Enterprise level security system
First Claim
1. A method, comprising:
- receiving, by a node in an enterprise network, at least one of a request to send a selected communication and/or content to a nonsubscriber and provide the nonsubscriber with access to the selected communication and/or content, the selected communication and/or content comprising sensitive information to an enterprise corresponding to the enterprise network;
determining, by the node, that the nonsubscriber is a member of a trusted group, the trusted group comprising, as members, at least one subscriber and at least one nonsubscriber and each member of the trusted group being trusted by the enterprise; and
in response to the nonsubscriber being a member of the trusted group, the node at least one of sending the selected communication and/or content and providing the nonsubscriber access to the selected communication and/or content, wherein the trusted group is no longer recognized after at least one of (a) occurrence of a predetermined event adversely impacting a degree of trust between the enterprise and nonsubscriber and (b) passage of a determined period of time, and wherein at least one of the following is true;
at least one of the subscriber and nonsubscriber is a member of multiple trusted groups recognized by the enterprise network and wherein at least two of the trusted groups have differing levels of authorization to access differing bodies of enterprise sensitive information; and
a policy measure is implemented, wherein the policy measure comprises at least one of;
preventing the subscriber from selecting, by dragging and dropping, selected content from the selected communication and/or content into a communication;
setting a hop restriction on the selected communication and/or content whereby, when the hop restriction is met or exceeded and/or a hop counter is incremented or decremented to a selected value, the selected communication and/or content is dropped or otherwise prohibited from delivery to an intended recipient; and
tearing down a communication channel before transmission of the selected communication and/or content.
16 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided to monitor and prevent potential enterprise policy and/or rule violations by subscribers. A node filters requests to send a selected communication and/or content and/or provide a nonsubscriber with access to the selected communication and/or content against plurality trusted groupings to determine if the nonsubscriber is a member of a trusted group. The nonsubscriber is provided with the selected communication and/or content when he or she is a trusted group member and restricted from receiving and/or accessing the at least a portion of the selected communication and/or content when he or she is not in a trusted group or is in a trusted group not privileged to receive the information. The nonsubscriber can be a member of multiple trusted groups, based on the nature of the relationship of the nonsubscriber with the enterprise.
-
Citations
17 Claims
-
1. A method, comprising:
-
receiving, by a node in an enterprise network, at least one of a request to send a selected communication and/or content to a nonsubscriber and provide the nonsubscriber with access to the selected communication and/or content, the selected communication and/or content comprising sensitive information to an enterprise corresponding to the enterprise network; determining, by the node, that the nonsubscriber is a member of a trusted group, the trusted group comprising, as members, at least one subscriber and at least one nonsubscriber and each member of the trusted group being trusted by the enterprise; and in response to the nonsubscriber being a member of the trusted group, the node at least one of sending the selected communication and/or content and providing the nonsubscriber access to the selected communication and/or content, wherein the trusted group is no longer recognized after at least one of (a) occurrence of a predetermined event adversely impacting a degree of trust between the enterprise and nonsubscriber and (b) passage of a determined period of time, and wherein at least one of the following is true; at least one of the subscriber and nonsubscriber is a member of multiple trusted groups recognized by the enterprise network and wherein at least two of the trusted groups have differing levels of authorization to access differing bodies of enterprise sensitive information; and a policy measure is implemented, wherein the policy measure comprises at least one of; preventing the subscriber from selecting, by dragging and dropping, selected content from the selected communication and/or content into a communication; setting a hop restriction on the selected communication and/or content whereby, when the hop restriction is met or exceeded and/or a hop counter is incremented or decremented to a selected value, the selected communication and/or content is dropped or otherwise prohibited from delivery to an intended recipient; and tearing down a communication channel before transmission of the selected communication and/or content. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a policy agent, in an enterprise network, operable to; receive at least one of a request to send a selected communication and/or content to a nonsubscriber and provide the nonsubscriber with access to the selected communication and/or content, the selected communication and/or content comprising sensitive information to an enterprise corresponding to the enterprise network; determine that the nonsubscriber is a member of a trusted group, the trusted group comprising, as members, at least one subscriber and at least one nonsubscriber and each member of the trusted group being trusted by the enterprise; and in response to the nonsubscriber being a member of the trusted group, at least one of send the selected communication and/or content and provide the nonsubscriber access to the selected communication and/or content and wherein the trusted group is no longer recognized after at least one of (a) occurrence of a predetermined event adversely impacting a degree of trust between the enterprise and nonsubscriber and (b) passage of a determined period of time, and wherein at least one of the following is true; at least one of the subscriber and nonsubscriber is a member of multiple trusted groups recognized by the enterprise network and wherein at least two of the trusted groups have differing levels of authorization to access differing bodies of enterprise sensitive information; and a policy measure that is received by the policy agent is implemented, wherein the policy measure comprises at least one of; preventing the subscriber from selecting, by dragging and dropping, selected content from the selected communication and/or content into a communication; setting a hop restriction on the selected communication and/or content whereby, when the hop restriction is met or exceeded and/or a hop counter is incremented or decremented to a selected value, the selected communication and/or content is dropped or otherwise prohibited from delivery to an intended recipient; and tearing down a communication channel before transmission of the selected communication and/or content. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
determining, by at least one of a policy agent and policy enforcement server, that a selected stimulus has occurred, the stimulus being one or more of a passage of a selected time interval and an event relevant to a degree of trust between an enterprise and a nonsubscriber, the degree of trust controlling whether the nonsubscriber has access to a selected communication and/or content, the selected communication and/or content comprising sensitive information to an enterprise corresponding to the enterprise network; and in response to determining that the selected stimulus has occured, changing, by the at least one of the policy agent and the policy enforcement server, the degree of trust of such that the nonsubscriber at least one of (i) the nonsubscriber, as a result of the changed degree of trust, is authorized to access the selected communication and/or content and (ii) the nonsubscriber, as a result of the changed degree of trust, is not authorized to access the selected communication and/or content, and wherein at least one of the following is true; at least one of the subscriber and nonsubscriber is a member of multiple trusted groups recognized by the enterprise network and wherein at least two of the trusted groups have differing levels of authorization to access differing bodies of enterprise sensitive information; and a policy measure that is received by the policy agent is implemented, wherein the policy measure comprises at least one of; preventing the subscriber from selecting, by dragging and dropping, selected content from the selected communication and/or content into a communication; setting a hop restriction on the selected communication and/or content whereby, when the hop restriction is met or exceeded and/or a hop counter is incremented or decremented to a selected value, the selected communication and/or content is dropped or otherwise prohibited from delivery to an intended recipient; and tearing down a communication channel before transmission of the selected communication and/or content. - View Dependent Claims (16, 17)
-
Specification