Unified policy over heterogenous device types

US 9,032,013 B2
Filed: 10/29/2010
Issued: 05/12/2015
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing a policy on a client device, comprising:

receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;

evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, wherein the evaluating includes determining a mode in which a user is using the client device, the mode depending on whether the user logs in as a work mode or a play mode; and

enforcing the policy by modifying the functionality available on the client device based on the evaluation, including the mode, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for enforcing a normalized set of policy-based behaviors across two or more disparate client devices. The policy definition can be a common description of expected behavior, while a client-side policy engine interprets and implements platform specific details associated with the client. In one embodiment, a client device receives a generic policy definition from a network. The generic policy definition is applicable to disparate device types having different hardware and/or software platforms. A client policy engine can analyze the generic policy definition, compare it to client-side applications or functions and make intelligent decisions on how to apply the policy for the specific client.

19 Citations

17 Claims

1. A method of enforcing a policy on a client device, comprising:
- receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;
  
  evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, wherein the evaluating includes determining a mode in which a user is using the client device, the mode depending on whether the user logs in as a work mode or a play mode; and
  
  enforcing the policy by modifying the functionality available on the client device based on the evaluation, including the mode, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the evaluation includes determining an identity of a user and modifying the functionality available based on the user identity.
  - 3. The method of claim 1, wherein the mode can be switched between one or more of the following:
    - adult and child, observer, and editor.
  - 4. The method of claim 1, further including requesting, from the network, information about an application located on the client, receiving the requested information, and using the received information in the evaluation.
  - 5. The method of claim 1, further including receiving a policy update sent to the network for distribution of the policy across disparate client devices.
  - 6. The method of claim 1, wherein the client device includes one or more of the following:
    - (a) a gaming console, (b) a mobile phone, (c) a television, (d) a computer, or (e) a virtual instance of any client device (a-d).
  - 7. The method of claim 1, wherein the functionality available can change based on the capabilities of the client device.
  - 8. The method of claim 1, wherein enforcing includes sending commands to an application to control functions thereof or to control content played by the application.
  - 9. The method of claim 1, further including dynamically monitoring parameters on the client device and evaluating whether the client device conforms to the received policy and taking corrective action if the policy is not met.

10. A method of enforcing a policy across disparate client devices, comprising:
- receiving, in a first client device, a policy definition from a network;
  
  receiving, in a second client device, which is a different device type from the first client device, the same policy definition from the network;
  
  enforcing the policy across the first and second client devices by modifying the functionality available on the first and second client devices based on the same policy definition, the policy definition defining functionality available on the first and second client devices based on a mode in which a user is logged into the first client device, wherein the mode is controlled by whether the user logs into the first client device in a work mode or a play mode.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the first device is a mobile phone and the second device is a gaming console, a television or a personal computer.
  - 12. The method of claim 10, wherein enforcing includes using a policy engine located on each of the first and second client devices to make intelligent decisions regarding functionality of the client devices and conformance with the policy definition.
  - 13. The method of claim 10, wherein the policy definition limits functionality of the first and second client devices, limits one or more applications, or limits categories of applications.
  - 14. The method of claim 10, wherein the policy definition defines functionality available on the client devices based on which user is logged into the client device.

15. An apparatus for enforcing a policy on a client device, comprising:
- a policy service client for receiving a policy definition from a network;
  
  at least one hardware processor executing a client policy agent located on the client device for collecting information about the client device including a usage log stored in memory on the client device; and
  
  a client policy engine coupled to both the policy service client and the client policy agent for receiving the policy definition from the policy service client and the information from the client policy agent, and for determining whether functionality available on the client device conforms with the policy definition, wherein the policy definition changes based on a user mode, which is a work or play mode.
- View Dependent Claims (16, 17)
- - 16. The apparatus of claim 15, further including a server computer coupled to the client device via the network, the server computer for providing a uniform policy definition across different client device types.
  - 17. The apparatus of claim 15, wherein applications on the client device limit functionality based on commands from the client policy engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nukala, Chandrasekhar, Callaghan, David Michael
Primary Examiner(s)
SERRAO, RANODHI N

Application Number

US12/916,301
Publication Number

US 20120110059A1
Time in Patent Office

1,656 Days
Field of Search

None
US Class Current

709/202
CPC Class Codes

G06F 21/6236   between heterogeneous systems

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Unified policy over heterogenous device types

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Unified policy over heterogenous device types

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links