Managing access to documents with a file monitor
First Claim
Patent Images
1. A system for managing access to documents comprising:
- a hardware processor to;
retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein is a system and method that can retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file. A processor can also modify, via the file monitor, access to the file based on the policy data, and intercept a plurality of document management instructions executed with the file. The processor can also detect at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions. Additionally, the processor can execute a policy instruction to prevent execution of the at least one document management instruction.
32 Citations
17 Claims
-
1. A system for managing access to documents comprising:
- a hardware processor to;
retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- a hardware processor to;
-
15. A method for managing access to documents comprising:
- retrieving, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modifying, via the file monitor, access to the file based on the policy data;
intercepting, via the file monitor, a plurality of document management instructions executed with the file;
detecting, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
executing, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data. - View Dependent Claims (16)
- retrieving, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
-
17. A computer program product for managing access to documents, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor to cause the processor to:
- hook into event calls or modify an operating system to execute a file monitor, wherein the file monitor is to monitor, at a kernel level of the operating system, a plurality of system calls involving locally stored files;
retrieve, via the file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data.
- hook into event calls or modify an operating system to execute a file monitor, wherein the file monitor is to monitor, at a kernel level of the operating system, a plurality of system calls involving locally stored files;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsAvrahami, Shlomit, Gordon, Itai, Katz, Elik, Keisar, Yakir, Prager, Ilan D., Voloshin, Denis
-
Primary Examiner(s)Pearson, David J
-
Assistant Examiner(s)Champakesan, Badri Narayanan
-
Application NumberUS15/662,269Publication NumberTime in Patent Office985 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/53 by executing in a restricte...G06F 21/554 involving event detection a...G06F 21/604 Tools and structures for ma...G06F 21/6209 to a single file or object,...G06F 21/6254 by anonymising data, e.g. d...G06F 2221/2141 Access rights, e.g. capabil...
