Monitoring and controlling electronic activity using third party rule submission and validation

US 9,055,110 B2
Filed: 11/28/2011
Issued: 06/09/2015
Est. Priority Date: 11/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a policy server, a first rule comprising a variable and a value specified for the variable;

generating, at the policy server, a policy based upon the first rule, wherein the policy defines electronic activity allowed at a device;

storing, by the policy server, the policy at a policy repository in communication with the policy server;

receiving, by the policy server, a second rule from a third party device;

determining, by the policy server, if third party rule submissions are enabled;

in response to determining that the third party rule submissions are enabled,validating, by the policy server, the second rule to determine if the second rule is legitimate,updating, by the policy server, the policy based upon the second rule to obtain an updated policy, andstoring, by the policy server, the updated policy at the policy repository;

detecting, by the policy server, electronic activity associated with the device;

identifying, by the policy server, a policy rule that relates to the electronic activity detected; and

determining, by the policy server, if the policy rule allows the electronic activity detected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies are disclosed herein for monitoring and controlling electronic activity. A policy service can be called for policies for controlling electronic activity occurring at one or more managed devices. The policies can include a number of rules, each of which can include a number of variables. The rules can be defined by a manager device and/or received from third parties. Third party rule submissions can be validated. If electronic activity at the managed device deviates from a rule, the manager device can be notified and the electronic activity can be blocked. The manager device can update the policy and/or issue exceptions, if desired.

Citations

18 Claims

1. A method comprising:
- receiving, at a policy server, a first rule comprising a variable and a value specified for the variable;
  
  generating, at the policy server, a policy based upon the first rule, wherein the policy defines electronic activity allowed at a device;
  
  storing, by the policy server, the policy at a policy repository in communication with the policy server;
  
  receiving, by the policy server, a second rule from a third party device;
  
  determining, by the policy server, if third party rule submissions are enabled;
  
  in response to determining that the third party rule submissions are enabled,validating, by the policy server, the second rule to determine if the second rule is legitimate,updating, by the policy server, the policy based upon the second rule to obtain an updated policy, andstoring, by the policy server, the updated policy at the policy repository;
  
  detecting, by the policy server, electronic activity associated with the device;
  
  identifying, by the policy server, a policy rule that relates to the electronic activity detected; and
  
  determining, by the policy server, if the policy rule allows the electronic activity detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first rule is received from a manager device.
  - 3. The method of claim 2, further comprising:
    - in response to a determination that the policy rule does not allow the electronic activity,generating a notification for the manager device, andsending the notification to the manager device.
  - 4. The method of claim 2, further comprising:
    - in response to a determination that the policy rule does not allow the electronic activity,generating a notification for the manager device;
      
      sending the notification to the manager device;
      
      determining if an exception is received from the manager device;
      
      in response to determining that the exception is not received, blocking the electronic activity; and
      
      in response to determining that the exception is received, allowing the electronic activity.
  - 5. The method of claim 4, further comprising:
    - in response to determining that the exception is received, determining if the updated policy is to be updated; and
      
      updating the updated policy in response to determining that the updated policy is to be updated.
  - 6. The method of claim 1, wherein the device comprises a managed device.
  - 7. The method of claim 1, further comprising:
    - in response to a determination that the policy rule allows the electronic activity, allowing the electronic activity.

8. A computer storage medium having computer executable instructions stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
- receiving a first rule comprising a variable and a value specified for the variable;
  
  generating a policy based upon the first rule, wherein the policy defines electronic activity allowed at a device;
  
  storing the policy at a policy repository;
  
  receiving a second rule from a third party device;
  
  determining if third party rule submissions are enabled for the policy;
  
  in response to determining that the third party rule submissions are enabled, validating the second rule to determine if the second rule is legitimate;
  
  in response to determining that the second rule is legitimate, updating the policy based upon the second rule to obtain an updated policy;
  
  storing the updated policy at the policy repository;
  
  detecting electronic activity associated with the device;
  
  identifying a policy rule that relates to the electronic activity detected; and
  
  determining if the policy rule allows the electronic activity detected.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer storage medium of claim 8, wherein validating the second rule comprises presenting the second rule to an authorized entity and receiving data indicating that the authorized entity approves the second rule.
  - 10. The computer storage medium of claim 8, wherein validating the second rule comprises determining that the second rule is provided by an entity entitled to submit the second rule without validation of the second rule.
  - 11. The computer storage medium of claim 8, wherein the first rule is received from a manager device, and wherein the device comprises a managed device.
  - 12. The computer storage medium of claim 11, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - in response to determining that the policy rule allows the electronic activity, allowing the electronic activity.
  - 13. The computer storage medium of claim 12, further comprising computer-executable instructions that, when executed by the processor, cause the processor to perform operations further comprising:
    - in response to determining that the policy rule does not allow the electronic activity,generating a notification for the manager device to inform the manager device of the electronic activity,sending the notification to the manager device,determining if an exception is received from the manager device,in response to determining that the exception is not received, blocking the electronic activity, andin response to determining that the exception is received,allowing the electronic activity,determining if the updated policy is to be updated, andupdating the updated policy in response to determining that the updated policy is to be updated.

14. A method comprising:
- receiving, at a policy server, a plurality of rules, each of the plurality of rules having a variable and a value specified for the variable;
  
  generating, by the policy server, a policy based upon the plurality of rules, wherein the policy defines electronic activity allowed at a managed device;
  
  receiving, by the policy server, a further rule from a third party device;
  
  determining, by the policy server, if third party rule submissions are enabled; and
  
  in response to determining that the third party rule submissions are enabled,validating the further rule to determine if the further rule is legitimate,updating the policy based upon the further rule to obtain an updated policy, andstoring the updated policy at a policy repository;
  
  detecting, by the policy server, an attempt to conduct the electronic activity, the attempt associated with the managed device;
  
  identifying, by the policy server, the policy as being associated with the managed device;
  
  identifying, by the policy server, a policy rule that is relevant to the electronic activity, wherein the policy rule is included in the updated policy; and
  
  determining, by the policy server, if the policy rule permits the electronic activity based upon the variable and the value specified for the variable.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - in response to determining that the policy rule does not allow the electronic activity,generating a notification for a manager device; and
      
      sending the notification to the manager device.
  - 16. The method of claim 15, further comprising:
    - determining if an exception is received from the manager device;
      
      in response to determining that the exception is not received, blocking the electronic activity; and
      
      in response to determining that the exception is received,allowing the electronic activity,determining if the updated policy is to be updated, andupdating the updated policy in response to determining that the updated policy is to be updated.
  - 17. The method of claim 14, further comprising:
    - in response to determining that the policy rule allows the electronic activity, allowing, by the policy server, the electronic activity.
  - 18. The method of claim 14, wherein validating the further rule comprises presenting the further rule to a manager device and receiving data indicating that the manager device approves the further rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
El Houmaidi, Mounire
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/304,763
Publication Number

US 20130139213A1
Time in Patent Office

1,289 Days
Field of Search

726 11- 15, 726 2- 3, 726 22- 25, 713153-154, 713187-188, 713193-194, 709/206, 709246-247, 709/249
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Monitoring and controlling electronic activity using third party rule submission and validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring and controlling electronic activity using third party rule submission and validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links