Systems and Methods for Providing and Managing Distributed Enclaves
First Claim
1. A method for operating a device to manage and control data, comprising:
- (a) identifying controlled data using a first local enclave instance (LEI) on a first electronic device, said first LEI having one or more policies regulating usage and/or access rights to said controlled data;
(b) receiving a request to transfer said controlled data from said first LEI to a destination residing in (i) an application external to said first LEI and on said first electronic device, (ii) a second LEI, or (iii) a second electronic device;
(c) determining, with the aid of a processor, one or more attributes of said destination;
(d) permitting or denying the request of (b) based upon a processor-assisted comparison of said one or more attributes determined in (c) against one or more attributes for permitting data transfer provided in said one or more policies.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy.
117 Citations
21 Claims
-
1. A method for operating a device to manage and control data, comprising:
-
(a) identifying controlled data using a first local enclave instance (LEI) on a first electronic device, said first LEI having one or more policies regulating usage and/or access rights to said controlled data; (b) receiving a request to transfer said controlled data from said first LEI to a destination residing in (i) an application external to said first LEI and on said first electronic device, (ii) a second LEI, or (iii) a second electronic device; (c) determining, with the aid of a processor, one or more attributes of said destination; (d) permitting or denying the request of (b) based upon a processor-assisted comparison of said one or more attributes determined in (c) against one or more attributes for permitting data transfer provided in said one or more policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for enabling a user to manage and control data, comprising:
-
(a) identifying controlled data using a first local enclave instance (LEI) on a first electronic device, said first LEI having one or more policies regulating usage and/or access rights to said controlled data; (b) identifying, with the aid of a processor, a destination location residing in (i) an application external to said first LEI and on said first electronic device, (ii) a second LEI, and/or (iii) a second electronic device; (c) determining one or more attributes of said location; (d) performing, with the aid of a processor, a comparison of said one or more attributes determined in (c) against one or more attributes for permitting data transfer provided in a policy; and (e) permitting transfer of said controlled data to said destination location based upon said comparison of (d). - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for enabling a user to use and/or access data, comprising:
-
(a) identifying controlled data on an electronic device of said user; (b) determining, with the aid of a computer processor, a first set of attributes of said electronic device and/or storage location of said electronic device having said controlled data; (c) performing, with the aid of a computer processor, a comparison of said first set of attributes determined in (b) against a second set of attributes for permitting usage of and/or access to said controlled data, wherein said second set of attributes is provided in a policy that is associated with the use and/or access of said controlled data on said electronic device; and (d) permitting the user to use and/or access said controlled data based upon said comparison of (c). - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21-40. -40. (canceled)
Specification