Analyzing Activity Data of an Information Management System

US 20070179987A1
Filed: 12/22/2006
Published: 08/02/2007
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of operating an information management system comprising:

providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;

collecting usage information on operations performed by users using the plurality of devices; and

analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an information management system, activity data is collected and analyzed for patterns. The information management system may be policy based. Activity data may be organized as entries including information on user, application, machine, action, object or document, time, and location. When checking for patterns in the activity or historical data, techniques may include inferencing, frequency checking, location and distance checking, and relationship checking, and any combination of these. Analyzing the activity data may include comparing like types or categories of information for two or more entries.

169 Citations

View as Search Results

58 Claims

1. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  collecting usage information on operations performed by users using the plurality of devices; and
  
  analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1 wherein access comprises at least one of opening a file, editing a file, opening an e-mail, sending an e-mail, forwarding an e-mail, editing formulas in a spreadsheet, attaching a document to an e-mail, printing at least a portion of a document, or cut and paste.
  - 3. The method of claim 1 wherein when Y is given seconds, Z is at least 2 or greater.
  - 4. The method of claim 1 wherein Z is equal to a value Z1 when a first user accesses the specific document and Z is equal to a value Z2 when a second user accesses the specific document, where Z1 is greater than Z2.
  - 5. The method of claim 4 wherein Z1 may be any number greater than 0, and Z2 may be any number greater than or equal to 0.
  - 6. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is from a first location and Z is equal to a value Z2 when the access of the specific document is from a second location, different from the first location, where Z1 is greater than Z2.
  - 7. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is a first type of access and Z is equal to a value Z2 when the access of the specific document is a second type of access, where Z1 is greater than Z2.
  - 8. The method of claim 1 wherein Z is equal to a value Z1 when the specific document is stored at a first location and Z is equal to a value Z2 when the specific document is stored at a second location, where Z1 is greater than Z2.
  - 9. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is during a first time of day and Z is equal to a value Z2 when the access of the specific document is during a second time of day, where Z1 is greater than Z2.
  - 10. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is during a first time period and Z is equal to a value Z2 when the access of the specific document is during a second time period, where Z1 is greater than Z2.
  - 11. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is via first application program and Z is equal to a value Z2 when the access of the specific document is via a second application program, where Z1 is greater than Z2.
  - 12. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is via a first action within an application program and Z is equal to a value Z2 when the access of the specific document is via a second action within the application program, where Z1 is greater than Z2.
  - 13. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is via a first action within a first application program and Z is equal to a value Z2 when the access of the specific document is via the first action within a second application program, where Z1 is greater than Z2.
  - 14. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is via a first device type and Z is equal to a value Z2 when the access of the specific document is via a second device type, where Z1 is greater than Z2.
  - 15. The method of claim 1 wherein Z is equal to a value Z1 when the access of the specific document is via a first connectivity type and Z is equal to a value Z2 when the access of the specific document is via a second connectivity type, where Z1 is greater than Z2.
  - 16. The method of claim 1 wherein when the access of the specific document is at a time T1, if T1 is during a time period from a time T2 to a critical event time K, Z will equal a value Z1, but when T1 is not during the time period, Z will equal a value Z2, where Z1 and Z2 are different.
  - 17. The method of claim 1 wherein the analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z is replaced by analyzing the usage information to detect when a user has connected to the system from a first location L1 via a first device at a first time T1 and the user has connected to the system from a second location L2 via a second device at second time T2 and a distance between L1 and L2 divided by |T2−
    - T1| is greater than a value Z.
  - 18. The method of claim 17 wherein when L1 and L2 are given in miles and times are given in seconds, then Z is ⅙
    - or less.
  - 19. The method of claim 17 wherein when L1 and L2 are given in miles and times are given in seconds, then Z is ⅓
    - or less.
  - 20. The method of claim 17 wherein the first location L1 is derived from an IP address of the first device and the second location L2 is derived from an IP address of the second device.
  - 21. The method of claim 17 wherein the first location L1 is derived from an IP address of a connection point where the first device connects to the system and the second location L2 is derived from an IP address of a connection point where the second device connects to the system.
  - 22. The method of claim 17 wherein the first location L1 is derived from a host name of a connection point where the first device connects to the system and the second location L2 is derived from a host name of a connection point where the second device connects to the system.
  - 23. The method of claim 17 wherein the analyzing the usage information comprises:
    - using a database to calculate the distance between L1 and L2, wherein the database comprises latitude and longitude information.
  - 24. The method of claim 17 wherein the analyzing the usage information comprises:
    - consulting a database to find a distance between L1 and L2.

25. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  collecting usage information on operations performed by users using the plurality of devices; and
  
  analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z.

26. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system;
  
  collecting usage information comprising application program operations which occur at the plurality of devices; and
  
  analyzing the usage information to detect when an application program operation is performed more than X times during a Y time period, where X divided by Y is a value Z.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26 wherein the application program operation comprises at least one of opening a file, deleting a file, changing a file'"'"'s security attributes, printing at least a portion of a document, opening an e-mail, sending an e-mail, forwarding an e-mail, attaching a document to an e-mail, editing a cell on a spreadsheet, cutting and pasting application data, requesting a report on an financial application, opening an order on an enterprise resource planning application, updating an order on an enterprise resource planning application, or creating a quote on a customer relationship management application
  - 28. The method of claim 26 wherein Z is equal to a value Z1 when the application program operation is performed at a first location, and Z is equal to a value Z2 when the application program operation is performed at a second location, different from the first location, where Z1 is greater than Z2.
  - 29. The method of claim 26 wherein Z is equal to a value Z1 when the application program operation is performed during a first time of day, and Z is equal to a value Z2 when the application program operation is performed during a second time of day, where Z1 is greater than Z2.
  - 30. The method of claim 26 wherein Z is equal to a value Z1 when the application program operation is performed during a first time period, and Z is equal to a value Z2 when the application program operation is performed during a second time period, where Z1 is greater than Z2.
  - 31. The method of claim 26 wherein Z is equal to a value Z1 when the application program operation is performed on a first device of a first device type, and Z is equal to a value Z2 when the application program operation is performed on a second device of a second device type, where Z1 is greater than Z2.

32. A method of operating an information management system comprising:
- providing a plurality of rules to manage information of the information management system, wherein a first rule comprises a condition between a first entity and a second entity;
  
  providing activity data associated with the first and second entities;
  
  inspecting at least the first rule to extract the condition between the first and second entities;
  
  analyzing the activity data to derive a relationship between the first and second entities; and
  
  detecting a potential satisfaction of the condition because of the relationship.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
- - 33. The method of claim 32 wherein the condition comprises that the first entity is not permitted to send a document to the second entity.
  - 34. The method of claim 33 wherein the relationship comprises the first entity sending a document to a third entity, and the third entity sending the document to the second entity.
  - 35. The method of claim 32 wherein the activity data comprises at least one of e-mail transactions, instant messaging transactions, voice over Internet protocol transactions, or session initiation protocol transactions.
  - 36. The method of claim 32 wherein the first entity is a first document and the second entity is a second document.
  - 37. The method of claim 32 wherein the first entity is a first user and the second entity is a second user.
  - 38. The method of claim 32 wherein the first entity is a first device and the second entity is a second device.
  - 39. The method of claim 32 wherein the first entity is a first application program and the second entity is a second application program.
  - 40. The method of claim 32 wherein the inspecting at least the first rule to extract the condition between the first and second entities comprises inspecting a plurality of rules.

41. A method of operating an information management system comprising:
- providing a first rule comprising a condition between a first entity and a second entity;
  
  providing activity data associated with the first and second entities;
  
  inspecting at least the first rule to extract the condition between the first and second entities;
  
  analyzing the activity data to derive a relationship between the first and second entities; and
  
  detecting a potential satisfaction of the condition because of the relationship.

42. A method of operating an information management system comprising:
- providing a plurality of rules to manage information of the information management system, wherein a first rule comprises a condition between a first action and a second action;
  
  providing activity data associated with the first and second actions;
  
  inspecting at least the first rule to extract the condition between the first and second actions;
  
  analyzing the activity data to derive a relationship between the first and second actions; and
  
  detecting a potential satisfaction of the condition because of the relationship.

43. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  providing a plurality of rules to manage information of the system;
  
  collecting usage information comprising denials of access to information by users using the plurality of devices; and
  
  analyzing the usage information to detect when a user has been denied access to information by a rule more than X times during a Y time period, where X divided by Y is a value Z.
- View Dependent Claims (44, 45, 46)
- - 44. The method of claim 43 wherein the analyzing the usage information to detect when a user has been denied access to information by a rule more than X times during a Y time period, where X divided by Y is a value Z is replaced by analyzing the usage information to detect when a user has been denied access to information by any rule more than X times during a Y time period, where X divided by Y is a value Z.
  - 45. The method of claim 43 wherein the analyzing the usage information to detect when a user has been denied access to information by a rule more than X times during a Y time period, where X divided by Y is a value Z is replaced by analyzing the usage information to detect when a user has been denied access to information by a set of rules more than X times during a Y time period, where X divided by Y is a value Z.
  - 46. The method of claim 43 wherein the analyzing the usage information to detect when a user has been denied access to information by a rule more than X times during a Y time period, where X divided by Y is a value Z is replaced by analyzing the usage information to detect when a user has been denied access to information by a rule more than X times.

47. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  providing a plurality of rules to manage information of the system;
  
  collecting usage information comprising denials of access to information by users using the plurality of devices; and
  
  analyzing the usage information to detect when a user has been denied access to information by a first rule and the user has been denied access to information by a second rule, wherein the first and second rules are different.

48. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  providing a plurality of rules to manage information of the system;
  
  collecting usage information comprising outcomes of applying rules to access of information by users using the plurality of devices; and
  
  analyzing the usage information to detect when a user has a first outcome of a first rule when accessing information and the user has a second outcome of a second rule when accessing information, wherein the first and second rules are different.
- View Dependent Claims (49, 50, 51)
- - 49. The method of claim 48 wherein the first outcome is a satisfaction of the first rule and the second outcome is a satisfaction of the second rule.
  - 50. The method of claim 48 wherein the first outcome is a violation of the first rule and the second outcome is a violation of the second rule.
  - 51. The method of claim 48 wherein the first outcome is a satisfaction of the first rule and the second outcome is a violation of the second rule.

52. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  collecting usage information on operations performed by users using the plurality of devices, wherein the usage information comprises a first entry having a first parameter and a second parameter, and a second entry having a first parameter and a second parameter; and
  
  analyzing the usage information to detect a condition based on an inspection of at least one of the first parameter of the first entry to the first parameter of the second entry, or the second parameter of the first entry to the second parameter of the second entry.
- View Dependent Claims (53, 54, 55, 56)
- - 53. The method of claim 52 wherein the first parameter comprises at least one of a user name, application, machine, action, object, document, time, rule effect, connectivity, or location.
  - 54. The method of claim 52 wherein the condition is detected when at least one of the first parameter of the first entry is equal to the first parameter of the second entry, or the second parameter of the first entry is equal to the second parameter of the second entry.
  - 55. The method of claim 52 wherein the first parameter represents a time, and the condition is detected when the first parameter of the first entry and the first parameter of the second entry are both within a time period.
  - 56. The method of claim 52 wherein the first parameter represents a time, and the condition is detected when the first parameter of the first entry and the first parameter of the second entry are within a time period of each other.

57. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
  
  collecting usage information on operations performed by users using the plurality of devices, wherein the usage information comprises a plurality of entries, each having a first parameter and a second parameter; and
  
  analyzing the usage information to detect entries matching at least one condition based on an inspection of at least one of the first parameter or the second parameter of each entry.
- View Dependent Claims (58)
- - 58. The method of claim 57 wherein the analyzing the usage information to detect entries matching at least one condition based on an inspection of at least one of the first parameter or the second parameter of each entry is replaced by analyzing the usage information to detect entries matching a first condition and a second condition, based on an inspection of at least one of the first parameter or the second parameter of each entry, wherein the first and second conditions are different.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Blue Jungle
Inventors
Lim, Keng

Granted Patent

US 8,849,858 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3438   monitoring of user actions ...

G06F 16/122   using management policies b...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 9/468   Specific access rights for ...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Analyzing Activity Data of an Information Management System

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

169 Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Analyzing Activity Data of an Information Management System

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links