Claims:WE CLAIM:

1. A computer implemented method for providing access to a specific memory of a user device, the method comprising:
segmenting, via a processor, the memory of the user device into two or more configurable segments;
designating, by the processor, one of the two or more configurable segments as a workspace segment; wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location;
receiving, by the processor, a request from a user of the user device to access the workspace segment,
comparing, by the processor, a communication network accessed by the user device and a geospatial location of the user device with predefined authorized network and predefined authorized geospatial location;
establishing, via the communication network, an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment, for predefined time interval.

2. The method of claim 1, wherein the workspace segment is prevented from penetration threats of malwares, and wherein the workspace segment is protected by authorized anti-virus programs.

3. The method of claim 1, wherein the segment of user device other than the workspace segment is further designated as a personal segment.

4. The method of claim 1, wherein the applications that require geospatial location or any contact details are transferred to the personal segment and barred from accessing the workspace segment.

5. The method of claim 1, wherein the memory is segmented by creating a virtual parallel space within the memory

6. The method of claim 1, wherein the workspace is prevented from unauthorized access by stopping cloning process within the user device and loading of caches in the memory of the user device.

7. A system 101 for providing access to a specific memory of a user device, the system 101 comprising:
a processor 201; and
a memory 203 coupled with the processor 201, wherein the processor 201 is capable of executing programmed instructions stored in the memory 203 for:
segmenting, the memory of the user device into two or more configurable segments;
designating one of the two or more configurable segments as a workspace segment; wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location;
receiving a request from a user of the user device to access the workspace segment,
comparing a communication network accessed by the user device and a geospatial location of the user device with predefined authorized network and predefined authorized geospatial location;
establishing an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment, for predefined time interval.

8. The method of claim 7, wherein the memory is segmented by creating a virtual parallel space within the memory

9. The system of claim 7, wherein the workspace is prevented from unauthorized access by stopping cloning process within the user device and loading of caches in the memory of the user device.

10. A non-transitory computer readable medium storing program for providing access to a specific memory of a user device, the program comprising instructions for:
segmenting the memory of the user device into two or more configurable segments;
designating one of the two or more configurable segments as a workspace segment; wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location;
receiving a request from a user of the user device to access the workspace segment,
comparing a communication network accessed by the user device and a geospatial location of the user device with predefined authorized network and predefined authorized geospatial location; and
establishing, an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment, for predefined time interval.
, Description:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION

(See Section 10 and Rule 13)

Title of invention:
MEMORY MANAGEMENT AND PRIVILEGED ACCESS THEREOF

APPLICANT:
TRANSFORMATION IN ETHICS ASSURANCE GLOBAL PRIVATE LIMITED,
A company incorporated as per the laws of India,
having address as
The Capital, 202, B-wing, Baner-Pashan Link Road,
Next to Regent Plaza,
Baner, Pune-411045, India

The following specification describes the invention and the manner in which it is to be performed.
TECHNICAL FIELD
The present subject matter described herein, in general, relates to memory management of a user device, and more particularly, relates to memory segmentation and thereby providing secured data access to the memory.
BACKGROUND
There has been rapid growth in industrialization across the world. As there is a huge increase in industrialization, managing and securing enterprise data is an area of concern these days. Currently, there are various computer implemented technologies that enable managing the enterprise data. The enterprise data may be associated to any organization and may include a huge amount and a variety of information. For example, the enterprise data may include organization details, employee details, transaction details, privacy data, organization emails and other sensitive information etc. A professional of the organization may require to access the enterprise data as per his/her requirements. Hence, the access of a specified data is allotted to the employees of the company.
The professionals of the company may sometimes require to access the enterprise data using their personal electronic gadgets (commonly termed as “Bring your own device (BYOD) concept”). However, accessing of the enterprise data using the personal gadgets is subjected to lot of security threats. The security threats may involve combining personal and work content on the personal electronic gadgets, risk of different computer implemented programs taking control over the personal electronic gadgets etc. In a scenario wherein access to sensitive data of the organization is not controlled, there is a risk of data leakage and unauthorized access of the data to public domain. Another major concern of security threats is probable misuse of the enterprise data by a professional leaving the organization. company data. Moreover, in contrast giving access to a new employee of the relevant company data may also be a tedious job if the overall company data is not user friendly for accessing.
In the present scenario, the memory space required is large for a computer implemented platform configured to access the relevant company data by a certain employ. Moreover, since the computing devices are owned by the employees, there is a high probability of these computing devices being infected to viruses, malwares, etc. Further, in the existing mobile devices such as smartphones and tablets, many personal applications (Apps) are installed. Often, while accessing these apps, personal data such as contact details, personal name, address is shared. Similarly, while accessing the enterprise applications installed on the employee’s computing device, there is a potential risk of sharing the enterprise data with other personal applications.
Thus, there is a long-standing need for computer implemented systems and methods that prevents unauthorized access and/or leakage of sensitive private data associated with enterprises while allowing the employees to use their own computing devices (i.e. adopting BYOD concept) for working on diverse enterprise applications.

SUMMARY
This summary is provided to introduce concepts related to systems and methods for providing access to a specific memory of a user device and the concepts are further described below in the detailed description. This summary is not intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.
In one implementation, a method for enabling memory management and privileged access thereof is described. The method may comprise, segmenting, via a processor, a memory of the user device into two or more configurable segments. The method may further comprise, designating, by the processor, one of the two or more configurable segments as a workspace segment, wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location. The method may further comprise, receiving, via the processor of the user device, a request from a user of the user device to access the workspace segment. The method may further comprise, comparing, by processor, a communication network being accessed by the user device and a geospatial location of the user device with the predefined authorized network and the predefined authorized geospatial location. Furthermore, the method may comprise establishing, via the communication network, an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment for a predefined time interval.
In another implementation, a system for enabling memory management and privileged access thereof is disclosed. The system may further comprise a processor and a memory unit coupled with the processor, wherein the processor is capable of executing programmed instructions stored in the memory unit. In one aspect, the processor may execute an instruction for segmenting a memory of the user device into two or more configurable segments. Further, the processor may execute an instruction for designating one of the two or more configurable segments as a workspace segment, wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location. Further, the processor may execute an instruction for receiving a request from a user of the user device to access the workspace segment. Further, the processor may execute an instruction for comparing a communication network being accessed by the user device and a geospatial location of the user device with predefined authorized network and predefined authorized geospatial location. The processor may further execute an instruction for establishing an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment for a predefined time interval.
In yet another implementation, non-transitory computer readable medium storing program for enabling memory management and privileged access thereof is disclosed. In one aspect, the program may comprise an instruction for segmenting a memory of the user device into two or more configurable segments. Further, the program may comprise an instruction for designating one of the two or more configurable segments as a workspace segment, wherein the workspace segment is to be accessed through a predefined authorized network and from a predefined authorized geospatial location. The program may further comprise an instruction for receiving a request from a user of the user device to access the workspace segment. Further, the program may comprise an instruction for comparing a communication network being accessed by the user device and a geospatial location of the user device with the predefined authorized network and the predefined authorized geospatial location. Furthermore, the program may comprise an instruction for establishing an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment for a predefined time interval.

BRIEF DESCRIPTION OF THE DRAWINGS

The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to refer like features and components.
Figure 1 illustrates, a network implementation 100 of a system 101 for enabling memory management and privileged access thereof, in accordance with an embodiment of the present disclosure.
Figure 2 illustrates the system 101, in accordance with an embodiment of the present disclosure.
Figure 3 illustrates a method 300 for enabling memory management and privileged access thereof, in accordance with an embodiment of the present disclosure.
Figure 4 illustrates a conventional method of loading caches in the user device while accessing applications within the user device.
Figure 5 illustrates a method of avoiding loading of caches within the user device, in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
System(s) and method(s) for enabling memory management and privileged access thereof are described. In the “BYOD” concept widely adopted worldwide, enterprises/organizations allow their employees to user their own devices to access private/sensitive data associated with these enterprises for working on varied projects. The employees may use their own devices to access the enterprise data within the premises of the enterprise/organization or from his/her home location. Since, these devices are not directly controlled by IT systems of the enterprises/organizations, there is huge potential threat to privacy and confidentiality of the enterprise data. In one example, different enterprise applications like emailing application, enterprise resource planning applications (ERPs) related to marketing & sales, human resource management, accounting & finance may be subjected to security threats since the personal applications may access private/sensitive information (e.g. contact details, project details, marketing collaterals, notes, etc.) within these enterprise applications. The present disclosure describes systems and methods that prevents such unauthorized access and leakage of private and confidential data associated to the enterprises/organizations thereby alleviating the challenges of security threats as discussed above.
In accordance with aspects of the present disclosure, a memory of a user device may be segmented in two or more segments. At least one segment may be designated as a workspace segment. In one example, at least one third portion of the memory may be designated for storing data associated with the work segments. The segmentation of memory may enable authorized accessing of the data stored in the workspace segment based on a geo-spatial location of the user device and the network accessed by the user device. Further, the system may control mixing of the personal data with the enterprise/official data.
In order to provide privileged and secured access to the workspace memory segment, initially, a repository coupled with the processor of system may be enabled to store a database maintaining a plurality of networks and a plurality of geospatial locations such that any computing device located within the plurality of geospatial locations and connected with the system via a plurality of networks may be enabled to access the data. for restricting and accessible to the user device and geospatial location or network specific restrictions. Further, additional restrictions may be configured which includes no access to workspace memory segment or other prohibited functions, and the like. The system uses this stored restriction information to curtail the access of workspace memory segmentation by any user who is restricted from access based upon determination of a geospatial location or a network having such restrictions.
According to the aspects of the present disclosure, any user is unable to access the workspace segment unless authorized by the system. When a workspace memory access request is received by the system, the system may check the geospatial location of the user device and the network through which access is requested and compare it with the restriction database stored in the repository. If the user device is in the geospatial location or the network that prohibits access to the workspace memory segment, the request to access workspace memory segment may be declined. Alternatively, the user may be provided access to the workspace memory segments provided the user meets other restriction criteria set forth by the system.
In accordance with aspects of the present disclosure, the system may further refuse to accept the request from the personalized applications that require geospatial locations or any contact details stored in the user device. This is enabled to avoid any unauthorized access of offline downloads from the enterprise applications, e.g. a company mail box.
In accordance with aspects of the present disclosure, the geospatial location of user device may be determined in several ways. In one example, the user device may contain an on-board GPS module. The GPS module may determine GPS location of the user device and transmit the GPS location to the system. The system may access the restriction database stored in the repository and receives restriction or acceptance instruction based on the GPS current location.
While aspects of described system and method for enabling memory management and privileged access thereof may be implemented in any number of different computing systems, environments, and/or configurations, the embodiments are described in the context of the following exemplary system.
Referring now to Figure 1, a network implementation 100 of a system 101 enabling memory management and privileged access thereof is illustrated, in accordance with an embodiment of the present subject matter. In one embodiment, the system 101 may comprise a repository that has the set plurality of networks and geospatial locations authorized for providing access of private and/or sensitive data to a user of the user device. The plurality of networks and locations is retrieved from multiple sources, wherein each network and location is categorized into authorized and/or accessible networks and locations. The system 101 may compare a communication network accessed by the user device and a geospatial location of the user device with the predefined authorized networks and the predefined authorized geospatial location stored in the repository. Based upon the comparison, the system 101 may establish an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment of the user memory for a predefined time interval. In some embodiments, the access to the workspace segment from particular network and particular location is provided through the user device itself.
Although the present subject matter is explained considering that the system 101 is implemented as a server, it may be understood that the system 101 may also be implemented in a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server, user device, and the like. It will be understood that the system 101 may be accessed by multiple users through one or more user devices 104-1, 104-2…104-N, collectively referred to as user 104 hereinafter, or applications residing on the user devices 104. Examples of the user devices 104 may include, but are not limited to, a portable computer, a personal digital assistant, a handheld device, and a workstation. The user devices 104 are communicatively coupled to the system 101 through a network 102.
In one implementation, the network 102 may be a wireless network, a wired network or a combination thereof. It will be understood that the system 101 may be accessed through one or more networks 102-1, 102-2…102-N, collectively referred to as user 102 hereinafter, or applications residing on the user devices 104. The network 102 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like. The network 102 may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network 102 may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.
Referring now to Figure 2, the system 101 is illustrated in accordance with an embodiment of the present subject matter. In one embodiment, the system 101 may include at least one processor 201, an input/output (I/O) interface 202, and a memory 203. The at least one processor 201 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor 201 is configured to fetch and execute computer-readable instructions stored in the memory 203.
The I/O interface 202 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 202 may allow the system 101 to interact with a user directly or through the user devices 104. Further, the I/O interface 202 may enable the system 101 to communicate with other computing devices, such as web servers and external data servers (not shown). The I/O interface 202 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The I/O interface 202 may include one or more ports for connecting a number of devices to one another or to another server.
The memory 203 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory 203 may include modules 204 and data 209.
The modules 204 include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. In one implementation, the modules 204 may include a segmentation module 205, a designation module 206, a comparing module 207, and other modules 208. The other modules 208 may include programs or coded instructions that supplement applications and functions of the system 101
The data 209, amongst other things, serves as a repository for storing data processed, received, and generated by one or more of the modules 204. The data 209 may also include a data repository 210 and other data 211. The other data 211 may include data generated as a result of the execution of one or more modules in the other modules 208.
In one implementation, at first, a user may use the user device 104 to access the system 101 via the I/O interface 202. The SME may register themselves using the I/O interface 202 in order to use the system 101. The detail description of the system 101 in conjunction with the modules 204 is hereinafter explained in detail by referring to figures 2 and 3.
SEGMENTATION MODULE
Referring to Figure 2, a detailed working of the segmentation module 205 along with the working of other components of the system 101 is illustrated. In one embodiment, in order to facilitate the segmentation of the memory of the user device 104, the segmentation module 205 may segment the memory of the user device into two or more configurable segments based on the requirement. In one example, the segments of the memory may be configured to increase or decrease the memory location. The details of the segmentation of the memory of the user device 104 via the segmentation module 205 is explained hereinafter as below.

It must be understood that for creating a parallel space, a virtual machine like VMware or virtual box may be required. However, in the present disclosure, the segmentation is to be achieved on the user device 104 such as mobile phone, it is technically and economically infeasible to install the heavy VM Files on mobile phone. Therefore, the segmentation module 205 may be enabled to create a virtual space. The system 101 executing the plurality of applications (Apps) may be unaware about the (Apps) running in parallel. A virtual app (or a memory work segment) may be resolved from proper intents, may be found by packageManager, can receive broadcasts, and should be accessed by a content provider. Therefore, a parallel program must take a management role like android packagemanagerservice to manage package install, package parse and package information generating services, activities query, and the virtual app can find another is by the information kept by parallel.

In an embodiment, once the segmentation module 205 receives packageinfo, activityinfo, serviceinfo, the next task is to start virtual app for parallel spacing. In order to start the virtual app for parallel spacing, the segmentation module 205 may declare an activity component since the system 101 is unaware of any parallel space. The segmentation module 205 may initially search for the apppackage and declared in the virtual app mainfest and copy them to parallel space mainfest and load the proper class when used. The segmentation module 205 may further declare dummy stub activity as proxy, link the target activity to a stub proxy activity, Package installer checks everything and its legal then tells application thread now we schedule launch activity, now we connect the proxy activity with the linked virtual spacing activity through JDBC Connection string. Thereafter, launch the activity and this is having complete life cycle. Because package installer only cares about activity record and mainfest entry point, therefore the segmentation module 205 may map the main entry mainfest with virtual space mainfest entry. Once the above process is completed, the system 101 may be ready to start services, security packages, stop cloning process and content provider and broadcast service.

DESIGNATION MODULE
Referring now to Figure 2, the working of the designation module 206 is illustrated, in accordance with an embodiment of the present subject matter. In an embodiment, at least one of the configurable segments of the user device is designated as a work space segment. The workspace segment may be accessed through a predefined authorized network and from a predefined authorized geospatial location.

In one embodiment, the memory of the user device 104 is segmented such that the one-third of the totally memory is assigned to the work space segment. The access to the work space is provided only in online-mode and thereby terminating the access in offline-mode. In one embodiment, the work space segment may be increased or decreased. In another embodiment, the work space segment may not be extended to an external extra memory card. However, if the space on the memory is insufficient to accommodate the data, extension of space may be provisioned only on the database of the system 101.

In one embodiment, the work space segment may be configured to store private and sensitive data of an enterprise, wherein the private and sensitive data may include, but not limited to, work email box, notes, enterprise resource planning (ERP) data related to sale, HR, compliance, company email-id directory, contacts, company contacts’ message box, etc. The access to the data may be controlled by the system 101 such that the users belonging to a specific location and connected via specific communication network are enabled to access the private and sensitive data, the details of which are hereinafter explained.
COMPARING MODULE
Referring now to figure 2, the working of the comparing module 207 is illustrated, in accordance with an embodiment of the present subject matter. In an embodiment, user is unable to access the workspace segment unless it receives approval from the system. After receiving the request to access workspace, the comparing module 207 may compare a network accessed by the user device and a geospatial location of the user device with the predefined authorized networks and the predefined authorized geospatial location stored in the data repository of the system 101. In one example, the data repository may store names of telecom/cellular service providers or WI-FI hotspots in a particular area connecting the user devices 104 that may be allowed to access the workspace segment. This helps in ensuring safety of the private/confidential information on the smartphones of employees in open public Wi-Fi hotspots wherein the penetration threats of malwares are increasingly becoming higher.

Based upon the comparison, If the user device is in the geospatial location or the network that prohibits access to the workspace memory segment, the request to access workspace memory segment is declined. Alternatively, if the user device is in the geospatial location or the network that allows access to the workspace memory segment, the authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment for a predefined time interval is established.

Referring now to figure 3, a method 300 for enabling memory management and privileged access thereof is shown, in accordance with an embodiment of the present subject matter. The method 300 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method 300 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
The order in which the method 300 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 300 or alternate methods. Additionally, individual blocks may be deleted from the method 300 without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method 300 may be considered to be implemented in the above described system 101.
At block 301, a memory is segmented into two or more configurable segments. In one implementation, the memory segmentation may be done by the segmentation module 205.
At block 302, at least one segment is designated as workspace segment. In one implementation, the memory segment designation may be done by designation module 206.
At block 303, user device receives a request to access the workspace segment.
At block 304, a communication network accessed by the user device and a geospatial location of the user device is compared, with predefined authorized network and predefined authorized geospatial location. In one implementation, the predefined authorized networks and predefined authorized geospatial locations may be stored and compared by the comparing module 207.
At block 305, an authorized connection between the server and the user device to access data associated with one or more applications in the workspace segment, for predefined time interval is established, via the communication network 102.
It must be understood that the above segmentation and secured access of the memory enables to avoid mixing of personal and official content on the user device(s) 104. Further, phishing of workspace data may be avoided based upon security control of the IT systems employed by the enterprises/organizations. Further, it helps in complying with security standards and obligations set forth by various authorities related to different environments (e.g. Internet of Things (IOT) environments). Further, the access of the workspace for an employee may be deleted if the employee leaves the company. Since the workspace is allowed to be access only in on-line mode, the system 101 prevents unauthorized access of offline downloads from the company mail box or any private/sensitive content. Further, the system 101 may enforce access-rules for allowing/disallowing storage of any data associated to any application, be it be an enterprise application or a personal application.
Further, the present system 101 may avoid access from any geospatial location that may be classified as high or medium risk indicating highest possibility of data leakage and data breach. The system 101 may further enable the IT systems of the enterprise/organization to install anti-virus or anti-malware programs within the user devices 104 that would prevent from infecting the user devices 104 with viruses and malware etc.
The system 101 may be configured to protect the data stored in workspaces created in the memory of the user device 104 by stopping the cloning of the data. Specifically, the system 101 stops copying the files from the workspace to any other folder within the memory of the user device 104, the details of which are hereinafter explained below.
Referring to figure 4, a conventional method of loading caches in the user device is illustrated. le accessing the server is disclosed. Conventionally, while accessing the data from the backend server (e.g. the system 101), the user device 104 causes a duplication of virtual image of the data/content/information in the page cache 401 in the form of cache memory. This results in lack of controlling of sharing of the data/content/information with other unauthorized devices/systems connected with the user devices 104. The proposed system 101 avoids loading of caches thereby preventing such unauthorized access as discussed below.
Referring to figure 5, method of avoiding loading of caches within the user device is illustrated. According to the present disclosure, while accessing the system 101 (acting as a cloud server 101), the user device 104 prevents loading any cache thereby avoiding any duplication of the virtual image of the information in the page cache 401. Specifically, the present system 101 may stop creating temp. file in a cache by not declaring the path of cache memory. In the conventional systems, every time whenever an object is copied from once place to another, a virtual image (Logical description) is created in in temp. file folder thereby affecting the privacy of the content/objects. However, in the proposed disclosure, the system 101 avoids declaring anything in workspace mainfest and packagecotroller class to create the things in the system cache and temp. folder.Once the copying file into cache or temp. folder is stopped, all the application and files are secured in the workspace segment itself. This is because the operating system is not interacting with main system packageinstaller (Main class function) to virual stub proxy system (Virtal space – main class) as there is no Connection string between both of the components. Further, after creation of the parallel space in the user device 104 (as explained above), the broadcaster activityclass, activity management class, task management class will work normally with the permission specified by the system 101 at the time of loading of the application, and when the installer package is installed in virtual space.
Now referring to figure 5, in one embodiment, when there is no availability of network thereby failing to connect the cloud server 101, the user device 104 may access a local database 501 to perform operations and store all processing in the local database 501 in the form of a logical description. After availability of network, the logical description may be copied into the cloud server 101. The logical description stored in the local database 501 is cleared by using FIFO (First in first out) technique, once the replication of the information is completed.