Unified policy over heterogenous device types
First Claim
1. A method of enforcing a policy on a client device, comprising:
- receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms;
evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device;
requesting, from the network, information about an application located on the client device, receiving the requested information, and using the received information in the evaluation; and
enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for enforcing a normalized set of policy-based behaviors across two or more disparate client devices. The policy definition can be a common description of expected behavior, while a client-side policy engine interprets and implements platform specific details associated with the client. In one embodiment, a client device receives a generic policy definition from a network. The generic policy definition is applicable to disparate device types having different hardware and/or software platforms. A client policy engine can analyze the generic policy definition, compare it to client-side applications or functions and make intelligent decisions on how to apply the policy for the specific client.
19 Citations
20 Claims
-
1. A method of enforcing a policy on a client device, comprising:
-
receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms; evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device; requesting, from the network, information about an application located on the client device, receiving the requested information, and using the received information in the evaluation; and enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for enforcing a policy on a client device, comprising:
-
a policy service client for receiving a generic policy definition from a network; the client device including a controller executing a client policy agent for collecting information about the client device including a usage log stored in memory on the client device that stores previous use information; and the client device including the controller executing a client policy engine coupled to both the policy service client and the client policy agent for receiving the generic policy definition from the policy service client and the information from the client policy agent, and for determining whether functionality available on the client device conforms with the generic policy definition by comparing the generic policy definition to the collected information about the client device and determining how to apply the generic policy definition to the client device, wherein how to apply the generic policy definition depends on an identity of a user logged into the client device and wherein applications on the client device limit functionality based on commands from the client policy engine. - View Dependent Claims (11, 12)
-
-
13. A method of enforcing a policy on a client device, comprising:
-
receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms; evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device; and enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device, wherein the functionality available can change based on the capabilities of the client device. - View Dependent Claims (14, 15)
-
-
16. A method of enforcing a policy on a client device, comprising:
-
receiving, in a client device, a policy definition from a network, wherein the policy definition is a generic definition that is applicable to disparate device types having different hardware and software platforms; evaluating the received policy definition in a client policy engine located on the client device by comparing the policy definition to use or functionality available on the client device, including configuration of applications or operating system components on the client device; enforcing the policy by modifying the functionality available on the client device based on the evaluation, wherein the client policy engine adapts the generic policy definition to a specific platform on the client device including adapting the functionality on the client device based on an identity of a user logged onto the client device; and dynamically monitoring parameters on the client device and evaluating whether the client device conforms to the received policy and taking corrective action if the policy is not met. - View Dependent Claims (17, 18, 19, 20)
-
Specification