Associating code to a target through code inspection
First Claim
Patent Images
1. A system comprising:
- a database comprising a plurality of policies, wherein the policies are applicable to a plurality of target profiles, each target profile having a set of target attributes, wherein each policy comprises a code component comprising a conditional expression having a policy abstraction and a corresponding action that will be performed when the conditional expression is satisfied, and each policy abstraction has a corresponding definition statement stored separately from the policy;
a plurality of devices, each having a target profile of the plurality of target profiles;
a device information engine comprising executable code to detect the plurality of devices, and executable code to retrieve a list of device attributes from the plurality of devices;
an inspection engine comprising executable code to cause inspection of each of the policies, executable code to determine based on the result of the inspection and the profiles of the devices which of the devices each of the policies will be associated with, and executable code to modify one or more of these associated policies before these associated policies are transferred to the devices;
a policy engine comprising executable code to determine which of the devices each of the policies will be associated with without inspection of each of the policies and without calling the inspection engine; and
a deployment engine, coupled to the inspection and policy engines, comprising executable code to transfer policies to the devices as determined by the at least one of inspection engine or the policy engine, wherein the policies that have been modified by the inspection engine are transferred in their modified form to their associated devices, andwherein the deployment engine transfers the policies determined by the policy engine to the devices without modification and without inspection by the inspection engine.
3 Assignments
0 Petitions
Accused Products
Abstract
Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target'"'"'s profile. A code component may be a policy of an information management system.
78 Citations
20 Claims
-
1. A system comprising:
-
a database comprising a plurality of policies, wherein the policies are applicable to a plurality of target profiles, each target profile having a set of target attributes, wherein each policy comprises a code component comprising a conditional expression having a policy abstraction and a corresponding action that will be performed when the conditional expression is satisfied, and each policy abstraction has a corresponding definition statement stored separately from the policy; a plurality of devices, each having a target profile of the plurality of target profiles; a device information engine comprising executable code to detect the plurality of devices, and executable code to retrieve a list of device attributes from the plurality of devices; an inspection engine comprising executable code to cause inspection of each of the policies, executable code to determine based on the result of the inspection and the profiles of the devices which of the devices each of the policies will be associated with, and executable code to modify one or more of these associated policies before these associated policies are transferred to the devices; a policy engine comprising executable code to determine which of the devices each of the policies will be associated with without inspection of each of the policies and without calling the inspection engine; and a deployment engine, coupled to the inspection and policy engines, comprising executable code to transfer policies to the devices as determined by the at least one of inspection engine or the policy engine, wherein the policies that have been modified by the inspection engine are transferred in their modified form to their associated devices, and wherein the deployment engine transfers the policies determined by the policy engine to the devices without modification and without inspection by the inspection engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
providing a plurality of policies stored at a server, wherein the policies are applicable to a plurality of target profiles, each target profile having a set of target attributes, wherein each policy comprises a code component comprising a conditional expression having a policy abstraction and a corresponding action that will be performed when the conditional expression is satisfied, and each policy abstraction has a corresponding definition statement stored separately from the policy; at the server, analyzing a first policy of the plurality of policies to determine whether the first policy is relevant or irrelevant to a first specific target profile with a first set of specific target attributes without inspecting a first code component of the first policy; at the server, upon determining the first policy is relevant to the first specific target profile, inspecting the first code component of the first policy, otherwise when the first policy is determined not to be relevant to the first specific target profile, not inspecting the first code component of the first policy; at the server, when the first policy is determined to be relevant to the first specific target profile, based upon the inspecting of the first code component of the first policy, altering the first code component of the first policy by changing the conditional expression to obtain a modified first code component of the first policy; when the first policy is determined to be relevant to the first specific target profile, transferring the first policy to a first specific target with the first specific target profile by transferring the modified first code component, not the first code component, to the first specific target; and when the first policy is determined not to be relevant to the first specific target profile, not transferring the first policy to the first specific target, wherein the modified first code component that is transferred to the first specific target provides a rule input for a first program executing at the first specific target, and the first program determines whether a second program, executing at the first specific target, can access a file on a document server, and wherein the rule for the first program disallows access if the user has successfully accessed the file more than N times during a Y time period. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a database comprising a plurality of policies, wherein the policies are applicable to a plurality of target profiles, each target profile having a set of target attributes, wherein each policy comprises a code component comprising a conditional expression having a policy abstraction and a corresponding action that will be performed when the conditional expression is satisfied, and each policy abstraction has a corresponding definition statement stored separately from the policy; a plurality of devices, each having a target profile of the plurality of target profiles; a device information engine comprising executable code to detect the plurality of devices, and executable code to retrieve a list of device attributes from the plurality of devices; an inspection engine comprising executable code to cause inspection of each of the policies, executable code to determine based on the result of the inspection and the profiles of the devices which of the devices each of the policies will be associated with, and executable code to modify one or more of these associated policies before these associated policies are transferred to the devices; a policy engine comprising executable code to determine which of the devices each of the policies will be associated with without inspection of each of the policies and without calling the inspection engine; and a deployment engine, coupled to the inspection and policy engines, comprising executable code to transfer policies to the devices as determined by the at least one of inspection engine or the policy engine, wherein the policies that have been modified by the inspection engine are transferred in their modified form to their associated devices, and wherein the deployment engine transfers the policies determined by the policy engine to the devices without modification and without inspection by the inspection engine, and the plurality of polices comprise; a first policy comprising an action comprising preventing a cut-and paste operation from occurring for a first document while allowing cut-and paste for a second document, different from the first document, a second policy comprising an action comprising preventing opening of a third document while allow opening of fourth second document, different from the third document, a third policy comprising an action comprising preventing sending an e-mail to a first e-mail address during a period starting at T1 and ending at T2, and allowing sending of an e-mail to the first e-mail address before T1 or after T2. - View Dependent Claims (20)
-
Specification