Preventing conflicts of interests between two or more groups
First Claim
Patent Images
1. A method of managing information comprising:
- providing an information management system for an organization, wherein the information management system comprises a policy server comprising one or more rules to manage information of the organization;
providing a first user associated with the organization and a first document managed by the information management system;
determining the first user attempts to access the first document at a first computer then seeking approval from the policy server by evaluating a first rule of the one or more rules to manage information,wherein the first rule is created before the first document and the first rule comprises a first conditional statement and a first abstraction component, the first abstraction component stored separately from the first rule at a second computer different than the first computer and the first abstraction component comprises a second conditional statement,wherein the first user'"'"'s attempt corresponds to at least one operating system level operation comprising an operating system library function of an operating system, andthe first abstraction is defined in a definition statement stored separately from the policy server and the definition statement for the first abstraction includes at least one of a document category, a document storage location, a document sent by users of a group, a document received by users of a group, a document sent by a user of a Lightweight Directory Access Protocol (LDAP) group, or a document received by a user of a LDAP group and evaluating the first rule comprises;
retrieving the first abstraction component stored at the second computer and its associated second conditional statement, stored separately from the first rule;
determining a first result for the first conditional statement associated with the first rule to determine whether to allow access to the first document; and
determining the first result evaluates to a Boolean false, then blocking the first user from accessing the first document wherein the blocking comprises at least one of (a) blocking or altering an application program after it is invoked directly or indirectly by the first user but before accessing the first document;
(b) disabling or hiding a user interface element responsible for invoking an application program operation so that the first user cannot invoke the application program operation through the user interface element;
or (c) removing, altering or obscuring a part or all of the information accessed from the first document by making certain information not available to the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.
21 Citations
16 Claims
-
1. A method of managing information comprising:
-
providing an information management system for an organization, wherein the information management system comprises a policy server comprising one or more rules to manage information of the organization; providing a first user associated with the organization and a first document managed by the information management system; determining the first user attempts to access the first document at a first computer then seeking approval from the policy server by evaluating a first rule of the one or more rules to manage information, wherein the first rule is created before the first document and the first rule comprises a first conditional statement and a first abstraction component, the first abstraction component stored separately from the first rule at a second computer different than the first computer and the first abstraction component comprises a second conditional statement, wherein the first user'"'"'s attempt corresponds to at least one operating system level operation comprising an operating system library function of an operating system, and the first abstraction is defined in a definition statement stored separately from the policy server and the definition statement for the first abstraction includes at least one of a document category, a document storage location, a document sent by users of a group, a document received by users of a group, a document sent by a user of a Lightweight Directory Access Protocol (LDAP) group, or a document received by a user of a LDAP group and evaluating the first rule comprises; retrieving the first abstraction component stored at the second computer and its associated second conditional statement, stored separately from the first rule; determining a first result for the first conditional statement associated with the first rule to determine whether to allow access to the first document; and determining the first result evaluates to a Boolean false, then blocking the first user from accessing the first document wherein the blocking comprises at least one of (a) blocking or altering an application program after it is invoked directly or indirectly by the first user but before accessing the first document;
(b) disabling or hiding a user interface element responsible for invoking an application program operation so that the first user cannot invoke the application program operation through the user interface element;
or (c) removing, altering or obscuring a part or all of the information accessed from the first document by making certain information not available to the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification