System and method for sharing investigation results

US 10,311,081 B2
Filed: 11/18/2016
Issued: 06/04/2019
Est. Priority Date: 11/05/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

selecting a subset of data objects from a base copy for use with a first investigation;

creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects;

causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation;

receiving first input to modify information associated with at least one data object of the subset of data objects;

receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets;

automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets;

before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information;

receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-based investigative analysis system is disclosed in which a user can share results of an investigation with other users in a way that allows the sharing user to visualize how the results will be shared before they are shared. The results are shared in the form of a visual graph having nodes, edges, and other presentation elements. The nodes represent data objects that are the subject of the investigation and the edges represent connections between the data objects. The graph is shared in the form of an automatically generated redacted graph omitting nodes, edges, and presentation elements for which the other users do not have permission to view. Before sharing the graph, the sharing user is presented with a visualization of the automatically generated redacted graph providing the user an opportunity to confirm that sharing the redacted graph will not constitute an unauthorized information leakage.

Citations

20 Claims

1. A computer-implemented method, comprising:
- selecting a subset of data objects from a base copy for use with a first investigation;
  
  creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects;
  
  causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation;
  
  receiving first input to modify information associated with at least one data object of the subset of data objects;
  
  receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets;
  
  automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets;
  
  before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information;
  
  receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - receiving a second request associated with the set of targets to retrieve the published second instance of graph state information from the graph repository;
      
      causing, based on the second instance of graph state information, a visualization of the second instance of graph state information to be displayed on a video display of a second investigation;
      
      after causing generation of the visualization of the first instance of graph state information, receiving a second input to modify information associated with another of the subset of data objects to create a third instance of graph state information based, at least in part, on the second instance of graph state information;
      
      publishing the third instance of graph state information to the graph repository.
  - 3. The method of claim 2, further comprising:
    - receiving a request to retrieve the published third instance of graph state information from the graph repository;
      
      causing, based on the third instance of graph state information, a visualization of the third instance of graph state information to be displayed on the video display of the first investigation.
  - 4. The method of claim 1, wherein the published second instance of graph state information comprises redacted second instance of graph state information, and the redacted second instance of graph state is based at least in part on whether one of the targets is allowed access to information on the subset of data objects represented in the second instance of graph state information.
  - 5. The method of claim 4, wherein the visualization of the second instance of graph state information comprises the redacted second instance of graph state information.
  - 6. The method of claim 4, wherein the second instance of graph state information comprises a particular data object of the subset of data objects, the particular data object having one or more data properties;
    - and the method further comprises removing the particular data object from the second instance of graph state information to create the published second instance of graph state information based on a second target or investigation not having permission to view any data property of the one or more data properties of the particular data object.
  - 7. The method of claim 4, wherein the second instance of graph state information comprises a particular data object of the subset of data objects;
    - and the method further comprises removing the particular data object from the second instance of graph state information to create the published second instance of graph state information based on a second target or investigation not having permission to view the particular data object.
  - 8. The method of claim 4, wherein the second instance of graph state information comprises two related data objects connected by a particular edge;
    - and the method further comprises removing the particular edge from the second instance of graph state information to create the published second instance of graph state information based on a second target or investigation not having permission to view the particular edge.
  - 9. The method of claim 1, wherein the second instance of graph state information comprises one or more presentation elements;
    - and wherein each of the presentation elements of the one or more presentation elements is of a presentation element type selected from the group consisting of a text note, digital audio content, digital video content, digital audio/video content, or a document.
  - 10. The method of claim 1, wherein each data object of the subset of data objects represent at least one of an entity, a place, an organization, an event, or a document.
  - 11. The method of claim 1, wherein each data object of the subset of data objects is structured using a pre-defined ontology to hierarchically structure information associated with said each data object.
  - 12. The method of claim 1, wherein the information that identifies the set of targets comprises a pre-defined group identifier that specifies the set of targets.
  - 13. The method of claim 1, wherein changes based on the first input to modify information associated with at least one data object of the subset of data objects are made separately from data objects stored at the base copy.

14. A computer system, comprising one or more processors and one or more non-transitory data storage media coupled to the one or more processors and storing sequences of instructions which when executed by the one or more processors cause performing:
- selecting a subset of data objects from a base copy for use with a first investigation;
  
  creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects;
  
  causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation;
  
  receiving first input to modify information associated with at least one data object of the subset of data objects;
  
  receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets;
  
  automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets;
  
  before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information;
  
  receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer system of claim 14, wherein the instructions further comprise:
    - receiving from a second target or investigation included in the set of targets, a request to retrieve the published second instance of graph state information from the graph repository;
      
      causing, based on the second instance of graph state information, a visualization of the second instance of graph state information to be displayed on a video display for the second target or investigation;
      
      after causing generation of the visualization of the first instance of graph state information, receiving a second input to modify information associated with another at least one data object of the subset of data objects to create a third instance of graph state information based, at least in part, on the second instance of graph state information;
      
      publishing the third instance of graph state information to the graph repository.
  - 16. The computer system of claim 14, wherein the instructions further comprise:
    - receiving a request to retrieve the published third instance of graph state information from the graph repository;
      
      causing, based on the third instance of graph state information, a visualization of the third instance of graph state information to be displayed on the video display of the first investigation.
  - 17. The computer system of claim 14, wherein the published second instance of graph state information comprises redacted second instance of graph state information, and the redacted second instance of graph state is based at least in part on whether one of the targets is allowed access to information on the subset of data objects represented in the second instance of graph state information.
  - 18. The computer system of claim 14, wherein the visualization of the second instance of graph state information comprises the redacted second instance of graph state information.
  - 19. The computer system of claim 18, wherein the second instance of graph state information comprises a particular data object of the subset of data objects, the particular data object having one or more data properties;
    - and the method further comprises removing the particular data object from the second instance of graph state information to create the published second instance of graph state information based on a second target or investigation not having permission to view any data property of the one or more data properties of the particular data object.
  - 20. The computer system of claim 18, wherein the second instance of graph state information comprises a particular data object of the subset of data objects;
    - and the method further comprises removing the particular data object from the second instance of graph state information to create the published second instance of graph state information based on a second target or investigation not having permission to view the particular data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Richards, Kevin, Cohen, David, Tasinga, Khan
Primary Examiner(s)
Brahmachari, Mandrita

Application Number

US15/356,482
Publication Number

US 20170068716A1
Time in Patent Office

928 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/248   Presentation of query results

G06F 16/26   Visual data mining; Browsin...

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 21/6218   to a system of files or obj...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/84   output devices, e.g. displa...

G06Q 10/10   Office automation; Time man...

G06Q 50/265   Personal security, identity...

H04L 63/101   Access control lists [ACL]

System and method for sharing investigation results

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for sharing investigation results

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links