Secure, policy-based communications security and file sharing across mixed media, mixed-communications modalities and extensible to cloud computing such as SOA
First Claim
Patent Images
1. A method, comprising:
- receiving, by a policy enforcement server, a notification of a determined behavioral instance that corresponds to a policy or rule, wherein the first policy agent monitors or tracks behavior of the first subscriber; and
applying, by the policy enforcement server, a policy or rule to the determined behavioral instance in an enterprise network, to implement a policy measure, wherein the behavioral instance is the first subscriber intending to make a selected communication and a restricted content in the selected communication accessible, via the enterprise network, to one or more selected parties and wherein the implemented policy measure comprises;
setting a hop restriction on the restricted content in the selected communication wherein, when the hop restriction is met or exceeded or a hop counter is incremented or decremented to a selected value, the selected communication or the restricted content in the selected communication is dropped or otherwise prohibited from delivery to an intended recipient of the one or more selected parties.
18 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided to monitor and prevent potential enterprise policy and/or rule violations by subscribers.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a policy enforcement server, a notification of a determined behavioral instance that corresponds to a policy or rule, wherein the first policy agent monitors or tracks behavior of the first subscriber; and applying, by the policy enforcement server, a policy or rule to the determined behavioral instance in an enterprise network, to implement a policy measure, wherein the behavioral instance is the first subscriber intending to make a selected communication and a restricted content in the selected communication accessible, via the enterprise network, to one or more selected parties and wherein the implemented policy measure comprises; setting a hop restriction on the restricted content in the selected communication wherein, when the hop restriction is met or exceeded or a hop counter is incremented or decremented to a selected value, the selected communication or the restricted content in the selected communication is dropped or otherwise prohibited from delivery to an intended recipient of the one or more selected parties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 18, 19)
-
-
8. A system, comprising:
a policy enforcement server that receives a notification of a determined behavioral instance corresponding to a policy or rule and applies a policy or rule to the determined behavioral instance in an enterprise network, to implement a policy measure, wherein the first policy agent monitors or tracks behavior of the first subscriber and wherein the behavioral instance is the first subscriber intending to make a selected communication and a restricted content in the selected communication accessible, via the enterprise network to one or more selected parties and wherein the implemented policy measure comprises; setting a hop restriction on the restricted content in the selected communication, wherein, when the hop restriction is met or exceeded or a hop counter is incremented or decremented to a selected value, the selected communication or the restricted content in the selected communication is dropped or otherwise prohibited from delivery to an intended recipient of the one or more selected parties. - View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
-
15. A tangible and non-transient computer readable medium, comprising:
-
instructions to read a policy tag related to an actual or potential violation of a rule or policy by a subscriber of an enterprise network, comprising one or more of the following fields; a subscriber or role persona field defining a persona or role of the subscriber at a time of the actual or potential violation; a nonsubscriber or role persona field defining a persona or role of a nonsubscriber involved in and at the time of the actual or potential violation; a degree of trust field defining a degree of trust of the enterprise network or the subscriber with a person or computational entity having or to have access to a selected communication and a restricted content in the selected communication associated with the actual or potential violation, the person or computational entity being involved in the actual or potential rule violation; an existing policy or rule compliance measure field describing a measure currently in place to comply with the actually or potentially violated rule or policy, wherein the existing policy or rule is based on the subscriber intending to make the selected communication and the restricted content in the selected communication accessible to one or more selected parties; a venue field defining a degree of public exposure or security of an intended recipient of the selected communication or content, the intended recipient being involved in the actual or potential violation; a context field describing a context of the subscriber or other entity having access to the selected communication or the restricted content in the selected communication; a content description field describing the selected communication or the restricted content in the selected communication, the content description describing the content in terms of the rule or policy actually or potentially violated; a policy or rule field identifying the policy or rule actually or potentially violated;
ora recommendation or decision field indicating a recommended action to be taken in response to the actual or potential violation; and instructions to apply the rule or policy to a determined behavioral instance, wherein a policy measure is implemented, wherein a behavioral instance is a first subscriber intending to make a selected communication and the restricted content in the selected communication accessible, via the enterprise network, to the one or more selected parties, and wherein an implemented policy measure comprises; instructions to set a hop restriction on the restricted content in the selected communication wherein, when the hop restriction is met or exceeded or a hop counter is incremented or decremented to a selected value, the selected communication or the restricted content in the selected communication is dropped or otherwise prohibited from delivery to an intended recipient of the one or more selected parties. - View Dependent Claims (16, 17)
-
Specification