchical tree structures provide a common abstract representation of context.
  - 5. The device of claim 1, wherein the device is configured to determine the one or more current contexts dynamically.
  - 6. The device of claim 1, wherein the device is configured to receive policies from different policy sources.
  - 7. The device of claim 1, wherein the device is configured to receive policies from different policy sources, the policies from the different policy sources being defined in terms of a common abstract representation of context.
  - 8. The device of claim 1 embodied as an enterprise device, the collection of policies comprising at least enterprise policies that are defined in terms of a common abstract representation of context.
  - 9. The device of claim 1 embodied as a portable device.
  - 10. The device of claim 1 embodied as a wireless device.
  - 11. The device of claim 1 embodied as a handheld device.

12. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  receive context information from externally of the device, the context information pertaining to a current device context and determine a current context using one or more hierarchical traversable tree structures on the device, wherein the tree structures comprise individual nodes each of which being associated with a device context, wherein said current context is determined by traversing at least one node on at least one of the tree structures, and wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  enforce a set of policies on the one or more applications, the set of policies pertaining to a current context that is associated with the context information.
- View Dependent Claims (13, 14)
- - 13. The computing device of claim 12, wherein the one or more processors are configured to determine the current context from the context information.
  - 14. The computing device of claim 12, wherein the one or more processors are configured to locally evaluate a collection of policies, in connection with the received context information, to provide the set of policies.

15. A method of operating a computing device comprising:
- receiving context information from externally of a computing device, the context information pertaining to a current device context;
  
  automatically determining, with the computing device, a current context using the context information,wherein said act of automatically determining comprises;
  
  providing one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device context, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  traversing at least one node on at least one of the tree structures to provide the current context;
  
  evaluating a collection of policies in connection with the current context to provide a resultant set of policies; and
  
  enforcing the resultant set of policies on one or more applications that are executable by the computing device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, wherein said evaluating comprises locally evaluating the collection of policies using the computing device.
  - 17. The method of claim 15, wherein said evaluating comprises evaluating the collection of policies remote from the computing device.
  - 18. The method of claim 15, wherein said receiving comprises receiving context information from multiple different context providers that provide different types of context information.
  - 19. The method of claim 15, wherein said receiving comprises wirelessly receiving the context information.
  - 20. The method of claim 15, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current context.
  - 21. The method of claim 15, wherein the one or more hierarchical tree structures provide a common abstract representation of context.
  - 22. The method of claim 15 further comprising receiving policies from multiple different policy sources.
  - 23. The method of claim 15 further comprising receiving policies from multiple different policy sources, the policies being defined in terms of a common abstract representation of context.
  - 24. The method of claim 15, wherein the computing device comprises an enterprise computing device and further comprising receiving policies from an enterprise policy source, the policies being defined in terms of a common abstract representation of context.
  - 25. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 15.

26. A method of operating a computing device comprising:
- receiving context information from externally of a computing device, the context information pertaining to a current device context;
  
  automatically determining, with the computing device, a current context using the context information;
  
  wherein said act of automatically determining comprises;
  
  providing one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device context, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  traversing at least one node on at least one of the tree structures to provide the current context; and
  
  enforcing a set of policies, which are the result of a collection of policies in connection with the current device context, on one or more applications that are executable by the computing device, the resultant set of policies pertaining to a context that is associated with the context information that is received.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26 further comprising determining, on the computing device, a context that is associated with the context information.
  - 28. The method of claim 26 further comprising locally evaluating a collection of policies responsive to receiving the context information, said evaluating providing a resultant set of policies.
  - 29. The method of claim 26 further comprising receiving one or more policies from externally of the computing device, said one or more policies being associated with a context which is, in turn, associated with the context information.

30. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  receive context information from externally of the device, the context information pertaining to a current device context;
  
  automatically determine a current context from the context information using one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device context, the device being configured to determine its current context by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluate a collection of policies in connection with the current context to provide a resultant set of policies;
  
  enforce the resultant set of policies on the one or more applications;
  
  responsive to receiving context information that indicates a change of current context;
  
  locally re-evaluate the collection of policies to provide a new resultant set of policies; and
  
  enforce the new resultant set of policies on the one or more applications.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The device of claim 30, wherein the device is configured to receive context information from multiple different context providers that provide different types of context information.
  - 32. The device of claim 30, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current context.
  - 33. The device of claim 30, wherein the one or more hierarchical tree structures provide a common abstract representation of context.
  - 34. The device of claim 30, wherein the device is configured to determine current context dynamically.
  - 35. The device of claim 30, wherein the device is configured to receive policies from different policy sources.
  - 36. The device of claim 30, wherein the device is configured to receive policies from different policy sources, all of the policies being defined in terms of a common abstract representation of context.

37. A method of operating a computing device comprising:
- wirelessly receiving context information from externally of a computing device, the context information pertaining to a current device context;
  
  automatically determining, with the computing device, a current context using the context information;
  
  wherein said act of automatically determining comprises;
  
  providing one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device context, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  traversing at least one node on at least one of the tree structures to provide the current context;
  
  locally evaluating, with the computing device, a collection of policies in connection with the current context to provide a resultant set of policies;
  
  enforcing the resultant set of policies on one or more applications that are executable by the computing device;
  
  determining whether the device'"'"'s current context has changed and if so, automatically determining a new current context using received context information;
  
  responsive to determining the new current context, locally re-evaluating, with the computing device, the collection of policies to provide a new resultant set of policies for the new current context; and
  
  enforcing the new resultant set of policies on the one or more applications.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The method of claim 37 wherein said receiving comprises receiving context information from multiple different context providers that provide different types of context information.
  - 39. The method of claim 37, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current context.
  - 40. The method of claim 37, wherein the one or more hierarchical tree structures provide a common abstract representation of context.
  - 41. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 37.

42. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  receive location information pertaining to a current device location;
  
  automatically determine a current location from the location information using one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, the device being configured to determine its current location by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluate a collection of policies in connection with the current location to provide a resultant set of policies; and
  
  enforce the resultant set of policies on the one or more applications.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49)
- - 43. The computing device of claim 42, wherein said one or more processors are configured to receive location information from externally of the device.
  - 44. The computing device of claim 42, wherein the device is configured to receive location information from multiple different location providers that provide different types of location information.
  - 45. The computing device of claim 42, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current location.
  - 46. The computing device of claim 42, wherein the one or more hierarchical tree structures provide a common abstract representation of location.
  - 47. The computing device of claim 42, wherein the device is configured to determine the current location dynamically.
  - 48. The computing device of claim 42, wherein the device is configured to receive policies from different policy sources.
  - 49. The computing device of claim 42, wherein the device is configured to receive policies from different policy sources, the policies from the different policy sources being defined in terms of a common abstract representation of location.

50. A method of operating a computing device comprising:
- receiving location information pertaining to a current device location;
  
  automatically determining, with the computing device, a current location using the location information;
  
  wherein said act of automatically determining comprises;
  
  providing one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  traversing at least one node on at least one of the tree structures to provide the current location;
  
  locally evaluating, with the computing device, a collection of policies in connection with the current location to provide a resultant set of policies; and
  
  enforcing the resultant set of policies on one or more applications that are executable by the computing device.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58)
- - 51. The method of claim 50, wherein said receiving comprises receiving the location information from externally of the device.
  - 52. The method of claim 50, wherein said receiving comprises receiving location information from multiple different location providers that provide different types of location information.
  - 53. The method of claim 50, wherein said receiving comprises wirelessly receiving location information from multiple different location providers that provide different types of location information.
  - 54. The method of claim 50, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current location.
  - 55. The method of claim 50, wherein the one or more hierarchical tree structures provide a common abstract representation of location.
  - 56. The method of claim 50 further comprising receiving policies from multiple different policy sources.
  - 57. The method of claim 50 further comprising receiving policies from multiple different policy sources, the policies being defined in terms of a common abstract representation of location.
  - 58. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 50.

59. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  receive location information pertaining to a current device location;
  
  automatically determine a current location from the location information using one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, the device being configured to determine its current location by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluate a collection of policies in connection with the current location to provide a resultant set of policies;
  
  enforce the resultant set of policies on the one or more applications; and
  
  responsive to receiving location information that indicates a change of current location;
  
  locally re-evaluate the collection of policies to provide a new resultant set of policies; and
  
  enforce the new resultant set of policies on the one or more applications.
- View Dependent Claims (60, 61, 62, 63, 64, 65)
- - 60. The computing device of claim 59, wherein the one or more processors are configured to receive location information from externally of the device.
  - 61. The computing device of claim 59, wherein the device is configured to receive location information from multiple different location providers that provide different types of location information.
  - 62. The computing device of claim 59, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current location.
  - 63. The computing device of claim 59, wherein the one or more hierarchical tree structures provide a common abstract representation of context.
  - 64. The computing device of claim 59, wherein the device is configured to receive policies from different policies sources.
  - 65. The computing device of claim 59, wherein the device is configured to receive policies from different policies sources, all of the policies being defined in terms of a common abstract representation of location.

66. A method of operating a computing device comprising:
- wirelessly receiving location information from externally of a computing device, the location information pertaining to a current device location;
  
  automatically determining, with the computing device, a current location using the location information;
  
  wherein said act of automatically determining comprises;
  
  providing one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  traversing at least one node on at least one of the tree structures to provide the current location;
  
  locally evaluating, with the computing device, a collection of policies in connection with the current location to provide a resultant set of policies;
  
  enforcing the resultant set of policies on one or more applications that are executable by the computing device;
  
  determining whether the device'"'"'s current location has changed and if so, automatically determining a new current location using received location information;
  
  responsive to determining the new current location, locally re-evaluating, with the computing device, the collection of policies to provide a new resultant set of policies for the new current location; and
  
  enforcing the new resultant set of policies on the one or more applications.
- View Dependent Claims (67, 68, 69, 70)
- - 67. The method of claim 66, wherein said receiving comprises receiving location information from multiple different location providers that provide different types of location information.
  - 68. The method of claim 66, wherein the one or more hierarchical tree structures comprise at least one primary tree structure, at least one secondary tree structure, and at least one link between the primary and secondary tree structures, the link being traversable to determine the device'"'"'s current location.
  - 69. The method of claim 66, wherein the one or more hierarchical tree structures provide a common abstract representation of location.
  - 70. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 66.

71. A computing device comprising:
- one or more processors;
  
  memory operably associated with the one or more processors;
  
  one or more applications loadable in the memory and executable on the one or more processors; and
  
  the one or more processors being configured to;
  
  collect policies from multiple different policy sources to provide a collection of policies, the policies being expressed in terms of context dependencies associated with multiple different device contexts;
  
  receive context information from externally of the device, the context information pertaining to a current device context;
  
  automatically determine a current context from the context information, wherein said act of automatically determining comprises;
  
  using one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluate the collection of policies in connection with the current context to provide a resultant set of policies; and
  
  enforce the resultant set of policies on the one or more applications.
- View Dependent Claims (72, 73)
- - 72. The device of claim 71, wherein the device is configured to:
    - automatically determine when its context has changed;
      
      locally re-evaluate the collection of policies to provide a new resultant set of policies responsive to a context change; and
      
      enforce the new resultant set of policies.
  - 73. The device of claim 71, wherein the context comprises location.

74. A method of operating a computing device comprising:
- collecting policies from multiple different policy sources to provide a collection of policies, the policies being expressed in terms of context dependencies associated with multiple different device contexts;
  
  receiving context information from externally of a computing device, the context information pertaining to a current device context;
  
  automatically determining a current context from the context information, wherein said act of automatically determining comprises;
  
  using one or more hierarchical traversable tree structures on the device, the tree structures comprising individual nodes each of which being associated with a device location, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node;
  
  locally evaluating the collection of policies in connection with the current context to provide a resultant set of policies; and
  
  enforcing the resultant set of policies on the device.
- View Dependent Claims (75, 76, 77, 78, 79)
- - 75. The method of claim 74 further comprising:
    - automatically determining when a device context has changed;
      
      determining a new device context;
      
      locally re-evaluating the collection of policies in connection with the new device context to provide a new resultant set of policies; and
      
      enforcing the new resultant set of policies on the device.
  - 76. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 74.
  - 77. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to implement the method of claim 75.
  - 78. A programmable computing device programmed with instructions that implement the method of claim 74.
  - 79. A programmable computing device programmed with instructions that implement the method of claim 75.

80. A computer architecture embodied on a computer readable media comprising:
- a context service that provides context information or context change events that pertain to the context of a computing device;
  
  wherein said context service determines context using one or more hierarchical traversable tree structures, the tree structures comprising individual nodes each of which being associated with a device context, the context service being configured to determine context by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  a policy engine communicatively linked with the context service and configured to;
  
  receive context information or context change events from the context service;
  
  evaluate a collection of policies to provide a resultant set of policies responsive to the context information or context change events; and
  
  enforce the resultant set of policies on a computing device.
- View Dependent Claims (81, 82, 83, 84, 85)
- - 81. The computer architecture of claim 80, wherein the policy engine is configured to enforce the resultant set of policies by promulgating new settings for one or more applications that are executable by the computing device.
  - 82. The computer architecture of claim 80 wherein the policy engine is configured to enforce the resultant set of policies by promulgating new state for one or more applications that are executable by the computing device.
  - 83. The computer architecture of claim 80, wherein the policy engine is configured to receive policies from multiple different policy sources.
  - 84. A computing device embodying the computer architecture of claim 80.
  - 85. An enterprise computing device embodying the computer architecture of claim 80.

86. A computer system comprising:
- a computer-readable medium;
  
  a context service embodied on the computer-readable medium and that provides context information or context change events that pertain to the context of a computing device;
  
  wherein said context service determines context using one or more hierarchical traversable tree structures, the tree structures comprising individual nodes each of which being associated with a device context, the context service being configured to determine context by traversing at least one node on at least one of the tree structures, wherein individual nodes comprise an entity identification (EID) that is unique to the node, EIDs serving as a basis by which attributes can be assigned to goods or services associated with an individual node; and
  
  a policy engine communicatively linked with the context service, but remote from the computing device, and configured to;
  
  receive context information or context change events from the context service;
  
  evaluate a collection of policies to provide a resultant set of policies responsive to the context information or context change events; and
  
  provide the resultant set of policies to the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reus, Edward F., Parupudi, Gopal, Evans, Stephen S.
Primary Examiner(s)
Vaughn, Jr., William C.
Assistant Examiner(s)
MANIWANG, JOSEPH R

Application Number

US09/746,936
Publication Number

US 20020124067A1
Time in Patent Office

2,020 Days
Field of Search

709/203, 709/221, 709/223, 713/200, 713/201, 345733-736
US Class Current

709/223
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/102   Entity profiles

Methods and systems for context-aware policy determination and enforcement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

86 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for context-aware policy determination and enforcement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

86 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links