Policy performance in an information management system
First Claim
Patent Images
1. A method utilizing at least a computer processor for managing information comprising:
- providing a plurality of rules and a plurality of abstractions, whereineach of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information andeach of the plurality of abstractions has a corresponding definition statement stored separately from the plurality of rules, and each of the plurality of rules comprises an expression having a variable;
determining a subset of the plurality of rules and abstractions relevant to a first target;
modifying the subset of rules and abstractions to create a modified subset of rules and abstractions, wherein the modifying comprises;
determining a first rule in the subset of rules and abstractions including first and second comparison operations, whereinthe first comparison operation is associated with a string and the second comparison operation is associated with an integer, andthe first comparison operation is evaluated before the second comparison operation; and
modifying the first rule in the subset of rules and abstractions to create a modified first rule, whereinwhen evaluating the modified first rule, the second comparison is evaluated before the first comparison,the subset of rules and abstractions is evaluated to generate a first set of results based on the first target and each result of the first set of results comprises an allow or deny decision, andthe modified subset of rules and abstractions is evaluated to generate a second set of results based on the first target wherein each result of the second set of results has a corresponding allow or deny decision from the first set of results;
associating the modified subset of rules and abstractions with the first target; and
for the first target, controlling access to the information based on the modified first rule of the modified subset of rules and abstractions, wherein the controlling comprises evaluating the second comparison operation but not the first comparison operation.
1 Assignment
0 Petitions
Accused Products
Abstract
In an information management system, policies are optimized before they are associated to a device in order to increase evaluation speed or reduce space requirements, or both. Optimization techniques may include common subexpression elimination, constant folding, constant propagation, comparison optimization, dead code or subexpression removal, map or lookup table generation, policy rewriting, redundant policy elimination, heuristic-based policy ordering, or policy-format transformation, and combinations of these.
58 Citations
20 Claims
-
1. A method utilizing at least a computer processor for managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of abstractions has a corresponding definition statement stored separately from the plurality of rules, and each of the plurality of rules comprises an expression having a variable; determining a subset of the plurality of rules and abstractions relevant to a first target; modifying the subset of rules and abstractions to create a modified subset of rules and abstractions, wherein the modifying comprises; determining a first rule in the subset of rules and abstractions including first and second comparison operations, wherein the first comparison operation is associated with a string and the second comparison operation is associated with an integer, and the first comparison operation is evaluated before the second comparison operation; and modifying the first rule in the subset of rules and abstractions to create a modified first rule, wherein when evaluating the modified first rule, the second comparison is evaluated before the first comparison, the subset of rules and abstractions is evaluated to generate a first set of results based on the first target and each result of the first set of results comprises an allow or deny decision, and the modified subset of rules and abstractions is evaluated to generate a second set of results based on the first target wherein each result of the second set of results has a corresponding allow or deny decision from the first set of results; associating the modified subset of rules and abstractions with the first target; and for the first target, controlling access to the information based on the modified first rule of the modified subset of rules and abstractions, wherein the controlling comprises evaluating the second comparison operation but not the first comparison operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKeng Lim, Nextlabs
-
Original AssigneeNextlabs
-
InventorsLim, Keng
-
Primary Examiner(s)Hoang, Son T
-
Application NumberUS13/438,753Publication NumberTime in Patent Office693 DaysField of Search707/694, 707/791US Class Current707/694CPC Class CodesG06F 11/3438 monitoring of user actions ...G06F 16/122 using management policies b...G06F 16/13 File access structures, e.g...G06F 16/176 Support for shared access t...G06F 16/93 Document management systemsG06F 21/6218 to a system of files or obj...G06F 2221/2101 Auditing as a secondary aspectG06F 9/468 Specific access rights for ...H04L 63/10 for controlling access to d...H04L 63/101 Access control lists [ACL]H04L 63/104 Grouping of entitiesH04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...
