Preventing conflicts of interests between two or more groups using applications

US 10,380,363 B2
Filed: 03/28/2016
Issued: 08/13/2019
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information comprising:

providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization,wherein the first group of the organization includes a first user and a first application program managed by the information management system;

receiving a request from a first computer when the first user uses the first application program to connect to a second user to transfer a first component of information comprising;

determining a first component of information corresponds to an identifier designating the first component of information as confidential includes at least one of accessing contents of the first component of information and detecting a keyword in the contents;

or accessing a metadata information associated with the first component of information and detecting a keyword in the metadata information;

extracting at least one attribute associated with the first component of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first component of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first component of information;

receiving at least one translated rule at a second computer, wherein the translated rule is based on at least one rule in a first machine readable rule format that is incompatible with the second computer to a second machine readable rule format that is compatible with the second computer;

based on the at least one attribute and the at least one translated rule, evaluating at the second computer using rules stored at the policy server whether to allow access to the first component of information includes;

determining using information from the request to determine whether the first user'"'"'s use of the first application program to connect to the second user is during a specific time period of the organization,if determining to allow the request, with a policy enforcer program, transferring to the first computer a response to allow the first user to use the first application program to connect to the second user, andif determining to not allow the request, with the policy enforcer program, transferring to the first computer a response to deny the first user to use the first application program to connect to the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.

74 Citations

20 Claims

1. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization,wherein the first group of the organization includes a first user and a first application program managed by the information management system;
  
  receiving a request from a first computer when the first user uses the first application program to connect to a second user to transfer a first component of information comprising;
  
  determining a first component of information corresponds to an identifier designating the first component of information as confidential includes at least one of accessing contents of the first component of information and detecting a keyword in the contents;
  
  or accessing a metadata information associated with the first component of information and detecting a keyword in the metadata information;
  
  extracting at least one attribute associated with the first component of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first component of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first component of information;
  
  receiving at least one translated rule at a second computer, wherein the translated rule is based on at least one rule in a first machine readable rule format that is incompatible with the second computer to a second machine readable rule format that is compatible with the second computer;
  
  based on the at least one attribute and the at least one translated rule, evaluating at the second computer using rules stored at the policy server whether to allow access to the first component of information includes;
  
  determining using information from the request to determine whether the first user'"'"'s use of the first application program to connect to the second user is during a specific time period of the organization,if determining to allow the request, with a policy enforcer program, transferring to the first computer a response to allow the first user to use the first application program to connect to the second user, andif determining to not allow the request, with the policy enforcer program, transferring to the first computer a response to deny the first user to use the first application program to connect to the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 comprising:
    - before the request is received from the first computer, causing to be determined that the request originates from a computer application program identified in a grouping of applications installed on the first computer, wherein the grouping of applications identifies a list of computer application programs installed on the first computer that is managed by the information management system.
  - 3. The method of claim 1 wherein evaluating using the policy server comprises evaluating a first rule to determine whether to allow access to the first component of information comprises selecting a first rule to evaluate and the first rule comprises a first conditional statement and a first abstraction component, the first abstraction component stored separately from the first rule at a third computer different than the first computer, and the first abstraction component comprises a second conditional statement.
  - 4. The method of claim 1 wherein the request is received at a firewall.
  - 5. The method of claim 1 comprising intercepting the request by a mail server to prevent the request from proceeding.
  - 6. The method of claim 1 wherein the determining the first component of information corresponds to an identifier comprises analyzing text of a body of an e-mail.
  - 7. The method of claim 1 wherein the determining the first component of information corresponds to an identifier comprises analyzing text of an attachment of the e-mail.
  - 8. The method of claim 1 wherein the second machine readable rule format is supported by the second computer to perform access control to manage information of the organization.
  - 9. The method of claim 1 wherein the at least one translated rule comprises at least one fewer conditional statement than the at least one rule.
  - 10. The method of claim 9 wherein the at least one fewer conditional statement is determined to be irrelevant to the second computer.

11. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization,wherein the first group of the organization includes a first user and a first application program managed by the information management system;
  
  receiving a request from a first computer to a second computer when the first user uses the first application program to connect to a second user to transfer a first component of information comprising;
  
  determining a first component of information corresponds to an identifier designating the first component of information as confidential includes accessing a metadata information associated with the first component of information;
  
  extracting at least one attribute associated with the first component of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first component of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first component of information;
  
  receiving at least one translated rule from the policy server at a second computer, wherein the translated rule is based on at least one rule in a first machine readable rule format that is incompatible with the second computer to a second machine readable rule format that is compatible with the second computer; and
  
  based on the at least one attribute, evaluating using the at least one translated rule from the policy server whether to allow access to the first component of information specified by the request includes determining whether the first user'"'"'s use of the first application program to connect to the second user is during a specific time period of the organization and evaluating a first rule to determine whether to allow access to the first component of information comprises selecting the first rule to evaluate and the first rule comprises the first conditional statement and a first abstraction component, the first abstraction component stored separately from the first rule at a third computer different than the first computer, and the first abstraction component comprises a second conditional statement.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 wherein if approved, with a policy enforcer program, permitting the first user to use the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is not during the specific time period.
  - 13. The method of claim 11 wherein if not approved, with a policy enforcer program, blocking the first user from using the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is during the specific time period.
  - 14. The method of claim 11 wherein the determining a first component of information corresponds to an identifier designating the first component of information as confidential comprises detecting a keyword in the metadata information.
  - 15. The method of claim 11 comprising:
    - retrieving the first abstraction component stored at the third computer, stored separately from the first rule;
      
      determining a first result for the first conditional statement associated with the first rule to determine whether to allow access to the first document; and
      
      determining a second result for the second conditional statement associated with the first abstraction component to determine whether to allow access to the first document.
  - 16. The method of claim 11 wherein the determining the first component of information corresponds to an identifier comprises analyzing text of a body of an e-mail.
  - 17. The method of claim 11 wherein the determining the first component of information corresponds to an identifier comprises analyzing text of an attachment of the e-mail.
  - 18. The method of claim 11 wherein the first abstraction component defines a set of users and the first conditional statement determines whether the set of users defined by the first abstraction component may access the first component of information.
  - 19. The method of claim 18 wherein the first abstraction component includes a second user after the at least one rule has been created and, before the at least one translated rule has been evaluated, the first abstraction component does not include the second user.

20. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization, wherein the first group of the organization includes a first user and a first application program managed by the information management system;
  
  before the request is received from the first computer, causing to be determined that the request originates from a computer application program identified in a grouping of applications installed on the first computer, wherein the grouping of applications identifies a list of computer application programs installed on the first computer that is managed by the information management system and the list of computer application programs comprises at least one of an instant messaging application, peer-to-peer application, voice-over-internet-protocol (VOIP) call application, e-mail application, file transfer protocol (FTP) application, web server application, or file server application;
  
  receiving a request from a first computer at a firewall before the request is completed when the first user uses the first application program to connect to a second user to transfer a first component of information comprising;
  
  intercepting by the firewall the request, before the connection to the second user has completed;
  
  determining a first component of information corresponds to an identifier designating the first component of information as confidential includes at least one of accessing contents of the first component of information and detecting a keyword in the contents;
  
  or accessing a metadata information associated with the first component of information and detecting a keyword in the metadata information;
  
  extracting at least one attribute associated with the first component of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first component of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first component of information;
  
  receiving at least one translated rule at the firewall, wherein the translated rule is based on at least one rule in a first machine readable rule format that is incompatible with the firewall to control information usage to a second machine readable rule format that is compatible with the firewall to control information usage;
  
  based on the at least one attribute, evaluating using the at least one translated rule whether to allow access to the first component of information includes;
  
  evaluating a first rule comprising a first conditional statement and a first abstraction component, the first abstraction component stored separately from the first rule at a second computer different than the first computer;
  
  determining using information from the request to determine whether the first user'"'"'s use of the first application program to connect to the second user is during a specific time period of the organization,if determining to allow the request, releasing by the firewall the request to allow the first user to connect with the second user, andif determining to not allow the request, transferring to the first computer a response to deny the first user to use the first application program to connect to the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng
Primary Examiner(s)
Somers, Marc S

Application Number

US15/083,169
Publication Number

US 20160212014A1
Time in Patent Office

1,233 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 16/122   using management policies b...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 16/958   Organisation or management ...

G06F 21/125   by manipulating the program...

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2216/03   Data mining

G06F 2221/032   Protect output to user by s...

G06F 3/0601   Interfaces specially adapte...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 51/234   for tracking messages

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/20 : for managing network securi...

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

H04L 67/60 : Scheduling or organising th...

Y10S 707/922 : Communications

View All

Preventing conflicts of interests between two or more groups using applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing conflicts of interests between two or more groups using applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links