Method of customizing a standardized IT policy

US 9,621,587 B2
Filed: 03/28/2014
Issued: 04/11/2017
Est. Priority Date: 02/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing a policy to configure devices associated with a group of users, the policy being customizable on a per-user basis and constituting a set of rules that limit functionality of at least one application residing on the devices, the method comprising:

storing policy rules that are applicable to all users within the group of users;

responsive to detecting a change in the policy rules, determining whether there exists at least one user within the group of users for which per-user policy rules are stored, the per-user policy rules being applicable to the at least one user and set separately from the policy rules; and

in the event that the at least one user exists;

generating user policy data for the at least one user by merging the policy rules and the per-user policy rules;

determining whether a difference exists between the user policy data and stored last policy data that was previously sent to a device associated with the at least one user; and

in the event that the difference exists, sending the user policy data to the device for limiting the functionality of the at least one application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are described herein for standardizing an IT policy that is used to configure devices operating on a network. An IT policy can be generated that applies to a group of users or to one or more special users without having to define and store a new IT policy for each special user. This can be achieved by specifying global and per-user IT policy rules and merging these rules as needed to produce IT policy data.

Citations

18 Claims

1. A method of providing a policy to configure devices associated with a group of users, the policy being customizable on a per-user basis and constituting a set of rules that limit functionality of at least one application residing on the devices, the method comprising:
- storing policy rules that are applicable to all users within the group of users;
  
  responsive to detecting a change in the policy rules, determining whether there exists at least one user within the group of users for which per-user policy rules are stored, the per-user policy rules being applicable to the at least one user and set separately from the policy rules; and
  
  in the event that the at least one user exists;
  
  generating user policy data for the at least one user by merging the policy rules and the per-user policy rules;
  
  determining whether a difference exists between the user policy data and stored last policy data that was previously sent to a device associated with the at least one user; and
  
  in the event that the difference exists, sending the user policy data to the device for limiting the functionality of the at least one application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprisingdetermining whether the difference exists by comparing the user policy data with the stored last policy data that was previously sent to the device.
  - 3. The method of claim 1, further comprising saving settings for the policy rules in a first data structure and saving settings for per-user policy rules in a second data structure, the saving being performed before the generating.
  - 4. The method of claim 1, further comprising assigning a priority order to multiple groups of users, the priority order facilitating resolution of conflicting settings for policy rules or per-user policy rules when the at least one user is assigned to more than one group of users.
  - 5. The method of claim 1, further comprising sending a notification to the at least one application residing on the device associated with the at least one user that received the user policy data when the at least one application is affected by the user policy data.
  - 6. The method of claim 1, further comprising after the sending:
    - authenticating the user policy data at the device; and
      
      applying the user policy data to the device if the user policy data is authentic.
  - 7. The method of claim 1, wherein the method further comprises receiving an acknowledgement from the device associated with the at least one user to confirm that the user policy data is received and applied.
  - 8. The method of claim 7, wherein the method further comprises writing a status of the user policy data to a policy table in the data store when the acknowledgement is received.

9. A non-transitory computer readable medium embodying program code executable by a processor for providing a policy to configure devices associated with a group of users, the policy being customizable on a per-user basis and constituting a set of rules that limit functionality of at least one application residing on the devices, the code comprising instructions for:
- storing policy rules that are applicable to all users within the group of users;
  
  responsive to detecting a change in the policy rules, determining whether there exists at least one user within the group of users for which per-user policy rules are stored, the per-user policy rules being applicable to the at least one user and set separately from the policy rules; and
  
  in the event that the at least one user exists;
  
  generating user policy data for the at least one user by merging the policy rules and the per-user policy rules;
  
  determining whether a difference exists between the user policy data and stored last policy data that was previously sent to a device associated with the at least one user; and
  
  in the event that the difference exists, sending the user policy data to the device for limiting the functionality of the at least one application.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer readable medium of claim 9, wherein the code further comprises instructions fordetermining whether the difference exists by comparing the user policy data with the stored last policy data that was previously sent to the device.
  - 11. The non-transitory computer readable medium of claim 9, wherein the code further comprises instructions for saving settings for the policy rules in a first data structure and settings for per-user policy rules in a second data structure, the saving being done after the generating.
  - 12. The non-transitory computer readable medium of claim 9, wherein the code further comprises instructions for assigning a priority order to multiple groups of users, the priority order facilitating resolution of conflicts for policy rules or per-user policy rules when the at least one user is assigned to more than one group of users.

13. A server for providing a policy to configure devices associated with a group of users, the policy being customizable on a per-user basis and constituting a set of rules that limit functionality of at least one application residing on the devices, the server comprising:
- a processor adapted to generate policy data;
  
  a network interface coupled to the processor and being adapted to allow the server to communicate with the network; and
  
  a memory unit coupled to the processor, the memory unit being adapted to store applications and data related to the policy,wherein, the processor is configured;
  
  to store policy rules that are applicable to all users within the group of users;
  
  responsive to detecting a change in the policy rules, to determine whether there exists at least one user within the group of users for which per-user policy rules are stored, the per-user policy rules being applicable to the at least one user and set separately from the policy rules; and
  
  in the event that the at least one user exists;
  
  to generate user policy data for the at least one user by merging the policy rules and the per-user policy rules;
  
  to determine whether a difference exists between the user policy data and stored last policy data that was previously sent to a device associated with the at least one user; and
  
  in the event that the difference exists, to send the user policy data to the device for limiting the functionality of the at least one application.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The server of claim 13, wherein the processor is configured to determine whether the difference exists by comparing the user policy data with the stored last policy data that was previously sent to the device.
  - 15. The server of claim 13, wherein the processor is configured to save settings for the policy rules in a first data structure and settings for per-user policy rules in a second data structure, the saving being done after the generating.
  - 16. The server of claim 13, wherein the processor is configured to assign a priority order to multiple groups of users, the priority order facilitating resolution of conflicting settings for policy rules or per-user policy rules when the at least one user is assigned to more than one group of users.
  - 17. The server of claim 13, wherein the processor is configured to send a notification to the at least one application residing on the device associated with the at least one user that received the user policy data when the at least one application is affected by the user policy data.
  - 18. The server of claim 13, wherein the server is configured to write a status of the user policy data to a policy table in the data store after receiving an acknowledgement from the device associated with the at least one user that the user policy data has been received and applied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Roberts, Phillip, Hanson, Ronald J.J., Rawlins, Rudy Eugene
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Truong, Thong

Application Number

US14/228,473
Publication Number

US 20140215554A1
Time in Patent Office

1,110 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04W 8/245   from a network towards a te...

Method of customizing a standardized IT policy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method of customizing a standardized IT policy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links