Techniques and System to Monitor and Log Access of Information Based on System and User Context Using Policies

US 20080060051A1
Filed: 10/30/2007
Published: 03/06/2008
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information comprising:

providing an organization having an information management system comprising one or more rules and policy abstractions to manage information of the organization, wherein a rule comprises an expression having a policy abstraction;

within the organization, providing a user and a confidential document managed by the information management system; and

when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information management system approves or denies user requests to access information of the system. The information includes all types of information including documents and e-mail. The information management system is driven using a policy language having policies and policy abstractions. The information management system may approve or deny many different types of requests including opening a document or file, copying a file, printing a file, sending an e-mail, reading an e-mail, cut and paste of a portion of a document, saving a document, executing an application on a file, and many others.

131 Citations

View as Search Results

25 Claims

1. A method of managing information comprising:
- providing an organization having an information management system comprising one or more rules and policy abstractions to manage information of the organization, wherein a rule comprises an expression having a policy abstraction;
  
  within the organization, providing a user and a confidential document managed by the information management system; and
  
  when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location.
- View Dependent Claims (2, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by when the user performs an operation on the confidential document, storing information regarding the operation in a storage location based on the one or more rules to manage information of the organization.
  - 7. The method of claim 1 wherein the when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by when the user performs an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the operation in a storage location.
  - 8. The method of claim 1 wherein the attempted operation comprises at least one of sending the confidential document via e-mail, sending the confidential document to a recipient outside the organization, attaching a confidential document to an e-mail message, opening the confidential document using an application program, printing the confidential document, copying the confidential document, embedding a confidential document into another document, or storing the confidential document to a removable media.
  - 9. The method of claim 1 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to encrypt the confidential document.
  - 10. The method of claim 1 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to send a notification to at least one recipient within the organization regarding the attempted operation on the confidential document.
  - 11. The method of claim 1 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to send a notification to at least one machine within the organization regarding the attempted operation on the confidential document.
  - 12. The method of claim 1 wherein when the user attempts to perform an operation on the confidential document, the one or more rules further determine whether to encrypt the confidential document.
  - 13. The method of claim 1 wherein when the user attempts to perform an operation on the confidential document, the one or more rules further determine whether to send a notification to at least one recipient within the organization regarding the attempted operation on the confidential document.

3. A method of managing information comprising:
- providing an organization having an information management system comprising one or more rules comprising a context expression to manage information of the organization;
  
  within the organization, providing a user and a confidential document managed by the information management system; and
  
  when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location.
- View Dependent Claims (4, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 4. The method of claim 3 wherein the when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by when the user performs an operation on the confidential document, storing information regarding the operation in a storage location based on the one or more rules to manage information of the organization.
  - 14. The method of claim 3 wherein based on the context expression of a rule, approving the attempted operation will occur only during a particular time period.
  - 15. The method of claim 3 wherein based on the context expression of a rule, approving the attempted operation will occur only when the user is in a particular location.
  - 16. The method of claim 3 wherein based on the context expression of a rule, approving the attempted operation will occur only when the user has a particular connectivity type.
  - 17. The method of claim 3 wherein based on the context expression of a rule, approval the attempted operation will occur only when the user does not have a particular connectivity type.
  - 18. The method of claim 3 wherein based on the context expression of a rule, approving the attempted operation will occur only when the device used to access the confidential document is a specific device type.
  - 19. The method of claim 3 wherein the when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by when the user performs an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the operation in a storage location.
  - 20. The method of claim 3 wherein the attempted operation comprises at least one of sending the confidential document via e-mail, sending the confidential document to a recipient outside the organization, attaching a confidential document to an e-mail message, opening the confidential document using an application program, printing the confidential document, copying the confidential document, embedding a confidential document into another document, or storing the confidential document to a removable media.
  - 21. The method of claim 3 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to encrypt the confidential document.
  - 22. The method of claim 3 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to send a notification to at least one recipient within the organization regarding the attempted operation on the confidential document.
  - 23. The method of claim 3 wherein the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by one or more rules to determine whether to send a notification to at least one machine within the organization regarding the attempted operation on the confidential document.
  - 24. The method of claim 3 wherein when the user attempts to perform an operation on the confidential document, the one or more rules further determine whether to encrypt the confidential document.
  - 25. The method of claim 3 wherein when the user attempts to perform an operation on the confidential document, the one or more rules further determine whether to send a notification to at least one recipient within the organization regarding the attempted operation on the confidential document.

5. A method of managing information comprising:
- providing an organization having an information management system comprising a policy server comprising one or more rules to manage information of the organization;
  
  within the organization, providing a user logged onto a device and a confidential document managed by the information management system;
  
  storing a subset of the one or more rules of the policy server on the device; and
  
  when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location.
- View Dependent Claims (6)
- - 6. The method of claim 5 wherein the when the user attempts to perform an operation on the confidential document, evaluating the one or more rules to determine whether to store information regarding the attempted operation in a storage location is replaced by when the user performs an operation on the confidential document, storing information regarding the operation in a storage location based on the one or more rules to manage information of the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blue Jungle
Original Assignee
Blue Jungle
Inventors
Lim, Keng

Granted Patent

US 8,832,048 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 16/122   using management policies b...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 16/958   Organisation or management ...

G06F 21/125   by manipulating the program...

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2216/03   Data mining

G06F 2221/032   Protect output to user by s...

G06F 3/0601   Interfaces specially adapte...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 41/0893   Assignment of logical group...

H04L 51/234   for tracking messages

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/20 : for managing network securi...

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

H04L 67/60 : Scheduling or organising th...

Y10S 707/922 : Communications

View All

Techniques and System to Monitor and Log Access of Information Based on System and User Context Using Policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques and System to Monitor and Log Access of Information Based on System and User Context Using Policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links