Information management system

US 7,945,519 B2
Filed: 12/17/2007
Issued: 05/17/2011
Est. Priority Date: 11/08/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An information management system comprising:

a plurality of client workstations connected to a computer network, each workstation having a memory;

a data repository arranged to receive data from each of said client workstations;

an application stored in said memory of each workstation for transmitting outbound data to said computer network and receiving inbound data from said computer network;

policy data defining rules for the recording of data that may comprise part of a commercial transaction conducted between a client workstation and a third party across said computer network;

an analyzer, said analyzer analyzing, in conjunction with said policy data, at least one of said outbound data and said inbound data, identifying the existence of a commercial transaction occurring between a client workstation and a third party by analyzing said outbound or said inbound data, and causing transaction data that is all or part of said outbound data or said inbound data related to an identified commercial transaction to be stored in said data repository.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information management system is described comprising one or more workstations running applications to allow a user of the workstation to connect to a network, such as the Internet. Each application has an analyzer, which monitors transmission data that the application is about to transmit to the network or about to receive from the network and which determines an appropriate action to take regarding that transmission data. Such actions may be extracting data from the transmission data, such as passwords and usernames, digital certificates or eCommerce transaction details for storage in a database; ensuring that the transmission data is transmitted at an encryption strength appropriate to the contents of the transmission data; determining whether a check needs to be made as to whether a digital certificate received in transmission data is in force, and determining whether a transaction about to be made by a user of one of the workstations needs third party approval before it is made. The analyzer may consult a policy data containing a policy to govern the workstations in order to make its determination. The information management system provides many advantages in the eCommerce environment to on-line trading companies, who may benefit by being able to regulate the transactions made by their staff according to their instructions in a policy data, automatically maintain records of passwords and business conducted on-line, avoid paying for unnecessary checks on the validity of digital certificates and ensure that transmissions of data made by their staff are always protected at an agreed strength of encryption.

Citations

84 Claims

1. An information management system comprising:
- a plurality of client workstations connected to a computer network, each workstation having a memory;
  
  a data repository arranged to receive data from each of said client workstations;
  
  an application stored in said memory of each workstation for transmitting outbound data to said computer network and receiving inbound data from said computer network;
  
  policy data defining rules for the recording of data that may comprise part of a commercial transaction conducted between a client workstation and a third party across said computer network;
  
  an analyzer, said analyzer analyzing, in conjunction with said policy data, at least one of said outbound data and said inbound data, identifying the existence of a commercial transaction occurring between a client workstation and a third party by analyzing said outbound or said inbound data, and causing transaction data that is all or part of said outbound data or said inbound data related to an identified commercial transaction to be stored in said data repository.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 2. The system of claim 1 wherein said analyzer determines whether a secure link has been negotiated between said application and a remote site on said computer network, and identifies the existence of a commercial transaction if said outbound data or said inbound data is transmitted on a secure link.
  - 3. The system of claim 2 wherein said computer network is the Internet, and said rules of said policy data define the addresses of non-eCommerce web sites and/or non-eCommerce e-mail accounts, said analyzer disregarding any commercial transactions that are identified between a client workstation and a non-eCommerce web site and/or e-mail account such that no transaction data related to a commercial transaction made to a non-eCommerce web sites or a non-eCommerce e-mail account is stored in the data repository.
  - 4. The system of claim 1 wherein said analyzer identifies the existence of a commercial transaction by reference to said rules of said policy data, said rules of said policy data defining the addresses of known eCommerce locations.
  - 5. The system of claim 1 wherein said analyzer identifies credit card numbers, and identifies the existence of a commercial transaction by identifying credit card numbers in said outbound data or inbound data.
  - 6. The system of claim 1 wherein said analyzer identifies the existence of a commercial transaction by reference to said rules of said policy data, said rules of said policy data defining one or more of pre-determined digital certificates, account codes, pre-determined keywords, pre-determined names and addresses and embedded codes.
  - 7. The system of claim 1 wherein said analyzer identifies embedded codes in said inbound data, said embedded code having been placed in said inbound data to identify it as transaction data.
  - 8. The system of claim 1 wherein said analyzer identifies electronic receipts, and identifies the existence of a commercial transaction by identifying an electronic receipt in said outbound or inbound data.
  - 9. The system of claim 1 wherein said analyzer records a pre-determined number of subsequent transmissions of said outbound data or said inbound data following an identification of the existence of a commercial transaction by said analyzer, providing that the address or organization to which the subsequent transmissions are sent, or from which they are received, is the same as the address or organization to which the outbound data was sent or from which the inbound data was received and in which the existence of a commercial transaction was identified.
  - 10. The system of claim 9 wherein said analyzer detects one or more indicators of the nature of the commercial transaction, and said rules of said policy data define the number of subsequent transmissions of said outbound data and said inbound data that are to be recorded in said data repository based on the identified nature of the commercial transaction.
  - 11. The system of claim 9 wherein said rules of said policy data define the number of subsequent transmissions of said outbound and said inbound data that are to be stored in said data repository in dependence on the indicator by which the existence of a commercial transaction was identified.
  - 12. The system of claim 1 wherein said analyzer records all subsequent transmissions of said outbound data or said inbound data that occur within a pre-determined amount of time following an identification of the existence of a commercial transaction by said analyzer, providing that the address or organization to which the subsequent transmissions are sent, or from which they are received, is the same as the address or organization to which the outbound data was sent or from which the inbound data was received and in which the existence of a commercial transaction was identified.
  - 13. The system of claim 12 wherein said analyzer, detects one or more indicators of the nature of the commercial transaction, and said rules of said policy data define the amount of time for which all subsequent transmissions of said outbound data and said inbound data are to be recorded in said data repository based on the identified nature of the commercial transaction.
  - 14. The system of claim 12 wherein said rules of said policy data define the amount of time for which subsequent transmissions of said outbound and said inbound data are to be stored in said data repository in dependence on the indicator by which the existence of a commercial transaction was identified.
  - 15. The system of claim 1 wherein said analyzer further identifies the completion of a commercial transaction by analyzing said outbound data or said inbound data, and causes all or part of said outbound data transmitted by said application and all or part of said inbound data received by said application after said analyzer has identified the existence of a commercial transaction and before said analyzer has identified the completion of a commercial transaction to be stored in said data repository.
  - 16. The system of claim 15 wherein said analyzer identifies subsequent related data in said outbound data transmitted by said application and said inbound data received by said application after said analyzer has identified the completion of a commercial transaction, and causes said subsequent related data to be stored in said data repository with said transaction data already identified.
  - 17. The system of claim 16 wherein said analyzer identifies said subsequent related data by identifying common indicators in both said transaction data already identified and said outbound data transmitted by said application and said inbound data received by said application after said analyzer has identified the completion of a commercial transaction, said common indicators being one or more of the address of the location to which said outbound data is transmitted or from which said inbound data is received, part of the data path to the location to which said outbound data is transmitted or from which said inbound data is received, account code or reference numbers.
  - 18. The system of claim 1 wherein said application operates such that a user of said application can indicate said outbound and said inbound data that is related to a commercial transaction, said analyzer identifying said outbound and said inbound data so indicated.
  - 19. The system of claim 1 wherein said application stores all of said outbound data and said inbound data in said memory of said workstation as previous data, irrespective of whether it may or may not be part of a commercial transaction and, said analyzer, if the existence of a commercial transaction is identified, retrieves a pre-determined amount of previous data from said outbound data and said inbound data stored in said memory of said workstation, and causes said previous data to be stored in said data repository with said transaction data.
  - 20. The system of claim 19 wherein said rules of said policy data specify the amount of previous data that is to be retrieved in dependence on the indicator by which the existence of a commercial transaction is identified.
  - 21. The system of claim 19 wherein said computer network is the Internet and said application is a web browser, said web browser storing each web page that is viewed by said web browser in memory as previous data.
  - 22. The system of claim 21 wherein said rules of said policy data specify the number of web pages that are to be retrieved from those previously stored in memory in dependence on the indicator by which the existence of a commercial transaction is identified.
  - 23. The system of claim 1 wherein said application stores all of said outbound data and said inbound data in memory as previous data, irrespective of whether it may or may not be part of a commercial transaction and, said analyzer, if the existence of a commercial transaction is identified, identifies, in said previous data, earlier relevant data that is related to said transaction data already identified, and causes said earlier relevant data to be stored in said data repository with said transaction data.
  - 24. The system of claim 23 wherein said analyzer identifies said earlier relevant data in said previous data, by identifying common indicators in both said transaction data and said outbound data and said inbound data previously stored in said memory of said workstation, said common indicators being one or more of the address of the location to which said outbound data is transmitted or from which said inbound data is received, part of the data path to the location to which said outbound data is transmitted or said inbound data is received, account code or reference number.
  - 25. The system of claim 1 wherein said application stores all of said outbound data and said inbound data in memory as previous data, irrespective of whether it may or may not be part of a commercial transaction, and further operates such that, if said analyzer identifies the existence of a commercial transaction, a user of said application can select earlier relevant data from said previous data, said earlier relevant data selected by the user being stored in said common data repository together with said transaction data.
  - 26. The system of claim 1 wherein said analyzer, once it has identified the existence of a commercial transaction, determines the nature of said commercial transaction by analyzing the content of said outbound and inbound data, and said rules of said policy data define how said transaction data is to be stored in said data repository in dependence on the nature of the commercial transaction determined by said analyzer, said transaction data being stored in said database according to said determination and said rules of said policy data.
  - 27. The system of claim 26 wherein said analyzer determines the nature of the commercial transaction by identifying in said outbound data and said inbound data one or more indicators, said indicators being defined in said rules of said policy data, and being one or more of:
    - the address of the network location to which said data that may be part of a commercial transaction is transmitted or from which it is received;
      
      part of the data path to the network location to which said transaction data is transmitted or from which it is received;
      
      account codes;
      
      reference numbers;
      
      credit card numbers;
      
      digital certificates and pre-determined keywords.
  - 28. The system of claim 1 wherein said analyzer identifies, once the existence of a commercial transaction has been identified, one or more indicators of the nature of said commercial transaction, said transaction data being stored in said data repository such that it is organized by said one or more indicators to form a record.
  - 29. The system of claim 28 wherein said rules of said policy data define said one or more indicators of the nature of a commercial transaction, said indicators being one or more of:
    - the address of the location to which said transaction data is transmitted or from which it is received;
      
      part of the data path to the location to which said transaction data is transmitted or from which it is received;
      
      account codes, reference numbers, credit card numbers, digital certificates and pre-determined keywords.
  - 30. The system of claim 1 wherein said data repository is accessible by one or more of an accounts application, an order processing application or other transaction management application.
  - 31. The system of claim 1 wherein any data transmitted to said data repository is encrypted before it is transmitted to said data repository.
  - 32. The system of claim 1 wherein any data stored in said data repository is encrypted.
  - 33. The system of claim 1 wherein said analyzer is located on each of said one or more workstations.
  - 34. The system of claim 1 wherein said application is a web browser.
  - 35. The system of claim 34 wherein said analyzer is a plug-in module of said web browser.
  - 36. The system of claim 35 wherein said web browser is Microsoft'"'"'s Internet Explorer and said analyzer is a Browser Helper Object.
  - 37. The system of claim 1 wherein said application is an e-mail client.
  - 38. The system of claim 37 wherein said analyzer is a plug-in module of said e-mail client.
  - 39. The system of claim 38 wherein said e-mail client is Microsoft'"'"'s Outlook e-mail client and said analyzer is a Microsoft Exchange client extension.
  - 40. The system of claim 1 wherein said computer network comprises a server, and said analyzer is located at a point on said computer network intermediate to said one or more, work stations and said server, or said analyzer is located at said server.
  - 41. The system of claim 1 wherein said computer network to which said one or more workstations are connected is a public computer network, and wherein said one or more workstations together form a private computer network.
  - 42. The system of claim 1 further comprising a supervisor workstation, said policy data being accessible by said supervisor workstation, such that a user of said supervisor workstation can edit said policy data.

43. A method of managing information comprising the steps of:
- providing a plurality of client workstations connected to a computer network, each workstation having a memory;
  
  providing a data repository arranged to receive data from each of said client workstations;
  
  providing an application stored in said memory of each workstation for transmitting outbound data to said computer network and receiving inbound data from said computer network;
  
  providing policy data defining rules for the recording of data that may comprise part of a commercial transaction conducted between a client workstation and a third party across said computer network; and
  
  analyzing, at least one of said outbound data and said inbound data to identify, with reference to said rules of said policy data, the existence of a commercial transaction occurring between a client workstation and a third party; and
  
  storing transaction data that is all or part of said outbound data or said inbound data related to an identified commercial transaction in said data repository.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
- - 44. The method of claim 43 wherein in said analyzing step the existence of a commercial transaction is identified by determining whether a secure link has been negotiated between said application and a remote site on said computer network, and by determining whether said outbound data or said inbound data is transmitted on that link.
  - 45. The method of claim 44 wherein said computer network is the Internet, and said rules of said policy data define the addresses of non-eCommerce web sites and/or non-eCommerce e-mail accounts, wherein said analyzing step includes disregarding any commercial transactions that are identified between a client workstation and a non-eCommerce web site and/or e-mail account such that no transaction data related to a commercial transaction made to a non-eCommerce web site or a non-eCommerce e-mail account is stored in the data repository.
  - 46. The method of claim 43 wherein said analyzing step includes identifying the existence of a commercial transaction by reference to said rules of said policy data, said rules of said policy data defining the addresses of known eCommerce locations.
  - 47. The method of claim 43 wherein said analyzing step includes identifying credit card numbers, and the existence of a commercial transaction is identified by identifying credit card numbers in said outbound data or inbound data.
  - 48. The method of claim 43 wherein in said analyzing step the existence of a commercial transaction is identified by reference to said rules of said policy data, said rules of said policy data defining one or more of pre-determined digital certificates, account codes, pre-determined keywords, pre-determined names and addresses and embedded codes.
  - 49. The method of claim 43 wherein said analyzing step includes detecting an embedded code in said inbound data, said embedded code having been placed in said inbound data to identify it as transaction data.
  - 50. The method of claim 43 wherein in said analyzing step, the existence of a commercial transaction is identified by identifying an electronic receipt in said outbound or inbound data.
  - 51. The method of claim 43 further comprising the step of recording a pre-determined number of subsequent transmissions of said outbound data or said inbound data following an identification of the existence of a commercial transaction in said analyzing step, providing that the address or organization to which the subsequent transmissions are sent, or from which they are received, is the same as the address or organization to which the outbound data was sent or from which the inbound data was received and in which the existence of a commercial transaction was identified.
  - 52. The method of claim 51 wherein said analyzing step includes detecting one or more indicators of the nature of the commercial transaction, and said rules of said policy data define the number of subsequent transmissions of said outbound data and said inbound data that are to be recorded in said data repository based on the identified nature of the commercial transaction.
  - 53. The method of claim 51 wherein said rules of said policy data define the number of subsequent transmissions of said outbound and said inbound data that are to be stored in said data repository in dependence on the indicator by which the existence of a commercial transaction was identified.
  - 54. The method of claim 43 further comprising the step of recording all subsequent transmissions of said outbound data or said inbound data that occur within a pre-determined amount of time following an identification of the existence of a commercial transaction in said analyzing step, providing that the address or organization to which the subsequent transmissions are sent, or from which they are received, is the same as the address or organization to which the outbound data was sent or from which the inbound data was received and in which the existence of a commercial transaction was identified.
  - 55. The method of claim 54 wherein said analyzing step includes detecting one or more indicators of the nature of the commercial transaction, and said rules of said policy data define the amount of time for which all subsequent transmissions of said outbound data and said inbound data are to be recorded in said data repository based on the identified nature of the commercial transaction.
  - 56. The method of claim 54 wherein said rules of said policy data define the amount of time for which subsequent transmissions of said outbound and said inbound data are to be stored in said data repository in dependence on the indicator by which the existence of a commercial transaction was identified.
  - 57. The method of claim 43 wherein said analyzing step includes identifying the completion of a commercial transaction by analyzing said outbound data or said inbound data, and said storing step includes storing all or part of said outbound data transmitted by said application and all or part of said inbound data received by said application, after the existence of a commercial transaction has been identified and before the completion of a commercial transaction has been identified, in said data repository.
  - 58. The method of claim 57 wherein said analyzing step includes identifying subsequent related data contained in said outbound data transmitted by said application and said inbound data received by said application after the completion of a commercial transaction, and said storing step includes storing said subsequent related data in said data repository with said transaction data already identified.
  - 59. The method of claim 58 wherein said analyzing step includes identifying said subsequent related data by identifying common indicators in both said transaction data already identified and said outbound data transmitted by said application and said inbound data received by said application after the completion of a commercial transaction has been identified, said common indicators being one or more of the address of the location to which said outbound data is transmitted or from which said inbound data is received, part of the data path to the location to which said outbound data is transmitted or from which said inbound data is received, account code or reference numbers.
  - 60. The method of claim 43 wherein said application operates such that a user of said application can indicate said outbound and said inbound data that is related to a commercial transaction, said analyzing step including identifying indicated outbound and inbound data.
  - 61. The method of claim 43 further comprising the step of storing all of said outbound data and said inbound data in said memory of said workstation as previous data, irrespective of whether it may or may not be part of a commercial transaction and, said analyzing step includes retrieving a pre-determined amount of previous data from said outbound data and said inbound data stored in said memory of said workstation if the existence of a commercial transaction is identified, and said storing step includes storing said previous data in said data repository with said transaction data.
  - 62. The method of claim 61 wherein said rules of said policy data specify the amount of previous data that is to be retrieved in dependence on the indicator by which the existence of a commercial transaction is identified.
  - 63. The method of claim 61 wherein said computer network is the Internet and said application is a web browser, said web browser storing each web page that is viewed by said web browser in memory as previous data.
  - 64. The method of claim 63 wherein said rules of said policy data specify the number of web pages that are to be retrieved from those previously stored in memory in dependence on the indicator by which the existence of a commercial transaction is identified.
  - 65. The method of claim 43 further comprising the step of storing all of said outbound data and said inbound data in memory as previous data, irrespective of whether it may or may not be part of a commercial transaction and, said analyzing step includes identifying, in said previous data, earlier relevant data that is related to said transaction data already identified, and said storing step includes storing said earlier relevant commercial data in said data repository with said transaction data.
  - 66. The method of claim 65 wherein said analyzing step includes identifying said earlier relevant data in said previous data, by identifying common indicators in both said transaction data and said previous data, said common indicators being one or more of the address of the location to which said outbound data is transmitted or from which said inbound data is received, part of the data path to the location to which said outbound data is transmitted or said inbound data is received, account code or reference number.
  - 67. The method of claim 43 further comprising the steps of storing all of said outbound data and said inbound data in memory as previous data, irrespective of whether it may or may not be part of a commercial transaction;
    - and if the existence of a commercial transaction is identified, providing a user of said application with a selector for selecting earlier relevant data from said previous data, and wherein said storing step includes storing said earlier relevant data selected by the user in said data repository together with said transaction data.
  - 68. The method of claim 43 wherein said analyzing step includes, once the existence of a commercial transaction has been identified, determining the nature of said commercial transaction by analyzing the content of said outbound and inbound data, said rules of said policy data defining how said transaction data is to be stored in said data repository in dependence on the nature of the commercial transaction determined in said analyzing step, said transaction data being stored in said database according to said determination and said rules of said policy data.
  - 70. The method of claim 43 wherein said analyzing step includes identifying, once the existence of a commercial transaction has been identified, one or more indicators of the nature of said commercial transaction, and said storing step includes organizing transaction data stored in said data repository by said one or more indicators such that it forms a record.
  - 71. The method of claim 70 wherein said rules of said policy data define said one or more indicators of the nature of a commercial transaction, said indicators being one or more of:
    - the address of the location to which said transaction data is transmitted or from which it is received;
      
      part of the data path to the location to which said transaction data is transmitted or from which it is received;
      
      account codes, reference numbers, credit card numbers, digital certificates and pre-determined keywords.
  - 72. The method of claim 43 wherein said data repository is accessible by one or more of an accounts application, an order processing application or other transaction management application.
  - 73. The method of claim 43 further comprising the step of encrypting any relevant data identified in said analyzing step before it is stored in said data repository.
  - 74. The method of claim 43 further comprising the step of encrypting the data stored in said data repository.
  - 75. The method of claim 43 wherein said analyzing step is performed at said one or more workstations.
  - 76. The method of claim 43 wherein said application is a web browser.
  - 77. The method of claim 76 wherein said analyzing step is performed by a plug-in module of said web browser.
  - 78. The method of claim 77 wherein said web browser is Microsoft'"'"'s Internet Explorer and said plug-in module is a Browser Helper Object.
  - 79. The method of claim 43 wherein said application is an e-mail client.
  - 80. The method of claim 79 wherein said analyzing step is performed by a plug-in module of said e-mail client.
  - 81. The method of claim 80 wherein said e-mail client is Microsoft'"'"'s Outlook e-mail client and said plug-in module is a Microsoft Exchange client extension.
  - 82. The method of claim 43 wherein said computer network comprises a server, and said analyzing step is performed at a point on said computer network intermediate to said one or more work stations and said server, or said analyzing step is performed at said server.
  - 83. The method of claim 43 wherein said computer network to which said one or more workstations are connected is a public computer network, and wherein said one or more workstations together form a private computer network.
  - 84. The method of claim 43 further comprising the step of providing a supervisor workstation, said policy data being accessible by said supervisor workstation, such that a user of said supervisor workstation can edit said policy data.

69. The method of 68 wherein said analyzing step includes determining the nature of the commercial transaction by identifying in said outbound data and said inbound data one or more indicators, said indicators being defined in said rules of said policy data, and being one or more of:
- the address of the network location to which said data that may be part of a commercial transaction is transmitted or from which it is received;
  
  part of the data path to the network location to which said transaction data is transmitted or from which it is received;
  
  account codes;
  
  reference numbers;
  
  credit card numbers;
  
  digital certificates and pre-determined keywords.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Malcolm, Peter
Primary Examiner(s)
Elisca; Pierre E

Application Number

US11/958,301
Publication Number

US 20080162225A1
Time in Patent Office

1,247 Days
Field of Search

705/64, 705/67, 705/75, 705/76
US Class Current

705/64
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 10/06   Resources, workflows, human...

G06Q 10/063   Operations research, analys...

G06Q 10/10   Office automation; Time man...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 30/06   Buying, selling or leasing ...

H04L 51/212   using filtering or selectiv...

H04L 51/214   using selective forwarding

H04L 63/20   for managing network securi...

Information management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

84 Claims

Specification

Solutions

Use Cases

Quick Links

Information management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

84 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links