Methods and systems for interactive evaluation using dynamically generated, interactive resultant sets of policies

US 8,561,148 B2
Filed: 06/26/2008
Issued: 10/15/2013
Est. Priority Date: 06/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for interactive policy evaluation using dynamically generated interactive resultant sets of policies, the method comprising the steps of:

(a) displaying, in a graphical user interface, a client description user interface element, a resource description user interface element, and an access description user interface element;

(b) displaying, in the client description user interface element, a description of a client requesting access to a resource;

(c) displaying, in the resource description user interface element, a description of the requested resource;

(d) displaying, in the access description user interface element, a description of a method of access to the requested resource;

(e) displaying, by the graphical user interface, at least one policy stored in memory applicable to a at least one displayed description; and

(f) displaying, by the graphical user interface, a decision made by applying the at least one policy to the at least one displayed description wherein the decision comprises an access control decision;

(g) displaying, by the graphical user interface, a user interface element that receives input from a user that modifies the at least one policy; and

(h) simulating an application of the modified policy and displaying a description of a policy aspect that resulted in denial of access to at least one of the client, resource, or method of access in case the client, resource, or method of access has been denied as a result of the simulation, the description comprising a summary of the policy aspect that resulted in denial of access.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for interactive policy evaluation using dynamically generated, interactive resultant sets of policies includes the step of receiving, by a graphical user interface, at least one of: a description of a client requesting access to a resource, a description of the resource, and a description of a method of access requested by the client. The graphical user interface displays at least one policy applicable to the client request for access to the resource. The graphical user interface displays a decision made by applying the at least one policy to the received description.

116 Citations

52 Claims

1. A method for interactive policy evaluation using dynamically generated interactive resultant sets of policies, the method comprising the steps of:
- (a) displaying, in a graphical user interface, a client description user interface element, a resource description user interface element, and an access description user interface element;
  
  (b) displaying, in the client description user interface element, a description of a client requesting access to a resource;
  
  (c) displaying, in the resource description user interface element, a description of the requested resource;
  
  (d) displaying, in the access description user interface element, a description of a method of access to the requested resource;
  
  (e) displaying, by the graphical user interface, at least one policy stored in memory applicable to a at least one displayed description; and
  
  (f) displaying, by the graphical user interface, a decision made by applying the at least one policy to the at least one displayed description wherein the decision comprises an access control decision;
  
  (g) displaying, by the graphical user interface, a user interface element that receives input from a user that modifies the at least one policy; and
  
  (h) simulating an application of the modified policy and displaying a description of a policy aspect that resulted in denial of access to at least one of the client, resource, or method of access in case the client, resource, or method of access has been denied as a result of the simulation, the description comprising a summary of the policy aspect that resulted in denial of access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 2. The method of claim 1, wherein step (b) further comprises displaying, by the graphical user interface, in the description of the client, a user identifier.
  - 3. The method of claim 1, wherein step (b) further comprises displaying, by the graphical user interface, in the description of the client, a client internet protocol (IP) address.
  - 4. The method of claim 1, wherein step (b) further comprises displaying, by the graphical user interface, in the description of the client, an identification of a virus-checking program on the client.
  - 5. The method of claim 1, wherein step (b) further comprises displaying, by the graphical user interface, in the description of the client, a time of day.
  - 6. The method of claim 1, wherein step (c) further comprises displaying, by the graphical user interface, in the description of the resource, an identifier of the resource.
  - 7. The method of claim 1, wherein step (c) further comprises displaying, by the graphical user interface, in the description of the resource, an identification of a property of the resource.
  - 8. The method of claim 1, wherein step (c) further comprises displaying, by the graphical user interface, in the description of the resource, a file type of the resource.
  - 9. The method of claim 1, wherein step (c) further comprises displaying, by the graphical user interface, in the description of the resource, an identification of a server on which the resource resides.
  - 10. The method of claim 1, wherein step (c) further comprises displaying, by the graphical user interface, in the description of the resource, an identification of an operating system executed by a server on which the resource resides.
  - 11. The method of claim 1, further comprising retrieving, from a database, a configuration file identifying a file type of the resource.
  - 12. The method of claim 1, further comprising retrieving, from a database, a configuration file identifying a server on which the resource resides.
  - 13. The method of claim 1, further comprising retrieving, from a database, a configuration file identifying an operating system executed by a server on which the resource resides.
  - 14. The method of claim 1, further comprising retrieving, from a database, a configuration file storing the description of the client.
  - 15. The method of claim 1, wherein step (d) further comprises displaying, by the graphical user interface, in the description of the requested method of access, a description of a request to retrieve the resource.
  - 16. The method of claim 1, wherein step (d) further comprises displaying, by the graphical user interface, in the description of the requested method of access, a description of a request to remotely access the resource.
  - 17. The method of claim 1, wherein step (d) further comprises displaying, by the graphical user interface, in the description of the requested method of access, a description of a presentation layer protocol.
  - 18. The method of claim 1, wherein step (d) further comprises displaying, by the graphical user interface, in the description of the requested method of access, a description of a type of client agent.
  - 19. The method of claim 1, wherein step (f) further comprises displaying, by the graphical user interface, a graphical user interface element displaying the at least one policy applicable to the at least one displayed description.
  - 20. The method of claim 1, wherein step (e) further comprises displaying a request for information associated with the at least one policy.
  - 21. The method of claim 1, further comprising the step of displaying at least one filter associated with the at least one policy.
  - 22. The method of claim 21, further comprising the step of receiving a modification to the at least one filter.
  - 23. The method of claim 22, wherein step (f) further comprises displaying, by the graphical user interface, a decision identified by the modified filter.
  - 24. The method of claim 22 further comprising the step of determining, responsive to the modification, not to apply the applicable at least one policy to the at least one displayed description.
  - 25. The method of claim 22 further comprising the step of determining, responsive to the modification, to apply at least one inapplicable policy to the at least one displayed description.
  - 26. The method of claim 1, wherein step (f) further comprises displaying, by the graphical user interface, a decision identified by the modified policy.
  - 27. The method of claim 1, further comprising the step of determining, responsive to the modification, not to apply the applicable at least one policy to the at least one displayed description.
  - 28. The method of claim 27, further comprising the step of determining, responsive to the modification, to apply at least one inapplicable policy to the at least one displayed description.
  - 29. The method of claim 1, further comprising the step of receiving a modification of the description of the client.
  - 30. The method of claim 29, wherein step (f) further comprises displaying, by the graphical user interface, a decision identified by an application of the at least one policy to the modified client.
  - 31. The method of claim 1, further comprising the step of receiving a modification of the description of the requested resource.
  - 32. The method of claim 31, wherein step (f) further comprises displaying, by the graphical user interface, a decision identified by an application of the at least one policy to the modified resource.
  - 33. The method of claim 1, wherein step (f) further comprises displaying a resultant set associated with the application of the at least one policy to the at least one displayed description.
  - 34. The method of claim 1, wherein step (f) further comprises displaying, by the graphical user interface, a load balancing decision made by applying the at least one policy to the at least one displayed description.
  - 35. The method of claim 1, wherein step (f) further comprises displaying, by the graphical user interface, a caching decision made by applying the at least one policy to the at least one displayed description.
  - 36. The method of claim 1, wherein step (f) further comprises displaying, by the graphical user interface, an auditing decision made by applying the at least one policy to the at least one displayed description.
  - 37. The method of claim 1 further comprising the step of simulating, by a policy simulation engine, an application of the at least one policy to the at least one displayed description.
  - 38. The method of claim 1 further comprising the step of transmitting, by a policy simulation engine, to the graphical user interface, an access control decision.
  - 39. The method of claim 1, further comprising displaying a plurality of access types, wherein the plurality of access types includes at least one of:
    - remote display protocol, downloading, independent computing architecture, HTTP client protocol, FTP client protocol, Oscar client protocol, Telnet client protocol, LiveEdit, and LiveView, voice over internet protocol communications, real-time data communications, streaming video and streaming audio.
  - 40. The method of claim 1, further comprising an I/O device receiving a client description.
  - 41. The method of claim 1, further comprising an I/O device receiving a resource description.
  - 42. The method of claim 1, further comprising an I/O device receiving a method of access description.

43. A system for interactive policy evaluation using dynamically generated interactive resultant sets of policies, the system comprising:
- a graphical user interface, executing on a client device by a processor couple to memory and configured to display a client description user interface element, a resource description user interface element, and an access description user interface element;
  
  the client description user interface element configured to display a description of a client requesting access to a resource;
  
  the resource description user interface element configured to display a description of the requested resource;
  
  the access description user interface element configured to display a description of a method of access requested by the client to the requested resource;
  
  an interactive element in the graphical user interface configured to display at least one policy applicable to the displayed description;
  
  a second element in the graphical user interface configured to display a decision made by applying the at least one policy to the at least one displayed description wherein the decision comprises an access control decision;
  
  a third element displayed in the graphical user interface configured to receive input from a user that modifies the at least one policy; and
  
  a fourth element displayed in the graphical user interface configured to display a description of a policy aspect that resulted in denial of access to at least one of the client, resource, or method of access in case the client, resource, or method of access has been denied, the description comprising a summary of the policy aspect that resulted in denial of access.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 44. The system of claim 43, wherein the user interface further comprises one of a text box, a drop-down menu, and graphical depiction of a directory structure.
  - 45. The system of claim 43, wherein the user interface further comprises one of a text box, an element enumerating available resources, an element enumerating Uniform Resource Locaters associated with available resources, a drop-down menu, and graphical depiction of a directory structure.
  - 46. The system of claim 43, wherein the user interface further comprises one of a text box, an element enumerating available methods of access, and a drop-down menu.
  - 47. The system of claim 43, wherein the third element displays at least one policy applicable to the client request responsive to the displayed description.
  - 48. The system of claim 43, wherein the fourth element displays a second decision made by applying a second policy to a second received description.
  - 49. The system of claim 43, further comprising a policy simulation engine simulating an application of the at least one policy to the received description.
  - 50. The system of claim 43, wherein the fourth element displays an auditing decision made by applying the at least one policy to the at least one received description.
  - 51. The system of claim 43, wherein the fourth element displays a load balancing decision made by applying the at least one policy to the at least one received description.
  - 52. The system of claim 43, wherein the fourth element displays a caching decision made by applying the at least one policy to the at least one received description.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Hayton, Richard
Primary Examiner(s)
LE, CHAU D

Application Number

US12/147,022
Publication Number

US 20090327908A1
Time in Patent Office

1,937 Days
Field of Search

726/4, 715/733, 715/741, 715/744
US Class Current

726/4
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

Methods and systems for interactive evaluation using dynamically generated, interactive resultant sets of policies

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for interactive evaluation using dynamically generated, interactive resultant sets of policies

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links