Information management system
First Claim
1. An information management system comprising:
- a plurality of workstations adapted for connection to a computer network, each workstation having a memory;
a data repository arranged to receive data from each of said workstations;
an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
policy data containing rules defining relevant data which is to be stored in said data repository; and
an analyser, said analyser being operable in conjunction with said policy data to monitor at least one of said outbound data and said inbound data, to identify in at least one of said outbound data and said inbound data, relevant data that is to be stored in said data repository in accordance with said rules in said policy data, and to cause said relevant data to be stored in said data repository.
3 Assignments
0 Petitions
Accused Products
Abstract
An information management system is described comprising one or more workstations running applications to allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyser, which monitors transmission data that the application is about to transmit to the network or about to receive from the network and which determines an appropriate action to take regarding that transmission data. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage in a database; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission data is in force, and determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made. The analyser may consult a policy data containing a policy to govern the workstations in order to make its determination.
The information management system provides many advantages in the eCommerce environment to on-line trading companies, who may benefit by being able to regulate the transactions made by their staff according to their instructions in a policy data, automatically maintain records of passwords and business conducted on-line, avoid paying for unnecessary checks on the validity of digital certificates and ensure that transmissions of data made by their staff are always protected at an agreed strength of encryption.
188 Citations
437 Claims
-
1. An information management system comprising:
-
a plurality of workstations adapted for connection to a computer network, each workstation having a memory;
a data repository arranged to receive data from each of said workstations;
an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
policy data containing rules defining relevant data which is to be stored in said data repository; and
an analyser, said analyser being operable in conjunction with said policy data to monitor at least one of said outbound data and said inbound data, to identify in at least one of said outbound data and said inbound data, relevant data that is to be stored in said data repository in accordance with said rules in said policy data, and to cause said relevant data to be stored in said data repository. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
-
-
24. A method of managing information comprising the steps of:
-
providing a plurality of workstations adapted for connection to a computer network, each workstation having a memory;
providing a data repository arranged to receive data from each of said workstations;
providing an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
providing policy data containing rules defining relevant data which is to be stored in said data repository; and
analysing at least one of said outbound data and said inbound data, with reference to said policy data, to identify in at least one of said outbound data and said inbound data, relevant data that is to be stored in said data repository in accordance with said rules in said policy data; and
storing said relevant data in said data repository.
-
-
47. A computer program product, for controlling a plurality of computers in a private network to manage information, the network having a data repository arranged to receive data from the plurality of computers and policy data containing rules defining relevant data which is to be extracted from at least one of outbound data transmitted to a public network or inbound data received from the public network and stored in the data repository, comprising:
a recording medium readable by the computer, having program code recorded thereon which when executed on each of said plurality of computers, configures said computers to;
analyses in conjunction with an application running on each of said computers that is operable to transmit the outbound data and receive the inbound data, at least one of said outbound data and said inbound data, with reference to said policy data, to identify in at least one of said outbound data and said inbound data, relevant data that is to be stored in said data repository in accordance with said rules in said policy data; and
cause said relevant data to be stored in said data repository.
-
69. A system for recording passwords and usernames comprising:
-
a plurality of workstations adapted for connection to the Internet, each workstation having a memory;
a data repository arranged to receive data from each of said workstations;
an application stored in said memory of each workstation for transmitting outbound data and receiving inbound data from the Internet; and
/or an application for receiving user input data; and
an analyser, said analyser being operable to monitor at least one of said input data, said outbound data and said inbound data, to identify usernames and passwords contained in said user input data, said outbound data or said inbound data, and to cause said usernames and passwords to be stored in said data repository.
-
-
84. A method for recording passwords and usernames comprising the steps of:
-
providing a plurality of workstations adapted for connection to the Internet, each workstation having a memory;
providing a data repository arranged to receive data from each of said workstations;
providing an application stored in said memory of each workstation for transmitting outbound data and receiving inbound data from the Internet; and
/or an application for receiving user input data; and
analysing at least one of said user input data, said outbound data and said inbound data, to identify usernames and passwords; and
causing said usernames and passwords to be stored in said data repository. - View Dependent Claims (85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
-
-
99. A computer program product, for controlling a plurality of computers in a private network to record passwords and usernames, the network having a data repository arranged to receive data from the plurality of computers, said computer program product comprising:
a recording medium readable by the computer, having program code recorded thereon which when executed on each of said plurality of computers, configures said computers to;
analyses, in conjunction with an application running on the computer that is operable to transmit outbound data to the Internet and receive inbound data from the Internet, and/or an application running on the computer for receiving user input data, at least one of said user input data, said outbound data and said inbound data, to identify in at least one of said user input data, said outbound data and said inbound data, relevant data that is to be stored in said data repository; and
control said computer to store said relevant data in said data repository. - View Dependent Claims (100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219)
-
114. An information management system comprising:
-
one or more workstations adapted for connection to a computer network, each workstation having a memory;
an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
policy data containing rules specifying an appropriate encryption strength for outbound data, the encryption strength depending on the content of the data; and
an analyser, said analyser being operable in conjunction with said policy data to monitor said outbound data and to determine, in accordance with said rules in said policy data, an appropriate encryption strength for the outbound data;
wherein said analyser controls transmission of said outbound data from said application in dependence upon said determination of an appropriate encryption strength.
-
-
136. A method of managing information comprising the steps of:
-
providing one or more workstations adapted for connection to a computer network, each workstation having a memory;
providing an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
providing policy data containing rules specifying an appropriate encryption strength for outbound data, the encryption strength depending on the content of the data; and
analysing said outbound data to determine, in accordance with said rules in said policy data, an appropriate encryption strength for the outbound data;
controlling transmission of said outbound data from said application in dependence upon the determination of an appropriate encryption strength in said analysing step.
-
-
158. A computer program product for controlling a computer connected to a public network to manage information, the computer having access to policy data containing rules specifying an appropriate encryption strength for outbound data transmitted to the public network, the encryption strength depending on the content of the data, comprising:
-
a recording medium readable by the computer, having program code recorded thereon which when executed on said computer, configures said computer to;
determine, in conjunction with an application running on the computer that is operable at least to transmit outbound data to said public network, with reference to said rules in said policy data, an appropriate encryption strength for the outbound data; and
control the transmission of said outbound data by said application in dependence upon the determination of an appropriate encryption strength.
-
-
178. An information management system comprising:
-
a plurality of client workstations adapted for connection to a computer network, each workstation having a memory;
a data repository arranged to receive data from each of said client workstations;
an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
policy data defining rules for the recording of data that may comprise part of a transaction conducted between a client workstation and a third party across said computer network;
an analyser, said analyser being operable in conjunction with said policy data to analyse at least one of said outbound data and said inbound data, to identify the existence of a transaction occurring between a client workstation and a third party by analysing said outbound or said inbound data, and to cause transaction data that is all or part of said outbound data or said inbound data related to an identified transaction to be stored in said data repository.
-
-
220. A method of managing information comprising the steps of:
-
providing a plurality of client workstations adapted for connection to a computer network, each workstation having a memory;
providing a data repository arranged to receive data from each of said client workstations;
providing an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
providing policy data defining rules for the recording of data that may comprise part of a transaction conducted between a client workstation and a third party across said computer network; and
analysing, at least one of said outbound data and said inbound data to identify, with reference to said rules of said policy data, the existence of a transaction occurring between a client workstation and a third party; and
storing transaction data that is all or part of said outbound data or said inbound data related to an identified transaction in said data repository. - View Dependent Claims (221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303)
-
-
246. The method of 245 wherein said analysing step includes determining the nature of the transaction by identifying in said outbound data and said inbound data one or more indicators, said indicators being defined in said rules of said policy data, and being one or more of:
- the address of the network location to which said data that may be part of a transaction is transmitted or from which it is received;
part of the data path to the network location to which said transaction data is transmitted or from which it is received;
account codes;
reference numbers;
credit card numbers;
digital certificates and pre-determined keywords.
- the address of the network location to which said data that may be part of a transaction is transmitted or from which it is received;
-
262. A computer program product for controlling a plurality of computers in a private network to manage information, the network having a data repository arranged to receive data from the plurality of computers, and policy data defining rules for the recording of data that may comprise part of a transaction conducted between a computer in the private network and a third party across a public network, comprising:
a recording medium readable by a computer, having program code recorded thereon which when executed on each of said plurality of computers configures said computers to;
analyse, in conjunction with an application running on the computer that is operable to transmit outbound data to said public network and receive inbound data from said public network, at least one of said outbound data and said inbound data to identify, with reference to said rules of said policy data, the existence of a transaction occurring between the computer and a third party; and
to control said computer to store transaction data that is all or part of said outbound data or said inbound data related to an identified transaction in said data repository.
-
304. An information management system comprising:
-
one or more workstations adapted for connection to a computer network, each workstation having a memory;
an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
policy data, containing rules for the transmission of outbound data that may be part of a transaction; and
an analyser, said analyser being operable in conjunction with said policy data to identify in at least said outbound data, transaction data that may be part of a transaction, and to make a determination in accordance with said rules of said policy data as to whether the transmission of said transaction data would satisfy said rules;
and wherein the transmission of said transaction data by said application is dependent on said determination made by said analyser. - View Dependent Claims (305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328)
-
-
329. A method for managing information comprising the steps of:
-
providing one or more workstations adapted for connection to a computer network, each workstation having a memory;
providing an application stored in said memory of each workstation for transmitting outbound data to said network and receiving inbound data from said network;
providing policy data, containing rules for the transmission of outbound data that may be part of a transaction; and
analysing at least said outbound data to identify, with reference to said rule of said policy data, transaction data that may be part of a transaction;
determining, in accordance with said rules of said policy data, whether the transmission of said transaction data would satisfy said rules;
controlling transmission of said transaction data by said application in dependence on the determination made in said determining step. - View Dependent Claims (330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 396, 397, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418)
-
-
354. A computer program product, for controlling a computer to manage information, said computer being connected to a public network and having access to policy data containing rules for the transmission to the public network of outbound data that may be part of a transaction, comprising:
-
a recording medium readable by the computer, having program code recorded thereon which when executed on said computer configures the computer to;
analyse, in conjunction with an application running on the computer that is operable to transmit outbound data to the public network and receive inbound data from the public network, at least said outbound data to identify, with reference to said rules of said policy data, transaction data that may be part of a transaction to determine, in accordance with said rules of said policy data, whether the transmission of said transaction data would satisfy said rules; and
to control the computer to control the transmission of said transaction data by said application in dependence on the determination made by said analyser.
-
-
377. An information management system comprising:
-
one or more workstations adapted for connection to a computer network, each workstation having a memory;
an application stored in said memory of each workstation for receiving at least inbound data from said network;
an analyser, said analyser being operable in conjunction with said application to monitor said inbound data and to identify in at least said inbound data, signed data that has been digitally signed with a digital certificate, to extract one or more details of said signed data and to determine whether or not verification is required for said digital certificate;
policy data, accessible by said analyser, containing rules which define whether or not verification is required for said digital certificate;
and wherein said analyser determines whether or not verification is required for said digital certificate in dependence on said rules of said policy data and in dependence on said one or more details of said signed data extracted by said analyser.
-
-
395. The system of 377 wherein said network comprises a server, and said analyser is located at a point on said network intermediate said one or more workstations and said server, or said analyser is located at said server.
-
398. A method of managing information comprising the steps of:
-
providing one or more workstations adapted for connection to a computer network, each workstation having a memory;
providing an application stored in said memory of each workstation for receiving at least inbound data from said network;
providing policy data, containing rules which define whether or not verification is required for a digital certificates used to digitally sign signed data received in said inbound data;
identifying in at least said inbound data, signed data that has been digitally signed with a digital certificate;
extracting one or more details of said signed data; and
determining whether or not verification is required for said digital certificate in dependence on said rules of said policy data and in dependence on said one or more details of said signed data extracted in said extracting step.
-
-
419. A computer program product for controlling a computer connected to a public network to manage information, said computer having access to policy data containing rules which define whether or not verification is required for a digital certificate used to digitally sign signed data received in inbound data from the public network,
comprising: -
a recordable medium readable by the computer, having program code recorded thereon which when executed on said computer configures said computer to;
analyse, in conjunction with an application running on the computer that is operable to receive at least inbound data from the public network, signed data that has been digitally signed with a digital certificate, to extract one or more details of said signed data;
to determine whether or not verification is required for said digital certificate in dependence on said rules of said policy data and in dependence on the one or more extracted details of said signed data; and
to control the application in dependence on the determination. - View Dependent Claims (420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437)
-
Specification