Data processing method, data processing apparatus, and non-transitory computer-readable storage medium
US-2024320235-A1 · Sep 26, 2024 · US
Deploying policies and allowing offline policy evaluation
US9740703B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9740703-B2 |
| Application number | US-201615199481-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 30, 2016 |
| Priority date | Dec 29, 2005 |
| Publication date | Aug 22, 2017 |
| Grant date | Aug 22, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: providing a server having access to a policy database storing a first set of policies; providing a device, separate from the server, comprising a decision engine, implemented using executable code, to manage information accessible via the device; connecting of the device to a network with the server having access to the policy database; via the network, receiving at the device from the server the first set of policies and storing the first set of policies on the device; providing a first abstraction, referenced by at least one policy of the first set of policies; storing the first abstraction on the device, wherein the first abstraction includes a definition statement used by the device when evaluating the at least one policy of the first set of policies; and using the decision engine of the device to manage information accessible via the device according to the first set of policies stored on the device, even when the device is disconnected to the network. 2. The method of claim 1 wherein the using the decision engine of the device to manage information accessible via the device according to the first set of policies stored on the device occurs also when the device is connected to the network. 3. The method of claim 1 comprising: in the policy database, storing a second set of policies; via the network, receiving at the device the second set of policies; and using the decision engine to manage information accessible via the device according to the second set of policies. 4. The method of claim 1 comprising: allowing access to a first document by a first policy of the first set of policies, wherein the first policy references the first abstraction stored at the device. 5. The method of claim 4 comprising: when access to the first document is granted according to the first policy, determining whether an action operation is allowable according to a second policy of the first set of policies. 6. The method of claim 1 wherein the first set of policies comprises at least one of binary data, configuration setting, look-up table, tables, or text. 7. The method of claim 1 wherein the policies in the policy database are stored in a first format and sent to the device using a second format. 8. The method of claim 1 wherein the policies in the policy database are stored in a first format and sent to the device using a second format, wherein the second format is based on a characteristic of the decision engine of the device. 9. The method of claim 1 wherein the policies in the policy database are stored in a first format and sent to the device using a second format, wherein the second format is based on the device type. 10. The method of claim 1 wherein the via the network, receiving at the device comprises: optimizing the policies by replacing common subexpressions with a variable. 11. The method of claim 1 wherein the via the network, receiving at the device comprises: optimizing the policies by reordering a first expression to obtain a second expression, wherein the second expression is functionally equivalent to the first expression. 12. The method of claim 11 wherein the reordering comprises logically reducing the first expression. 13. The method of claim 11 wherein the reordering comprises logically expanding the first expression. 14. The method of claim 1 wherein the via the network, receiving at the device comprises: optimizing the policies by evaluating a less time-consuming comparison operation before a more time-consuming comparison operation. 15. The method of claim 1 wherein the first set of policies comprises policy abstractions. 16. A method comprising: providing a device comprising a decision engine, implemented using at least one code module, to control application operation on the device; connecting the device to a network with a server having access to a policy database; via the network, receiving at the device a first set of policies to be stored at the device; retrieving a first abstraction referenced by at least one policy of the first set of policies; and after the receiving of the first set of policies at the device, using the decision engine to control application operation on the device according to the first set of policies stored at the device, even when the device is disconnected to the network, comprising: allowing access by a first application to a first document at the device, wherein a first policy of the first set of policies is evaluated to determine whether to allow access by the first application and the first policy references the retrieved first abstraction; and when access by the first application to the first document is granted according to the first policy, determining whether a document operation is allowable. 17. The method of claim 16 wherein the first set of policies comprises at least one of binary data, configuration setting, look-up table, tables, or text. 18. The method of claim 16 wherein the via the network, receiving at the device comprises: optimizing the policies by replacing common subexpressions with a variable. 19. The method of claim 16 wherein the via the network, receiving at the device comprises: optimizing the policies by reordering a first expression to obtain a second expression, wherein the second expression is functionally equivalent to the first expression. 20. A method comprising: providing a server having access to a policy database storing a first set of policies; providing a device, separate from the server, comprising a decision engine, implemented using executable code, to manage information accessible via the device; connecting of the device to a network with the server having access to the policy database; via the network, receiving at the device from the server a second set of policies that is based on the first set of policies and storing the second set of policies on the device; providing a first abstraction, referenced by at least one policy of the second set of policies; storing the first abstraction on the device, wherein the first abstraction includes a definition statement used by the device when evaluating the at least one policy of the second set of policies; and using the decision engine of the device to manage information accessible via the device according to the second set of policies stored on the device, even when the device is disconnected to the network. 21. The method of claim 20 wherein the second set of policies comprises at least one of the first set of policies changed from a first format to a second format or the first set of policies comprising optimizations.
Assignees
Inventors
Classifications
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
- G06F16/13Primary
File access structures, e.g. distributed indices (arrangements of input from, or output to, record carriers G06F3/06) · CPC title
Access control lists [ACL] · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9740703B2 cover?
- In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.
- Who is the assignee on this patent?
- Nextlabs Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/13. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 22 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).