Analyzing Activity Data of an Information Management System
First Claim
1. A method of operating an information management system comprising:
- providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
collecting usage information on operations performed by users using the plurality of devices; and
analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z.
3 Assignments
0 Petitions
Accused Products
Abstract
In an information management system, activity data is collected and analyzed for patterns. The information management system may be policy based. Activity data may be organized as entries including information on user, application, machine, action, object or document, time, and location. When checking for patterns in the activity or historical data, techniques may include inferencing, frequency checking, location and distance checking, and relationship checking, and any combination of these. Analyzing the activity data may include comparing like types or categories of information for two or more entries.
169 Citations
58 Claims
-
1. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
collecting usage information on operations performed by users using the plurality of devices; and
analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
collecting usage information on operations performed by users using the plurality of devices; and
analyzing the usage information to detect when a user has attempted to access a specific document of the information management system more than X times during a Y time period, where X divided by Y is a value Z.
-
-
26. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system;
collecting usage information comprising application program operations which occur at the plurality of devices; and
analyzing the usage information to detect when an application program operation is performed more than X times during a Y time period, where X divided by Y is a value Z. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A method of operating an information management system comprising:
-
providing a plurality of rules to manage information of the information management system, wherein a first rule comprises a condition between a first entity and a second entity;
providing activity data associated with the first and second entities;
inspecting at least the first rule to extract the condition between the first and second entities;
analyzing the activity data to derive a relationship between the first and second entities; and
detecting a potential satisfaction of the condition because of the relationship. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method of operating an information management system comprising:
-
providing a first rule comprising a condition between a first entity and a second entity;
providing activity data associated with the first and second entities;
inspecting at least the first rule to extract the condition between the first and second entities;
analyzing the activity data to derive a relationship between the first and second entities; and
detecting a potential satisfaction of the condition because of the relationship.
-
-
42. A method of operating an information management system comprising:
-
providing a plurality of rules to manage information of the information management system, wherein a first rule comprises a condition between a first action and a second action;
providing activity data associated with the first and second actions;
inspecting at least the first rule to extract the condition between the first and second actions;
analyzing the activity data to derive a relationship between the first and second actions; and
detecting a potential satisfaction of the condition because of the relationship.
-
-
43. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
providing a plurality of rules to manage information of the system;
collecting usage information comprising denials of access to information by users using the plurality of devices; and
analyzing the usage information to detect when a user has been denied access to information by a rule more than X times during a Y time period, where X divided by Y is a value Z. - View Dependent Claims (44, 45, 46)
-
-
47. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
providing a plurality of rules to manage information of the system;
collecting usage information comprising denials of access to information by users using the plurality of devices; and
analyzing the usage information to detect when a user has been denied access to information by a first rule and the user has been denied access to information by a second rule, wherein the first and second rules are different.
-
-
48. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
providing a plurality of rules to manage information of the system;
collecting usage information comprising outcomes of applying rules to access of information by users using the plurality of devices; and
analyzing the usage information to detect when a user has a first outcome of a first rule when accessing information and the user has a second outcome of a second rule when accessing information, wherein the first and second rules are different. - View Dependent Claims (49, 50, 51)
-
-
52. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
collecting usage information on operations performed by users using the plurality of devices, wherein the usage information comprises a first entry having a first parameter and a second parameter, and a second entry having a first parameter and a second parameter; and
analyzing the usage information to detect a condition based on an inspection of at least one of the first parameter of the first entry to the first parameter of the second entry, or the second parameter of the first entry to the second parameter of the second entry. - View Dependent Claims (53, 54, 55, 56)
-
-
57. A method of operating an information management system comprising:
-
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices;
collecting usage information on operations performed by users using the plurality of devices, wherein the usage information comprises a plurality of entries, each having a first parameter and a second parameter; and
analyzing the usage information to detect entries matching at least one condition based on an inspection of at least one of the first parameter or the second parameter of each entry. - View Dependent Claims (58)
-
Specification