Method of customizing a standardized IT policy

US 8,689,284 B2
Filed: 09/12/2012
Issued: 04/01/2014
Est. Priority Date: 02/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing an IT policy to configure a plurality of devices associated with a group of users, the IT policy comprising a set of rules that dictate the functionality of the plurality of devices, the IT policy comprising IT policy data that is customizable on a per-user basis and the method being implemented by a processor, wherein the method comprises:

checking, by the processor, for a change made to a global IT policy;

noting a first group of users for which the change in the global IT policy applies;

checking for at least one special user in the first group of users that has per-user IT policy rules;

generating global IT policy data based on settings in a first data structure associated with global IT policy rules that are applicable to all users within the first group of users;

generating per-user IT policy data based on settings in a second data structure associated with per-user IT policy rules that are applicable to the at least one special user;

generating merged IT policy data for the at least one special user by merging the global IT policy data and the per-user IT policy data for the at least one special user;

sending the merged IT policy data to the at least one special user;

receiving an acknowledgement from the device associated with the at least one special user within the group that received the merged IT policy data, wherein the acknowledgment confirms that the merged IT policy data is received and applied; and

writing a status of the merged IT policy data to an IT policy table in a management database when the acknowledgement is received.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are described herein for standardizing an IT policy that is used to configure devices operating on a network. An IT policy can be generated that applies to a group of users or to one or more special users without having to define and store a new IT policy for each special user. This can be achieved by specifying global and per-user IT policy rules and merging these rules as needed to produce IT policy data.

89 Citations

View as Search Results

20 Claims

1. A method of providing an IT policy to configure a plurality of devices associated with a group of users, the IT policy comprising a set of rules that dictate the functionality of the plurality of devices, the IT policy comprising IT policy data that is customizable on a per-user basis and the method being implemented by a processor, wherein the method comprises:
- checking, by the processor, for a change made to a global IT policy;
  
  noting a first group of users for which the change in the global IT policy applies;
  
  checking for at least one special user in the first group of users that has per-user IT policy rules;
  
  generating global IT policy data based on settings in a first data structure associated with global IT policy rules that are applicable to all users within the first group of users;
  
  generating per-user IT policy data based on settings in a second data structure associated with per-user IT policy rules that are applicable to the at least one special user;
  
  generating merged IT policy data for the at least one special user by merging the global IT policy data and the per-user IT policy data for the at least one special user;
  
  sending the merged IT policy data to the at least one special user;
  
  receiving an acknowledgement from the device associated with the at least one special user within the group that received the merged IT policy data, wherein the acknowledgment confirms that the merged IT policy data is received and applied; and
  
  writing a status of the merged IT policy data to an IT policy table in a management database when the acknowledgement is received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the merging comprises overriding settings in the global IT policy data with settings in the per-user IT policy data for conflicting IT policy rules in the global and per-user IT policy data.
  - 3. The method of claim 1, wherein both the global and per-user IT policy rules comprise grouped IT policy rules with associated sub-IT policy rules, and during merging, the global and per-user IT policy data corresponding to sub-IT policy rules associated with one of the grouped IT policy rules are grouped together.
  - 4. The method of claim 1, wherein if at least one of the global IT policy data and the per-user IT policy data is updated, the method further comprises sending the appropriate IT policy data to the corresponding users within the group.
  - 5. The method of claim 1, wherein the method comprises storing IT policy rules in an IT policy table, the IT policy rules comprising the global IT policy rules and the per-user IT policy rules, and the method further comprises using a field in the IT policy table to indicate whether a given IT policy rule is settable on a per-user basis.
  - 6. The method of claim 1, wherein the generating comprises using tag-length-value encoding for generating IT policy data based on IT policy rules.
  - 7. The method of claim 1, wherein the sending further comprises sending the global IT policy data to all of the users in the first group of users that do not have any applicable per-user IT policy data.
  - 8. The method of claim 1, wherein the method further comprises sending a notification to at least one application residing on the device associated with the at least one special user that received the merged IT policy data when the at least one application is affected by the merged IT policy data.

9. A non-transitory computer readable storage medium embodying program code executable by a processor for performing a method for providing an IT policy to configure a plurality of devices associated with a group of users on a network, the IT policy comprising a set of rules that dictate the functionality of the plurality of devices and the IT policy data is customizable on a per-user basis, wherein the method comprises:
- checking, via the processor, for a change made to a global IT policy;
  
  noting a first group of users for which the change in the global IT policy applies;
  
  checking for at least one special user in the first group of users that have per-user IT policy rules;
  
  generating global IT policy data based on settings in a first data structure associated with global IT policy rules that are applicable to all users within the first group of users;
  
  generating per-user IT policy data based on settings in a second data structure associated with per-user IT policy rules that are applicable to the at least one special user;
  
  generating merged IT policy data for the at least one special user by merging the global IT policy data and the per-user IT policy data for the at least one special user;
  
  sending the merged IT policy data to the at least one special user;
  
  receiving an acknowledgement from the device associated with the at least one special user within the group that received the merged IT policy data, wherein the acknowledgment confirms that the merged IT policy data is received and applied; and
  
  writing a status of the merged IT policy data to an IT policy table in a management database when the acknowledgement is received.
- View Dependent Claims (10, 11)
- - 10. The computer program product of claim 9, wherein the sending further comprises sending the global IT policy data to all of the users in the first group that do not have any applicable per-user IT policy data.
  - 11. The computer program product of claim 9, wherein the method further comprises sending a notification to at least one application residing on the device associated with the at least one special user that received the merged IT policy data when the at least one application is affected by the merged IT policy data.

12. An IT policy server for providing an IT policy to configure a plurality of devices associated with a group of users on a network, the IT policy comprising a set of rules that dictate the functionality of the settings of the plurality of devices, wherein the IT policy comprises IT policy data that is customizable on a per-user basis and the IT policy server comprises:
- a processor adapted to generate the IT policy data;
  
  a network interface coupled to the processor, the network interface being adapted to allow the IT policy server to communicate with the network; and
  
  a memory unit coupled to the processor, the memory unit being adapted to store applications and data related to the IT policy,wherein, the processor is configured to check for a change made to a global IT policy, to note a first group of users for which the change in the global IT policy applies, to check for at least one special user in the first group of users that have per-user IT policy rules, to generate global IT policy data based on settings in a first data structure associated with global IT policy rules that are applicable to all users within the first group of users;
  
  to generate per-user IT policy data based on settings in a second data structure associated with per-user IT policy rules that are applicable to the at least one special user, to generate the merged IT policy data for the at least one special user by merging the global IT policy data and the per-user policy data for the at least one special user, to send the merged IT policy data to the at least one special user;
  
  to receive an acknowledgement from the device associated with the at least one special user within the group that received the merged IT policy data, wherein the acknowledgment confirms that the merged IT policy data is received and applied; and
  
  to write a status of the merged IT policy data to an IT policy table in a management database when the acknowledgement is received.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The IT policy server of claim 12, wherein during merging, the IT policy server overrides settings in the global IT policy data with settings in the per-user IT policy data for conflicting IT policy rules in the global and per-user IT policy data.
  - 14. The IT policy server of claim 12, wherein both the global and per-user IT policy rules comprise grouped IT policy rules with associated sub-IT policy rules, and during merging, the IT policy server groups together global and per-user IT policy data corresponding to sub-IT policy rules associated with one of the grouped IT policy rules.
  - 15. The IT policy server of claim 12, wherein the IT policy server stores IT policy rules in an IT policy table, the IT policy rules comprise the global IT policy rules and the per-user IT policy rules, and the IT policy table comprise a field to indicate whether a given IT policy rule is settable on a per-user basis.
  - 16. The IT policy server of claim 12, wherein the processor is configured to send the global IT policy data to all of the users in the first group that do not have any applicable per-user IT policy data.
  - 17. The IT policy server of claim 12, wherein the IT policy server is configured to send a notification to at least one application residing on the device associated with the at least one special user that received the merged IT policy data when the at least one application is affected by the merged IT policy data.

18. A communications system for providing an IT policy to configure a plurality of devices associated with a group of users of the system, the IT policy comprising a set of rules that dictate the functionality of the plurality of devices and the IT policy comprises IT policy data that is customizable on a per-user basis, wherein the system comprises:
- an IT policy server comprising;
  
  a processor adapted to generate the IT policy data;
  
  a network interface coupled to the processor, the network interface being adapted to allow the IT policy server to communicate with the network; and
  
  a memory unit coupled to the processor, the memory unit being adapted to store applications and data related to the IT policy,wherein, the processor is configured to check for a change made to a global IT policy, to note a first group of users for which the change in the global IT policy applies, to check for at least one special user in the first group of users that have per-user IT policy rules, to generate global IT policy data based on settings in a first data structure associated with global IT policy rules that are applicable to all users within the group of users, to generate per-user IT policy data based on settings in a second data structure associated with the per-user IT policy rules that are applicable to the at least one special user, to generate merged IT policy data for the at least one special user by merging the global IT policy data with the per-user IT policy data, to send the merged IT policy data to the at least one special user;
  
  to receive an acknowledgement from the device associated with the at least one special user within the group that received the merged IT policy data, wherein the acknowledgment confirms that the merged IT policy data is received and applied; and
  
  to write a status of the merged IT policy data to an IT policy table in a management database when the acknowledgement is received.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the per-user IT policy data in the merged IT policy data defines at least one of a modification or an exception to the global IT policy data, and wherein the merged IT policy data is generated before being sent to the at least one special user.
  - 20. The system of claim 18, wherein the IT policy server is configured to send a notification to at least one application residing on the device associated with the at least one special user that received the merged IT policy data when the at least one application is affected by the merged IT policy data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Roberts, Phillip, Rawlins, Rudy Eugene, Hanson, Ronald J. J.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US13/612,048
Publication Number

US 20130007247A1
Time in Patent Office

566 Days
Field of Search

726/1, 713/1, 709/203, 709/223
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04W 8/245   from a network towards a te...

Method of customizing a standardized IT policy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of customizing a standardized IT policy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links