POLICY-BASED SECURE INFORMATION DISCLOSURE

US 20090328130A1
Filed: 06/26/2008
Published: 12/31/2009
Est. Priority Date: 06/26/2008
Status: Active Grant

First Claim

Patent Images

1. A data storage system, comprising:

a retention component that stores a selection portion of contextual information; and

a policy component that regulates access of the stored contextual information through use of an access policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for storing data and retrieving data from a smart storage device is provided, where smart storage includes processing capabilities along with the ability to store information. In one aspect, a method includes detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device and selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device. This includes dynamically generating conditional context aware policies syntax based on user settings or network policy and downloading a set of policies onto the storage device for future policy enforcement.

35 Citations

View as Search Results

20 Claims

1. A data storage system, comprising:
- a retention component that stores a selection portion of contextual information; and
  
  a policy component that regulates access of the stored contextual information through use of an access policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising an identification component that selects an instance for disclosure of at least a portion of the stored contextual information as a function of the access policy.
  - 3. The system of claim 1, the policy component selects the access policy to use based upon a requestor entity, a state of a user, a key provided, or a combination thereof.
  - 4. The system of claim 1, the policy component employs a digital key comparison in conjunction with the access policy to regulate access of the stored contextual information.
  - 5. The system of claim 1, further comprising an override component that enables the access policy to be overridden such that at least a portion of the access policy is ignored in regulation of access to stored contextual information.
  - 6. The system of claim 1, further comprising a filter component that limits an amount of the stored contextual information disclosed upon the policy component that regulates access based upon the policy.
  - 7. The system of claim 1, further comprising a component that collects a request to access the stored contextual information.
  - 8. The system of claim 1, further comprising a selection component that determines the contextual information for storage.
  - 9. The system of claim 1, selection of the contextual information is performed through use of at least one artificial intelligence technique.

10. A method of placing criteria and related keys onto a smart storage device, comprising:
- detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device;
  
  selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device;
  
  dynamically generating conditional context aware policies syntax based on user settings and network policy; and
  
  downloading a set of policies onto the storage device for future policy enforcement.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, further comprising constructing the policy though negotiations between the storage device and a host system.
  - 12. The method of claim 10, further comprising identifying if a digital key is supplied, determining if the information should be released is a function of an evaluation and identification of the key supplied
  - 13. The method of claim 12, further comprising:
    - recognizing a number of keys required to release the information;
      
      determining if the recognized number are provided; and
      
      classifying a number of keys provided, if a suitable number of keys are not provided then access is denied while if a suitable number of keys are provided then the keys can be identified.
  - 14. The method of claim 13, further comprising obtaining a request to access the information.
  - 15. The method of claim 13, further comprising filtering information to release upon a positive determination if the information is released.
  - 16. The method of claim 13, further comprising denying access upon a negative determination if the information is released.
  - 17. The method of claim 13, further comprising generating the policy used in the evaluation.
  - 18. The method of claim 10, further comprising employing a network host to manage an attached smart storage device during provisioning.

19. A system for creating customized executable policy rules to be executed dynamically inside a storage device before releasing access to stored data in the device, comprising:
- means for processing templates, where the templates are stored in a policy store on a host or enterprise network associated with a host storage management system, the templates employed to create policy rules as language macros;
  
  means for downloading the macros into a storage device in a secure manner; and
  
  means for executing the macros when an access decision is performed by the storage device based on user keys, content metadata, or context settings
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising a networked host to manage an attached smart storage device during provisioning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hamilton, James R., Sadovsky, Vladimir G.

Granted Patent

US 9,063,897 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

G16H 10/65   stored on portable record c...

H04L 63/105   Multiple levels of security

POLICY-BASED SECURE INFORMATION DISCLOSURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

POLICY-BASED SECURE INFORMATION DISCLOSURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others