Systems and methods for managing policies on a computer

Description

RELATED APPLICATIONS

This application claims priority to other applications as set forth in the Application Data Sheet filed in this application. Each of the patents and/or applications listed on the ADS is hereby incorporated by reference.

BACKGROUND

1. Field of the Invention

This invention relates to managing groups of computers and more particularly relates to managing policies for configuring hardware or software settings on groups of computers with a plurality of operating systems.

2. Description of the Related Art

A major concern of information technology management in corporations and other organizations has been balancing the complexity associated with managing large numbers of computers with the needs of individual users as they try to accomplish their tasks. A heterogeneous set of computer hardware, operating systems, and application software creates complexity and increased costs, but various combinations of hardware, operating systems, and software provide technical advantages when used as user workstations, departmental servers, corporate infrastructure equipment, and the like. User workstations are particularly difficult to manage when various needs and preferences of individual users are accommodated. For example, an engineer may require the use of a CAD system that runs only on the UNIX operating system, where other corporate users may be standardized on the MICROSOFT WINDOWS operating system and associated applications. Many similar compatibility issues exist among current computer systems.

One factor that adds to the complexity of managing various operating systems is that different operating systems employ different techniques for setting configuration information. For example, MICROSOFT WINDOWS and applications that run on Windows typically use a database, called the registry, to store configuration information. Computers running the UNIX operating system or derivatives thereof such as LINUX typically store configuration information in plain text files in particular locations in the file system directory. Information technology managers within an organization that uses heterogeneous operating systems typically institute separate sets of management procedures and standards for each operating system used in the organization.

One component of prior art solutions to the problem of managing large numbers of computers and users is the use of policies. Policies are used to set configurable options associated with an operating system or application program for a group of computer users. For example, a word processing program may have an option to select an American English dictionary or a British English dictionary. By creating one policy for its users in the United States and another policy for its users in England, an organization can set the appropriate option for all users without configuring each user's computer individually.

Another component of prior art solutions to the problem of managing groups of computers and users is the use of network directory services. Directory services provide an infrastructure to store and access information about network-based entities, such as applications, files, printers, and people. Directory services provide a consistent way to name, describe, locate access, manage, and secure information about these resources. The directories associated with directory services are typically hierarchical structures such as a tree with each node in the hierarchy capable of storing information in a unit often referred to as a container. Enterprises may use directory servers and directory services to centrally manage data that is accessed from geographically dispersed locations.

For example, corporations typically create network directory trees that mirror their corporate organizations. Information about individual employees, such as their employee number, telephone number, and hire date may be stored in a user object corresponding to each user in the directory tree. An organizational unit container representing each department may contain the user objects associated with each employee in the department. Organizational unit objects associated with each corporate division may contain the department organizational unit objects associated with each department in the division. Finally, an organization container representing the corporation as a whole may contain the company's division organizational unit objects.

Combining the use of policies and directory services facilitates management of groups of computers and users. Policies may be associated with the various containers in the directory services tree to store associated configuration information at the organization, division, or departmental level. For example, a policy may be associated with the Accounts Receivable container in a corporate organization to set options for the accounting program used in that department. Exceptions to the policy can be managed on an individual level, or by creating a group object and associating a policy with the group. Suppose, for example, that all employees in an organization use a software application with a particular set of configuration options, but department managers require a different set of options. A policy could be created with the basic set of options and associated with the organization container. A separate policy with the configuration options for managers could be created and assigned to a Managers user group object.

Using policies and directory services in combination has proven efficient in homogeneous operating system environments. Prior art computer management systems use policies targeted toward a specific operating system, referred to as the native operating system. From the point of view of prior art policy and policy management systems, other operating systems are considered to be foreign operating systems. However, the operating requirements of many organizations require information technology managers to manage multiple operating systems. The efficiencies associated with policies and directory services have not been realized in heterogeneous operating system environments. Since different operating systems use different approaches to setting configuration information, a policy associated with a directory services container may be applied to users of a native operating system that provided the policies, but there may not be a method for applying the policy for users of a foreign operating system.

From the foregoing discussion, it should be apparent that a need exists for an apparatus, system, and method that extend the use of policies to manage configuration information on computers having operating systems that are foreign to the policy creation and management environment. Beneficially, such an apparatus, system, and method would control cost and complexity associated with management of computers with heterogeneous operating systems within an organization. The benefits are multiplied when network directory services are used in conjunction with policies.

SUMMARY

The present invention has been developed in response to the present state of the art, and in particular, in response to the problems and needs in the art that have not yet been fully solved by currently available policy management systems. Accordingly, the present invention provides an apparatus, system, and method for managing policies on a computer having a foreign operating system that overcome many or all of the above-discussed shortcomings in the art.

In one aspect of the present invention, a method for managing policies on a computer having a foreign operating system includes providing a policy on a first computer with a native operating system, receiving the policy on a second computer with a foreign operating system, and translating the policy to configuration information usable on the second computer. In one embodiment, the method includes receiving the policy on the second computer at workstation start-up. The method also may include updating the policy at user login. These embodiments facilitate obtaining the current policy at the time they are typically needed by operating systems.

In further embodiments, the method includes polling the first computer at periodic intervals for changes to the policy. In these embodiments, configuration information usable on the second computer is updated to reflect changes in policy on the first computer, to keep the configuration information and policy closely synchronized. The method may also con include applying configuration information associated with directory services containers and objects. For example, a policy associated with a directory services organization container may be translated to configuration information that may then be applied to all users in the organization container.

In another aspect of the present invention, an apparatus to manage policies on a computer having a foreign operating system includes a policy on a first computer having a native operating system, a policy translator that translates the policy to configuration information usable on a second computer having foreign operating system, and a translator manager that manages the association between the policy on the first computer and the translator on the second computer. The apparatus, in one embodiment, is configured to manage configuration information usable on a second computer having a foreign operating system by means of policies on a first computer having a native operating system. A translator manager manages the association between the policy on the first computer, and a policy translator on the second computer.

The apparatus is further configured, in one embodiment, to include policies associated with network directory services containers and objects. Policies may be associated, for example, with organization containers, organizational unit containers, and user objects, facilitating the configuration of hardware or software information for groups of computer users at a corporate, department, or individual level.

Various elements of the present invention may be combined into a system arranged to carry out the functions or steps presented above. In one embodiment, the system includes two computers, the first having a native operating system and the second having a foreign operating system. In particular, the system, in one embodiment, includes a directory services server and database, a communications network, a policy, a policy editor, a policy template, a translator manager, and a policy translator.

Reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present invention should be or are in any single embodiment of the invention. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment of the present invention. Thus, discussion of the features and advantages, and similar language, throughout this specification may, but do not necessarily, refer to the same embodiment.

Furthermore, the described features, advantages, and characteristics of the invention may be combined in any suitable manner in one or more embodiments. One skilled in the relevant art will recognize that the invention can be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the invention.

These features and advantages of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the advantages of the invention will be readily understood, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings, in which:

FIG. 1 is a schematic block diagram depicting one embodiment of a typical prior art networking environment wherein the present invention may be deployed;

FIG. 2 is a schematic block diagram illustrating one embodiment of a prior art policy management apparatus;

FIG. 3 is a schematic block diagram illustrating one embodiment of a policy management system in accordance with the present invention;

FIG. 4 is a schematic block diagram illustrating another embodiment of a policy management system in accordance with the present invention;

FIG. 5 is a schematic flow chart diagram illustrating one embodiment of a provide translator method in accordance with the present invention;

FIG. 6 is a schematic flow chart diagram illustrating one embodiment of a policy translation method in accordance with the present invention; and

FIG. 7 is a text diagram illustrating one embodiment of policy translation example data in accordance with the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Many of the functional units described in this specification have been labeled as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom VLSI circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.

Modules may also be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.

Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.

Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

Furthermore, the described features, structures, or characteristics of the invention may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided, such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or with other methods, components, materials, and so forth. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the invention.

FIG. 1 depicts one embodiment of a typical prior art networking environment 100 that demonstrates the issues regarding managing currently deployed enterprises. As depicted, the networking environment 100 includes one or more servers 110, a network 120, and one or more networked computers 130. The components of the networking environment 100 may reside at a single site or may be dispersed over multiple sites.

Some of the servers 110 may be directory servers or domain servers which can function as a registry for resources and users of the networking environment 100. The network 120 may include routers, bridges, hubs, gateways, or the like which facilitate communications among the components of the networking environment 100. Some of the networked computers 130 may execute legacy applications and operating systems that are unable to integrate with the servers 110 that are directory servers.

Some of the networked computers 130 may be used to run utility applications to manage the servers 110 that are directory servers and features of the directory service that runs on the servers 110. These networked computers 130 that manage the directory service typically do not include functionality to manage foreign operating systems that may run on other networked computers 130.

FIG. 2 is a schematic block diagram illustrating one embodiment of a prior art policy management apparatus 200. The prior art policy management apparatus 200 includes a policy template 210, a policy editor 220, a first computer 260 having a native operating system, and a second computer 270 having the same native operating system. The first computer 260 includes a policy manager 230a, a policy-related file 240, and a configuration information database 250a. The second computer 270 includes a policy manager 230b, and a configuration information database 250b. This apparatus is configured to efficiently manage a group of computers having like operating systems.

An administrative user may use a policy template 210 and a policy editor 220 to control the operation of the policy manager 230a. The policy template 210 and the policy editor 220 may be located on the first computer 260 or may be on another computer. The policy manager 230a may use a policy-related file 240 and settings (i.e. information) in a configuration information database 250a to record the policy settings created by the administrative user.

As a means for efficiently managing a group of computers with like operating systems, a policy manager 230b in a second computer 270 may be configured to obtain policy settings by reading from the policy-related file 240 or the configuration information con database 250a on the first computer 260, as represented by the dashed lines 233 and 236 in FIG. 2. The policy manager 230b may then make settings to the configuration information database 250b on the second computer 270.

The policy may include configuration information that applies specifically to the second computer 270, or to a specific user or any of a group of users of the second computer 270. Configuration information may be associated with network directory services containers and objects. For example, by associating configuration information with an organizational unit container, the behavior of an application can be controlled for all users in a company department. Configuration information maybe assigned to containers and objects at various levels in a directory services hierarchy, facilitating management of hardware and software configuration information at various organizational, geographical, or individual levels. For example, application configuration information may be associated with an organization container, organizational unit container, and user object in a network directory services hierarchy, resulting in application configuration options being assigned at corporate, departmental, and individual levels in an organization.

FIG. 3 is a schematic block diagram illustrating one embodiment of a policy management system 300 in accordance with the present invention. The depicted policy management system 300 includes a network 310, a first computer 320, and a second computer 340. The first computer 320 includes a policy template 322, a policy editor 324, a policy manager 230, a policy-related file 326, and a configuration information database 250. The depicted second computer 340 includes a translator manager 342, a translator 344, and a policy-related file 346. The policy management system 300 facilitates management of a group of computers with multiple operating systems by using the first computer 320 as a reference computer from which configuration information are replicated to other computers in a workgroup, or the like. The policy management system 300 depicted in FIG. 3 represents a peer-oriented embodiment of the present invention, where the first computer 320 and the second computer 340 are workstations, and no server is required.

An administrative user may use a policy template 322 and policy editor 324 to control the operation of the policy manager 230. The policy manager 230 may use a policy-related file 326 and settings or information in a configuration information database 250 to record the policy settings created by the administrative user. The translation manager 342 in the second computer 340 may be configured to obtain policy settings by reading from the policy-related file 326 and the configuration information database 250 on the first computer 320, as represented by the dashed lines 333 and 336 in FIG. 3. The translation manager 342 then passes the policy settings obtained from the first computer 320 to the translator 344 to translate to configuration information that may be stored in a policy-related file 346 on the second computer 340. In some embodiments, the translator 344 modifies configuration information stored in a plurality of files. The policy-related file 346 may not be exclusively dedicated to storing policy information. For example, the policy-related file 346 may contain non-policy data or code. In some embodiments, the operating system on the first computer 320 may provide an event notification system that notifies the translation manager 342 that changes have been made to the policy-related file 326 or the configuration information database 250.

FIG. 4 is schematic block diagram illustrating another embodiment of a policy management system 400 in accordance with the present invention. The policy management system 400 includes a server 410, network 310, a first computer 320, and a second computer 340. The server 410 includes a policy-related file 413, and a configuration information database 416. The first computer 320 includes a policy template 322, a policy editor 324, and a policy manager 230. The second computer 340 includes a translation manager 342, a translator 344, and a policy-related file 346. The policy management system 400 facilitates management of a group of computers having multiple operating systems by replicating configuration information from a server 410, such as a directory server. The policy management system 400 depicted in FIG. 4 represents a client-server-oriented embodiment of the present invention, where configuration information are stored on a server 410 and replicated to client workstations represented by the second computer 340.

As with the embodiment depicted in FIG. 3, an administrative user may use a policy template 322 and policy editor 324 to control the operation of the policy manager 230. In this embodiment, however, the policy manager 230 may use a policy-related file 413 and settings in a configuration information database 416 to record the policy settings created by the administrative user on a server 410. The translation manager 342 in the second computer 340 may be configured to obtain policy settings by reading from the policy-related file 413 and the configuration information database 416 on the server 410, as represented by the dashed lines 433 and 436 in FIG. 4. The translation manager 342 then passes the policy settings obtained from the first computer 320 to the translator 344 to translate to configuration information that may be stored in a policy-related file 346 on the second computer 340.

The following schematic flow chart diagrams that follow are generally set forth as logical flow chart diagrams. As such, the depicted order and labeled steps are indicative of one embodiment of the presented method. Other steps, methods, and orderings may be conceived that are equivalent in function, logic, or effect to one or more steps, or portions thereof, of the illustrated method.

FIG. 5 is a schematic flow chart diagram illustrating one embodiment of a provide translator method 500 in accordance with the present invention. The provide translator method 500 includes a provide policy template step 520, and a provide policy translator step 530. The provide translator method 500 provides modules that facilitate translation of policy settings from a native operating system to a foreign operating system.

The provide policy template step 520 provides a policy template such as the policy template 322 to be used in conjunction with the policy editor 324, or the like. As detailed in FIG. 3 and elsewhere, the policy template 322 constrains policy editing, such that policies created by the policy editor 324 conform to requirements of the first computer 320. For example, the policy template 322 may ensure that configuration information car delivered to the policy manager 230 conform to a required syntax, or that numerical values fall within a meaningful range. The provide policy template step 520 may provide a plug-in module to an operating system utility program. In some embodiments, the provide policy template step 520 provides a wizard program module that guides a user through the process of creating a policy.

The provide policy translator step 530 provides a translator 344 that translates configuration information from the first computer 320 having a native operating system to the second computer 340 having a foreign operating system. The provide policy translator step 530 may place the translator 344 in a file system directory known to the translator manager 342. In some embodiments, the provide policy translator step 530 may register the file system location of the translator 344 with the translator manager 342. Upon completion of the provide policy translator step 530, the provide translator method 500 ends 540.

FIG. 6 is a schematic flow chart diagram illustrating one embodiment of a policy translation method 600 in accordance with the present invention. The policy translation method 600 includes a provide policy step 620, a receive policy step 630, a translate policy step 640, an update configuration step 650, an update on start-up test 655, a wait for start-up step 660, an update on login test 665, a wait for login step 670, a refresh time test 675, and a terminate test 685. The policy translation method 600 translates policies on a first computer 320 having a native operating system to policies for a second computer 340 having a foreign operating system.

The provide policy step 620 provides a policy on the first computer 320 having a native operating system. The provide policy step 620 may be performed by an administrative user using a policy template 322, policy editor 324, and/or policy manager 230. The policy may be contained in a policy-related file 326 and a configuration information database 250 on the first computer 320. In some embodiments, the policy may be contained in a policy-related file 413 and a configuration information database 416 on a server 410, such as a directory server.

The receive policy step 630 receives the policy on the second computer 340 having a foreign operating system. The receive policy step 630 may be performed by a translator manager 342 on the second computer 340. The translator manager 342 may copy the policy from a policy-related file 326 and a configuration information database 250 on the first computer 320. In other embodiments, the translator manager 342 may copy the policy from a policy-related file 413 and a configuration information database 416 on a server 410, such as a directory server. The translator manager 342 transmits the policy to a translator 344.

The translate policy step 640 translates configuration information from the first computer 320 having a native operating system to the second computer 340 having a foreign operating system. The translate policy step 740 may be performed by a translator 344 on the second computer 340. The translator 344 receives the policy from the translator manager 342 and translates the policy to foreign operating system configuration information used by the second computer 340.

The update configuration step 650 applies the configuration information translated by the translator 344. The update configuration step 650 may be performed by a translator 344 on the second computer 340 having a foreign operating system. After translating the policy to foreign operating system configuration information, the translator 344 applies the policy by saving the configuration information in a policy-related file 346. In some embodiments, configuration information may be saved in a plurality of policy-related files 346.

The update on start-up test 655 determines whether the policy is to be applied at workstation start-up. A policy may contain configuration information for all users of the second computer 340. Many operating systems apply configuration information at workstation start-up. Updating configuration information on the second computer 340 during workstation start-up makes the updated settings available for application during the workstation start-up process. If the policy is to be updated at workstation start-up, the policy translation method 600 continues with the wait for start-up step 660, otherwise the policy translation method 600 continues with the update on login test 665.

The wait for start-up step 660 waits for the second computer 340 to reach a point in the workstation start-up process where computer resources are available for the second computer 340 to receive the policy from the first computer 320. The wait for start-up step 660 includes setting a configuration setting that causes the policy translation method 600 to continue with the receive policy step 630 at workstation start-up. The wait for start-up step 660 facilitates receiving the current version of the policy so that configuration information may be applied to the second computer 340 at workstation start-up, when many operating systems typically read configuration information. Updating a policy at workstation start-up is particularly advantageous to workstation-specific configuration information.

The update on login test 665 determines whether the policy is to be applied at user login. A policy may contain configuration information that applies to a specific user or any of a group of users of the second computer 340. In some embodiments, configuration information may be associated with network directory services containers and objects. For example, by associating configuration information with an organizational unit container, the behavior of an application can be controlled for all users in a company department. Updating configuration information on the second computer 340 makes the current version of the settings available for application for the user logging in. If the policy is to be updated at user login, the policy translation method 600 continues with the wait for login method 670, otherwise the policy translation method 600 continues with the refresh time test 675.

The wait for login step 670 waits for a user to log in to the second computer 340 to receive the policy from the first computer 320. The wait for login step 670 includes setting a configuration setting that causes the policy translation method 700 to continue with the receive policy step 630 at user login. The wait for login step 670 facilitates receiving the current version of the policy so that configuration information may be applied to the second computer 340 at user login, when many operating systems typically read configuration information. Updating a policy at user login is particularly advantageous to user-specific configuration information.

The refresh time test 675 determines whether it is time to check for updates to the policy on the first computer 320. In some embodiments, the refresh time test 675 polls the first computer 320 at periodic intervals for changes to the policy. The polling interval may be configurable by the user or may itself be a setting configurable by a policy. In some embodiments, the refresh time test 675 may include a means for the first computer 320 to notify the second computer 340 that a change has been made to the policy, and that the policy should be refreshed on the second computer 340. If the refresh time has arrived, the policy translation method 600 continues with the receive policy step 630, otherwise it continues with the terminate test 685.

The terminate test 685 determines whether the refresh time test 675 should be repeated, or if the policy translation method 600 should terminate. In some embodiments, the policy translation method 600 may be terminated to facilitate deallocation of memory or other computer resources when the second computer 340 is shut down, or to allow for system maintenance. If the policy translation method is not to be terminated, it continues with the refresh time test 675, other wise it ends 690.

FIG. 7 is a text diagram illustrating one embodiment of policy translation example data in accordance with the present invention. The policy translation example data 700 includes policy template data 710, policy manager input data 720, native policy-related file data 730, and translated policy-related file data 740. The policy translation example data may be generated in accordance with the policy translation method 600 and the policy management system 300.

The policy template data 710 is one example of the policy template 322. The policy template 322 may reside on the first computer 320 having a native operating system or on a third computer, such as an administrative workstation. The policy template data 710 may comprise plain ASCII text used to constrain data input accepted by the policy editor 324 by identifying names of data objects that the policy editor 324 will allow the user to edit. Policy template data 710 may also contain the text of prompts or other fields that control the user interface presented by the policy editor 324. Using the policy template 322, the policy editor 324 may accept input from an administrative user and generate input data for the policy manager 230.

Policy manager input data 720 illustrates the format of data that may be generated by the policy editor 324. In various embodiments, in accordance with the provide policy step 620, the policy manager 230 may accept the policy manager input data 720 from a file created by the policy editor 324, from a file created by an administrative user, or communicated directly from the policy editor 324 to the policy manager 230 via interprocess communication. The policy manager 230 may alter the format or contents of the policy manager input data 720. In some embodiments, the policy manager creates a policy-related file 326 and enters the location of the policy-related file 326 in the configuration settings database 250.

The native policy-related file data 730 is a textual representation of binary data in one embodiment of the policy-related file 326. The native policy-related file data 730 is generated by the policy manager 230, and in preparation for the receive policy step 630, is stored in a format and location typically used with the native operating system in use on the first computer 320. In the depicted embodiment, the native policy-related file data 730 comprises mixed binary and UNICODE text delimited by square brackets.

The translated policy-related file data 740 is one example of the policy-related file 346. In accordance with the translate policy step 640, the translator 344 translates the policy data received from the translator manager 342 to data usable by the foreign operating system used by the second computer 340. The depicted translated policy-related file data 740 is one example of a configuration file that a translator 344 has converted from mixed binary and UNICODE format to plain ASCII text format, and filtered to include only data usable by the foreign operating system in use on the second computer 340. In the depicted example, the translated policy-related file data 740 comprises a list of user names that will be allowed to log in to the second computer 340.

The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.

Claims

1. A computer system comprising: a workstation having a non-Windows operating system, a tangible computer storage medium with user applications stored therein, and a computer processor;a policy refresh component, stored in the storage medium, that checks whether a Windows native policy stored on a Windows computer and associated with the workstation has been changed;a translator manager, stored in the storage medium, that manages the association of the Windows native policy with the workstation and, upon a determination by the policy refresh component that the Windows native policy has been changed, receives the Windows native policy from the Windows computer;a policy translator, stored in the storage medium, that receives the Windows native policy from the translator manager and translates the Windows native policy into configuration information usable by the non-Windows operating system;an update configuration component, stored in the storage medium, that applies the configuration information usable by the non-Windows operating system by saving the configuration information in a policy-related file on the workstation;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a non-Windows operating system to set policy settings for non-Windows computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
2. The system of claim 1, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
3. The system of claim 1, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
4. The system of claim 1, wherein the policy refresh component checks whether the Windows native policy has been changed at least by polling the Windows computer at periodic intervals.
5. The system of claim 1, wherein the policy refresh component checks whether the Windows native policy has been changed at least by receiving a notification from the Windows computer that the Windows native policy has been changed.
6. The system of claim 1, wherein the workstation is a desktop computer.
7. The system of claim 1, wherein at least one of the user applications stored in the storage medium is a word processing application.
8. A method comprising: managing, on a workstation having a non-Windows operating system, a tangible computer storage medium with user applications stored therein, and a computer processor, an association between the workstation and a Windows native policy stored on a Windows computer;checking, by the workstation, whether the Windows native policy stored on the Windows computer and associated with the workstation has been changed;upon a determination by the workstation that the Windows native policy has been changed, receiving, on the workstation, the Windows native policy from the Windows computer;translating, on the workstation, the Windows native policy into configuration information usable by the non-Windows operating system; andapplying the configuration information usable by the non-Windows operating system by saving the configuration information in a policy-related file on the workstation;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a non-Windows operating system to set policy settings for non-Windows computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
9. The method of claim 8, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
10. The method of claim 8, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
11. The method of claim 8, wherein checking whether the Windows native policy has been changed includes polling the Windows computer at periodic intervals.
12. The method of claim 8, wherein checking whether the Windows native policy has been changed includes receiving, on the workstation, a notification from the Windows computer that the Windows native policy has been changed.
13. The method of claim 8, wherein the workstation is a desktop computer.
14. The method of claim 8, wherein at least one of the user applications stored in the storage medium is a word processing application.
15. A policy management and update system that uses Windows native policies to manage policy settings on a Linux computer, the system comprising: a workstation having a Linux operating system, a tangible computer storage medium with user applications stored therein, and a computer processor, wherein the workstation allows a user to login to the Linux operating system and to access one or more application programs comprising at least a word processing program;a policy refresh component, stored in the storage medium, that checks whether a Windows native policy stored on a Windows computer and associated with the workstation has been changed;a translator manager, stored in the storage medium, that manages the association of the Windows native policy with the workstation and, upon a determination by the policy refresh component that the Windows native policy has been changed, receives the Windows native policy from the Windows computer;a policy translator, stored in the storage medium, that receives the Windows native policy from the translator manager and translates the Windows native policy into configuration information usable by the Linux operating system;an update configuration component, stored in the storage medium, that applies the configuration information usable by the Linux operating system by saving the configuration information in a policy-related file on the workstation;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a Linux operating system to set policy settings for Linux computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
16. The system of claim 15, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
17. The system of claim 15, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
18. The system of claim 15, wherein the policy refresh component checks whether the Windows native policy has been changed at least by polling the Windows computer at periodic intervals.
19. The system of claim 15, wherein the policy refresh component checks whether the Windows native policy has been changed at least by receiving a notification from the Windows computer that the Windows native policy has been changed.
20. The system of claim 15, wherein the workstation is a desktop computer.
21. The system of claim 15, wherein the update configuration component changes configuration information of the word processing program.
22. A method of managing and updating policy settings on a Linux computer using Windows native policies, the method comprising: managing, on a workstation having a Linux operating system, a tangible computer storage medium with user applications stored therein, and a computer processor, an association between the workstation and a Windows native policy stored on a Windows computer, wherein the workstation allows a user to login to the Linux operating system and to access one or more application programs comprising at least a word processing program;checking, by the workstation, whether the Windows native policy stored on the Windows computer and associated with the workstation has been changed;upon a determination by the workstation that the Windows native policy has been changed, receiving, on the workstation, the Windows native policy from the Windows computer;translating, on the workstation, the Windows native policy into configuration information usable by the Linux operating system; andapplying the configuration information usable by the Linux operating system by saving the configuration information in a policy-related file on the workstation;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a Linux operating system to set policy settings for Linux computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
23. The method of claim 22, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
24. The method of claim 22, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
25. The method of claim 22, wherein checking whether the Windows native policy has been changed includes polling the Windows computer at periodic intervals.
26. The method of claim 22, wherein checking whether the Windows native policy has been changed includes receiving, on the workstation, a notification from the Windows computer that the Windows native policy has been changed.
27. The method of claim 22, wherein the workstation is a desktop computer.
28. The method of claim 22, wherein applying the configuration information updates configuration information of the word processing program.
29. A Windows native policy application system that applies a Windows native policy to set configuration information of at least a word processing program on a Unix computer, the system comprising: a workstation having a Unix operating system, a tangible computer storage medium with user applications stored therein, and a computer processor, wherein the workstation allows a user to login to the Unix operating system and to access one or more application programs comprising at least a word processing program;a policy refresh component, stored in the storage medium, that, upon user login to the workstation, checks whether a Windows native policy stored on a Windows computer and associated with the workstation has been changed;a translator manager, stored in the storage medium, that manages the association of the Windows native policy with the workstation and, upon a determination by the policy refresh component that the Windows native policy has been changed, receives the Windows native policy from the Windows computer;a policy translator, stored in the storage medium, that receives the Windows native policy from the translator manager and translates the Windows native policy into configuration information usable by the Unix operating system;an update configuration component, stored in the storage medium, that applies the configuration information usable by the Unix operating system by saving the configuration information in a policy-related file on the workstation, wherein application of the configuration information updates configuration information of at least the word processing program;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a Unix operating system to set policy settings for Linux computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
30. The system of claim 29, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
31. The system of claim 29, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
32. The system of claim 29, wherein the policy refresh component checks whether the Windows native policy has been changed at least by polling the Windows computer at periodic intervals.
33. The system of claim 29, wherein the policy refresh component checks whether the Windows native policy has been changed at least by receiving a notification from the Windows computer that the Windows native policy has been changed.
34. The system of claim 29, wherein the workstation is a desktop computer.
35. A method of applying a Windows native policy to set configuration information of at least a word processing program on a Unix computer comprising: managing, on a workstation having a Unix operating system, a tangible computer storage medium with user applications stored therein, and a computer processor, an association between the workstation and a Windows native policy stored on a Windows computer, wherein the workstation allows a user to login to the Unix operating system and to access one or more application programs comprising at least a word processing program;upon user login to the workstation, checking, by the workstation, whether the Windows native policy stored on the Windows computer and associated with the workstation has been changed;upon a determination by the workstation that the Windows native policy has been changed, receiving, on the workstation, the Windows native policy from the Windows computer;translating, on the workstation, the Windows native policy into configuration information usable by the Unix operating system; andapplying the configuration information usable by the Linux operating system by saving the configuration information in a policy-related file on the workstation, wherein application of the configuration information updates configuration information of at least the word processing program;wherein the Windows native policy can be read, in its native format, by a Windows operating system to set policy settings for Windows computers but cannot be read, in its native format, by a Unix operating system to set policy settings for Unix computers; andwherein the Windows native policy is used to set configurable options for at least one computer user, and wherein, after translation by the workstation, the Windows native policy remains centrally managed and updated by the Windows computer, and updates to the Windows native policy are propagated to the workstation, such that use of Windows native policies is extended to allow an administrator to use Windows native policies to manage configuration information on the workstation.
36. The method of claim 35, wherein the Windows native policy defines configuration of at least one application for each of a plurality of users within a group.
37. The method of claim 35, wherein the Windows native policy defines configuration information for each of a plurality of users within a group.
38. The method of claim 35, wherein checking whether the Windows native policy has been changed includes polling the Windows computer at periodic intervals.
39. The method of claim 35, wherein checking whether the Windows native policy has been changed includes receiving, on the workstation, a notification from the Windows computer that the Windows native policy has been changed.
40. The method of claim 35, wherein the workstation is a desktop computer.

US Referenced Citations (420)

Number	Name	Date	Kind
4109237	Hill	Aug 1978	A
4370707	Phillips et al.	Jan 1983	A
4694397	Grant	Sep 1987	A
5222018	Sharpe et al.	Jun 1993	A
5267865	Lee et al.	Dec 1993	A
5302132	Corder	Apr 1994	A
5310349	Daniels et al.	May 1994	A
5313465	Perlman et al.	May 1994	A
5333302	Hensley et al.	Jul 1994	A
5339435	Lubkin et al.	Aug 1994	A
5367698	Webber et al.	Nov 1994	A
5371852	Attanasio et al.	Dec 1994	A
5387104	Corder	Feb 1995	A
5410703	Nilsson et al.	Apr 1995	A
5423032	Byrd et al.	Jun 1995	A
5437027	Bannon et al.	Jul 1995	A
5437555	Ziv-El	Aug 1995	A
5440719	Hanes et al.	Aug 1995	A
5441415	Lee et al.	Aug 1995	A
5497486	Stolfo et al.	Mar 1996	A
5497492	Zbikowski et al.	Mar 1996	A
5499379	Tanaka et al.	Mar 1996	A
5530829	Beardsley et al.	Jun 1996	A
5550968	Miller et al.	Aug 1996	A
5550976	Henderson et al.	Aug 1996	A
5553291	Tanaka et al.	Sep 1996	A
5586304	Stupek, Jr. et al.	Dec 1996	A
5590360	Edwards	Dec 1996	A
5600833	Senn et al.	Feb 1997	A
5608874	Ogawa et al.	Mar 1997	A
5608903	Prasad et al.	Mar 1997	A
5613090	Willems	Mar 1997	A
5623601	Vu	Apr 1997	A
5630069	Flores et al.	May 1997	A
5630131	Palevich et al.	May 1997	A
5659735	Parrish et al.	Aug 1997	A
5659736	Hasegawa et al.	Aug 1997	A
5666502	Capps et al.	Sep 1997	A
5671428	Muranaga et al.	Sep 1997	A
5673386	Batra	Sep 1997	A
5673387	Chen et al.	Sep 1997	A
5675782	Montague et al.	Oct 1997	A
5677997	Talatik	Oct 1997	A
5680586	Elkins et al.	Oct 1997	A
5684950	Dare et al.	Nov 1997	A
5692132	Hogan	Nov 1997	A
5692902	Aeby	Dec 1997	A
5694540	Humelsine et al.	Dec 1997	A
5706502	Foley et al.	Jan 1998	A
5708812	Van Dyke et al.	Jan 1998	A
5708828	Coleman	Jan 1998	A
5710884	Dedrick	Jan 1998	A
5711671	Geeslin et al.	Jan 1998	A
5724521	Dedrick	Mar 1998	A
5727145	Nessett et al.	Mar 1998	A
5727951	Ho et al.	Mar 1998	A
5740427	Stoller et al.	Apr 1998	A
5743746	Ho et al.	Apr 1998	A
5745113	Jordan et al.	Apr 1998	A
5745902	Miller et al.	Apr 1998	A
5752042	Cole et al.	May 1998	A
5754173	Hiura et al.	May 1998	A
5754938	Herz et al.	May 1998	A
5758062	Mcmahon et al.	May 1998	A
5758074	Marlin et al.	May 1998	A
5758344	Prasad et al.	May 1998	A
5764897	Khalidi	Jun 1998	A
5765140	Knudson et al.	Jun 1998	A
5768519	Swift et al.	Jun 1998	A
5774551	Wu et al.	Jun 1998	A
5778169	Reinhardt	Jul 1998	A
5784553	Kolawa et al.	Jul 1998	A
5784643	Shields	Jul 1998	A
5790801	Funato	Aug 1998	A
5796393	Macnaughton et al.	Aug 1998	A
5806075	Jain et al.	Sep 1998	A
5812669	Jenkins et al.	Sep 1998	A
5812865	Theimer et al.	Sep 1998	A
5815657	Williams et al.	Sep 1998	A
5819265	Ravin et al.	Oct 1998	A
5819281	Cummins	Oct 1998	A
5819295	Nakagawa et al.	Oct 1998	A
5822518	Ooki et al.	Oct 1998	A
5835087	Herz et al.	Nov 1998	A
5835911	Nakagawa et al.	Nov 1998	A
5838918	Prager et al.	Nov 1998	A
5844508	Murashita et al.	Dec 1998	A
5848396	Gerace	Dec 1998	A
5859972	Subramaniam et al.	Jan 1999	A
5872928	Lewis et al.	Feb 1999	A
5872973	Mitchell et al.	Feb 1999	A
5878432	Misheski et al.	Mar 1999	A
5889520	Glaser	Mar 1999	A
5890161	Helland et al.	Mar 1999	A
5890175	Wong et al.	Mar 1999	A
5892898	Fujii et al.	Apr 1999	A
5893074	Hughes et al.	Apr 1999	A
5893076	Hafner et al.	Apr 1999	A
5893916	Dooley	Apr 1999	A
5930512	Boden et al.	Jul 1999	A
5937165	Schwaller et al.	Aug 1999	A
5948064	Bertram et al.	Sep 1999	A
5949419	Domine et al.	Sep 1999	A
5956732	Tsuchida	Sep 1999	A
5956736	Hanson et al.	Sep 1999	A
5960200	Eager et al.	Sep 1999	A
5968176	Nessett et al.	Oct 1999	A
5987247	Lau	Nov 1999	A
5995114	Wegman et al.	Nov 1999	A
6002868	Jenkins et al.	Dec 1999	A
6003047	Osmond et al.	Dec 1999	A
6014669	Slaughter et al.	Jan 2000	A
6014712	Islam et al.	Jan 2000	A
6016495	Mckeehan et al.	Jan 2000	A
6016501	Martin et al.	Jan 2000	A
6021496	Dutcher et al.	Feb 2000	A
6029178	Martin et al.	Feb 2000	A
6029195	Herz	Feb 2000	A
6029247	Ferguson	Feb 2000	A
6035323	Narayen et al.	Mar 2000	A
6041344	Bodamer et al.	Mar 2000	A
6044368	Powers	Mar 2000	A
6044465	Dutcher et al.	Mar 2000	A
6049822	Mittal	Apr 2000	A
6052512	Peterson et al.	Apr 2000	A
6055538	Kessenich et al.	Apr 2000	A
6058260	Brockel et al.	May 2000	A
6058379	Odom et al.	May 2000	A
6061643	Walker et al.	May 2000	A
6061650	Malkin et al.	May 2000	A
6067568	Li et al.	May 2000	A
6070184	Blount et al.	May 2000	A
6076166	Moshfeghi et al.	Jun 2000	A
6079020	Liu	Jun 2000	A
6092199	Dutcher et al.	Jul 2000	A
6101481	Miller	Aug 2000	A
6101503	Cooper et al.	Aug 2000	A
6108649	Young et al.	Aug 2000	A
6108670	Weida et al.	Aug 2000	A
6112228	Earl et al.	Aug 2000	A
6112240	Pogue et al.	Aug 2000	A
6115040	Bladow et al.	Sep 2000	A
6115544	Mueller	Sep 2000	A
6134548	Gottsman et al.	Oct 2000	A
6137869	Voit et al.	Oct 2000	A
6138086	Rose et al.	Oct 2000	A
6141006	Knowlton et al.	Oct 2000	A
6141010	Hoyle	Oct 2000	A
6141647	Meijer et al.	Oct 2000	A
6151600	Dedrick	Nov 2000	A
6151610	Senn et al.	Nov 2000	A
6161176	Hunter et al.	Dec 2000	A
6167445	Gai et al.	Dec 2000	A
6167564	Fontana et al.	Dec 2000	A
6170009	Mandal et al.	Jan 2001	B1
6182212	Atkins et al.	Jan 2001	B1
6182226	Reid et al.	Jan 2001	B1
6185625	Tso et al.	Feb 2001	B1
6195794	Buxton	Feb 2001	B1
6199068	Carpenter	Mar 2001	B1
6199079	Gupta et al.	Mar 2001	B1
6202051	Woolston	Mar 2001	B1
6205480	Broadhurst et al.	Mar 2001	B1
6208345	Sheard et al.	Mar 2001	B1
6209000	Klein et al.	Mar 2001	B1
6209033	Datta et al.	Mar 2001	B1
6222535	Hurd, II	Apr 2001	B1
6223221	Kunz	Apr 2001	B1
6226649	Bodamer et al.	May 2001	B1
6230160	Chan et al.	May 2001	B1
6230309	Turner et al.	May 2001	B1
6233584	Purcell	May 2001	B1
6237114	Wookey et al.	May 2001	B1
6246410	Bergeron et al.	Jun 2001	B1
6249905	Yoshida et al.	Jun 2001	B1
6256637	Venkatesh et al.	Jul 2001	B1
6256659	Mclain, Jr. et al.	Jul 2001	B1
6256678	Traughber et al.	Jul 2001	B1
6260068	Zalewski et al.	Jul 2001	B1
6263352	Cohen	Jul 2001	B1
6266666	Ireland et al.	Jul 2001	B1
6269405	Dutcher et al.	Jul 2001	B1
6269406	Dutcher et al.	Jul 2001	B1
6272673	Dale et al.	Aug 2001	B1
6272678	Imachi et al.	Aug 2001	B1
6279030	Britton et al.	Aug 2001	B1
6282576	Lane	Aug 2001	B1
6282605	Moore	Aug 2001	B1
6286028	Cohen et al.	Sep 2001	B1
6286104	Buhle et al.	Sep 2001	B1
6301601	Helland et al.	Oct 2001	B1
6304893	Gish	Oct 2001	B1
6308164	Nummelin et al.	Oct 2001	B1
6308188	Bernardo et al.	Oct 2001	B1
6308273	Goertzel et al.	Oct 2001	B1
6313835	Gever et al.	Nov 2001	B1
6314434	Shigemi et al.	Nov 2001	B1
6327677	Garg et al.	Dec 2001	B1
6330566	Durham	Dec 2001	B1
6336118	Hammond	Jan 2002	B1
6341287	Siziklai et al.	Jan 2002	B1
6345239	Bowman-amuah	Feb 2002	B1
6349287	Hayashi	Feb 2002	B1
6363398	Andersen	Mar 2002	B1
6370573	Bowman Amuah	Apr 2002	B1
6370646	Goodman et al.	Apr 2002	B1
6381579	Gervais et al.	Apr 2002	B1
6389589	Mishra et al.	May 2002	B1
6401085	Gershman et al.	Jun 2002	B1
6401211	Brezak et al.	Jun 2002	B1
6405364	Bowman-amuah	Jun 2002	B1
6430556	Goldberg et al.	Aug 2002	B1
6438514	Hill et al.	Aug 2002	B1
6442620	Thatte et al.	Aug 2002	B1
6446096	Holland et al.	Sep 2002	B1
6453317	Lacost et al.	Sep 2002	B1
6457130	Hitz et al.	Sep 2002	B2
6466932	Dennis et al.	Oct 2002	B1
6469713	Hetherington et al.	Oct 2002	B2
6473794	Guheen et al.	Oct 2002	B1
6496847	Bugnion et al.	Dec 2002	B1
6567818	Frey et al.	May 2003	B1
6587876	Mahon et al.	Jul 2003	B1
6615258	Barry et al.	Sep 2003	B1
6625622	Henrickson et al.	Sep 2003	B1
6658625	Allen	Dec 2003	B1
6678714	Olapurath et al.	Jan 2004	B1
6715128	Hirashima et al.	Mar 2004	B1
6728877	Mackin et al.	Apr 2004	B2
6735691	Capps et al.	May 2004	B1
6757696	Multer et al.	Jun 2004	B2
6760761	Sciacca	Jul 2004	B1
6795835	Ricart et al.	Sep 2004	B2
6801946	Child et al.	Oct 2004	B1
6817017	Goodman	Nov 2004	B2
6839766	Parnafes et al.	Jan 2005	B1
6880005	Bell et al.	Apr 2005	B1
6925477	Champagne et al.	Aug 2005	B1
6938158	Azuma	Aug 2005	B2
6941465	Palekar et al.	Sep 2005	B1
6944183	Iyer et al.	Sep 2005	B1
6950818	Dennis et al.	Sep 2005	B2
6950935	Allavarpu et al.	Sep 2005	B1
6968370	Wu	Nov 2005	B2
6973488	Yavatkar et al.	Dec 2005	B1
6976090	Ben-Shaul et al.	Dec 2005	B2
7028079	Mastrianni et al.	Apr 2006	B2
7062781	Shambroom	Jun 2006	B2
7080077	Ramamurthy et al.	Jul 2006	B2
7089584	Sharma	Aug 2006	B1
7100195	Underwood	Aug 2006	B1
7117486	Wong et al.	Oct 2006	B2
7133984	Dickensheets	Nov 2006	B1
7139973	Kirkwood et al.	Nov 2006	B1
7143095	Barrett et al.	Nov 2006	B2
7162640	Heath et al.	Jan 2007	B2
7171458	Brown et al.	Jan 2007	B2
7185073	Gai et al.	Feb 2007	B1
7209970	Everson et al.	Apr 2007	B1
7213266	Maher et al.	May 2007	B1
7216181	Jannu et al.	May 2007	B1
7231460	Sullivan et al.	Jun 2007	B2
7234157	Childs et al.	Jun 2007	B2
7243370	Bobde et al.	Jul 2007	B2
7284043	Feinleib et al.	Oct 2007	B2
7299504	Tiller et al.	Nov 2007	B1
7346766	Mackin et al.	Mar 2008	B2
7356601	Clymer et al.	Apr 2008	B1
7356816	Goodman et al.	Apr 2008	B2
7379996	Papatla et al.	May 2008	B2
7418597	Thornton et al.	Aug 2008	B2
7421555	Dorey	Sep 2008	B2
7426642	Aupperle et al.	Sep 2008	B2
7428583	Lortz et al.	Sep 2008	B1
7440962	Wong et al.	Oct 2008	B1
7444401	Keyghobad et al.	Oct 2008	B1
7467141	Steele et al.	Dec 2008	B1
7478418	Supramaniam et al.	Jan 2009	B2
7483979	Prager	Jan 2009	B1
7487535	Isaacson et al.	Feb 2009	B1
7519813	Cox et al.	Apr 2009	B1
7584502	Alkove et al.	Sep 2009	B2
7591005	Moore	Sep 2009	B1
7617501	Peterson et al.	Nov 2009	B2
7650497	Thornton et al.	Jan 2010	B2
7653794	Michael et al.	Jan 2010	B2
7661027	Langen et al.	Feb 2010	B2
7673323	Moriconi	Mar 2010	B1
7690025	Grewal et al.	Mar 2010	B2
7765187	Bergant et al.	Jul 2010	B2
7805721	Feinleib et al.	Sep 2010	B2
7895332	Vanyukhin et al.	Feb 2011	B2
7904949	Bowers et al.	Mar 2011	B2
7987455	Senner et al.	Jul 2011	B1
8024360	Moore	Sep 2011	B2
8086710	Vanyukhin et al.	Dec 2011	B2
8087075	Peterson et al.	Dec 2011	B2
8141138	Bhatia et al.	Mar 2012	B2
8245242	Peterson et al.	Aug 2012	B2
8346908	Vanyukhin et al.	Jan 2013	B1
8429712	Robinson et al.	Apr 2013	B2
8533744	Peterson et al.	Sep 2013	B2
20010034733	Prompt et al.	Oct 2001	A1
20020055949	Shiomi et al.	May 2002	A1
20020078005	Shi et al.	Jun 2002	A1
20020112178	Scherr	Aug 2002	A1
20020129274	Baskey et al.	Sep 2002	A1
20020133723	Tait	Sep 2002	A1
20020138572	Delany et al.	Sep 2002	A1
20020169986	Lortz	Nov 2002	A1
20020169988	Vandergeest et al.	Nov 2002	A1
20020174366	Peterka et al.	Nov 2002	A1
20020178377	Hemsath et al.	Nov 2002	A1
20020184536	Flavin	Dec 2002	A1
20030009487	Prabakaran et al.	Jan 2003	A1
20030018913	Brezak et al.	Jan 2003	A1
20030023587	Dennis et al.	Jan 2003	A1
20030028611	Kenny et al.	Feb 2003	A1
20030033535	Fisher et al.	Feb 2003	A1
20030065940	Brezak et al.	Apr 2003	A1
20030065942	Lineman et al.	Apr 2003	A1
20030110397	Supramaniam et al.	Jun 2003	A1
20030115186	Wilkinson et al.	Jun 2003	A1
20030115313	Kanada et al.	Jun 2003	A1
20030115439	Mahalingam et al.	Jun 2003	A1
20030149781	Yared et al.	Aug 2003	A1
20030177388	Botz et al.	Sep 2003	A1
20030188036	Chen et al.	Oct 2003	A1
20030229783	Hardt	Dec 2003	A1
20040010519	Sinn et al.	Jan 2004	A1
20040059953	Purnell	Mar 2004	A1
20040078569	Hotti	Apr 2004	A1
20040088543	Garg et al.	May 2004	A1
20040098595	Aupperle et al.	May 2004	A1
20040098615	Mowers et al.	May 2004	A1
20040111515	Manion et al.	Jun 2004	A1
20040111643	Farmer	Jun 2004	A1
20040117382	Houseknecht et al.	Jun 2004	A1
20040123146	Himmel et al.	Jun 2004	A1
20040128542	Blakley et al.	Jul 2004	A1
20040139050	Barrett et al.	Jul 2004	A1
20040139081	Barrett et al.	Jul 2004	A1
20040199795	Grewal et al.	Oct 2004	A1
20040226027	Winter	Nov 2004	A1
20040260565	Zimniewicz et al.	Dec 2004	A1
20040260651	Chan et al.	Dec 2004	A1
20050010547	Carinci et al.	Jan 2005	A1
20050044409	Betz et al.	Feb 2005	A1
20050055357	Campbell	Mar 2005	A1
20050060397	Barthram et al.	Mar 2005	A1
20050086457	Hohman	Apr 2005	A1
20050091068	Ramamoorthy et al.	Apr 2005	A1
20050091213	Schutz et al.	Apr 2005	A1
20050091250	Dunn et al.	Apr 2005	A1
20050091284	Weissman et al.	Apr 2005	A1
20050091290	Cameron et al.	Apr 2005	A1
20050108579	Isaacson et al.	May 2005	A1
20050114701	Atkins et al.	May 2005	A1
20050125798	Peterson	Jun 2005	A1
20050144463	Rossebo et al.	Jun 2005	A1
20050160423	Bantz et al.	Jul 2005	A1
20050193181	Kaneda et al.	Sep 2005	A1
20050198303	Knauerhase et al.	Sep 2005	A1
20050204143	Ellington	Sep 2005	A1
20050223216	Chan et al.	Oct 2005	A1
20050246554	Batson	Nov 2005	A1
20050267938	Czeczulin	Dec 2005	A1
20050268309	Krishnaswamy et al.	Dec 2005	A1
20050283443	Hardt	Dec 2005	A1
20050283614	Hardt	Dec 2005	A1
20060004794	Pizzo et al.	Jan 2006	A1
20060005229	Palekar et al.	Jan 2006	A1
20060010445	Peterson et al.	Jan 2006	A1
20060015353	Reese	Jan 2006	A1
20060021017	Hinton et al.	Jan 2006	A1
20060026195	Gu et al.	Feb 2006	A1
20060034494	Holloran	Feb 2006	A1
20060085483	Mooney et al.	Apr 2006	A1
20060116949	Wehunt et al.	Jun 2006	A1
20060130065	Chin et al.	Jun 2006	A1
20060161435	Atef et al.	Jul 2006	A1
20060174350	Roever et al.	Aug 2006	A1
20060184401	DelGaudio et al.	Aug 2006	A1
20060200424	Cameron et al.	Sep 2006	A1
20060200504	Lo	Sep 2006	A1
20060224611	Dunn et al.	Oct 2006	A1
20060248099	Barrett et al.	Nov 2006	A1
20060265740	Clark et al.	Nov 2006	A1
20060282360	Kahn et al.	Dec 2006	A1
20060282461	Marinescu	Dec 2006	A1
20060294151	Wong et al.	Dec 2006	A1
20070011136	Haskin et al.	Jan 2007	A1
20070038596	Pizzo et al.	Feb 2007	A1
20070083917	Peterson et al.	Apr 2007	A1
20070100980	Kataoka et al.	May 2007	A1
20070101415	Masui	May 2007	A1
20070143430	Johnson et al.	Jun 2007	A1
20070143836	Bowers et al.	Jun 2007	A1
20070150448	Patnode	Jun 2007	A1
20070156766	Hoang et al.	Jul 2007	A1
20070156767	Hoang et al.	Jul 2007	A1
20070180448	Low et al.	Aug 2007	A1
20070180493	Croft et al.	Aug 2007	A1
20070192843	Peterson	Aug 2007	A1
20070255814	Green et al.	Nov 2007	A1
20070288992	Robinson	Dec 2007	A1
20080104220	Vanyukhin	May 2008	A1
20080104250	Vanyukhin	May 2008	A1
20080133533	Ganugapati et al.	Jun 2008	A1
20080162604	Soulet et al.	Jul 2008	A1
20080215867	Mackin et al.	Sep 2008	A1
20090006537	Palekar et al.	Jan 2009	A1
20090216975	Halperin et al.	Aug 2009	A1
20100050232	Peterson	Feb 2010	A1
20110093570	Mackin et al.	Apr 2011	A1
20110282977	Peterson	Nov 2011	A1
20110283273	Peterson	Nov 2011	A1
20120192256	Peterson et al.	Jul 2012	A1
20120215899	Peterson	Aug 2012	A1
20120297035	Peterson	Nov 2012	A1

Foreign Referenced Citations (4)

Number	Date	Country
05728119.1	Mar 2005	EP
1 932 279	Jun 2008	JP
WO 2006016900	Feb 2006	WO
WO 2007044613	Apr 2007	WO

Non-Patent Literature Citations (149)

Entry
“Description of Digital Certificates”, Jan. 23, 2007.
“Directory Administrator”, p. 1-3. Dec. 15, 2004.
“Innovation Report—Windows Group Policy Protocols”. Jul. 31, 2006.
“Kerberos Module for Apache”.
“LDAP Linux HOWTO”, p. 1-2. Mar. 5, 2004.
“Lnux Authentication Against Active Directory”, p. 1-2. Dec. 15, 2004.
“NegotiateAuth”, Jul. 8, 2010.
“Optimization Techniques for Trusted Semantic Interoperation”, Final Technical Report, Air Force Research Laboratory. Published May 1998.
“Project: AD4Unix: Summary”, p. 1-3. Dec. 15, 2004.
“Replacing NIS with Kerberos and LDAP”, p. 1-2. Dec. 15, 2004.
“Sadma”, p. 1-2. Dec. 15, 2004.
“Sun Enterprise Authentication Mechanism Data Sheet”, pp. 1-4. Dec. 15, 2004.
Vintela Extends the Reach of Microsoft Group Policy to Unix and Linux; Vintela Group Policy (VGP) Provides a Framework for Unix and Linux Policy-Based Management Through the Popular Windows Group Policy System., PR Newswire, Sep. 13, 2004.
Nov. 18, 2011, U.S. Appl. No. 95/001,458—Office Action—Transmittal of Communications to Third Party Requester Inter Partes Reexamination, 52 pages.
Nov. 18, 2011, U.S. Appl. No. 95/001,458—Patent Owner Comments Regarding Oct. 20, 2011 Action Closing Presecution, 14 pages.
A. Leonard, “Embrace, extend, censor”, Originally published May 11, 2000 on salon.com.
Accelerated Examination Support Document in U.S. Appl. No. 13/198,592, filed Aug. 4, 2011.
Accelerated Examination Support Document in U.S. Appl. No. 13/198,629, filed Aug. 4, 2011.
Aelita Software Domain Migration Wizard 6.0 User's Guide, Aug. 21, 2003.
AIX 5L Differences Guide Version 5.2 Edition Published Dec. 24, 2002, Excerpt.
Akhgar et al., Secure ICT Services for Mobile and Wireless Communications: A Federated Global Identity Management Framework, 2006 IEEE.
Alan H. Harbitter et al., “Performance of Public-Key-Enabled Kerberos Authentication in Large Networks”, Proceedings of the IEEE symposium on Security and Privacy. 2001.
Antti Tikkanen, “Active Directory and nss—idap for Linux: Centralized er Management,” printed from pp. 1-11, 2004.
Apurva Kumar, “The OpenLDAP Proxy Cache,” IBM, India Research Lab, at least as early as May 2003.
Authentication, from Pieces of the Puzzle, Chapter 2, p. 12. (Exhibit IV to U.S. Appl. No. 95/001,872, Inter Partes Reexamination Renewed Petition (Third Party Requester to Response to Mar. 1, 2012 Office Action), dated Aug. 9, 2012.
Buell, D.A. et al., “Identity management”, Internet Computing, IEEEvol. 7, Issue 6, Nov.-Dec. 2003 pp. 26-28.
Centrify Corporation's Answer and Affirmative Defenses, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-CV-00859-TS, United States District Court for the District of Utah, Central Division.
Centrify DirectControl Administrator's Guide Version 2.0, Aug. 15, 2005.
Chapter 9 Authentication Protocols, Distributed System & Network Security Lab, Department of Computer Science & Information Engineering, National Chiao Tung University, pp. 21-22. 1991.
Complaint, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
COSuser—Identity management and user provisioning for Unix, Linux and Microsoft Windows® May 24, 2010.
Damiani, E., et al, “Managing multiple and dependable identities” Internet Computing, IEEEvol. 7, Issue 6, Nov.-Dec. 2003 pp. 29-37.
David “Del” Elson, “Active Directory and Linux,” printed from pp. 1-11, 2002.
David F. Carr, “What's Federated Identity Management?”, eWeek, Nov. 10, 2003.
Declaration of Ethan L. Miller, Ph.D. (Exh. I, to Inter Partes Reexam), dated Aug. 30, 2012.
Declaration of Matthew Peterson in Support of Quest's Opposition to Centrify's Motion to Transfer Venue to the Northern District of California, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
Dennis, Disconnect Login (Was: FC3 Bug Week—Help Wanted) (Sep. 24, 2004).
Description of Digital Certificates, Jan. 23, 2007, available at.
Designing Network Security Published May 7, 1999. Excerpt.
Documentation for Kerberos V5 release krb5-1.3, Copyright 1985-2002, Installation Guide.
Documentation for Kerberos V5 release krb5-1.3, Copyright 1985-2002, Installation Guide:—System Administrator's Guide:—UNIX User's Guide.
Documentation for Kerberos V5 release krb5-1.3, Copyright 1985-2002, System Administrator's Guide.
Documentation for Kerberos V5 release krb5-1.3, Copyright 1985-2002, UNIX User's Guide.
European Office Action, Application No. 05728119.8-1243 dated Apr. 9, 2009.
European Patent Office Communication pursuant to Article 94(3) EPC dated Apr. 9, 2009.
Fabini et al., “IMS in a Bottle: Initial Experiences from an OpenSER-based Prototype Implementation of the 3GPP IP Multimedia Subsystem” Mobile Business, 2006. ICMB '06. International Conference on Publication Date: 2006; On pp. 13-13.
Garman, “Kerberos—The Definitive Guide,” Aug. 2003, O'Reilly & Associates, Inc.
Get to One Options for moving from multiple, Unix identities to a single, AD-based authentication infrastructure with Vintela Authentication Services May 24, 2010.
Hank Simon, “SAML:The Secret to Centralized Identity Management”, Dec. 2004.
IBM SecureWay Policy Director, 1999. (4 pages).
IBM z/OS V1R1.0-V1R12.0 DCE Application Development Reference: dce—ace—is—cient—authorized API call: URL: Copyright IBM Corporation 1990,2010, (2 pages).
Identity Management for UNIX Aug. 22, 2005.
Implementing Registry-Based Group Policy for Applications, Microsoft Windows 2000 Server. White Paper. 2000.
International Preliminary Report on Patentability and Written Opinion for International Application No. PCT/US2006/039302, mailed on Apr. 2, 2009, in 7 pages.
International Search Report and Written Opinion from International Patent Appl. No. PCT/US2009/038394, mailed Oct. 6, 2009, in 13 pages.
International Search Report in International Application No. PCT/US2006/039302, mailed on Jul. 3, 2008.
International Search Report PCT/US2005/008342 , mailed on Nov. 9, 2006.
Introduction to Group Policy in Windows Server 2003, Microsoft Corporation, Published Apr. 2003.
J. Barr, “The Gates of Hades: Microsoft attempts to co-opt Kerberos”, Published Apr. 2000 as verified by the Internet Archive.
J. Brezak, “HTTP Authentication: SPNEGO Access Authentication as Implemented in Microsoft Windows 2000,” pp. 1-6. 2002.
J. Kohl et al. “RFC 1510: The Kerberos Network Authentication Service (V5)”, Published Sep. 1993.
Jan De Clercq, “Win.NET Server Kerberos”, Sep. 17, 2002.
John Brezak, “Interoperability with Microsoft Windows 2000 Active Directory and Kerberos Services,” printed from pp. 1-4, 2000.
Kerberos, PACs, and Microsoft's Dirty Tricks Originally posted to slashdot.org on May 2, 2000.
Langella, S. et al., “Dorian: Grid Service Infrastructure for Identity Management and Federation”, Computer-Based Medical Systems, 2006. CBMS 2006. 19th IEEE International Symposium on Jun. 22-23, 2006 pp. 756-761.
Li, M., et al., “Identity management in vertical handovers for UMTS-WLAN networks”, Mobile Business, 2005. ICMB 2005. International Conference on Jul. 11-13, 2005 pp. 479-484.
Likewise Software, Inc.'s Answer, Affirmative Defenses and Counterclaims, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-CV-00859-TS, United States District Court for the District of Utah, Central Division.
LinuX® and Windows® Interoperability Guide, Published Dec. 14, 2001, Excerpt.
Lowe-Norris, Alistair G., Windows 2000 Active Directory, Chapters 8 and 9, pp. 177-245, Jan. 2000.
Matsunaga et al, “Secure Authentication System for Public WLAN Roaming, Proceedings of the 1st ACM international workshop on Wireless mobile applications and services on WLAN hotspots,” San Diego, CA, A, Year of Publication: 2003, p. 113-121.
Matthew Hur, “Session Code: ARC241 architecture & infrastructure”, Microsoft Corporation. Oct. 26, 2003.
MCSE in a Nutshell: The Windows 2000 Exams Published Feb. 2001. Excerpt.
Memorandum Decision and Order Denying Defendant Centrify Corporation's Motion to Transfer Venue and Motion to Stay Pending Inter Partes Reexamination, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
Memorandum in Support of Centrify's Motion to Stay Pending Inter Partes Reexamination, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
Microsoft Corp., Implementing Registry-Based Group Policy for Applications, 2000.
Microsoft Corp., Introduction to Group Policy in Windows Server 2003, 2003.
Microsoft: CATIA Migration from UNIX to Windows, Overview, Jul. 18, 2003. (3 pages).
Microsoft: CATIA Migration from UNIX to Windows, Overview, Jul. 18, 2003, Microsoft, Chapter 8, Windows-Unix Interoperability and Data Sharing. (21 pages).
Mikkonen, H. et al., “Federated Identity Management for Grids” Networking and Services, 2006. ICNS '06. International conference on Jul. 16-18, 2006 pp. 69-69.
Mont, M.C. et al., “Towards accountable management of identity and privacy: sticky policies and enforceable tracing services”, Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on Sep. 1-5, 2003 pp. 377-382.
NCSA Introduction to Kerberos 5, All right reserved Board of Trustees of the University of Illinois Page last updated May 21, 2002.
Neuman et al., “RFC 4120—The Kerberos Network Authentication Service V5,” Network Working Group, Jul. 2005.
Neuman, et al.: “Kerberos: An Authentication Service for Computer Networks”, IEEE Communications Magazine, vol. 32, Issue 9, Pub. Date Sep. 1994, relevant pp. 33-38.
O'Reily publications “Unix & Internet Security”, Apr. 1996. (3 pages).
PADL Software Pty Ltd., pp. 1-3. Dec. 15, 2004.
PADL Software Pty Ltd., Pam—ccreds readme, (Apr. 11, 2004) (pan—crreds).
Phiri, J. et al., “Modelling and Information Fusion in Digital Identity Management Systems” Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, 2006. ICN/ICONS/MCL 2006. International Conference on Apr. 23-29, 2006 pp. 181-181.
Quest Software, Inc.'s Opposition to Motion to Stay, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
Quest Software; “UNIX Identity Migration Wizard User Guide”, 2006.
Quest Vintela Authentication Services Administrator's Guide Version 3.1, Sep. 2006.
Radeke, E., et al. “Framework for object migration in federated database systems”, Cooperation Univ. of Paderborn, Germany, Parallel and Distributed Information Systems, 1994., Proceedings of the Third International Conference on Publication Date: Sep. 28-30, 1994, on pp. 187-194.
Record of Oral Hearing in Reexamination Control No. 95/001,458 of United States Patent No. 7,617,501, Argued Aug. 15, 2013.
Reply Memorandum in Support of Centrify's Motion to Stay Pending Inter Partes Reexamination, Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-cv-00859-TS, United States District Court for the District of Utah, Central Division.
Request for Withdrawal of the European Application No. 05728119.8 on Feb. 19, 2010.
Response to Communication pursuant to Article 94(3) EOC filed Sep. 9, 2009 in EP 05728119.8.
RFC 4120—“The Kerberos Network Authentication Service V5,” Neuman et al., Network Working Group, Jul. 2005.
Sandrasegaran, Hsang, Identity Management in Vertical Handovers for UMTS-WLAN Networks, 2005 IEEE.
Schroeder, SDSC's Installation and Development of Kerberos, San Diego Supercomputer Center, San Diego, CA, Sep. 20, 1995, p. 1-11.
Search Security, “Search Security.com Definitions”, Jun. 4, 2007.
Shim, S.S.Y et al., “Federated identity management” Computer; vol. 38, Issue 12, Dec. 2005 pp. 120-122.
Shin, D. et al., “Ensuring information assurance in federated identity management”, Performance, Computing, and Communications, 2004 IEEE International Conference on 2004 pp. 821-826.
Siddiqi, J. et al., “Secure ICT Services for Mobile and Wireless Communications: A Federated Global Identity Management Framework”, Information Technology: New Generations, 2006. ITNG 2006. Third International Conference on Apr. 10-12, 2006 pp. 351-357.
Sixto Ortiz, Jr., “One-Time Password Technology”, vol. 29, Issue 15, Apr. 13, 2007.
Stipulated Judgment and Entry of Permanent Injunction against Likewise Software, Inc., Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2:10-CV-00859-TS, United States District Court for the District of Utah, Central Division.
Subject 2.15. What do I need to do to setup cross-realm authentication?, Jul. 8, 2010.
The SLAPD and SLURPD Administrator's Guide, University of Michigan Release 3.3 Apr. 30, 1996, available at.
Transcript of Jul. 22, 2011 deposition of Michael W. Dennis in Quest Software, Inc. v. Centrify Corporation and Likewise Software, Inc., Case No. 2: 10-CV-00859-TS, United States District Court for the District of Utah, Central Division.
Turbo Fredriksson, “LDAPv3.” printed from pp. 2-65, 2001.
U.S. Appl. No. 12/612,569, Inter Partes Reexamination Request dated Aug. 31, 2012.
U.S. Appl. No. 95/001,458 Reexamination Action Closing Prosecution dated Oct. 10, 2011
U.S. Appl. No. 95/001,458 Reexamination Appellant's Brief filed Mar. 15, 2012.
U.S. Appl. No. 95/001,458 Reexamination Examiner's Answer mailed Sep. 25, 2012.
U.S. Appl. No. 95/001,458 Reexamination Notice of Appeal filed Jan. 16, 2012.
U.S. Appl. No. 95/001,458 Reexamination Notice of Defective Paper in Inter Partes Reexamination mailed Jul. 20, 2011.
U.S. Appl. No. 95/001,458 Reexamination Notice of Hearing mailed May 30, 2013.
U.S. Appl. No. 95/001,458 Reexamination Order dated Nov. 24, 2010 Granting Request for Inter Partes Reexamination.
U.S. Appl. No. 95/001,458 Reexamination Patent Owner Comments filed Nov. 18, 2011.
U.S. Appl. No. 95/001,458 Reexamination Rebuttal Brief filed Oct. 24, 2012.
U.S. Appl. No. 95/001,458 Reexamination Respondent's Brief filed Apr. 12, 2012.
U.S. Appl. No. 95/001,458 Reexamination Response to Office Action filed Mar. 21, 2011.
U.S. Appl. No. 95/001,458 Reexamination Right of Appeal Notice mailed Dec. 16, 2011.
U.S. Appl. No. 95/001,458 Reexamination Shortened Response to Office Action filed Aug. 4, 2011.
U.S. Appl. No. 95/001,458 Reexamination Third Party Requester Comments filed Apr. 15, 2011.
U.S. Appl. No. 95/001,458 Reexamination Third Party Requester Comments filed Aug. 22, 2011.
U.S. Appl. No. 95/001,458 Reexamination Third Party Requester Comments filed Nov. 29, 2011.
U.S. Appl. No. 95/001,458, Inter Partes Reexamination Office Action, dated Jan. 21, 2011 of co-owned U.S. Patent No. 7,617,501.
U.S. Appl. No. 95/001,458, Inter Partes Reexamination, Request for Oral Hearing, dated Nov. 21, 2012.
U.S. Appl. No. 95/002,115 Reexamination Decision dated Oct. 11, 2012 Granting Request for Inter Partes Reexamination.
U.S. Appl. No. 95/002,115 Reexamination Exhibit T submitted Dec. 10, 2012 with Response to Office Action.
U.S. Appl. No. 95/002,115 Reexamination Exhibits A-K to Request for Inter Partes Reexamination filed Aug. 31, 2012.
U.S. Appl. No. 95/002,115 Reexamination Office Action dated Oct. 11, 2012.
U.S. Appl. No. 95/002,115, Patent Owner's Statement in Inter Partes Reexamination, filed Dec. 10, 2012.
U.S. Appl. No. 95/002,115, Reexamination Action Closing Prosecution dated Feb. 6, 2013.
U.S. Appl. No. 95/002,115, Reexamination Exhibits L-S submitted Dec. 10, 2012 with both Patent Owner's Statement and Response to Office Action.
U.S. Appl. No. 95/002,115, Reexamination Notice of Appeal of Patent Owner, filed May 22, 2013.
U.S. Appl. No. 95/002,115, Reexamination Right of Appeal Notice dated Apr. 23, 2013.
U.S. Appl. No. 95/002,115, Response to Office Action in Inter Partes Reexamination, filed Dec. 10, 2012.
U.S. Appl. No. 95/001,458, Inter Partes Reexamination Request of co-owned U.S. Patent No. 7,617,501.
Ventuneac et al., A policy-based security framework for Web-enabled applications, Proceeding ISICT '03, Proceedings of the 1st International Symposium on Information and Communication Technologies, pp. 487-492.
Vintela Group Policy Technology Preview, “Extending the Power of Group Policy and Windonws Active Directory to configuration of Unix and Linux users and systems”, Version 0.1, May 2004.
Wedgetail Communications; “Security Assertion Markup Language (SAML)”, 2004.
Weitzner, D.J., “In Search of Manageable Identity Systems”, IEEE Internet Computing, vol. 10, Issue 6, Nov.-Dec. 2006 pp. 84-86.
Windows 2000 Kerberos Authentication White Paper, Microsoft Windows 2000 Server, pp. 1-5 and 41-42. Jul. 12, 2010.
Withers, Integrating Windows 2000 and UNIX Using Kerberos, The Journal for UNIX Systems Administrators, vol. 10, No. 12, Dec. 2001.
Oct. 15, 2013 Related Applications.
U.S. Appl. No. 12/200,814, filed Aug. 28, 2008, Eyes et al.
Dec. 6, 2013 Re-Exam Decision on Appeal—QSOFT.363X.
Jan. 6, 2014 Request for Rehearing by Third Party Requester in Inter PartesReexamination—QSOFT.363X.
Feb. 5, 2014 Comments on Request for Rehearing—QSOFT.363X.

Related Publications (1)

	Number	Date	Country
	20140012964 A1	Jan 2014	US

Continuations (3)

	Number	Date	Country
Parent	13563490	Jul 2012	US
Child	14021852		US
Parent	12612569	Nov 2009	US
Child	13563490		US
Parent	10888845	Jul 2004	US
Child	12612569		US

Systems and methods for managing policies on a computer

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications