US 11,755,760 B2
Systems and methods for secure policies-based information governance
Sudhi Balan, Fairfield, CT (US); Randy Baiad, Brookfield, CT (US); and Robert Russell, New Canaan, CT (US)
Assigned to ASG Technologies Group, Inc., Waltham, MA (US)
Filed by ASG Technologies Group, Inc., Waltham, MA (US)
Filed on Oct. 12, 2020, as Appl. No. 17/68,702.
Claims priority of provisional application 62/923,381, filed on Oct. 18, 2019.
Prior Publication US 2021/0120044 A1, Apr. 22, 2021
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01); G06F 40/106 (2020.01); G06F 3/0483 (2013.01); G06F 3/0482 (2013.01); G06F 16/25 (2019.01); G06F 21/31 (2013.01); H04L 9/40 (2022.01); G06F 16/21 (2019.01); G06F 21/60 (2013.01); G06N 5/01 (2023.01)
CPC G06F 21/6218 (2013.01) [G06F 3/0482 (2013.01); G06F 3/0483 (2013.01); G06F 16/211 (2019.01); G06F 16/256 (2019.01); G06F 21/31 (2013.01); G06F 21/604 (2013.01); G06F 40/106 (2020.01); G06N 5/01 (2023.01); H04L 63/101 (2013.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/205 (2013.01); G06F 2221/2141 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for secure policies-based information governance, the method comprising:
displaying a Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user;
receiving a policy from a policy engine based on the business rule input and at least one guardrail policy comprising a rule having a level of precedence higher than the business rule of the business rule input, the policy engine generating a policy hierarchy;
defining a plurality of domain objects and a plurality of domain object representations in the Graphical User Interface (GUI) based on the policy, the at least one guardrail policy, and the policy hierarchy;
defining an extensible hierarchical domain model definition using the policy hierarchy, the extensible hierarchical domain model definition being modified using the plurality of domain object representations in the Graphical User Interface (GUI);
defining a Policy Enforcement Point (PEP) in an application based on the extensible hierarchical domain model definition;
providing a mapping from the Policy Enforcement Point (PEP) in the application to the plurality of domain object representations in the Graphical User Interface (GUI);
receiving, by the Policy Enforcement Point (PEP), a user request to access a resource on the application, the user request comprising attributes of the business user;
sending, by the Policy Enforcement Point (PEP), the user request to access the resource on the application to a Policy Decision Point (PDP);
evaluating, by the Policy Decision Point (PDP), the user request to access the resource on the application, the evaluating using the extensible hierarchical domain model definition;
generating, by the Policy Decision Point (PDP), a decision regarding the user request to access the resource on the application based on the evaluating; and
enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application.