Preventing conflicts of interests between two or more groups using applications
First Claim
Patent Images
1. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program;
providing a second user, at a second device, in the second group of the organization;
storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device;
loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising;
a first condition comprising a time period starting at T1 and ending at T2 during which sending of a message from the first user to the second user is to be prevented;
a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and
a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
T3) is greater than a value Z;
upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server;
upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server;
in the first operation at the first device, attempting to send a message from the first user to the second user;
in the second operation at the first device, the first user attempting to open a document managed by the information management system;
after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the message from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2;
after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing opening of the document of the second operation; and
after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values.
2 Assignments
0 Petitions
Accused Products
Abstract
To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.
-
Citations
20 Claims
-
1. A method of managing information comprising:
-
providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization; providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program; providing a second user, at a second device, in the second group of the organization; storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device; loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising; a first condition comprising a time period starting at T1 and ending at T2 during which sending of a message from the first user to the second user is to be prevented; a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
T3) is greater than a value Z;upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server; upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server; in the first operation at the first device, attempting to send a message from the first user to the second user; in the second operation at the first device, the first user attempting to open a document managed by the information management system; after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the message from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2; after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing opening of the document of the second operation; and after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of managing information comprising:
-
providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization; providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program; providing a second user, at a second device, in the second group of the organization; storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device; loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising; a first condition comprising a time period starting at T1 and ending at T2 during which sending of an e-mail from the first user to the second user is to be prevented; a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
T3) is greater than a value Z;upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server; upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server; in the first operation at the first device, attempting to send an e-mail from the first user to the second user; in the second operation at the first device, the first user attempting to open a document managed by the information management system; after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the e-mail from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2; after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing the opening of the document of the second operation; and after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing the opening of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of managing information comprising:
-
providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization; providing a first user, at a first device, in the first group of the organization, wherein the first device comprises a first application program and a second application program; providing a second user, at a second device, in the second group of the organization; storing a first stored rule and a second stored rule of the one or more rules received from the policy server at the first device; loading a policy enforcer program into a memory of the first device, where the policy enforcer program executes at the first device and evaluates the first and second stored rules, wherein the policy enforcer program prevents a first operation requested by the first user of the first application program or a second operation of the second application program based on conditions of the rules comprising; a first condition comprising a time period starting at T1 and ending at T2 during which sending of a communication from the first user to the second user is to be prevented; a second condition comprising when the first user has attempted to access a unit of information of the information management system more than X times in a Y rolling time period; and a third condition comprising when the first user has connected to the system from a first location E at a first time T3, and the first user has connected to the system from a second location F at a second time T4, and a distance between the first location E and the second location F divided by (T4−
T3) is greater than a value Z;upon a request for a first operation by the first user of the first application program, evaluating the first stored rule without seeking an approval from the policy server; upon a request for a second operation by the first user of the second application program, evaluating the second stored rule without seeking an approval from the policy server; in the first operation at the first device, attempting to send a communication from the first user to the second user; in the second operation at the first device, the first user attempting to view a document managed by the information management system; after the first operation is attempted, using the policy enforcer program to evaluate the first stored rule at the first device, and determining the first condition has occurred and preventing the communication from the first user to the second user when a time T5 of the first operation is greater than T1 and less than T2; after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the second condition has occurred and preventing viewing of the document of the second operation; and after the second operation is attempted, using the policy enforcer program to evaluate the second stored rule at the first device, and determining the third condition has occurred and preventing viewing of the document of the second operation when the distance between the first location E and the second location F divided by (T4−
T3) is greater than Z, wherein T1, T2, T3, T4, and T5 are time values. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification