Unified generation of policy updates

US 9,832,231 B2
Filed: 05/26/2016
Issued: 11/28/2017
Est. Priority Date: 03/03/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

a compliance item generator configured to generate a unified payload item representation of a payload item from a workload on which the compliance item generator is used, the unified payload item representation being unified across a plurality of different workloads;

a rule parser component configured to access a unified representation of a compliance policy rule and generate a runtime representation of the compliance policy rule, the runtime representation including condition representations of conditions under which the compliance policy rule applies to the payload item represented by the unified payload item representation;

a matching component configured to match the conditions in the runtime representation of the compliance policy rule against information in the unified payload item representation to determine whether a match occurs;

an action component configured to perform an action, identified in the runtime representation of the compliance policy rule, in response to the match; and

at least one computer processor that is a functional part of the computer system and that is activated to facilitate generating the unified payload item representation, generating the runtime representation of the compliance policy rule, matching the conditions, and performing the actions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.

68 Citations

20 Claims

1. A computer system, comprising:
- a compliance item generator configured to generate a unified payload item representation of a payload item from a workload on which the compliance item generator is used, the unified payload item representation being unified across a plurality of different workloads;
  
  a rule parser component configured to access a unified representation of a compliance policy rule and generate a runtime representation of the compliance policy rule, the runtime representation including condition representations of conditions under which the compliance policy rule applies to the payload item represented by the unified payload item representation;
  
  a matching component configured to match the conditions in the runtime representation of the compliance policy rule against information in the unified payload item representation to determine whether a match occurs;
  
  an action component configured to perform an action, identified in the runtime representation of the compliance policy rule, in response to the match; and
  
  at least one computer processor that is a functional part of the computer system and that is activated to facilitate generating the unified payload item representation, generating the runtime representation of the compliance policy rule, matching the conditions, and performing the actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1 wherein the rule parser is configured to generate the action component.
  - 3. The computer system of claim 2 wherein the rule parser is configured to generate the action component by determining that the action is a workload-specific action, and, based on the determination, call an application programming interface (API) exposed by the workload to have the workload generate the action component.
  - 4. The computer system of claim 1 wherein the compliance item generator is configured to generate the unified payload item representation of the payload item by calling an application programming interface (API) exposed by the workload to extract information from the payload to form the unified payload item representation.
  - 5. The computer system of claim 4 wherein the compliance item generator is configured to call the API to obtain common content that is common to all unified payload item representations and to obtain text from the payload item.
  - 6. The computer system of claim 1 wherein the action component is configured to call the workload to create an action object to perform workload-specific actions on the payload item.
  - 7. The computer system of claim 1 and further comprising:
    - a status generator configured to generate a deployment status indicator that is indicative of deployment of the compliance policy rule to the workload, wherein the deployment status indicator is communicated to a policy status processing system.

8. A computer-implemented method, comprising:
- receiving a unified representation of a compliance policy to be deployed at a given workload, the unified representation being formed according to a policy schema that is common across different workloads;
  
  deploying the compliance policy at the given workload;
  
  receiving a unified representation of a payload item from a workload, the unified representation of the payload item being unified across workloads;
  
  evaluating the payload item, using the unified representation of the payload item, against rules in the compliance policy, using the unified representation of the compliance policy, to determine whether the compliance policy applies to the payload item; and
  
  if so, performing actions, identified in the unified representation of the compliance policy, relative to the payload item.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-implemented method of claim 8 wherein performing actions comprises:
    - calling the workload to create an action object to perform workload-specific actions on the payload item.
  - 10. The computer-implemented method of claim 9 wherein receiving a unified representation of the payload item comprises:
    - calling an application programming interface (API), exposed by the workload, from a policy evaluation system on the workload to obtain data from the payload item; and
      
      arranging the data according to a unified schema to obtain the unified representation of the payload item.
  - 11. The computer-implemented method of claim 8 wherein evaluating comprises:
    - creating a runtime representation of the rules in the compliance policy, based on the unified representation of the compliance policy.
  - 12. The computer-implemented method of claim 11 wherein creating a runtime representation comprises:
    - parsing the unified representation of the compliance policy to identify nodes representative of each rule in the policy; and
      
      creating a runtime representation of each of the rules identified.
  - 13. The computer-implemented method of claim 11, and further comprising:
    - generating a deployment status indicator that is indicative of deployment of the compliance policy rule to the workload; and
      
      communicating the deployment status indicator to a policy status processing system.

14. A computing system comprising:
- a processor; and
  
  memory storing instructions executable by the processor, wherein the instructions configure the computing system to;
  
  generate a unified payload item representation of a payload item from a workload on which the compliance item generator is used, the unified payload item representation being unified across a plurality of different workloads;
  
  access a unified representation of a compliance policy rule and generate a runtime representation of the compliance policy rule, the runtime representation including condition representations of conditions under which the compliance policy rule applies to the payload item represented by the unified payload item representation;
  
  match the conditions in the runtime representation of the compliance policy rule against information in the unified payload item representation to determine whether a match occurs; and
  
  perform an action, identified in the runtime representation of the compliance policy rule, in response to the match.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computing system of claim 14 wherein the instructions configure the computing system to generate an action component that performs the action.
  - 16. The computing system of claim 15 wherein the instructions configure the computing system to generate the action component by determining whether the action is a workload-specific action, and, if so, calling an application programming interface (API) exposed by the workload to have the workload generate the action component.
  - 17. The computing system of claim 14 wherein the instructions configure the computing system to generate the unified payload item representation of the payload item by calling an application programming interface (API) exposed by the workload to extract information from the payload to form the unified payload item representation.
  - 18. The computing system of claim 17 wherein the instructions configure the computing system to call the API to obtain common content that is common to all unified payload item representations and to obtain text from the payload item.
  - 19. The computing system of claim 14, wherein the instructions configure the computing system to call the workload to create an action object to perform workload-specific actions on the payload item.
  - 20. The computing system of claim 14, wherein the instructions configure the computing system to:
    - generate a deployment status indicator that is indicative of deployment of the compliance policy rule to the workload; and
      
      communicate the deployment status indicator to a policy status processing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Zhang, Hao, Koretsky, Anatoly, Chao, Lucy, Libman, Mashuri, Mahapatro, Neelamadhaba, Parthasarathy, Krishna Kumar, Srinivasan, Sowmy, Ramanathan, Sridharan, Kabat, Jack
Primary Examiner(s)
Mehedi, Morshed

Application Number

US15/165,711
Publication Number

US 20160277449A1
Time in Patent Office

551 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 3/0484   for the control of specific...

G06F 40/205   Parsing

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

Unified generation of policy updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unified generation of policy updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links