Unified policy over heterogenous device types

US 9,871,824 B2
Filed: 04/24/2015
Issued: 01/16/2018
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing a policy on a client device, comprising:

receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;

evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device;

requesting, from the network, information about an application located on the client device, receiving the requested information, and using the received information in the evaluation; and

enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for enforcing a normalized set of policy-based behaviors across two or more disparate client devices. The policy definition can be a common description of expected behavior, while a client-side policy engine interprets and implements platform specific details associated with the client. In one embodiment, a client device receives a generic policy definition from a network. The generic policy definition is applicable to disparate device types having different hardware and/or software platforms. A client policy engine can analyze the generic policy definition, compare it to client-side applications or functions and make intelligent decisions on how to apply the policy for the specific client.

19 Citations

20 Claims

1. A method of enforcing a policy on a client device, comprising:
- receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;
  
  evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device;
  
  requesting, from the network, information about an application located on the client device, receiving the requested information, and using the received information in the evaluation; and
  
  enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the evaluation includes determining an identity of a user and modifying the functionality available based on the user identity.
  - 3. The method of claim 1, wherein evaluating includes determining a mode in which a user is using the client device and wherein the mode can be switched between one or more of the following:
    - work and play, adult and child, observer, editor, and administrator.
  - 4. The method of claim 1, further including receiving a policy update sent to the network for distribution of the policy across disparate client devices.
  - 5. The method of claim 1, wherein the client device includes one or more of the following:
    - (a) a gaming console, (b) a mobile phone, (c) a television, (d) a computer, or (e) a virtual instance of any client device (a-d).
  - 6. The method of claim 1, wherein the functionality available can change based on the capabilities of the client device.
  - 7. The method of claim 1, wherein enforcing includes sending commands to an application to control functions thereof or to control content played by the application.
  - 8. The method of claim 1, further including dynamically monitoring parameters on the client device and evaluating whether the client device conforms to the received policy and taking corrective action if the policy is not met.
  - 9. The method of claim 1, wherein the enforcing of the policy includes modifying the functionality on the client device based on an age of the user.

10. An apparatus for enforcing a policy on a client device, comprising:
- a policy service client for receiving a generic policy definition from a network;
  
  the client device including a controller executing a client policy agent for collecting information about the client device including a usage log stored in memory on the client device that stores previous use information; and
  
  the client device including the controller executing a client policy engine coupled to both the policy service client and the client policy agent for receiving the generic policy definition from the policy service client and the information from the client policy agent, and for determining whether functionality available on the client device conforms with the generic policy definition by comparing the generic policy definition to the collected information about the client device and determining how to apply the generic policy definition to the client device, wherein how to apply the generic policy definition depends on an identity of a user logged into the client device and wherein applications on the client device limit functionality based on commands from the client policy engine.
- View Dependent Claims (11, 12)
- - 11. The apparatus of claim 10, further including a server computer coupled to the client device via the network, the server computer for providing a uniform policy definition across different client device types.
  - 12. The apparatus of claim 10, wherein the policy definition restricts an amount of time an application on the client device can be used in a day.

13. A method of enforcing a policy on a client device, comprising:
- receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;
  
  evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device; and
  
  enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device, wherein the functionality available can change based on the capabilities of the client device.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the evaluation includes determining an identity of a user and modifying the functionality available based on the user identity.
  - 15. The method of claim 13, wherein evaluating includes determining a mode in which a user is using the client device and wherein the mode can be switched between one or more of the following:
    - work and play, adult and child, observer, editor, and administrator.

16. A method of enforcing a policy on a client device, comprising:
- receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;
  
  evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device;
  
  enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device; and
  
  dynamically monitoring parameters on the client device and evaluating whether the client device conforms to the received policy and taking corrective action if the policy is not met.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further including receiving a policy update sent to the network for distribution of the policy across disparate client devices.
  - 18. The method of claim 16, wherein the client device includes one or more of the following:
    - (a) a gaming console, (b) a mobile phone, (c) a television, (d) a computer, or (e) a virtual instance of any client device (a-d).
  - 19. The method of claim 16, wherein the functionality available changes based on the capabilities of the client device.
  - 20. The method of claim 16, wherein applications on the client device limit the functionality based on commands from the client policy engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nukala, Chandrasekhar, Callaghan, David Michael
Primary Examiner(s)
Serrao, Ranodhi

Application Number

US14/696,187
Publication Number

US 20150237072A1
Time in Patent Office

998 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6236   between heterogeneous systems

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Unified policy over heterogenous device types

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unified policy over heterogenous device types

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links