System and method for the analysis of email traffic

US 20030037116A1
Filed: 08/15/2002
Published: 02/20/2003
Est. Priority Date: 08/15/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:

(a) intercepting email communications in the organisation'"'"'s computer network;

(b) copying header information and any attachment information of each intercepted email communication;

(c) allowing the email communication to proceed to its desired destination;

(d) storing the header information and the attachment information where available in network memory;

(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;

(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and

(g) generating a report based on the analysis of the intercepted email communications header and available attachment information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the analysis of email traffic in a computer network comprising a mail server computer (2) and a plurality of remote employee computers (3) connected to the mail server computer. Email communications are sent and received at each of the employee computers via the mail server computer. The header information and any available attachment information of each email communication are copied and analysis on the header and attachment information is carried out. Reports based on the analysis of the header and attachment information are generated for review by a system administrator. Any unauthorised communications are brought to the attention of the system administrator. Reports on the usage of email by the organisation'"'"'s entire workforce may be generated. In this way an analysis of email communication may be carried out without reviewing the actual content of each individual email.

Citations

91 Claims

1. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) intercepting email communications in the organisation'"'"'s computer network;
  
  (b) copying header information and any attachment information of each intercepted email communication;
  
  (c) allowing the email communication to proceed to its desired destination;
  
  (d) storing the header information and the attachment information where available in network memory;
  
  (e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
  
  (g) generating a report based on the analysis of the intercepted email communications header and available attachment information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 63, 64, 65, 66, 88, 89, 90, 91)
- - 2. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network as claimed in claim 1 in which the step of copying header information further comprises copying one or more of a sender address, receiver address, time sent details and subject details where available from the header information.
  - 3. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network as claimed in claim 1 in which the initial step is performed of considering the position of an employee within the organisation as well as the department in which the employee is working before allocating a user profile to each organisation employee, the user profile detailing acceptable email communications including one or more of:
    - (a) predetermined acceptable incoming traffic volume levels;
      
      (b) predetermined acceptable outgoing traffic volume levels;
      
      (c) predetermined acceptable incoming content types;
      
      (d) predetermined acceptable outgoing content types;
      
      (e) predetermined acceptable incoming communication addresses; and
      
      (f) predetermined acceptable outgoing communication addresses.
  - 4. A method as claimed in claim 1, in which a number of organisation employees are grouped together into a user group and analysis and reporting of the user group email communications are carried out.
  - 5. A method as claimed in claim 4, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 6. A method as claimed in claim 4, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (b) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 7. A method as claimed in claim 4, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being above a predetermined level.
  - 8. A method as claimed in claim 4, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being below a predetermined level.
  - 9. A method as claimed in claim 4, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the email communication being addressed with an unauthorised address.
  - 10. A method as claimed in claim 4 in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 11. A method as claimed in claim 4 in which each attachment is checked for compression and on the attachment being a compressed attachment the steps are performed of:
    - (a) measuring the size of the compressed attachment;
      
      (b) decompressing the attachment and measuring the size of the decompressed attachment; and
      
      (c) calculating the percentage compression of the attachment by dividing the size of the attachment in its compressed state by the size of the attachment in its uncompressed state.
  - 12. A method as claimed in claim 4, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.
  - 13. A method as claimed in claim 1, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 14. A method as claimed in claim 1, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (b) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 15. A method as claimed in claim 1, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being above a predetermined level.
  - 16. A method as claimed in claim 1, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being below a predetermined level.
  - 17. A method as claimed in claim 1, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the email communication being addressed with an unauthorised address.
  - 18. A method as claimed in claim 1, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 19. A method as claimed in claim 1, in which each attachment is checked for compression and on the attachment being a compressed attachment the steps are performed of:
    - a. measuring the size of the compressed attachment;
      
      b. decompressing the attachment and measuring the size of the decompressed attachment; and
      
      c. calculating the percentage compression of the attachment by dividing the size of the attachment in its compressed state by the size of the attachment in its uncompressed state.
  - 20. A method as claimed in claim 19, in which when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.
  - 21. A method as claimed in claim 1, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.
  - 63. A computer program having program instructions for causing a computer to carry out the method steps of claim 1.
  - 64. A computer program as claimed in claim 63 in which the program is stored in a computer readable record medium.
  - 65. A computer program as claimed in claim 63 in which the program is stored on a carrier signal.
  - 66. A computer program as claimed in claim 63 in which the program is embedded in an integrated circuit.
  - 88. A computer program having program instructions for causing a computer to carry out the method steps of claim 1.
  - 89. A computer program as claimed in claim 8 in which the program is stored in a computer readable record medium.
  - 90. A computer program as claimed in claim 88 in which the program is stored on a carrier signal.
  - 91. A computer program as claimed in claim 88 in which the program is embedded in an integrated circuit.

22. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) intercepting email communications in the organisation'"'"'s computer network;
  
  (b) copying header information comprising one or more of a sender address, receiver address, time sent details and subject details where available from the header information, and copying any attachment information of each intercepted email communication;
  
  (c) allowing the email communication to proceed to its desired destination;
  
  (d) storing the header information and the attachment information where available in network memory;
  
  (e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
  
  (g) generating a report based on the analysis of the intercepted email communications header and available attachment information.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network as claimed in claim 22 in which the initial step is performed of considering the position of an employee within the organisation as well as the department in which the employee is working before allocating a user profile to each organisation employee, the user profile detailing acceptable email communications including one or more of:
    - (a) predetermined acceptable incoming traffic volume levels;
      
      (b) predetermined acceptable outgoing traffic volume levels;
      
      (c) predetermined acceptable incoming content types;
      
      (d) predetermined acceptable outgoing content types;
      
      (e) predetermined acceptable incoming communication addresses; and
      
      (f) predetermined acceptable outgoing communication addresses.
  - 24. A method as claimed in claim 22, in which a number of organisation employees are grouped together into a user group and analysis and reporting of the user groups email communications are carried out.
  - 25. A method as claimed in claim 24, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 26. A method as claimed in claim 24, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (b) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 27. A method as claimed in claim 24, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 28. A method as claimed in claim 24, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.
  - 29. A method as claimed in claim 22, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 30. A method as claimed in claim 22, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (a) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 31. A method as claimed in claim 22, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (b) generating a report for the system administrator.
  - 32. A method as claimed in claim 22, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.

33. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) Considering the position of an employee within the organisation as well as the department in which the employee is working before allocating a user profile to each organisation employee, the user profile detailing acceptable email communications including one or more of;
  
  —
  
  (i) predetermined acceptable incoming and outgoing traffic volume levels;
  
  (ii) predetermined acceptable incoming and outgoing content types; and
  
  (iii) predetermined acceptable incoming and outgoing communication addresses (b) intercepting email communications in the organisation'"'"'s computer network;
  
  (c) copying header information and any attachment information of each intercepted email communication;
  
  (d) allowing the email communication to proceed to its desired destination;
  
  (e) storing the header information and the attachment information where available in network memory;
  
  (f) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (g) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
  
  (h) generating a report based on the analysis of the intercepted email communications header and available attachment information.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 34. A method as claimed in claim 33, in which a number of organisation employees are grouped together into a user group and analysis and reporting of the user groups email communications are carried out.
  - 35. A method as claimed in claim 34, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 36. A method as claimed in claim 34, claim in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (b) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 37. A method as claimed in claim 34, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being above a predetermined level.
  - 38. A method as claimed in claim 34, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 39. A method as claimed in claim 34, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.
  - 40. A method as claimed in claim 33, in which there are provided a plurality of distributed mail server computers in an organisation'"'"'s computer network, each mail server computer having a plurality of remote employee computers connected thereto by way of a telecommunications network, the method further comprising the step of designating one of the mail servers as the master mail server and the remainder of the mail servers as slave mail servers, each of the slave mail servers sending generated reports to the master mail server and thereafter the master mail server generating an organisation computer network email communication report.
  - 41. A method as claimed in claim 33, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (b) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 42. A method as claimed in claim 33, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being above a predetermined level.
  - 43. A method as claimed in claim 33, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being below a predetermined level.
  - 44. A method as claimed in claim 33, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the email communication being addressed with an unauthorised address.
  - 45. A method as claimed in claim 33, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 46. A method as claimed in claim 33, in which each attachment is checked for compression and on the attachment being a compressed attachment the steps are performed of:
    - (a) measuring the size of the compressed attachment;
      
      (b) decompressing the attachment and measuring the size of the decompressed attachment; and
      
      (c) calculating the percentage compression of the attachment by dividing the size of the attachment in its compressed state by the size of the attachment in its uncompressed state.
  - 47. A method as claimed in claim 33, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.

48. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a plurality of mail server computers, each mail server computer having a plurality of remote employee computers operable by an organisation employee associated therewith, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting each mail server to its associated remote employee computer, the method comprising the steps of:
- (a) appointing one of the mail servers as a master mail server and the remainder of the mail servers as slave mail servers;
  
  (b) intercepting email communications at each mail server in the organisation'"'"'s computer network;
  
  (c) copying header information and any attachment information of each intercepted email communication;
  
  (d) allowing the email communication to proceed to its desired destination;
  
  (e) storing the header information and the attachment information where available in network memory;
  
  (f) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (g) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
  
  (h) generating a report based on the analysis of the intercepted email communications header and available attachment information at each mail server;
  
  (i) each of the slave mail servers sending a generated report to the master mail server; and
  
  (j) the master mail server generating an organisation computer network email communication report.
- View Dependent Claims (49, 50, 51, 52, 53, 54)
- - 49. A method as claimed in claim 48, in which the step of generating a report based on the analysis of the email communication further comprises:
    - (a) defining alarm conditions based on variants of traffic having regard to the user profile; and
      
      (c) on generating a report, generating an alert to a system administrator that predetermined alarm conditions have been met.
  - 50. A method as claimed in claim 48, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being above a predetermined level.
  - 51. A method as claimed in claim 48, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the volume of email traffic being below a predetermined level.
  - 52. A method as claimed in claim 48, in which the step of generating a report based on the analysis of the email communication further comprises generating an alert to a system administrator on the email communication being addressed with an unauthorised address.
  - 53. A method as claimed in claim 48, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 54. A method as claimed in claim 49, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.

55. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) intercepting email communications in the organisation'"'"'s computer network;
  
  (b) copying header information and any attachment information of each intercepted email communication;
  
  (c) allowing the email communication to proceed to its desired destination;
  
  (d) storing the header information and the attachment information where available in network memory;
  
  (e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
  
  (g) defining alarm conditions based on variants of traffic having regard to the user profile; and
  
  (h) generating a report based on the analysis of the intercepted email communications header and available attachment information and on predetermined alarm conditions being met, generating an alert to a system administrator.
- View Dependent Claims (56, 57, 58, 59, 60)
- - 56. A method as claimed in claim 55, in which an alert is generated on the volume of email traffic being above a predetermined level.
  - 57. A method as claimed in claim 55, in which an alert is generated on the volume of email traffic being below a predetermined level.
  - 58. A method as claimed in claim 55, in which an alert is generated on the email communication being addressed with an unauthorised address.
  - 59. A method as claimed in claim 55, in which each attachment is checked for compression and on the attachment not being compressed the steps are performed of:
    - (a) measuring the size of the uncompressed attachment;
      
      (b) on the attachment size exceeding a predetermined level, compressing the attachment and measuring the size of the compressed attachment; and
      
      (c) generating a report for the system administrator.
  - 60. A method as claimed in claim 55, in which the attachment is checked for compression and any compressed attachments have their compression percentage calculated and when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.

61. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) intercepting email communications in the organisation'"'"'s computer network;
  
  (b) copying header information and any attachment information of each intercepted email communication;
  
  (c) allowing the email communication to proceed to its desired destination;
  
  (d) storing the header information and the attachment information where available in network memory;
  
  (e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
  
  (f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
  
  (g) checking each attachment to see if it is compressed and any compressed attachments have their compression percentage calculated by;
  
  (i) measuring the size of the compressed attachment;
  
  (ii) decompressing the attachment into its decompressed state, calculating the size of the decompressed attachment;
  
  (iii) calculating the compression percentage of the attachment by dividing the size of the attachment in its compressed state by the size of the attachment in its uncompressed state; and
  
  (h) generating a report based on the analysis of the intercepted email communications header and available attachment information.
- View Dependent Claims (62)
- - 62. A method as claimed in claim 61, in which when the compression percentage is above a predetermined percentage defined in the user profile, an alert is generated.

67. A system for non-intrusive analysis of email communications in an organisation'"'"'s computer network, the computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and a telecommunications network connecting the mail server and the remote employee computers and there is additionally provided:
- (a) a network memory having user profiles relating to each employee stored thereon;
  
  (b) an interceptor for intercepting an email communication in the organisation'"'"'s computer network;
  
  (c) means to copy the header information and the attachment information of an intercepted email communication before allowing the email communication proceed to its desired destination;
  
  (d) memory for storage of the header and attachment information;
  
  (e) means to retrieve the user profile relevant to the intercepted email communication from network memory;
  
  (f) an email analyser for analysing the header and attachment information in accordance with the user profile; and
  
  (g) means to generate a report based on the analysis of the intercepted email communications header and possible attachment information.
- View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
- - 68. A system as claimed in claim 67, in which there is provided means to allocate a user profile to an organisation employee.
  - 69. A system as claimed in claim 68, in which there is provided means to update a user profile of an organisation employee.
  - 70. A system as claimed in claim 68, in which the means to generate a report based on the analysis of the intercepted email communications header and possible attachment information further comprises means to generate an alert on certain predetermined conditions being met.
  - 71. A system as claimed in claim 68, in which each user profile has a list of acceptable email communication partners for the specific user.
  - 72. A system as claimed in claim 68, in which the computer network comprises a plurality of mail servers distributed over the organisation'"'"'s computer network, each mail server having a plurality of remote employee computers connected thereto by way of a telecommunications network;
    - the system further comprises means to nominate one of the mail servers as a master server and the remaining mail server computers as slave servers, each of the slave mail server computers having transmitters to transmit reports to the master mail server and the master mail server computer having a receiver for receiving the reports and a processor for processing the received reports.
  - 73. A system as claimed in claim 68 in which one or more of the mail server computers are in remote jurisdictional locations.
  - 74. A system as claimed in claim 68, in which there is provided means to calculate the compression percentage of an email communication attachment.
  - 75. A system as claimed in claim 67, in which there is provided means to update a user profile of an organisation employee.
  - 76. A system as claimed in claim 67, in which the means to generate a report based on the analysis of the intercepted email communications header and possible attachment information further comprises means to generate an alert on certain predetermined conditions being met.
  - 77. A system as claimed in claim 67, in which each user profile has a list of acceptable email communication partners for the specific user.
  - 78. A system as claimed in claim 67, in which the computer network comprises a plurality of mail servers distributed over the organisation'"'"'s computer network, each mail server having a plurality of remote employee computers connected thereto by way of a telecommunications network, the system further comprises means to nominate one of the mail servers as a master server and the remaining mail server computers as slave servers, each of the slave mail server computers having transmitters to transmit reports to the master mail server and the master mail server computer having a receiver for receiving the reports and a processor for processing the received reports.
  - 79. A system as claimed in claim 67, in which one or more of the mail server computers are in remote jurisdictional locations.
  - 80. A system as claimed in claim 67, in which there is provided means to calculate the compression percentage of an email communication attachment.
  - 81. A system as claimed in claim 76, in which each user profile has a list of acceptable email communication partners for the specific user.
  - 82. A system as claimed in claim 76, in which the computer network comprises a plurality of mail servers distributed over the organisation'"'"'s computer network, each mail server having a plurality of remote employee computers connected thereto by way of a telecommunications network, the system further comprises means to nominate one of the mail servers as a master server and the remaining mail server computers as slave servers, each of the slave mail server computers having transmitters to transmit reports to the master mail server and the master mail server computer having a receiver for receiving the reports and a processor for processing the received reports.
  - 83. A system as claimed in claim 76, in which one or more of the mail server computers are in remote jurisdictional locations.
  - 84. A system as claimed in claim 76, in which there is provided means to calculate the compression percentage of an email communication attachment.

85. A system for non-intrusive analysis of email communications in an organisation'"'"'s computer network, the computer network comprising a plurality of mail server computers, one of the mail server computers being nominated as a master mail server computer and the remainder mail server computers being nominated as slave mail server computers, and a plurality of remote employee computers operable by an organisation employee associated with each mail server computer, and a telecommunications network connecting each mail server computer to its associated remote employee computers, the computer network further comprising network memory having user profiles relating to each employee stored thereon, the system comprising:
- (a) an interceptor for intercepting an email communication in the organisations computer network;
  
  (b) means to copy the header information and the attachment information of an intercepted email communication before allowing the email communication to proceed to its desired destination;
  
  (c) memory for storage of the header and attachment information;
  
  (d) means to retrieve at least one user profile relevant to the intercepted email communication from network memory;
  
  (e) a processor for analysing the header and attachment information in accordance with the user profile;
  
  (f) means to generate a report based on the analysis of the intercepted email communications header and available attachment information;
  
  (g) each of the slave mail servers having a transmitter for transmitting a generated report to the master mail server; and
  
  (h) the master mail server having a receiver for receiving a generated report from each of the slave mail servers for subsequent processing.
- View Dependent Claims (86, 87)
- - 86. A system as claimed in claim 85, in which one or more of the mail server computers are in remote jurisdictional locations.
  - 87. A system as claimed in claim 85, in which there is provided means to calculate the compression percentage of an email communication attachment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mail Morph Limited
Original Assignee
Mail Morph Limited
Inventors
Kennedy, Lorcan Finbar, Nolan, Brendan Paul

Application Number

US10/218,600
Publication Number

US 20030037116A1
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

System and method for the analysis of email traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

91 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for the analysis of email traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

91 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links