Preventing conflicts of interests between two or more groups using applications

US 8,762,412 B2
Filed: 01/10/2011
Issued: 06/24/2014
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information comprising:

providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;

within the first group of the organization, providing a first user at a first device and a first application program managed by a policy enforcer program of the information management system;

when the first user uses the first application program to connect to a second user to transfer a first piece of information, with the policy enforcer program, seeking approval from the policy server further comprising;

determining the first piece of information corresponds to an identifier designating the first piece of information as confidential includes at least one of accessing contents of the first piece of information and detecting a keyword in the contents, or accessing a metadata information associated with the first piece of information and detecting a keyword in the metadata information;

extracting at least one attribute associated with the first piece of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first piece of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first piece of information;

based on the at least one attribute, evaluating using the policy server whether to allow access to the first piece of information includes at least one of;

determining whether the first user'"'"'s use of the first application program to connect to the second user is during a critical time period of the organization,if approved, with the policy enforcer program, permitting the first user to use the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is not during the critical time period, andif not approved, with the policy enforcer program, blocking the first user from using the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is during the critical time period;

ordetermining a location of the first user, and wherein the permitting the first user to use the first application program to connect to the second user and the blocking the first user from using the first application program to connect to the second user are based on the determined location of the first user;

if approved, with the policy enforcer program, permitting the first user to use the first application program to connect to the second user and connecting the first user to the second user without seeking approval from the policy server; and

if not approved, with the policy enforcer program, blocking the first user from using the first application program to connect to the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.

Citations

30 Claims

1. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  within the first group of the organization, providing a first user at a first device and a first application program managed by a policy enforcer program of the information management system;
  
  when the first user uses the first application program to connect to a second user to transfer a first piece of information, with the policy enforcer program, seeking approval from the policy server further comprising;
  
  determining the first piece of information corresponds to an identifier designating the first piece of information as confidential includes at least one of accessing contents of the first piece of information and detecting a keyword in the contents, or accessing a metadata information associated with the first piece of information and detecting a keyword in the metadata information;
  
  extracting at least one attribute associated with the first piece of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first piece of information to a user of the information management system, wherein the identifier is an uniform resource identifier associated with the first piece of information;
  
  based on the at least one attribute, evaluating using the policy server whether to allow access to the first piece of information includes at least one of;
  
  determining whether the first user'"'"'s use of the first application program to connect to the second user is during a critical time period of the organization,if approved, with the policy enforcer program, permitting the first user to use the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is not during the critical time period, andif not approved, with the policy enforcer program, blocking the first user from using the first application program to connect to the second user comprises determining the first user'"'"'s use of the first application program to connect to the second user is during the critical time period;
  
  ordetermining a location of the first user, and wherein the permitting the first user to use the first application program to connect to the second user and the blocking the first user from using the first application program to connect to the second user are based on the determined location of the first user;
  
  if approved, with the policy enforcer program, permitting the first user to use the first application program to connect to the second user and connecting the first user to the second user without seeking approval from the policy server; and
  
  if not approved, with the policy enforcer program, blocking the first user from using the first application program to connect to the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the first application comprises an instant messenger program.
  - 3. The method of claim 1 wherein the second user is outside the organization.
  - 4. The method of claim 1 wherein the second user is inside the organization, but not in the first or second groups.
  - 5. The method of claim 1 wherein the second user is in second group.
  - 6. The method of claim 1 wherein the first application program does not connect to the policy server.
  - 7. The method of claim 1 wherein the at least one attribute designates the second group is allowed access to the first piece of information.
  - 8. The method of claim 1 wherein the at least one attribute designates the second group is denied access to the first piece of information.
  - 9. The method of claim 1 wherein the first application program comprises a file transfer protocol application.
  - 10. The method of claim 1 wherein the seeking approval further comprising:
    - accessing a Lightweight Directory Access Protocol (LDAP) associated with the information management system to determine that the second group comprises the second user.

11. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  within the first group of the organization, providing a first user, a first device of the first user, and a first application program managed by the information management system and executing on the first device;
  
  storing a subset of the one or more rules of the policy server on the first device of the first user;
  
  when the first user uses the first application program executing on the first device to connect to a second user to transfer a first piece of information, evaluating at the first device the subset of the one or more rules stored on the first device to determine whether to approve the connection from the first user to a second user further comprising;
  
  determining the first piece of information corresponds to an identifier designating the first piece of information as confidential includes at least one of accessing contents of the first piece of information and detecting a keyword in the contents, or accessing a metadata information associated with the first piece of information and detecting a keyword in the metadata information,extracting at least one attribute associated with the first piece of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first piece of information to a user of the information management system based on a uniform resource identifier containing at least one wildcard, andbased on the at least one attribute, evaluating using the policy server whether to allow access to the first piece of information and includes at least one of determining to not approve when the first user'"'"'s use corresponds to a critical period of the organization;
  
  or determining based on the location of the first user to not approve the first user'"'"'s use;
  
  if approved, permitting the first user to use the first application program to connect to the second user without seeking approval from the policy server; and
  
  if not approved, blocking the first user from using the first application program to connect to the second user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 wherein the first application comprises an instant messenger program.
  - 13. The method of claim 11 wherein the second user is outside the organization.
  - 14. The method of claim 11 wherein the second user is inside the organization, but not in the first or second groups.
  - 15. The method of claim 11 wherein the second user is in second group.
  - 16. The method of claim 11 wherein during the permitting the first user to use the first application program to connect to the second user, the first device is disconnected from the policy server.
  - 17. The method of claim 11 wherein during the evaluating at the first device the subset of the one or more rules stored on the first device, the first device is disconnected from the policy server.
  - 18. The method of claim 11 wherein the determining to not approve when the first user'"'"'s use corresponds to a critical period of the organization comprises determining to not approve based on the first user'"'"'s identity.
  - 19. The method of claim 11 wherein the determining to not approve when the first user'"'"'s use corresponds to a critical period of the organization comprises determining to not approve based on the second user'"'"'s identity.
  - 20. The method of claim 19 wherein the determining based on the location of the first user to not approve the first user'"'"'s use comprises determining to not approve based on the first user'"'"'s identity.

21. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  within the first group of the organization, providing a first user and a plurality of application programs, each application program being managed by a policy enforcer program of the information management system;
  
  storing a subset of the one or more rules of the policy server on a first device of the first user;
  
  when the first user uses a first application program of the plurality of application programs to communicate with a second user to transmit a first piece of information, evaluating with the policy enforcer program the subset of the one or more rules stored on the first device to determine whether to approve the communication from the first user to the second user further comprising;
  
  determining the first piece of information corresponds to an identifier designating the first piece of information as confidential wherein the identifier comprises a keyword in the contents of the first piece of information or a keyword in the metadata information associated with the first piece of information,extracting at least one attribute associated with the first piece of information and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first piece of information to a user of the information management system based on a storage location of the first piece of information, andbased on the at least one attribute, evaluating using the policy server whether to allow access to the first piece of information comprising at least one of determining to approve when the first user'"'"'s use is outside a critical period of the organization;
  
  or determining to approve the first user'"'"'s user based on a location of the first user;
  
  if approved, permitting the first user to use the first application program to communicate with the second user without receiving approval from the policy server;
  
  if not approved, blocking the first user from using the first application program to communicate with the second user;
  
  when the first user uses a second application program of the plurality of application programs, different from the first application program, to communicate with the second user, evaluating with the policy enforcer program the subset of the one or more rules stored on the first device to determine whether to approve the communication from the first user to the second user;
  
  if approved, permitting the first user to use the second application program to communicate with the second user; and
  
  if not approved, blocking the first user from using the second application program to communicate with the second user.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21 wherein the first application program comprises an instant messenger program and the second application program comprises an e-mail program.
  - 23. The method of claim 21 wherein the first device is remote from the policy server.
  - 24. The method of claim 21 wherein the policy enforcer program and the plurality of application programs are executing on the first device.
  - 25. The method of claim 21 wherein the first piece of information is an e-mail.

26. A method of managing information comprising:
- providing an organization comprising a first group and a second group, wherein the organization has an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  within the first group of the organization, providing a first user at a first device and a first e-mail application managed by a policy enforcer program of the information management system;
  
  when the first user sends an e-mail using the e-mail application to a second user, with the policy enforcer program, seeking approval from the policy server further comprising;
  
  determining the e-mail corresponds to an identifier designating the first piece of information as confidential includes based on a body or a header of the e-mail, determining whether the e-mail is designated confidential,extracting at least one attribute associated with the e-mail and the identifier, wherein the at least one attribute is used to determine whether to allow access to the first piece of information to a user of the information management system and the at least one attribute comprises a location in a file structure, andbased on the at least one attribute, evaluating using the policy server whether to allow access to the e-mail by the second user includes at least one of determining whether the first user sending the e-mail corresponds to a critical period of the organization;
  
  or determining whether the first user sending the e-mail corresponds to a prohibited location;
  
  if approved, transmitting the e-mail to the second user; and
  
  if not approved, with the policy enforcer program, blocking the first user from transmitting the e-mail to the second user.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26 wherein the determining the e-mail corresponds to an identifier further comprising analyzing text of a body of the e-mail.
  - 28. The method of claim 26 wherein the determining the e-mail corresponds to an identifier further comprising analyzing text of an attachment of the e-mail.
  - 29. The method of claim 26 wherein the policy enforcer program comprises an e-mail server application.
  - 30. The method of claim 26 wherein the transmitting the e-mail to the second user is through a server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng
Primary Examiner(s)
Smith, Brannon W

Application Number

US12/987,857
Publication Number

US 20120017000A1
Time in Patent Office

1,261 Days
Field of Search

707/694, 707/999.009, 707/783, 707/922, 709/229
US Class Current

707/783
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 16/122   using management policies b...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 16/958   Organisation or management ...

G06F 21/125   by manipulating the program...

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2216/03   Data mining

G06F 2221/032   Protect output to user by s...

G06F 3/0601   Interfaces specially adapte...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 51/234   for tracking messages

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/20 : for managing network securi...

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

H04L 67/60 : Scheduling or organising th...

Y10S 707/922 : Communications

View All

Preventing conflicts of interests between two or more groups using applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing conflicts of interests between two or more groups using applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links