Enforcing Policy-based Application and Access Control in an Information Management System

摘要

A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.

主权项

1. A method comprising:
controlling usage, at a client system, of an application program, wherein the controlling step limits the application program's operational functionality in accordance to at least one rule stored on the client system, and the at least one rule contains at least one expression used by the controlling step to control application program operation; controlling access, at a server, to documents, wherein the controlling step limits document access operation in accordance to at least one rule stored on the server, and the at least one rule contains at least one expression used by the controlling step to control document access operation;