Classification Management

Patent No. US11044256 (titled "Classification Management") was filed by Appomni Inc on Dec 22, 2020.

’256 is related to the field of cloud software and, more specifically, to the management and governance of elements (data, configurations, etc.) stored across multiple Software-as-a-Service (SaaS) platforms. Existing labeling schemes for cloud software lack expressiveness and the ability to reflect the structure of organizations, making it difficult to manage security attributes and ensure governance across various SaaS platforms.

The underlying idea behind ’256 is to provide a customizable classification system that allows users to map elements from different SaaS platforms to a single, centralized classification structure. This involves defining a hierarchy of classifications, associating elements with these classifications, and specifying prescribed security attributes for each mapping. The system then compares these prescribed attributes with the actual configured security attributes to identify discrepancies and potential security risks.

The claims of ’256 focus on a system, method, and computer program product that obtain mappings of stored elements to a plurality of classifications via a user interface. These mappings include prescribed security attributes. The claims further cover obtaining a policy that includes identifying information associated with a set of actors and a specified portion of the classifications. The system then compares configured security attributes of the actors to the prescribed security attributes and outputs information pertaining to any discrepancies found.

In practice, the invention allows an administrator to define a hierarchy of classifications that reflect the organization's structure and security policies. They can then map elements from various SaaS platforms (e.g., Salesforce, Workday) to these classifications, specifying the desired security attributes for each mapping. The system then periodically audits the actual configurations of these SaaS platforms, comparing them to the prescribed attributes. Any deviations are flagged as discrepancies, allowing the administrator to take corrective action.

This approach differs from prior solutions by providing a flexible and centralized way to manage security attributes across multiple SaaS platforms. Instead of relying on each platform's native labeling scheme, which may be limited or inconsistent, ’256 allows users to define their own customizable classifications and mappings. Furthermore, the system automates the auditing process, identifying discrepancies that might otherwise go unnoticed, thereby improving overall security and governance.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2020s when ’256 was filed, systems commonly relied on centralized identity and access management (IAM) solutions, at a time when cloud-based services were typically integrated using standard APIs and protocols. When hardware or software constraints made the enforcement of fine-grained access control policies across diverse data sources non-trivial.

Novelty and Inventive Step

The examiner approved the application because the prior art, specifically Grand (US 2020/0184090 A1) and Hopkins et al. (US 2017/0272349 A1), when taken alone or in combination, do not teach or suggest a system with a processor configured to: obtain mappings of stored elements to classifications via a user interface, where the mappings include prescribed security attributes; obtain a policy identifying actors and classifications via a user interface; compare configured security attributes of actors to prescribed security attributes of classifications; and output discrepancy information based on the comparison.

Claims

This patent contains 20 claims, with independent claims 1, 11, and 20. The independent claims are directed to a system, a method, and a computer program product, respectively, all generally focused on identifying discrepancies between configured security attributes of actors and prescribed security attributes of classifications. The dependent claims generally elaborate on and add detail to the elements and steps recited in the independent claims.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)	Support for Specification	Interpretation
Configured security attributes (Claim 1, Claim 11, Claim 20)	“In various embodiments, a “configured security attribute” is a security attribute that had actually been configured at a particular data source associated with element that is stored at, processed by, or made available through the data source.”	Security characteristics that are actually configured at a data source.
Plurality of classifications (Claim 1, Claim 11, Claim 20)	“Mappings of elements to a plurality of classifications are obtained via a user interface that is provided by a classification management server. In some embodiments, the plurality of classifications is associated with a plurality of hierarchical levels. For example, a set of classifications can represent the totality or portions of a business process, business structure, organizational structure, geographical structure, industry standard, functional or security recommendations, or data labeling scheme. In various embodiments, each classification is associated with a customizable name and one or more customizable tags.”	Multiple categories to which elements are assigned.
Prescribed security attributes (Claim 1, Claim 11, Claim 20)	“Using the user interface, the user submits a prescribed security attribute for each selected element from a corresponding data source (e.g., SaaS platform server) that is mapped to a particular classification. In various embodiments, a “prescribed security attribute” is a security attribute that is submitted by the user to the classification management server (over the user interface) and that is to be associated with each element from a data source that has been selected to be mapped to a particular classification. Examples of a “prescribed security attribute” include a privileged type, permission type, an access type, setting value, business process, user or admin event type, application integration, “cloud code” software file, channel access, repository access, or other component of a SaaS service.”	Security characteristics submitted by a user to be associated with elements mapped to a classification.
Set of actors (Claim 1, Claim 11, Claim 20)	“A policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications is obtained via the user interface by the classification management server. In various embodiments, an “actor” comprises a user, a system, a machine, an image, a process, an application, an account, or a combination of one or more of the above.”	A group of users, systems, or other entities.
Stored elements (Claim 1, Claim 11, Claim 20)	“In various embodiments, an “element” comprises stored data, processed data, detected data, identified data, configuration, compliance or auditing-supporting elements, and user or administrative log events. In various embodiments, using the user interface, a user selects at least a subset of elements that is stored at, processed by, or otherwise made available by or through each of one or more data sources (e.g., where each data source is a corresponding Software as a service (SaaS) server or service) to be associated and therefore, managed under a particular classification of the plurality of classifications.”	Data that is stored and mapped to classifications.

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

Date
Description

Get instant alerts for new documents

Jun 2, 2021
Issue Notification
May 6, 2021
Transmittal Letter
May 6, 2021
Drawings-only black and white line drawings
May 6, 2021
Fee Worksheet (SB06)
May 6, 2021
Electronic Filing System Acknowledgment Receipt
May 6, 2021
Issue Fee Payment (PTO-85B)
Mar 22, 2021
Communication - Re: Power of Attorney (PTOL-308)
Mar 19, 2021
Communication - Re: Power of Attorney (PTOL-308)
Mar 17, 2021
Power of Attorney
Mar 17, 2021
Power of Attorney
Mar 17, 2021
Electronic Filing System Acknowledgment Receipt
Mar 17, 2021
Oath or Declaration filed
Mar 17, 2021
Electronic Filing System Acknowledgment Receipt
Mar 8, 2021
Miscellaneous Communication to Applicant - No Action Count
Feb 19, 2021
Notice of Allowance and Fees Due (PTOL-85)
Feb 19, 2021
List of references cited by examiner
Feb 19, 2021
Search information including classification, databases and other search related notes
Feb 19, 2021
Issue Information including classification, examiner, name, claim, renumbering, etc.
Feb 19, 2021
Bibliographic Data Sheet
Feb 19, 2021
Examiner's search strategy and results
Feb 19, 2021
Examiner's search strategy and results
Feb 19, 2021
Examiner's search strategy and results
Jan 14, 2021
Track One request Granted
Jan 8, 2021
Miscellaneous Communication to Applicant - No Action Count
Jan 8, 2021
Filing Receipt
Jan 8, 2021
Fee Worksheet (SB06)
Jan 6, 2021
Fee Worksheet (SB06)
Dec 22, 2020
Placeholder sheet indicating presence of supplemental content in Supplemental Complex Repository for Examiners(SCORE)
Dec 22, 2020
Track One Request
Dec 22, 2020
Application Data Sheet
Dec 22, 2020
Drawings-other than black and white line drawings
Dec 22, 2020
Fee Worksheet (SB06)
Dec 22, 2020
Electronic Filing System Acknowledgment Receipt
Dec 22, 2020
Specification
Dec 22, 2020
Claims
Dec 22, 2020
Abstract
Dec 22, 2020
Drawings-black and white line and/or other drawings

US11044256

APPOMNI INC

Application Number: US17130484
Filing Date: Dec 22, 2020
Status: Granted
Expiry Date: Dec 22, 2040
External Links: Slate, USPTO, Google Patents

IP Verse