CONFIDENTIAL CONTENT REPORTING SYSTEM AND METHOD WITH ELECTRONIC MAIL VERIFICATION FUNCTIONALITY

US 20070261099A1
Filed: 05/02/2006
Published: 11/08/2007
Est. Priority Date: 05/02/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method, in a data processing system, of reporting items of information containing confidential information, comprising:

identifying at least one item of information containing confidential information based on one or more security search rules setting forth one or more security criteria for identifying items of information that contain confidential information;

analyzing the at least one item of information to determine if the at least one item of information meets security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining items of information that contain confidential information in a confidential state;

identifying one or more security policy violations based on results of the analysis if the results indicate that the at least one item of information does not meet security policy compliance requirements; and

providing an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and one or more security policy violations associated with the item of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A confidential content reporting system and method with electronic mail verification functionality are provided. With the system and method, a security compliance search engine is provided for searching items of information to identify items containing confidential content and security violations with regard to this confidential content. Results of the search may be reported to a user via a graphical user interface (GUI) that identifies the item of information, the security violations detected, and suggested corrective actions, such as encryption. A user may interact with the GUI to apply security mechanisms in accordance with the suggested corrective actions. Moreover, the searching and reporting mechanism may be used to search electronic mail messages and their attachments prior to distribution of the electronic mail messages. Automatic modification of the electronic mail message to modify distribution lists and/or content of the electronic mail message may be performed using the mechanisms of the illustrative embodiments.

Citations

20 Claims

1. A method, in a data processing system, of reporting items of information containing confidential information, comprising:
- identifying at least one item of information containing confidential information based on one or more security search rules setting forth one or more security criteria for identifying items of information that contain confidential information;
  
  analyzing the at least one item of information to determine if the at least one item of information meets security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining items of information that contain confidential information in a confidential state;
  
  identifying one or more security policy violations based on results of the analysis if the results indicate that the at least one item of information does not meet security policy compliance requirements; and
  
  providing an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and one or more security policy violations associated with the item of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the output further includes an identifier of one or more suggested corrective actions for correcting the one or more security policy violations.
  - 3. The method of claim 1, wherein providing an output comprising providing a graphical user interface, and wherein the graphical user interface includes one or more graphical user interface elements associated with the one or more suggested corrective actions, the one or more graphical user interface elements being selectable by a user to perform the one or more associated corrective actions.
  - 4. The method of claim 3, further comprising:
    - receiving first user input that selects an item of information from the at least one item of information;
      
      receiving second user input that selects one of the one or more suggested corrective actions associated with the selected item of information; and
      
      automatically applying one or more operations associated with the selected suggested corrective action to the selected item of information in response to the first and second user inputs.
  - 5. The method of claim 4, further comprising:
    - providing a secondary graphical user interface element, in response to the second user input, identifying one or more security attributes to be utilized by operations associated with the selected suggested corrective action; and
      
      receiving third user input that selects one of the one or more security attributes.
  - 6. The method of claim 5, wherein the one or more security attributes include a particular organizational level for which the selected item of information is to be accessible.
  - 7. The method of claim 5, further comprising:
    - retrieving a pre-established security setting associated with the selected security attribute; and
      
      providing the pre-established security setting to the one or more operations associated with the selected suggestive corrective action.
  - 8. The method of claim 7, wherein the pre-established security setting is an encryption key.
  - 9. The method of claim 1, further comprising:
    - automatically identifying one or more corrective actions to correct the one or more security policy violations; and
      
      automatically applying the identified one or more corrective actions to the at least one item of information to bring the at least one item of information into compliance with security policies.
  - 10. The method of claim 9, wherein the at least one item of information is an electronic mail message, and wherein the one or more corrective actions include at least one of automatically modifying a distribution list for the electronic mail message to not include unauthorized individuals that may pose a security risk, automatically encrypting the electronic mail message, or automatically encrypting an attachment to the electronic mail message.

11. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- identify at least one item of information containing confidential information based on one or more security search rules setting forth one or more security criteria for identifying items of information that contain confidential information;
  
  analyze the at least one item of information to determine if the at least one item of information meets security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining items of information that contain confidential information in a confidential state;
  
  identify one or more security policy violations based on results of the analysis if the results indicate that the at least one item of information does not meet security policy compliance requirements; and
  
  provide an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and one or more security policy violations associated with the item of information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer program product of claim 11, wherein the output further includes an identifier of one or more suggested corrective actions for correcting the one or more security policy violations.
  - 13. The computer program product of claim 11, wherein the computer readable program causes the computing device to provide an output by providing a graphical user interface, and wherein the graphical user interface includes one or more graphical user interface elements associated with the one or more suggested corrective actions, the one or more graphical user interface elements being selectable by a user to perform the one or more associated corrective actions.
  - 14. The computer program product of claim 13, wherein the computer readable program further causes the computing device to:
    - receive first user input that selects an item of information from the at least one item of information;
      
      receive second user input that selects one of the one or more suggested corrective actions associated with the selected item of information; and
      
      automatically apply one or more operations associated with the selected suggested corrective action to the selected item of information in response to the first and second user inputs.
  - 15. The computer program product of claim 14, wherein the computer readable program further causes the computing device to:
    - provide a secondary graphical user interface element, in response to the second user input, identifying one or more security attributes to be utilized by operations associated with the selected suggested corrective action; and
      
      receive third user input that selects one of the one or more security attributes.
  - 16. The computer program product of claim 15, wherein the one or more security attributes include a particular organizational level for which the selected item of information is to be accessible.
  - 17. The computer program product of claim 15, wherein the computer readable program further causes the computing device to:
    - retrieve a pre-established security setting associated with the selected security attribute; and
      
      provide the pre-established security setting to the one or more operations associated with the selected suggestive corrective action.
  - 18. The computer program product of claim 11, wherein the computer readable program further causes the computing device to:
    - automatically identify one or more corrective actions to correct the one or more security policy violations; and
      
      automatically apply the identified one or more corrective actions to the at least one item of information to bring the at least one item of information into compliance with security policies.

19. The computer program product of claim 19, wherein the at least one item of information is an electronic mail message, and wherein the one or more corrective actions include at least one of automatically modifying a distribution list for the electronic mail message to not include unauthorized individuals that may pose a security risk, automatically encrypting the electronic mail message, or automatically encrypting an attachment to the electronic mail message.

20. A system for reporting items of information containing confidential information, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory contains instructions which, when executed by the processor, cause the processor to;
  
  identify at least one item of information containing confidential information based on one or more security search rules setting forth one or more security criteria for identifying items of information that contain confidential information;
  
  analyze the at least one item of information to determine if the at least one item of information meets security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining items of information that contain confidential information in a confidential state;
  
  identify one or more security policy violations based on results of the analysis if the results indicate that the at least one item of information does not meet security policy compliance requirements; and
  
  provide an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and one or more security policy violations associated with the item of information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Broussard, Scott, Wrobel, Anthony, Spring, Eduardo, Kwong, Tony

Application Number

US11/381,151
Publication Number

US 20070261099A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/102 Entity profiles

CONFIDENTIAL CONTENT REPORTING SYSTEM AND METHOD WITH ELECTRONIC MAIL VERIFICATION FUNCTIONALITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONFIDENTIAL CONTENT REPORTING SYSTEM AND METHOD WITH ELECTRONIC MAIL VERIFICATION FUNCTIONALITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links