Preventing conflicts of interests between two or more groups using applications

US 7,877,409 B2
Filed: 10/30/2007
Issued: 01/25/2011
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information comprising:

providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;

providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program;

providing a second user, at a second device, in the second group of the organization;

storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device;

loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising;

a first condition comprising a time period starting at T1 and ending at T2 during which sending of a message from the first user to the second user is to be prevented;

a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and

a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−

T3) is greater than a value Z;

upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server;

upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server;

in the first operation at the first device, attempting to send a message from the first user to the second user;

in the second operation at the first device, the first user attempting to open a document managed by the information management system;

after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the message from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2;

after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing opening of the document of the second operation; and

after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−

T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.

101 Citations

View as Search Results

20 Claims

1. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program;
  
  providing a second user, at a second device, in the second group of the organization;
  
  storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device;
  
  loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising;
  
  a first condition comprising a time period starting at T1 and ending at T2 during which sending of a message from the first user to the second user is to be prevented;
  
  a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and
  
  a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than a value Z;
  
  upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server;
  
  upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server;
  
  in the first operation at the first device, attempting to send a message from the first user to the second user;
  
  in the second operation at the first device, the first user attempting to open a document managed by the information management system;
  
  after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the message from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2;
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing opening of the document of the second operation; and
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the first application comprises an instant messenger program.
  - 3. The method of claim 1 wherein the second application comprises a document viewing application.
  - 4. The method of claim 1 wherein the policy enforcer program is loaded into the memory of the first device before the second application is loaded into the memory of the first device.
  - 5. The method of claim 1 wherein the message comprises an e-mail.

6. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program;
  
  providing a second user, at a second device, in the second group of the organization;
  
  storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device;
  
  loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising;
  
  a first condition comprising a time period starting at T1 and ending at T2 during which sending of an e-mail from the first user to the second user is to be prevented;
  
  a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and
  
  a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than a value Z;
  
  upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server;
  
  upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server;
  
  in the first operation at the first device, attempting to send an e-mail from the first user to the second user;
  
  in the second operation at the first device, the first user attempting to open a document managed by the information management system;
  
  after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the e-mail from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2;
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing the opening of the document of the second operation; and
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing the opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein the first application comprises a Web-based e-mail program.
  - 8. The method of claim 6 wherein the second application comprises a word processing program.
  - 9. The method of claim 6 comprising after the first operation is attempted at a time T6, greater than T2, using the policy enforcer program to evaluate the first stored rule at the first device, and allowing the e-mail from the first user to the second user.
  - 10. The method of claim 9 comprising encrypting the e-mail before sending the e-mail to the second user.

11. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program;
  
  providing a second user, at a second device, in the second group of the organization;
  
  storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device;
  
  loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising;
  
  a first condition comprising a time period starting at T1 and ending at T2 during which sending of a communication from the first user to the second user is to be prevented;
  
  a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and
  
  a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than a value Z;
  
  upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server;
  
  upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server;
  
  in the first operation at the first device, attempting to send a communication from the first user to the second user;
  
  in the second operation at the first device, the first user attempting to view a document managed by the information management system;
  
  after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the communication from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2;
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing viewing of the document of the second operation; and
  
  after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing viewing of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
  
  T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 wherein the first application comprises a text messaging program.
  - 13. The method of claim 11 wherein the first application comprises an e-mail program.
  - 14. The method of claim 11 comprising:
    - after the first operation is attempted at a time T6, which is greater than T2, using the policy enforcer program to evaluate the first stored rule at the first device, and allowing the communication from the first user to the second user.
  - 15. The method of claim 14 comprising encrypting the communication before sending the communication to the second user.
  - 16. The method of claim 11 wherein the second application comprises a document viewing application.
  - 17. The method of claim 11 comprising:
    - when the second condition has occurred, not permitting completion of the first operation of the communication to the second user.
  - 18. The method of claim 11 comprising:
    - when the third condition has occurred, not permitting completion of the first operation of the communication to the second user.
  - 19. The method of claim 11 wherein T1 and T2 are time values within the same day.
  - 20. The method of claim 11 wherein T1 is on a first calendar date and T2 is on a second calendar date, subsequent to the first calendar date.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng
Primary Examiner(s)
Ali; Mohammad
Assistant Examiner(s)
Smith; Brannon W

Application Number

US11/928,794
Publication Number

US 20080091682A1
Time in Patent Office

1,183 Days
Field of Search

707/781, 707/922, 707/999.009, 709/229
US Class Current

707/781
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 16/122   using management policies b...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 16/958   Organisation or management ...

G06F 21/125   by manipulating the program...

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2216/03   Data mining

G06F 2221/032   Protect output to user by s...

G06F 3/0601   Interfaces specially adapte...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 51/234   for tracking messages

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/20 : for managing network securi...

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

H04L 67/60 : Scheduling or organising th...

Y10S 707/922 : Communications

View All

Preventing conflicts of interests between two or more groups using applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing conflicts of interests between two or more groups using applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links