INFORMATION PROTECTION USING ZONES
First Claim
1. A method for information protection performed by a computer comprising at least one processor and at least one tangible memory, the computer operating in an information space comprising a plurality of zones of users, devices, and/or domains, wherein each of the plurality of zones is a logical grouping of users, devices, and/or domains, and wherein the method comprises:
- in response to initiation of a transfer of information, determining whether the transfer of information would cause the information to cross a zone boundary between two of the plurality of zones;
when it is determined that the transfer would not cause the information to cross the zone boundary, permitting the transfer;
when it is determined that the transfer would cause the information to cross the zone boundary;
accessing information protection rules;
applying the information protection rules to the transfer to determine whether a policy action is to be performed; and
when it is determined the policy action is to be performed, performing the policy action.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments are directed to an information protection scheme in which devices, users, and domains in an information space may be grouped into zones. When information is transferred across a zone boundary, information protection rules may be applied to determine whether the transfer should be permitted or blocked, and/or whether any other policy actions should be taken (e.g., requiring encryption, prompting the user for confirmation of the intended transfer, or some other action).
-
Citations
20 Claims
-
1. A method for information protection performed by a computer comprising at least one processor and at least one tangible memory, the computer operating in an information space comprising a plurality of zones of users, devices, and/or domains, wherein each of the plurality of zones is a logical grouping of users, devices, and/or domains, and wherein the method comprises:
-
in response to initiation of a transfer of information, determining whether the transfer of information would cause the information to cross a zone boundary between two of the plurality of zones; when it is determined that the transfer would not cause the information to cross the zone boundary, permitting the transfer; when it is determined that the transfer would cause the information to cross the zone boundary; accessing information protection rules; applying the information protection rules to the transfer to determine whether a policy action is to be performed; and when it is determined the policy action is to be performed, performing the policy action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. At least one computer readable medium encoded with instructions that when executed on a computer comprising at least one processor and at least one tangible memory, perform a method in an information space comprising a plurality of zones of users, device, and/or domains, wherein each of the plurality of zones is a logical grouping of users, devices, and/or domains, wherein the computer is grouped into one of the plurality of zones, the method comprising:
-
creating a document at the computer; automatically determining a first classification for the document; embedding information identifying the determined first classification into the document; receiving user input identifying a second classification for the document; in response to the user input, overriding the first classification with the second classification by removing the information identifying the first classification from the document and embedding information identifying the second classification into the document. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer in a computer system comprising:
-
at least one tangible memory; and at least one hardware processor that executes processor-executable instructions to; in response to user input of first information that groups users, devices, and/or domains into logical zones, storing the first information in the at least one tangible memory; and in response to user input of second information specifying information protection rules to be applied in response to initiation of a transfer of information that would cause the information to cross a boundary between logical zones, storing the second information in the at least one tangible memory.
-
Specification