Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with policies/rules that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: A client quarantine agent requests bill of health from a quarantine server, and receives a manifest of checks that the client computer must perform. The quarantine agent then sends a status report on the checks back to the quarantine server. If the client computer is in a valid security state, the bill of health is issued to the client. If the client computer is in an invalid state, the client is directed to install the appropriate software/patches to achieve a valid state. When a client requests the use of network resources from a network administrator, the network administrator requests the client's bill of health. If the bill of health is valid, the client is admitted to the network. If the bill of health is invalid, the client is placed in quarantine.