Techniques of transforming policies to enforce control in an information management system

US 8,990,886 B2
Filed: 09/24/2013
Issued: 03/24/2015
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information of a network comprising:

providing a server handling a first policy language having access to a policy database;

providing a first device comprising a first decision engine to manage information accessible via the first device according to a first set of policies stored on the device, wherein the first set of policies is associated with the first policy language;

providing a second device comprising;

a first application program installed on the second device and managed by a second decision engine, wherein the second decision engine comprises a second policy language; and

a second application program installed on the second device and managed by a third decision engine, wherein the third decision engine comprises a third policy language;

translating a first policy of the policy database into the second policy language;

translating the first policy of the policy database into the third policy language; and

transferring the first policy in the second and third policy languages to the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.

67 Citations

View as Search Results

20 Claims

1. A method of managing information of a network comprising:
- providing a server handling a first policy language having access to a policy database;
  
  providing a first device comprising a first decision engine to manage information accessible via the first device according to a first set of policies stored on the device, wherein the first set of policies is associated with the first policy language;
  
  providing a second device comprising;
  
  a first application program installed on the second device and managed by a second decision engine, wherein the second decision engine comprises a second policy language; and
  
  a second application program installed on the second device and managed by a third decision engine, wherein the third decision engine comprises a third policy language;
  
  translating a first policy of the policy database into the second policy language;
  
  translating the first policy of the policy database into the third policy language; and
  
  transferring the first policy in the second and third policy languages to the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the second and third policy languages are different policy languages.
  - 3. The method of claim 1 wherein the first device comprises a first target profile and the second device comprises a second target profile, different than the first target profile.
  - 4. The method of claim 3 wherein the second target profile comprises a first identifier corresponding to the first application program and a second identifier corresponding to the second application program.
  - 5. The method of claim 1 wherein the translating a first policy of the policy database into the second policy language comprises modifying a first conditional statement of the first policy.
  - 6. The method of claim 5 wherein the translating the first policy of the policy database into the third policy language comprises modifying the first conditional statement of the first policy.
  - 7. The method of claim 1 wherein the policy database comprises a plurality of policies wherein each policy comprises a conditional statement having a policy abstraction and allowing execution of an application operation when the conditional statement is satisfied, and each policy abstraction has a corresponding definition statement stored separately from the policy.
  - 8. The method of claim 1 wherein the second device comprises a firewall.
  - 9. The method of claim 8 wherein operation of the firewall is altered by the first policy.
  - 10. The method of claim 1 wherein the first and second devices are separate devices.
  - 11. The method of claim 1 further comprising:
    - when at a first time the first policy evaluates to Boolean true, allowing the second device access to a first piece of information; and
      
      when at a second time the first policy evaluates to Boolean false, denying the second device access to the first piece of information.
  - 12. The method of claim 1 wherein the translating a first policy of the policy database into the second policy language comprises modifying a first policy abstraction of the first policy.
  - 13. The method of claim 12 wherein the translating the first policy of the policy database into the third policy language comprises modifying the first policy abstraction of the first policy.

14. A method of managing information of a network comprising:
- providing a server handling a first policy language having access to a policy database;
  
  providing a first device with a first target profile comprising;
  
  a first application program installed on the first device and managed by a first decision engine, wherein the first decision engine comprises a second policy language; and
  
  a second application program installed on the first device and managed by a second decision engine, wherein the second decision engine comprises a third policy language;
  
  translating a first policy of the policy database into the second policy language;
  
  translating the first policy of the policy database into the third policy language;
  
  transferring the first policy in the second and third policy languages to the first device;
  
  receiving an updated first target profile for the first device;
  
  selecting a second policy from the policy database based on the updated first target profile; and
  
  transferring the second policy to the first device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 further comprising:
    - providing a second device comprising a second decision engine to manage information accessible via the second device according to a first set of policies stored on the device, wherein the first set of policies is associated with the first policy language.
  - 16. The method of claim 14 wherein the transferring the second policy replaces the first policy at the first device.
  - 17. The method of claim 14 wherein the first target profile for the first device comprises a user identity of a user of the first device.
  - 18. The method of claim 17 wherein the updated first target profile comprises a first user, different than a second user of the first target profile.
  - 19. The method of claim 14 wherein the first target profile for the first device comprises a machine type of the first device.
  - 20. The method of claim 14 wherein the first decision engine executes on a second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng
Primary Examiner(s)
BAYOU, YONAS A

Application Number

US14/035,595
Publication Number

US 20140020054A1
Time in Patent Office

546 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 16/122   using management policies b...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 16/958   Organisation or management ...

G06F 21/125   by manipulating the program...

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2216/03   Data mining

G06F 2221/032   Protect output to user by s...

G06F 3/0601   Interfaces specially adapte...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 51/234   for tracking messages

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/20 : for managing network securi...

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

H04L 67/60 : Scheduling or organising th...

Y10S 707/922 : Communications

View All

Techniques of transforming policies to enforce control in an information management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques of transforming policies to enforce control in an information management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links