US20150254360A1 - System and method for information delivery based on at least one self-declared user attribute with audit records - Google Patents

System and method for information delivery based on at least one self-declared user attribute with audit records Download PDF

Info

Publication number
US20150254360A1
US20150254360A1 US14/720,247 US201514720247A US2015254360A1 US 20150254360 A1 US20150254360 A1 US 20150254360A1 US 201514720247 A US201514720247 A US 201514720247A US 2015254360 A1 US2015254360 A1 US 2015254360A1
Authority
US
United States
Prior art keywords
user
computer
data content
content items
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/720,247
Inventor
James Andrew Fieweger
Matthew Wadley
Angela Azzolino
Michael Sassin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intralinks Inc
Original Assignee
Intralinks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intralinks Inc filed Critical Intralinks Inc
Priority to US14/720,247 priority Critical patent/US20150254360A1/en
Publication of US20150254360A1 publication Critical patent/US20150254360A1/en
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AZZOLINO, ANGELA, SASSIN, MICHAEL, FIEWEGER, ANDREW, WADLEY, MATTHEW
Assigned to GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT reassignment GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTRALINKS, INC., AS GRANTOR
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: GOIDMAN SACHS BANK USA
Assigned to ROYAL BANK OF CANADA, AS COLLATERAL AGENT reassignment ROYAL BANK OF CANADA, AS COLLATERAL AGENT FIRST LIEN SECURITY AGREEMENT Assignors: INTRALINKS, INC.
Assigned to ROYAL BANK OF CANADA, AS COLLATERAL AGENT reassignment ROYAL BANK OF CANADA, AS COLLATERAL AGENT SECOND LIEN SECURITY AGREEMENT Assignors: INTRALINKS, INC.
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE CONVEYING PARTY NAME PREVIOUSLY RECORDED ON REEL 044123 FRAME 0110. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST. Assignors: GOLDMAN SACHS BANK USA
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE OF 1ST LIEN SECURITY INTEREST Assignors: ROYAL BANK OF CANADA
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE OF 2ND LIEN SECURITY INTEREST Assignors: ROYAL BANK OF CANADA
Abandoned legal-status Critical Current

Links

Images

Classifications

    • G06F17/30867
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases
    • G06F16/285Clustering or classification
    • G06F17/30598
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems

Definitions

  • Various embodiments of the present invention are directed to providing a user the ability to self-declare one or more permission attributes about the user that form the basis for the filtering (e.g., the dynamic filtering) of current and/or future content.
  • access to the content may thus be governed by the self-declared permission attributes (in one example (which example is intended to be illustrative and not restrictive), the present invention may operate within a secure, tracked content delivery infrastructure).
  • self-declared is intended to refer to an indication or selection associated with a given entity that is made by the given entity itself.
  • value e.g., as used in “classification value” or “permission attribute value”
  • classification value e.g., a distinct number, a range of numbers
  • alphanumeric indicator e.g., a text label such as “private”, “public”, “yes”, “no”.
  • Security systems typically provide a way of filtering information based on criteria that are defined by an administrator. While such a typical security system may prevent a user from gaining access to protected system content if the user is not explicitly permissioned to do so, various embodiments of the present invention provide the ability to reveal certain content only to users with certain attributes, even if, for example, the system administrator is unaware of the user's identity or affiliation and the user is unaware of the nature of the content.
  • the filtering of the present invention may thus dynamically allow the same content to be accessed or not accessed by a particular user, based on self-declared permission attribute(s), in each situation.
  • the ability to self-declare the permission attribute(s) may help reduce the administrative overhead associated with granting or withdrawing permissions (e.g., depending on the business process) and enhance compliance with laws and policies regulating the users.
  • a security system working properly typically prevents access to information such that a user should only gain access to information that he or she should not have only in the event of mistakes by the system administrator. Unauthorized access otherwise should not occur while the system is operational.
  • introducing the ability of a user to self-declare permission attribute(s) may increase the risk of abuse or violation of policies.
  • Various embodiments of the present invention therefore provide the ability to track access to information.
  • This audit information can be reviewed, for example, in the form of a report or sophisticated search criteria and can return a list of possible violations of regulations (e.g., a compliance officer can use the findings to investigate possible violations).
  • One embodiment of the present invention relates to a computer implemented method of controlling access to at least one document, comprising: receiving for storage from a first user at least one document; receiving from the first user at least one classification associated with the stored document, wherein the classification has a value selected from at least a first classification value and a second classification value; receiving from a second user at least one permission attribute associated with the second user, wherein the permission attribute associated with the second user is self-declared and wherein the permission attribute has a value selected from at least a first permission attribute value and a second permission attribute value; and permitting the second user to access the stored document if the classification value of the stored document matches the permission attribute value declared by the second user.
  • One example business reason for utilizing the present invention may stem from concerns within the syndicated loan market.
  • loans are marketed to investors (including, without limitation, banks, debt funds, hedge funds).
  • Many of the investors are institutional investors that invest in both the public markets (e.g., bonds, equity) and in the private loan market. Since disclosure related to certain loans often includes material non-public information (i.e., “private” information such as financial projections), these institutional investors have the potential to be conflicted with regard to insider trading regulations (e.g., regulations promulgated by the SEC).
  • users within these firms may require the ability to indicate their status on a particular loan based on: a) whether they are or may trade in the stocks/bonds of that borrowing entity (e.g., on the “public” side); and/or b) have procedure to prevent trading securities of the borrower or have walls/controls that allow them to trade in securities of the borrower while also investing in the loan market (e.g., on the “private” side). Based on their position for any given borrower, they should only see appropriate disclosure materials. Even accidental exposure to “private” information for a “public” investor can be problematic (syndicating agents are typically not aware of each investor's position for any given borrower and therefore typically have no clear way to permission content to them).
  • classifications may be assigned so as to not cause parties involved in pre-merger due diligence or formation of joint ventures to violate antitrust regulations.
  • Users such as professional advisors, executive management or directors could be granted broader access to counterparty information than users from within operating units (e.g., sales, regional managers, etc.), so that pricing and other information can be filtered, without knowing in advance the name, affiliation or security level of all users that could be invited to access content on the system for purposes of the transaction.
  • classifications may be assigned so as to preserve attorney-client privilege with respect to content. Only users that identify themselves in a manner consistent with the preservation of privilege (e.g. attorneys rendering advice or responding to requests for legal advice and persons within client organizations authorized to request and receive legal advice) would be granted access to the content associated with such classifications.
  • FIG. 1A shows a web browser screenshot of the uploading and classification of a document according to an embodiment of the present invention
  • FIG. 1B shows a web browser screenshot of self-declaring a permission attribute according to an embodiment of the present invention
  • FIG. 1C shows a web browser screenshot of hyperlinks to certain information according to an embodiment of the present invention
  • FIG. 1D shows a web browser screenshot of hyperlinks to certain information according to an embodiment of the present invention
  • FIG. 1E shows a web browser screenshot related to changing a self-declared permission attribute according to an embodiment of the present invention
  • FIG. 1F shows a web browser screenshot related to changing a self-declared permission attribute according to an embodiment of the present invention
  • FIG. 2 shows a web browser screenshot of a report related to various self-declared permission attributes according to an embodiment of the present invention
  • FIG. 3 shows a screenshot of an alert relating to certain stored information according to an embodiment of the present invention
  • FIGS. 4-9 show block diagrams related to databases and database structures according to various embodiments of the present invention.
  • FIG. 10 shows a block diagram of a computer infrastructure according to an embodiment of the present invention.
  • FIGS. 1A-1F the classification of and controlled access to certain information according to an embodiment of the present invention is shown.
  • FIG. 1A shows a web browser screenshot of the uploading and classification of a document according to an embodiment of the present invention.
  • a user e.g., an administrative agent or a syndicating agent
  • the choices for the classification values are “Public” and “Private”.
  • the default classification value is “Private” (of course, the default classification value could be something other, such as “Public”).
  • the user uploading the information is not responsible for permissions related to people who may try to access the information, only to the classification of the information.
  • the uploader may change the visibility setting for the content (defined by the classification value).
  • the visibility setting may be changed from “Public” to “Private” or visa versa.
  • the user who may try to access the uploaded information self-declares his or her own permission attribute (having a value of either pubic or private in this example).
  • the investor may be forced to make a selection before proceeding.
  • the self-declaration can be made when the user enters any part of the system for accessing content relating to a subject company X and the self-declared permission attribute may remain associated with the user during this and any subsequent sessions within this portion of the system (or until such time as the user's access rights to such portion are terminated).
  • the user could self-declare the permission attribute the first time he or she enters a portion of the system containing specific content (e.g., related to company X) and have the same self-declared permission attribute control access to content in other and additional portions of the system containing different content (e.g., related to company Y).
  • specific content e.g., related to company X
  • different content e.g., related to company Y
  • FIGS. 1C and 1D information in the system may be filtered (that is, access controlled) based upon the self-declared permission attribute values of each user. That is, FIG. 1C shows a listing (e.g., in the form of hyperlinks) of information accessible by users who have self-declared the “Private” permission attribute value (this information may comprise information which had been categorized as “Private” as well as information which had been categorized as “Public”). Similarly, FIG.
  • 1D shows a listing (e.g., in the form of hyperlinks) of information accessible by users who have self-declared the “Public” permission attribute value (this information may comprise information which had been categorized as “Public” (e.g., information which may be viewed by anybody generally having access to the system or a portion thereof) and may exclude information which had been categorized as “Private”).
  • this information may comprise information which had been categorized as “Public” (e.g., information which may be viewed by anybody generally having access to the system or a portion thereof) and may exclude information which had been categorized as “Private”).
  • FIG. 1E shows a web browser screenshot related to such changing of a self-declared permission attribute value
  • FIG. 1F shows a web browser screenshot related to confirmation of the change.
  • this Fig. shows a web browser screenshot of a report related to various self-declared permission attributes according to an embodiment of the present invention.
  • the present invention may track access to content with associated classifications and store the access details in an audit record (a compete audit trail of what information was disclosed/accessed (e.g., relative to each given investor), when the information was disclosed/accessed and how the information was classified at the time of being disclosed/accessed may be provided).
  • an audit entry may comprise the user's name and ID, date and time of the access, information related to the content and other data.
  • An additional audit entry may made each and every time a user accesses any content in the system (anywhere in the system or in one or more specific portions of the system). Also recorded may be any changes to a user's self-declared permission attributes(s).
  • All audit records related to the content access, the content classification and/or the user's self-declared permission attribute(s) may be made available to authorized users and administrators through reports.
  • the audit record may be used to provide a compliance officer of a company or regulatory entities with the ability to track compliance and detect violations of the regulations or company policies and take corrective action.
  • auditing policies can be embodied as follows: 1) in a definition in a user interface and stored in database tables and interpreted (or compiled) during runtime; 2) in a definition in configuration fields that are interpreted by business logic; and/or 3) in business logic that is incorporated into an existing system.
  • this Fig. shows a screenshot of an alert relating to certain stored information according to an embodiment of the present invention. More particularly, as seen in this Fig. a communication (e.g., via email or another mechanism) may be sent to one or more users indicating a change in content (e.g., the uploading of a new document to the system, the editing of an existing document, etc.).
  • a communication e.g., via email or another mechanism
  • a communication may be sent to one or more users indicating a change in content (e.g., the uploading of a new document to the system, the editing of an existing document, etc.).
  • an alert related to content classified as “public” will go to appropriate users who have self-declared permission attributes of “public” or “private”.
  • an alert related to content classified as “private” will go to appropriate users who have self-declared permission attributes of “public” or “private” (wherein “public” users are responsible for actually accessing the content or not).
  • an alert related to content classified as “private” will go to appropriate users who have self-declared a permission attribute of only “private” (wherein self-declared “public” users are not notified by the alert).
  • one embodiment of the present invention enables administrators and content managers to associate classifications and allowable classification values with the content of an enterprise information system.
  • These classifications may already be included in the enterprise information system or may be specifically designed by its system administrator to represent classifications of the content.
  • the classifications are typically not part of the content but may describe and represent the user characteristics, security clearance levels and/or metadata associated with access to the content.
  • the present invention may provide a user of an enterprise information system with the ability to dynamically select an existing or create a new information filter for current and/or future content managed by the enterprise information system.
  • a user may be required to select an existing or create a new permission attribute when he or she accesses the system the first time or after new classifications/permission attributes have been added. This may be done as soon as the user passes appropriate user credentials to the enterprise information system but before the user gains access to the functions of the enterprise information system (see, e.g., FIG. 1B ). After the user creates or selects one or more permission attributes (that is, having desired values associated therewith), the system starts to release and suppress content accordingly.
  • the fact that the user self-declares his or her permission attributes may comprise a differentiation from security systems in which an administrator selects a security level by user or by group and does not allow a user or member of such group to declare the presence of attributes associated with different security levels.
  • permission attribute(s) may be selected that are known to the user, notwithstanding that the user may not know or anticipate the nature, purpose or substance of the content on which such permission attributes(s) will act as a filter.
  • filtering may act on any single attribute or combination of multiple attributes, such that a plurality of users with the same permission attribute(s) may not have access to the same content, to the extent access is filtered by other attribute(s) or combinations of attribute(s).
  • the present invention may classify information not only based upon content but upon a location of a document within the system, a publication source, a comment, a reply, and/or association with other users (among other possibilities).
  • two (or more) aliases or user names per user could be defined.
  • One alias could apply automatically one or more attributes for purposes of filtering access to content; the other aliases could apply to other attribute(s) for filtering access to content.
  • system or system administrator can turn on or off each user's ability to self-declare permission attribute(s).
  • a limited or essentially unlimited number of classifications/classification values may be defined and linked to content, independent of modifications to the core system for storing and/or distributing content.
  • the extensions can be made while the system is operating or before the system is restarted (of course, any desired number of self-declared permission attributes/permission attribute values may also be utilized).
  • the system may add additional columns to the content tables in the database to be used only when an additional classification information is added.
  • the business logic could manage the classifications and could expand the queries as new classifications are added. Under this approach the query overhead may be minimized and the overall system performance may not be significantly impacted.
  • the classifications could be placed in separate database tables and linked with a 1-n relationship to the content tables. Filtering could be accomplished using either an additional query per access to content or a table joined between the table that contains the content and the table that contains the classifications and their allowable values.
  • the allowable values per classification may be defined in multiple ways including, but not limited to, the following approaches:
  • the business logic and user interface may be constructed so that the classifications are considered when content is retrieved and/or updated.
  • the system programmer, system administrator, and/or user could create filters depending on the required flexibility in multiple ways including, but not limited to, the following approaches:
  • FIGS. 4-9 block diagrams related to databases and database structures according to various embodiments of the present invention are shown.
  • all Content has associated therewith a flag that indicates if Content is public or private information. Publication and Comment are subtypes of Content and therefore inherit that flag.
  • a participant is realized in the database and in the Java implementation as a relationship between the workspace and the user tables (objects in java). Therefore, the participant references the user in a particular workspace.
  • the workspace contains an attribute “publicPrivateEnabled” that indicates if the public-private feature is enabled for the specific workspace.
  • the participant has an attribute called “publicPrivateSelected” that indicates if the particular user has self-declared the value “public” or “private” for the associated workspace.
  • the Null Filter does not perform any filtering.
  • the idea here is the filter is created to filter all returned Content items based on the publicPrivate flag. So, if the user only wants to see public information, the filter will filter out each returned content item that has a private flag. If the user wants to view private and public information, the filter allows all content to pass (Null filter).
  • the filter is created as a filter criteria for the query that is issued to the database or search engine. This implies that that the filter criteria is incorporated in the defined content query (e.g. in a simple SQL query the filter criteria would be included in the WHERE clause).
  • this example is a generalized version of the public/private feature.
  • Content or subtypes of Content have specific classification attributes that can be used for filtering.
  • the Workspace maintains in associated tables (ActiveClassification) the classifications that are enabled in a particular workspace.
  • the active classifications can be retrieved calling the method getActiveClassification( ).
  • the participant refers to a list of selected Filters in the SelectedFilter table.
  • the filters can be accessed through the method getSelectedFilters( ).
  • this example is similar to the private/public case. However, here the selected filters that are active in the workspace are selected by the participant in a given workspace. The assumption is that the filter is stored and retrieved by the system (this can be done by a multitude of approaches such as object serialization or Object-relationship mapping).
  • this example is essentially the same as before (e.g., FIG. 8 ) but in this scenario the search filters are embedded in the content query.
  • Website Server 100 (which may have associated therewith one or more Databases 102 ) operatively communicates (e.g., via the Internet) with User 1 Computer 104 , User 2 Computer 106 and User 3 Computer 108 .
  • each of User 1 Computer 104 , User 2 Computer 106 and User 3 Computer 108 may have associated therewith appropriate software (e.g., a web browser).
  • each of User 1 , User 2 and User 3 may be any entity described herein (e.g., a person uploading a document, a person viewing a document, a person editing a document, a person downloading a document).
  • a permission attribute may refer to a user's public/private status relative to certain information.
  • Associated permission attribute values may be, for example, “private” and “public”.
  • associated permission attribute values may be “yes” and “no” (indicating a private status or a public status).
  • associated permission attribute values may be “1” and “0” (indicating a private status or a public status).
  • a permission attribute may refer to a user's country of residence.
  • Associated permission attribute values may be, for example, “USA” and “Other”.
  • associated permission attribute values may be “yes” and “no” (indicating a USA residence status or another residence status).
  • associated permission attribute values may be “1” and “0” (indicating a USA residence status or another residence status).
  • a permission attribute may refer to a user's security level.
  • Associated permission attribute values may be, for example, “High” and “Low”.
  • associated permission attribute values may be “yes” and “no” (indicating a high security level or a low security level).
  • associated permission attribute values may be “1” and “0” (indicating a high security level or a low security level).
  • associated permission attribute values may be in a numeric range (indicating a security level within a range).
  • a permission attribute may refer to a user's age.
  • Associated permission attribute values may be, for example, “at least 18 years old” and “below 18 years old”. In another example, associated permission attribute values may be “yes” and “no” (indicating at least 18 years old or below 18 years old). In another example, associated permission attribute values may be “1” and “0 (indicating at least 18 years old or below 18 years old). In another example, associated permission attribute values may be a user's age.
  • any number of permission attributes may be combined in controlling access to information.
  • a first user who is a “private” user and is a “USA resident” may be granted access to a first set of information
  • a second user who is a “public” user and is a “USA resident” may be granted access to a second set of information
  • a third user who is a “private” user and is “not a USA resident” may be granted access to a third set of information
  • a fourth user who is a “public” user and is “not a USA resident” may be granted access to a fourth set of information (in this example, the first through fourth sets of information may be distinct from one another or there may be overlap (partial or total) between information in one or more of the sets of information).
  • an implementation of the present invention may separate the filter logic from the logic related to the security system (of course, the security system may be extended to enforce also the filter criteria).
  • the content filter may be designed and implemented to facilitate compliance with federal and/or state regulations and/or with corporate policies regarding access to information (e.g., access to “private” information).
  • certain users e.g., syndicating agent, administrative agent, sales desk
  • an issuer may be responsible for this (e.g., by classifying uploaded documents appropriately).
  • certain users e.g., syndicating agent, administrative agent, sales desk
  • certain users do not need to be responsible for knowing and identifying a given investor's “status” (e.g., private or public) relative to a given issuer. Rather, each investor may be responsible for this (e.g., by self-declaring one or more permission attributes).
  • certain users e.g., loan investors
  • the present invention may be used to apply other classifications and filters that are built in essentially the same way as the “visibility” classification, e.g., by adding additional columns to content tables and extending business logic and database queries to reflect their meaning to the business process (under this implementation strategy the system performance may be optimized since the system can perform very efficient filtering at the database layer).
  • the self-declared permission attributes of the present invention may be applied to all content managed by an enterprise information system or to a subset of the content managed by an enterprise information system. (e.g., on a client by client basis or on a deal by deal basis).
  • access to specific content may be filtered by hiding certain content (e.g., providing a given user a list of hyperlinks to content which may be accessed by that user, based upon the content classification and the user's self-declared permission attribute(s), and not including in the list of hyperlinks any excluded content) or by prohibiting access to certain content (e.g., providing a given user a list of hyperlinks to content which may or may not be accessed by that user, based upon the content classification and the user's self-declared permission attribute(s), and prohibiting assess to excluded content if the user clicks an excluded hyperlink).
  • the various steps may be performed in any desired order, one or more steps may be deleted and/or one or more steps may be added.

Abstract

Various embodiments of the present invention are directed to providing a user the ability to self-declare one or more permission attributes about the user that form the basis for the filtering (e.g., the dynamic filtering) of current and/or future content. In this manner, access to the content may thus be governed by the self-declared permission attributes (in one example (which example is intended to be illustrative and not restrictive), the present invention may operate within a secure, tracked content delivery infrastructure).

Description

    RELATED APPLICATIONS
  • This application claims the benefit of U.S. Provisional Application Ser. No. 60/667,888, filed Apr. 1, 2005, which is incorporated herein by reference in its entirety.
    • FIELD OF THE INVENTION
  • Various embodiments of the present invention are directed to providing a user the ability to self-declare one or more permission attributes about the user that form the basis for the filtering (e.g., the dynamic filtering) of current and/or future content. In this manner, access to the content may thus be governed by the self-declared permission attributes (in one example (which example is intended to be illustrative and not restrictive), the present invention may operate within a secure, tracked content delivery infrastructure).
  • For the purposes of describing and claiming the present invention the term “self-declared” is intended to refer to an indication or selection associated with a given entity that is made by the given entity itself.
  • Further, for the purposes of describing and claiming the present invention the term “value” (e.g., as used in “classification value” or “permission attribute value”) is intended to refer to a numeric indicator (e.g., a distinct number, a range of numbers) or an alphanumeric indicator (e.g., a text label such as “private”, “public”, “yes”, “no”).
    • BACKGROUND OF THE INVENTION
  • Security systems typically provide a way of filtering information based on criteria that are defined by an administrator. While such a typical security system may prevent a user from gaining access to protected system content if the user is not explicitly permissioned to do so, various embodiments of the present invention provide the ability to reveal certain content only to users with certain attributes, even if, for example, the system administrator is unaware of the user's identity or affiliation and the user is unaware of the nature of the content.
  • The filtering of the present invention may thus dynamically allow the same content to be accessed or not accessed by a particular user, based on self-declared permission attribute(s), in each situation. For example, the ability to self-declare the permission attribute(s) may help reduce the administrative overhead associated with granting or withdrawing permissions (e.g., depending on the business process) and enhance compliance with laws and policies regulating the users.
  • Of note, a security system working properly typically prevents access to information such that a user should only gain access to information that he or she should not have only in the event of mistakes by the system administrator. Unauthorized access otherwise should not occur while the system is operational.
  • In this regard, introducing the ability of a user to self-declare permission attribute(s) may increase the risk of abuse or violation of policies. Various embodiments of the present invention therefore provide the ability to track access to information. This audit information can be reviewed, for example, in the form of a report or sophisticated search criteria and can return a list of possible violations of regulations (e.g., a compliance officer can use the findings to investigate possible violations).
    • SUMMARY OF THE INVENTION
  • One embodiment of the present invention relates to a computer implemented method of controlling access to at least one document, comprising: receiving for storage from a first user at least one document; receiving from the first user at least one classification associated with the stored document, wherein the classification has a value selected from at least a first classification value and a second classification value; receiving from a second user at least one permission attribute associated with the second user, wherein the permission attribute associated with the second user is self-declared and wherein the permission attribute has a value selected from at least a first permission attribute value and a second permission attribute value; and permitting the second user to access the stored document if the classification value of the stored document matches the permission attribute value declared by the second user.
  • One example business reason for utilizing the present invention may stem from concerns within the syndicated loan market. In such a syndicated loan market, loans are marketed to investors (including, without limitation, banks, debt funds, hedge funds). Many of the investors are institutional investors that invest in both the public markets (e.g., bonds, equity) and in the private loan market. Since disclosure related to certain loans often includes material non-public information (i.e., “private” information such as financial projections), these institutional investors have the potential to be conflicted with regard to insider trading regulations (e.g., regulations promulgated by the SEC). As such, users within these firms may require the ability to indicate their status on a particular loan based on: a) whether they are or may trade in the stocks/bonds of that borrowing entity (e.g., on the “public” side); and/or b) have procedure to prevent trading securities of the borrower or have walls/controls that allow them to trade in securities of the borrower while also investing in the loan market (e.g., on the “private” side). Based on their position for any given borrower, they should only see appropriate disclosure materials. Even accidental exposure to “private” information for a “public” investor can be problematic (syndicating agents are typically not aware of each investor's position for any given borrower and therefore typically have no clear way to permission content to them).
  • Similarly, in another example (which example is intended to be illustrative and not restrictive), classifications may be assigned so as to not cause parties involved in pre-merger due diligence or formation of joint ventures to violate antitrust regulations. Users such as professional advisors, executive management or directors could be granted broader access to counterparty information than users from within operating units (e.g., sales, regional managers, etc.), so that pricing and other information can be filtered, without knowing in advance the name, affiliation or security level of all users that could be invited to access content on the system for purposes of the transaction.
  • Similarly, in yet another example (which example is intended to be illustrative and not restrictive), classifications may be assigned so as to preserve attorney-client privilege with respect to content. Only users that identify themselves in a manner consistent with the preservation of privilege (e.g. attorneys rendering advice or responding to requests for legal advice and persons within client organizations authorized to request and receive legal advice) would be granted access to the content associated with such classifications.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1A shows a web browser screenshot of the uploading and classification of a document according to an embodiment of the present invention;
  • FIG. 1B shows a web browser screenshot of self-declaring a permission attribute according to an embodiment of the present invention;
  • FIG. 1C shows a web browser screenshot of hyperlinks to certain information according to an embodiment of the present invention;
  • FIG. 1D shows a web browser screenshot of hyperlinks to certain information according to an embodiment of the present invention;
  • FIG. 1E shows a web browser screenshot related to changing a self-declared permission attribute according to an embodiment of the present invention;
  • FIG. 1F shows a web browser screenshot related to changing a self-declared permission attribute according to an embodiment of the present invention;
  • FIG. 2 shows a web browser screenshot of a report related to various self-declared permission attributes according to an embodiment of the present invention;
  • FIG. 3 shows a screenshot of an alert relating to certain stored information according to an embodiment of the present invention;
  • FIGS. 4-9 show block diagrams related to databases and database structures according to various embodiments of the present invention; and
  • FIG. 10 shows a block diagram of a computer infrastructure according to an embodiment of the present invention.
    •
  • Among those benefits and improvements that have been disclosed, other objects and advantages of this invention will become apparent from the following description taken in conjunction with the accompanying figures. The figures constitute a part of this specification and include illustrative embodiments of the present invention and illustrate various objects and features thereof.
    • DETAILED DESCRIPTION OF THE INVENTION
  • Detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely illustrative of the invention that may be embodied in various forms. In addition, each of the examples given in connection with the various embodiments of the invention is intended to be illustrative, and not restrictive. Further, the figures are not necessarily to scale, some features may be exaggerated to show details of particular components. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a representative basis for teaching one skilled in the art to variously employ the present invention.
  • Referring now to FIGS. 1A-1F, the classification of and controlled access to certain information according to an embodiment of the present invention is shown.
  • More particularly, FIG. 1A shows a web browser screenshot of the uploading and classification of a document according to an embodiment of the present invention. As seen in this Fig., a user (e.g., an administrative agent or a syndicating agent) indicates a target audience. In this example relating to potential investors, the choices for the classification values are “Public” and “Private”. Further, in this example the default classification value is “Private” (of course, the default classification value could be something other, such as “Public”). Of note, the user uploading the information is not responsible for permissions related to people who may try to access the information, only to the classification of the information.
  • Of course, after content is uploaded to the enterprise information system, the uploader, an administrator or a content manager may change the visibility setting for the content (defined by the classification value). Thus, in this example, the visibility setting may be changed from “Public” to “Private” or visa versa.
  • Referring now to FIG. 1B, it is seen that the user who may try to access the uploaded information (in this example an investor) self-declares his or her own permission attribute (having a value of either pubic or private in this example). As seen in this Fig, in this example the investor may be forced to make a selection before proceeding. In one specific example (which example is intended to be illustrative and not restrictive), the self-declaration can be made when the user enters any part of the system for accessing content relating to a subject company X and the self-declared permission attribute may remain associated with the user during this and any subsequent sessions within this portion of the system (or until such time as the user's access rights to such portion are terminated). In another specific example (which example is intended to be illustrative and not restrictive), the user could self-declare the permission attribute the first time he or she enters a portion of the system containing specific content (e.g., related to company X) and have the same self-declared permission attribute control access to content in other and additional portions of the system containing different content (e.g., related to company Y).
  • Further, as seen in FIGS. 1C and 1D, information in the system may be filtered (that is, access controlled) based upon the self-declared permission attribute values of each user. That is, FIG. 1C shows a listing (e.g., in the form of hyperlinks) of information accessible by users who have self-declared the “Private” permission attribute value (this information may comprise information which had been categorized as “Private” as well as information which had been categorized as “Public”). Similarly, FIG. 1D shows a listing (e.g., in the form of hyperlinks) of information accessible by users who have self-declared the “Public” permission attribute value (this information may comprise information which had been categorized as “Public” (e.g., information which may be viewed by anybody generally having access to the system or a portion thereof) and may exclude information which had been categorized as “Private”).
  • Of course, users may be given the opportunity to change the self-declared permission attributes. That is, the initially self-declared permission attribute(s) could applied to all visits to the system or portions thereof until the user explicitly changes the user's attribute(s) within the user profile section of the enterprise information system or elsewhere (e.g., through a user interface). In this regard, FIG. 1E shows a web browser screenshot related to such changing of a self-declared permission attribute value and FIG. 1F shows a web browser screenshot related to confirmation of the change.
  • Referring now to FIG. 2, this Fig. shows a web browser screenshot of a report related to various self-declared permission attributes according to an embodiment of the present invention. In this regard, the present invention may track access to content with associated classifications and store the access details in an audit record (a compete audit trail of what information was disclosed/accessed (e.g., relative to each given investor), when the information was disclosed/accessed and how the information was classified at the time of being disclosed/accessed may be provided).
  • More particularly, in one example (which example is intended to be illustrative and not restrictive), an audit entry may comprise the user's name and ID, date and time of the access, information related to the content and other data. An additional audit entry may made each and every time a user accesses any content in the system (anywhere in the system or in one or more specific portions of the system). Also recorded may be any changes to a user's self-declared permission attributes(s).
  • All audit records related to the content access, the content classification and/or the user's self-declared permission attribute(s) may be made available to authorized users and administrators through reports. The audit record may be used to provide a compliance officer of a company or regulatory entities with the ability to track compliance and detect violations of the regulations or company policies and take corrective action.
  • In another example (which example is intended to be illustrative and not restrictive), auditing policies can be embodied as follows: 1) in a definition in a user interface and stored in database tables and interpreted (or compiled) during runtime; 2) in a definition in configuration fields that are interpreted by business logic; and/or 3) in business logic that is incorporated into an existing system.
  • Referring now to FIG. 3, this Fig. shows a screenshot of an alert relating to certain stored information according to an embodiment of the present invention. More particularly, as seen in this Fig. a communication (e.g., via email or another mechanism) may be sent to one or more users indicating a change in content (e.g., the uploading of a new document to the system, the editing of an existing document, etc.).
  • In one example (which example is intended to be illustrative and not restrictive), an alert related to content classified as “public” will go to appropriate users who have self-declared permission attributes of “public” or “private”.
  • In another example (which example is intended to be illustrative and not restrictive), an alert related to content classified as “private” will go to appropriate users who have self-declared permission attributes of “public” or “private” (wherein “public” users are responsible for actually accessing the content or not).
  • In another example (which example is intended to be illustrative and not restrictive), an alert related to content classified as “private” will go to appropriate users who have self-declared a permission attribute of only “private” (wherein self-declared “public” users are not notified by the alert).
  • As described above, one embodiment of the present invention enables administrators and content managers to associate classifications and allowable classification values with the content of an enterprise information system. These classifications may already be included in the enterprise information system or may be specifically designed by its system administrator to represent classifications of the content. The classifications are typically not part of the content but may describe and represent the user characteristics, security clearance levels and/or metadata associated with access to the content.
  • In one example (which example is intended to be illustrative and not restrictive), the present invention may provide a user of an enterprise information system with the ability to dynamically select an existing or create a new information filter for current and/or future content managed by the enterprise information system.
  • In another example (which example is intended to be illustrative and not restrictive), a user may be required to select an existing or create a new permission attribute when he or she accesses the system the first time or after new classifications/permission attributes have been added. This may be done as soon as the user passes appropriate user credentials to the enterprise information system but before the user gains access to the functions of the enterprise information system (see, e.g., FIG. 1B). After the user creates or selects one or more permission attributes (that is, having desired values associated therewith), the system starts to release and suppress content accordingly. Of course, the fact that the user self-declares his or her permission attributes may comprise a differentiation from security systems in which an administrator selects a security level by user or by group and does not allow a user or member of such group to declare the presence of attributes associated with different security levels.
  • In another example (which example is intended to be illustrative and not restrictive), permission attribute(s) may be selected that are known to the user, notwithstanding that the user may not know or anticipate the nature, purpose or substance of the content on which such permission attributes(s) will act as a filter.
  • In another example (which example is intended to be illustrative and not restrictive), filtering may act on any single attribute or combination of multiple attributes, such that a plurality of users with the same permission attribute(s) may not have access to the same content, to the extent access is filtered by other attribute(s) or combinations of attribute(s).
  • In another example (which example is intended to be illustrative and not restrictive), the present invention may classify information not only based upon content but upon a location of a document within the system, a publication source, a comment, a reply, and/or association with other users (among other possibilities).
  • In another example (which example is intended to be illustrative and not restrictive), the visibility of certain information (e.g., represented by hyperlinks to stored information) may be implemented through various columns in database tables.
  • In another example (which example is intended to be illustrative and not restrictive), two (or more) aliases or user names per user could be defined. One alias could apply automatically one or more attributes for purposes of filtering access to content; the other aliases could apply to other attribute(s) for filtering access to content.
  • In another example (which example is intended to be illustrative and not restrictive), the system or system administrator can turn on or off each user's ability to self-declare permission attribute(s).
  • In another example (which example is intended to be illustrative and not restrictive), a limited or essentially unlimited number of classifications/classification values may be defined and linked to content, independent of modifications to the core system for storing and/or distributing content. Depending on the implementation strategy, the extensions can be made while the system is operating or before the system is restarted (of course, any desired number of self-declared permission attributes/permission attribute values may also be utilized).
  • For a limited number of classifications (e.g. 1 to 10), the system may add additional columns to the content tables in the database to be used only when an additional classification information is added. The business logic could manage the classifications and could expand the queries as new classifications are added. Under this approach the query overhead may be minimized and the overall system performance may not be significantly impacted.
  • For an essentially unlimited number of classifications to be supported, the classifications could be placed in separate database tables and linked with a 1-n relationship to the content tables. Filtering could be accomplished using either an additional query per access to content or a table joined between the table that contains the content and the table that contains the classifications and their allowable values.
  • The allowable values per classification may be defined in multiple ways including, but not limited to, the following approaches:
      • 1. A user interface that allows a user to define the allowable values per classification and stores them as metadata in an allowable value table.
      • 2. A configuration file that is loaded at system start or when a change is registered by the server.
      • 3. Business logic that can be plugged into the existing system after the release date.
  • The business logic and user interface may be constructed so that the classifications are considered when content is retrieved and/or updated.
  • The system programmer, system administrator, and/or user could create filters depending on the required flexibility in multiple ways including, but not limited to, the following approaches:
      • 1. A user interface allows system administrators and/or users to define filters based on the logical combination of classifications and allowable values. The expressions may be stored in database tables. The data may be interpreted (or compiled and executed) during runtime.
        • a. In one example (which example is intended to be illustrative and not restrictive), expressions such as “attribute 1 IN {val1, val2} AND NOT attribute2 IN {val3}” could be defined by the user and/or system administrator to define a filter that filters out all content that has the values “val1” and “val2” in its classification “attribute 1” and does not have the value “val3” in the classification “attribute 2”.
      • 2. The filters could be defined by system programmers and/or system administrators in a configuration file and interpreted after the expression is loaded into the system. The expression can be the same or similar to the expression in the bullet (a) above.
      • 3. The system programmer could develop filters as business logic that are incorporated into the existing system. The plug-in may be loaded when the system is registering the new plug-ins and makes the filters available to the user when the functionality is desired to be used.
  • Referring now to FIGS. 4-9 block diagrams related to databases and database structures according to various embodiments of the present invention are shown.
  • More particularly, as seen in the example of FIG. 4, all Content has associated therewith a flag that indicates if Content is public or private information. Publication and Comment are subtypes of Content and therefore inherit that flag. Further, a participant is realized in the database and in the Java implementation as a relationship between the workspace and the user tables (objects in java). Therefore, the participant references the user in a particular workspace. Moreover, the workspace contains an attribute “publicPrivateEnabled” that indicates if the public-private feature is enabled for the specific workspace. Further, the participant has an attribute called “publicPrivateSelected” that indicates if the particular user has self-declared the value “public” or “private” for the associated workspace.
  • Referring now to FIG. 5, in this example the Null Filter does not perform any filtering. The idea here is the filter is created to filter all returned Content items based on the publicPrivate flag. So, if the user only wants to see public information, the filter will filter out each returned content item that has a private flag. If the user wants to view private and public information, the filter allows all content to pass (Null filter).
  • Referring now to the example of FIG. 6, essentially same mechanisms may exist here as before (e.g., FIG. 5). However, in this example the filter is created as a filter criteria for the query that is issued to the database or search engine. This implies that that the filter criteria is incorporated in the defined content query (e.g. in a simple SQL query the filter criteria would be included in the WHERE clause).
  • Referring now to FIG. 7, this example is a generalized version of the public/private feature. Content or subtypes of Content have specific classification attributes that can be used for filtering. The Workspace maintains in associated tables (ActiveClassification) the classifications that are enabled in a particular workspace. The active classifications can be retrieved calling the method getActiveClassification( ). The participant refers to a list of selected Filters in the SelectedFilter table. The filters can be accessed through the method getSelectedFilters( ).
  • Referring now to FIG. 8, this example is similar to the private/public case. However, here the selected filters that are active in the workspace are selected by the participant in a given workspace. The assumption is that the filter is stored and retrieved by the system (this can be done by a multitude of approaches such as object serialization or Object-relationship mapping).
  • Referring now to FIG. 9, this example is essentially the same as before (e.g., FIG. 8) but in this scenario the search filters are embedded in the content query.
  • Referring now to FIG. 10, a block diagram of a computer infrastructure according to an embodiment of the present invention is shown. More particularly, as seen in this FIG. 10, Website Server 100 (which may have associated therewith one or more Databases 102) operatively communicates (e.g., via the Internet) with User 1 Computer 104, User 2 Computer 106 and User 3 Computer 108. Of note, each of User 1 Computer 104, User 2 Computer 106 and User 3 Computer 108 may have associated therewith appropriate software (e.g., a web browser). Of further note, each of User 1, User 2 and User 3 may be any entity described herein (e.g., a person uploading a document, a person viewing a document, a person editing a document, a person downloading a document).
  • Finally, reference will now be made to a number of examples directed to permission attributes and permission attribute values (of course, these examples are intended to be illustrative, and not restrictive).
  • More particularly, in one example (as discussed above) a permission attribute may refer to a user's public/private status relative to certain information. Associated permission attribute values may be, for example, “private” and “public”. In another example, associated permission attribute values may be “yes” and “no” (indicating a private status or a public status). In another example, associated permission attribute values may be “1” and “0” (indicating a private status or a public status).
  • In another example, a permission attribute may refer to a user's country of residence. Associated permission attribute values may be, for example, “USA” and “Other”. In another example, associated permission attribute values may be “yes” and “no” (indicating a USA residence status or another residence status). In another example, associated permission attribute values may be “1” and “0” (indicating a USA residence status or another residence status).
  • In another example, a permission attribute may refer to a user's security level. Associated permission attribute values may be, for example, “High” and “Low”. In another example, associated permission attribute values may be “yes” and “no” (indicating a high security level or a low security level). In another example, associated permission attribute values may be “1” and “0” (indicating a high security level or a low security level). In another example, associated permission attribute values may be in a numeric range (indicating a security level within a range).
  • In another example, a permission attribute may refer to a user's age. Associated permission attribute values may be, for example, “at least 18 years old” and “below 18 years old”. In another example, associated permission attribute values may be “yes” and “no” (indicating at least 18 years old or below 18 years old). In another example, associated permission attribute values may be “1” and “0 (indicating at least 18 years old or below 18 years old). In another example, associated permission attribute values may be a user's age.
  • Of course, any number of permission attributes may be combined in controlling access to information. For example (which example is intended to be illustrative, and not restrictive), a first user who is a “private” user and is a “USA resident” may be granted access to a first set of information; a second user who is a “public” user and is a “USA resident” may be granted access to a second set of information; a third user who is a “private” user and is “not a USA resident” may be granted access to a third set of information; and a fourth user who is a “public” user and is “not a USA resident” may be granted access to a fourth set of information (in this example, the first through fourth sets of information may be distinct from one another or there may be overlap (partial or total) between information in one or more of the sets of information).
  • While a number of embodiments of the present invention have been described, it is understood that these embodiments are illustrative only, and not restrictive, and that many modifications may become apparent to those of ordinary skill in the art. For example, an implementation of the present invention may separate the filter logic from the logic related to the security system (of course, the security system may be extended to enforce also the filter criteria). Further, the content filter may be designed and implemented to facilitate compliance with federal and/or state regulations and/or with corporate policies regarding access to information (e.g., access to “private” information). Further still, under various embodiments of the present invention certain users (e.g., syndicating agent, administrative agent, sales desk) do not need to be responsible for knowing and identifying what information is private. Rather, an issuer may be responsible for this (e.g., by classifying uploaded documents appropriately). Likewise, under various embodiments of the present invention certain users (e.g., syndicating agent, administrative agent, sales desk) do not need to be responsible for knowing and identifying a given investor's “status” (e.g., private or public) relative to a given issuer. Rather, each investor may be responsible for this (e.g., by self-declaring one or more permission attributes). Moreover, under various embodiments of the present invention certain users (e.g., loan investors) may be provided a mechanism for identifying “private” information in order to minimize the potential for unintentional/inappropriate exposure (the present invention may provide for this to be handled in the market by a consistent industry approach). Further still, the present invention may be used to apply other classifications and filters that are built in essentially the same way as the “visibility” classification, e.g., by adding additional columns to content tables and extending business logic and database queries to reflect their meaning to the business process (under this implementation strategy the system performance may be optimized since the system can perform very efficient filtering at the database layer). Further still, the self-declared permission attributes of the present invention may be applied to all content managed by an enterprise information system or to a subset of the content managed by an enterprise information system. (e.g., on a client by client basis or on a deal by deal basis). Further still, access to specific content may be filtered by hiding certain content (e.g., providing a given user a list of hyperlinks to content which may be accessed by that user, based upon the content classification and the user's self-declared permission attribute(s), and not including in the list of hyperlinks any excluded content) or by prohibiting access to certain content (e.g., providing a given user a list of hyperlinks to content which may or may not be accessed by that user, based upon the content classification and the user's self-declared permission attribute(s), and prohibiting assess to excluded content if the user clicks an excluded hyperlink). Further still, the various steps may be performed in any desired order, one or more steps may be deleted and/or one or more steps may be added.

Claims (22)

1-42. (canceled)
43. A method for tracking compliance to a company policy, the method comprising:
providing a computer database in association with a computer server for storing a plurality of computer data content items, wherein each of the plurality of computer data content items is assigned a corresponding classification attribute that indicates a target audience by a first user through a first user computer in communication with the computer server via a network, and wherein at least a first classification attribute categorizes at least a first one of the plurality of computer data content items as belonging to a category that another user is restricted from viewing;
providing, by the first user of the first user computer, permission for a second user through a second user computer to request access to the plurality of computer data content items;
receiving, at the computer server, a request for access to the first one of the plurality of computer data content items from the second user through the second user computer via the network, wherein the request for access comprises a permission attribute that identifies at least one category of data content items that the second user is not restricted from viewing, wherein the permission attribute is self-declared by the second user and restricts the second user's access to the first one of the plurality of computer data content items if the permission attribute self-declared by the second user does not match the first classification attribute assigned by the first user;
granting access, by the computer server, to the second user to the first one of the plurality of computer data content items if the first classification attribute assigned by the first user matches the permission attribute self-declared by the second user;
storing at least one detail of access to the first one of the plurality of computer data content items in an audit record, wherein the at least one detail comprises at least one of: an identification of the computer data content item, a time of access, the self-declared permission attribute at the time of access, the first classification attribute at the time of access, and an identification of the second user; and
providing the audit record to an authorized user as a report for tracking compliance to the company policy.
44. The method of claim 43, wherein at least one of the first classification attribute and the permission attribute is associated with a company name related to the content of the first one of the plurality of computer data content items.
45. The method of claim 43, wherein at least one of the first classification attribute and the permission attribute is associated with a named individual related to the content of the first one of the plurality of computer data content items.
46. The method of claim 43, wherein at least one of the first classification attribute and the permission attribute is at least one of public and private.
47. The method of claim 43, wherein the permission attribute is used to filter the plurality of computer data content items within the computer database in order to determine additional ones of the plurality of computer data content items to which the second user is granted access.
48. The method of claim 43, wherein the permission attribute of the second user is declared at the time of the requested access.
49. The method of claim 43, wherein the permission attribute of the second user has been previously declared and stored in association with the computer database.
50. The method of claim 43, wherein the computer database is a secure computer data storage facility.
51. The method of claim 43, wherein the first one of the plurality of computer data content items is a computer-based document.
52. The method of claim 43, wherein each corresponding classification attribute is stored in the computer database.
53. The method of claim 43, wherein the assignment of each classification attribute is made in metadata associated with a corresponding one of the plurality of computer data content items.
54. The method of claim 43, wherein the first classification attribute further indicates at least one of a location of a document, a publication source, a comment, a reply, and an association with other users.
55. A method for tracking compliance to a company policy, the method comprising:
providing a computer database in association with a computer server for storing a plurality of computer data content items, wherein each of the plurality of computer data content items is assigned a corresponding classification attribute that indicates a target audience by a first user through a first user computer in communication with the computer server via a network, and wherein at least a first classification attribute categorizes at least a first one of the plurality of computer data content items as belonging to a category that another user is restricted from viewing;
providing, by the first user of the first user computer, permission for a second user through a second user computer to request access to the plurality of computer data content items;
receiving, at the computer server, a request for access to the first one of the plurality of computer data content items from the second user through the second user computer via the network, wherein the request for access comprises a permission attribute that identifies at least one category of data content items that a second user is restricted from viewing, wherein the permission attribute is self-declared by the second user and restricts the second user's access to the first one of the plurality of computer data content items if the permission attribute self-declared by the second user matches the classification attribute assigned by the first user;
granting access, by the computer server, to the second user to the first one of the plurality of computer data content items if the classification attribute assigned by the first user does not match the permission attribute self-declared by the second user;
storing at least one detail of access to the first one of the plurality of computer data content items in an audit record, wherein the at least one detail comprises at least one of: an identification of the computer data content item, a time of access, the self-declared permission attribute at the time of access, the classification attribute at the time of access, and an identification of the second user; and
providing the audit record to an authorized user as a report for tracking compliance to the company policy.
56. The method of claim 55, wherein at least one of the first classification attribute and the permission attribute is associated with at least one of a company name and an individual name related to the content of the first one of the plurality of computer data content items.
57. The method of claim 55, wherein the permission attribute is used to filter the plurality of computer data content items within the computer database in order to determine additional ones of the plurality of computer data content items to which the second user is granted access.
58. The method of claim 55, wherein the assignment of the classification attribute is made in metadata associated with the first one of the plurality of computer data content items.
59. A method for tracking compliance to a company policy, the method comprising:
providing a computer database in association with a computer server for storing a plurality of computer data content items, wherein each of the plurality of computer data content items is assigned a corresponding classification attribute that indicates a target audience by a first user through a first user computer in communication with the computer server via a network, and wherein at least a first classification attribute categorizes at least a first one of the plurality of computer data content items as belonging to a category that another user is restricted from viewing;
providing, by the first user of the first user computer, permission for a second user through a second user computer to request access to the plurality of computer data content items;
receiving, at the computer server, a request for access to the first one of the plurality of computer data content items from the second user through the second user computer via the network, wherein the request for access comprises a permission attribute that identifies at least one category of data content items that a second user is not restricted from viewing, wherein the permission attribute is self-declared by the second user and restricts the second user's access to the first one of the plurality of computer data content items if the permission attribute self-declared by the second user does not match the classification attribute assigned by the first user;
providing a hyperlink to the first one of the plurality of computer data content items by the server-based content access management facility if the first classification attribute assigned by the first user matches the permission attribute self-declared by the second user; and
storing at least one detail of access to the first one of the plurality of computer data content items in an audit record, wherein the at least one detail comprises at least one of: an identification of the computer data content item, a time of access, the self-declared permission attribute at the time of access, the classification attribute at the time of access, and an identification of the second user; and
providing the audit record to an authorized user as a report for tracking compliance to the company policy.
60. The method of claim 59, wherein at least one of the first classification attribute and the permission attribute is associated with at least one of a company name and an individual name related to the content of the first one of the plurality of computer data content items.
61. The method of claim 59, wherein the permission attribute is used to filter the plurality of computer data content items within the computer database in order to determine additional ones of the plurality of computer data content items to which the second user is granted access.
62. The method of claim 59, wherein the assignment of each classification attribute is made in metadata associated with a corresponding one of each of the plurality of computer data content items.
63. A method for tracking compliance to a policy, the method comprising:
providing a computer database in association with a computer server for storing a plurality of computer data content items, wherein each of the plurality of computer data content items is assigned a corresponding classification attribute that indicates a target audience by a first user through a first user computer in communication with the computer server via a network, and wherein at least a first classification attribute categorizes at least a first one of the plurality of computer data content items as belonging to a category that another user is conflicted from viewing;
providing, by the first user of the first user computer, permission for a second user through a second user computer to request access to the plurality of computer data content items;
receiving, at the computer server, a request for access to the first one of the plurality of computer data content items from the second user through the second user computer via the network, wherein the request for access comprises a permission attribute that identifies at least one category of data content items that a second user is not conflicted from viewing, wherein the permission attribute is self-declared by the second user and restricts the second user's access to the first one of the plurality of computer data content items if the permission attribute self-declared by the second user does not match the first classification attribute assigned by the first user, and wherein the permission attribute reflects a policy associated with the second user;
granting access, by the computer server, to the second user to the first one of the plurality of computer data content items if the first classification attribute assigned by the first user matches the permission attribute self-declared by the second user;
storing at least one detail of access to the first one of the plurality of computer data content items in an audit record, wherein the at least one detail comprises at least one of: an identification of the computer data content item, a time of access, the self-declared permission attribute at the time of access, the first classification attribute at the time of access, and an identification of the second user; and
providing the audit record to an authorized user as a report for tracking compliance to the policy.
US14/720,247 2005-04-01 2015-05-22 System and method for information delivery based on at least one self-declared user attribute with audit records Abandoned US20150254360A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/720,247 US20150254360A1 (en) 2005-04-01 2015-05-22 System and method for information delivery based on at least one self-declared user attribute with audit records

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US66788805P 2005-04-01 2005-04-01
US11/395,701 US9069436B1 (en) 2005-04-01 2006-03-31 System and method for information delivery based on at least one self-declared user attribute
US14/720,247 US20150254360A1 (en) 2005-04-01 2015-05-22 System and method for information delivery based on at least one self-declared user attribute with audit records

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/395,701 Continuation US9069436B1 (en) 2005-04-01 2006-03-31 System and method for information delivery based on at least one self-declared user attribute

Publications (1)

Publication Number Publication Date
US20150254360A1 true US20150254360A1 (en) 2015-09-10

Family

ID=53441740

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/395,701 Active 2027-10-16 US9069436B1 (en) 2005-04-01 2006-03-31 System and method for information delivery based on at least one self-declared user attribute
US14/720,247 Abandoned US20150254360A1 (en) 2005-04-01 2015-05-22 System and method for information delivery based on at least one self-declared user attribute with audit records

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/395,701 Active 2027-10-16 US9069436B1 (en) 2005-04-01 2006-03-31 System and method for information delivery based on at least one self-declared user attribute

Country Status (1)

Country Link
US (2) US9069436B1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9251360B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
US9369455B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US9514327B2 (en) 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US20170332306A1 (en) * 2013-09-25 2017-11-16 Gamesys Ltd. Systems, Methods, and Apparatus for Geolocation Platform Mechanics
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
CN111210198A (en) * 2019-12-30 2020-05-29 广州高企云信息科技有限公司 Information delivery method and device and server

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9298687B2 (en) * 2010-11-29 2016-03-29 Red Hat, Inc. Automatic spreadsheet formula output validation
US9195759B2 (en) * 2012-03-27 2015-11-24 Varonis Systems, Ltd. Method and apparatus for enterprise-level filtered search
US10049131B2 (en) * 2012-07-02 2018-08-14 Salesforce.Com, Inc. Computer implemented methods and apparatus for determining user access to custom metadata
AU2013308905B2 (en) * 2012-08-28 2018-12-13 Visa International Service Association Protecting assets on a device
US10157228B2 (en) * 2013-02-22 2018-12-18 Mitel Networks Corporation Communication system including a confidence level for a contact type and method of using same
US9398102B2 (en) * 2013-03-06 2016-07-19 Netskope, Inc. Security for network delivered services
US10298617B2 (en) 2015-07-08 2019-05-21 T-Mobile Usa, Inc. Trust policy for telecommunications device
US9866592B2 (en) 2015-09-28 2018-01-09 BlueTalon, Inc. Policy enforcement system
US10120949B2 (en) * 2015-10-29 2018-11-06 Google Llc Indexing native application data
US9871825B2 (en) 2015-12-10 2018-01-16 BlueTalon, Inc. Policy enforcement for compute nodes
US10834113B2 (en) 2017-07-25 2020-11-10 Netskope, Inc. Compact logging of network traffic events
CN111131362A (en) * 2018-11-01 2020-05-08 昆盈企业股份有限公司 Method for sharing configuration file
US11416641B2 (en) 2019-01-24 2022-08-16 Netskope, Inc. Incident-driven introspection for data loss prevention
US10868845B2 (en) 2019-03-01 2020-12-15 Netskope, Inc. Recovery from failure in a dynamic scalable services mesh
US11886605B2 (en) * 2019-09-30 2024-01-30 Red Hat, Inc. Differentiated file permissions for container users
US11856022B2 (en) 2020-01-27 2023-12-26 Netskope, Inc. Metadata-based detection and prevention of phishing attacks
US11947682B2 (en) 2022-07-07 2024-04-02 Netskope, Inc. ML-based encrypted file classification for identifying encrypted data movement

Citations (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5813009A (en) * 1995-07-28 1998-09-22 Univirtual Corp. Computer based records management system method
US20020007330A1 (en) * 1998-12-08 2002-01-17 Srihari Kumar Interactive transaction center interface
US6374653B1 (en) * 1997-12-22 2002-04-23 Security People, Inc. Mechanical/electronic lock and key therefor
US6415321B1 (en) * 1998-12-29 2002-07-02 Cisco Technology, Inc. Domain mapping method and system
US20020138582A1 (en) * 2000-09-05 2002-09-26 Mala Chandra Methods and apparatus providing electronic messages that are linked and aggregated
US6539419B2 (en) * 1998-09-11 2003-03-25 Genesys Telecommunications Laboratories, Inc. Method and apparatus for providing media-independent self-help modules within a multimedia communication-center customer interface
US20030105978A1 (en) * 2001-11-13 2003-06-05 Sun Microsystems, Inc. Filter-based attribute value access control
US20030105862A1 (en) * 2001-11-30 2003-06-05 Villavicencio Francisco J. Impersonation in an access system
US20030217127A1 (en) * 2002-05-15 2003-11-20 Richard P. Sinn Employing job code attributes in provisioning
US6672506B2 (en) * 1996-01-25 2004-01-06 Symbol Technologies, Inc. Statistical sampling security methodology for self-scanning checkout system
US20040010791A1 (en) * 2002-07-11 2004-01-15 Vikas Jain Supporting multiple application program interfaces
US20040025052A1 (en) * 2000-07-26 2004-02-05 David Dickenson Distributive access controller
US20040034646A1 (en) * 1998-12-30 2004-02-19 Kimball Jeffrey David Customized user interface based on user profile information
US20040153472A1 (en) * 2003-01-31 2004-08-05 Rieffanaugh Neal King Human resource networking system and method thereof
US20040229199A1 (en) * 2003-04-16 2004-11-18 Measured Progress, Inc. Computer-based standardized test administration, scoring and analysis system
US6839850B1 (en) * 1999-03-04 2005-01-04 Prc, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US20050018858A1 (en) * 2002-02-08 2005-01-27 John Michael Sasha Rapid screening, threshold, and diagnostic tests for evaluation of hearing
US20050060584A1 (en) * 1995-02-13 2005-03-17 Intertrust Technologies Corp. Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management
US20050060572A1 (en) * 2003-09-02 2005-03-17 Trulogica, Inc. System and method for managing access entitlements in a computing network
US20050102534A1 (en) * 2003-11-12 2005-05-12 Wong Joseph D. System and method for auditing the security of an enterprise
US20050108283A1 (en) * 2003-11-18 2005-05-19 Oracle International Corporation Method of and system for associating an electronic signature with an electronic record
US6904449B1 (en) * 2000-01-14 2005-06-07 Accenture Llp System and method for an application provider framework
US20050160065A1 (en) * 2002-04-05 2005-07-21 Lisa Seeman System and method for enhancing resource accessibility
US20050187972A1 (en) * 2004-02-20 2005-08-25 Kruger Michael W. System and method for analyzing and correcting retail data
US20060064434A1 (en) * 2004-09-21 2006-03-23 International Business Machines Corporation Case management system and method for collaborative project teaming
US20060143447A1 (en) * 2004-12-23 2006-06-29 Microsoft Corporation Managing elevated rights on a network
US7085800B2 (en) * 2000-06-01 2006-08-01 Annette M. Abbott Comprehensive system, process and article of manufacture to facilitate institutional, regulatory and individual continuing education requirements via a communications network
US20060206622A1 (en) * 2005-03-11 2006-09-14 Ge Mortgage Holdings, Llc Methods and apparatus for data routing and processing
US7124101B1 (en) * 1999-11-22 2006-10-17 Accenture Llp Asset tracking in a network-based supply chain environment
US20070083615A1 (en) * 2003-06-04 2007-04-12 Hollebeek Robert J Cross-enterprise wallplug for connecting internal hospital/clinic imaging systems to external storage and retrieval systems
US7349912B2 (en) * 2000-12-22 2008-03-25 Oracle International Corporation Runtime modification of entries in an identity system
US7467142B2 (en) * 2002-07-11 2008-12-16 Oracle International Corporation Rule based data management
US20110022836A1 (en) * 2004-01-30 2011-01-27 Murphy Frederick J Method and apparatus for securing the privacy of a computer network

Family Cites Families (107)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2179523A1 (en) * 1993-12-23 1995-06-29 David A. Boulton Method and apparatus for implementing user feedback
US5758257A (en) * 1994-11-29 1998-05-26 Herz; Frederick System and method for scheduling broadcast of and access to video programs and other data using customer profiles
US5630159A (en) * 1994-12-29 1997-05-13 Motorola, Inc. Method and apparatus for personal attribute selection having delay management method and apparatus for preference establishment when preferences in a donor device are unavailable
US6658568B1 (en) * 1995-02-13 2003-12-02 Intertrust Technologies Corporation Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
US5694596A (en) 1995-05-25 1997-12-02 Kangaroo, Inc. On-line database updating network system and method
US5771355A (en) 1995-12-21 1998-06-23 Intel Corporation Transmitting electronic mail by either reference or value at file-replication points to minimize costs
US5781901A (en) 1995-12-21 1998-07-14 Intel Corporation Transmitting electronic mail attachment over a network using a e-mail page
US5903723A (en) 1995-12-21 1999-05-11 Intel Corporation Method and apparatus for transmitting electronic mail attachments with attachment references
US5815665A (en) 1996-04-03 1998-09-29 Microsoft Corporation System and method for providing trusted brokering services over a distributed network
US5898780A (en) 1996-05-21 1999-04-27 Gric Communications, Inc. Method and apparatus for authorizing remote internet access
SE511236C2 (en) * 1996-11-29 1999-08-30 Ericsson Telefon Ab L M A modem with IP support
US6029146A (en) 1996-08-21 2000-02-22 Crossmar, Inc. Method and apparatus for trading securities electronically
US5721827A (en) 1996-10-02 1998-02-24 James Logan System for electrically distributing personalized information
US6385655B1 (en) 1996-10-24 2002-05-07 Tumbleweed Communications Corp. Method and apparatus for delivering documents over an electronic network
US6192407B1 (en) 1996-10-24 2001-02-20 Tumbleweed Communications Corp. Private, trackable URLs for directed document delivery
US5790790A (en) 1996-10-24 1998-08-04 Tumbleweed Software Corporation Electronic document delivery system in which notification of said electronic document is sent to a recipient thereof
US6029171A (en) 1997-02-10 2000-02-22 Actioneer, Inc. Method and apparatus for group action processing between users of a collaboration system
US5923756A (en) 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US5961590A (en) 1997-04-11 1999-10-05 Roampage, Inc. System and method for synchronizing electronic mail between a client site and a central site
GB9715256D0 (en) 1997-07-21 1997-09-24 Rank Xerox Ltd Token-based docement transactions
US6591291B1 (en) 1997-08-28 2003-07-08 Lucent Technologies Inc. System and method for providing anonymous remailing and filtering of electronic mail
US6470386B1 (en) 1997-09-26 2002-10-22 Worldcom, Inc. Integrated proxy interface for web based telecommunications management tools
US6223177B1 (en) 1997-10-22 2001-04-24 Involv International Corporation Network based groupware system
US6112181A (en) * 1997-11-06 2000-08-29 Intertrust Technologies Corporation Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
AU757557B2 (en) 1997-11-13 2003-02-27 Intellectual Ventures I Llc File transfer system
US6065120A (en) 1997-12-09 2000-05-16 Phone.Com, Inc. Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices
US6148342A (en) 1998-01-27 2000-11-14 Ho; Andrew P. Secure database management system for confidential records using separately encrypted identifier and access request
US6092114A (en) 1998-04-17 2000-07-18 Siemens Information And Communication Networks, Inc. Method and system for determining the location for performing file-format conversions of electronics message attachments
US6253326B1 (en) 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
GB2342197A (en) 1998-09-30 2000-04-05 Xerox Corp Alerting users of mobile computing devices to document changes
GB2342195A (en) 1998-09-30 2000-04-05 Xerox Corp Secure token-based document server
US6453348B1 (en) 1998-11-06 2002-09-17 Ameritech Corporation Extranet architecture
US6903755B1 (en) * 1998-12-31 2005-06-07 John T. Pugaczewski Network management system and graphical user interface
US6266692B1 (en) 1999-01-04 2001-07-24 International Business Machines Corporation Method for blocking all unwanted e-mail (SPAM) using a header-based password
US6370575B1 (en) 1999-01-08 2002-04-09 Advanced Micro Devices, Inc. Web-based status/issue tracking system based on parameterized definition
US6898636B1 (en) 1999-02-04 2005-05-24 Intralinks, Inc. Methods and systems for interchanging documents between a sender computer, a server and a receiver computer
US7130831B2 (en) 1999-02-08 2006-10-31 Copyright Clearance Center, Inc. Limited-use browser and security system
US7233992B1 (en) 1999-04-26 2007-06-19 Comerica Bank-California Computerized method and system for managing the exchange and distribution of confidential documents
US6718367B1 (en) 1999-06-01 2004-04-06 General Interactive, Inc. Filter for modeling system and method for handling and routing of text-based asynchronous communications
US6493760B1 (en) 1999-06-28 2002-12-10 Xerox Corporation Standalone device for identifying available document services in a token-enabled operating environment
US6581039B2 (en) 1999-11-23 2003-06-17 Accenture Llp Report searching in a merger and acquisition environment
JP4516649B2 (en) 1999-12-27 2010-08-04 インターナショナル・ビジネス・マシーンズ・コーポレーション Workflow control method, system, storage medium, and server apparatus
US7140035B1 (en) * 2000-02-01 2006-11-21 Teleran Technologies, Inc. Rule based security policy enforcement
US6678698B2 (en) 2000-02-15 2004-01-13 Intralinks, Inc. Computerized method and system for communicating and managing information used in task-oriented projects
CA2305249A1 (en) * 2000-04-14 2001-10-14 Branko Sarcanin Virtual safe
WO2001082086A1 (en) * 2000-04-24 2001-11-01 Matsushita Electric Industrial Co., Ltd. Access right setting device and manager terminal
US6816906B1 (en) * 2000-05-08 2004-11-09 International Business Machines Corporation Mechanism for building access control structures for authoring systems
US7669051B2 (en) * 2000-11-13 2010-02-23 DigitalDoors, Inc. Data security system and method with multiple independent levels of security
CA2326368A1 (en) * 2000-11-20 2002-05-20 Adexact Corporation Method and system for targeted content delivery, presentation, management, and reporting
JP2003044297A (en) * 2000-11-20 2003-02-14 Humming Heads Inc Information processing method and device controlling computer resource, information processing system, control method therefor, storage medium and program
US7168094B1 (en) 2000-12-29 2007-01-23 Intralinks, Inc. Method and system for managing access to information and the transfer thereof
US20020095499A1 (en) * 2001-01-16 2002-07-18 General Electric Company With Cover Sheet Delegated administration of information in a database directory using attribute permissions
AU2002239991A1 (en) * 2001-01-19 2002-07-30 Globalserve Computer Services, Ltd. Electronic procurement ("e-procurement")
EP1237108A3 (en) 2001-02-23 2003-08-13 Navaho Networks Inc. Secure electronic commerce
US7185364B2 (en) * 2001-03-21 2007-02-27 Oracle International Corporation Access system interface
US20020123924A1 (en) 2001-03-05 2002-09-05 Cruz Benjamin G. Method of gathering local demand data for entertainment performances
US7302634B2 (en) * 2001-03-14 2007-11-27 Microsoft Corporation Schema-based services for identity-based data access
US7047406B2 (en) * 2001-03-21 2006-05-16 Qurlo Holdings, Inc. Method and system for providing a secure peer-to-peer file delivery network
US7580988B2 (en) * 2001-04-05 2009-08-25 Intertrust Technologies Corporation System and methods for managing the distribution of electronic content
JP4327377B2 (en) 2001-04-23 2009-09-09 富士フイルム株式会社 Image management server, server control method, terminal device, terminal control method, and client server system
US20030172296A1 (en) 2002-03-05 2003-09-11 Gunter Carl A. Method and system for maintaining secure access to web server services using permissions delegated via electronic messaging systems
WO2003025795A1 (en) * 2001-08-31 2003-03-27 Arkivio, Inc. Techniques for restoring data based on contents and attributes of the data
US20030097410A1 (en) 2001-10-04 2003-05-22 Atkins R. Travis Methodology for enabling multi-party collaboration across a data network
US7725490B2 (en) 2001-11-16 2010-05-25 Crucian Global Services, Inc. Collaborative file access management system
JP2003223590A (en) * 2001-11-21 2003-08-08 Matsushita Electric Ind Co Ltd System and device for using attribute information
US20040006594A1 (en) * 2001-11-27 2004-01-08 Ftf Technologies Inc. Data access control techniques using roles and permissions
US7783765B2 (en) * 2001-12-12 2010-08-24 Hildebrand Hal S System and method for providing distributed access control to secured documents
US20030225763A1 (en) * 2002-04-15 2003-12-04 Microsoft Corporation Self-improving system and method for classifying pages on the world wide web
US7899915B2 (en) * 2002-05-10 2011-03-01 Richard Reisman Method and apparatus for browsing using multiple coordinated device sets
US7146367B2 (en) * 2002-05-14 2006-12-05 Advectis, Inc. Document management system and method
US20030226105A1 (en) 2002-05-29 2003-12-04 Mattias Waldau Method in connection with a spreadsheet program
US7574488B2 (en) * 2002-05-31 2009-08-11 Hitachi, Ltd. Method and apparatus for peer-to-peer file sharing
US20040054790A1 (en) * 2002-09-12 2004-03-18 International Business Machines Corporation Management of security objects controlling access to resources
GB2397904B (en) * 2003-01-29 2005-08-24 Hewlett Packard Co Control of access to data content for read and/or write operations
US7359905B2 (en) * 2003-06-24 2008-04-15 Microsoft Corporation Resource classification and prioritization system
US20050060643A1 (en) * 2003-08-25 2005-03-17 Miavia, Inc. Document similarity detection and classification system
US7769626B2 (en) * 2003-08-25 2010-08-03 Tom Reynolds Determining strategies for increasing loyalty of a population to an entity
US7650644B2 (en) * 2003-11-25 2010-01-19 Sap Aktiengesellschaft Object-based access control
US7885901B2 (en) 2004-01-29 2011-02-08 Yahoo! Inc. Method and system for seeding online social network contacts
EP1719065A2 (en) * 2004-02-26 2006-11-08 Siemens Medical Solutions Health Services Corporation A system and method for processing audit records
US20050231738A1 (en) * 2004-03-10 2005-10-20 Elynx, Ltd. Electronic document management system
US7254588B2 (en) * 2004-04-26 2007-08-07 Taiwan Semiconductor Manufacturing Company, Ltd. Document management and access control by document's attributes for document query system
US20080201299A1 (en) * 2004-06-30 2008-08-21 Nokia Corporation Method and System for Managing Metadata
US8190907B2 (en) 2004-08-11 2012-05-29 Sony Computer Entertainment Inc. Process and apparatus for automatically identifying user of consumer electronics
US7814308B2 (en) * 2004-08-27 2010-10-12 Microsoft Corporation Debugging applications under different permissions
US20060047752A1 (en) * 2004-08-27 2006-03-02 Reconda International Corp. A System and Method to Capture, Filter, and Statistically Analyze Electronic Messages
US7422115B2 (en) 2004-09-07 2008-09-09 Iconix, Inc. Techniques for to defeat phishing
US20060136417A1 (en) * 2004-12-17 2006-06-22 General Electric Company Method and system for search, analysis and display of structured data
US20070185875A1 (en) * 2006-02-09 2007-08-09 International Business Machines Corporation Extensible role based authorization for manageable resources
US7991838B2 (en) 2006-03-31 2011-08-02 Business Objects Software Ltd. Apparatus and method for report sharing within an instant messaging framework
US8296834B2 (en) 2007-08-02 2012-10-23 Deluxe Corporation Secure single-sign-on portal system
US8549550B2 (en) 2008-09-17 2013-10-01 Tubemogul, Inc. Method and apparatus for passively monitoring online video viewing and viewer behavior
US20090204580A1 (en) 2008-02-12 2009-08-13 Joseph Socrates Seamon Selectively obscuring the presentation of restricted data items
US20100005520A1 (en) 2008-06-06 2010-01-07 Mekey Llc Personal area social networking
US20100138797A1 (en) 2008-12-01 2010-06-03 Sony Ericsson Mobile Communications Ab Portable electronic device with split vision content sharing control and method
US8931034B2 (en) 2010-06-25 2015-01-06 Telefonaktiebolaget L M Ericsson (Publ) System, method, and policy engine for granting temporary access to electronic content
US9361395B2 (en) 2011-01-13 2016-06-07 Google Inc. System and method for providing offline access in a hosted document service
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9251360B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
US20140189483A1 (en) 2012-04-27 2014-07-03 Intralinks, Inc. Spreadsheet viewer facility
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
US20140304836A1 (en) 2012-04-27 2014-10-09 Intralinks, Inc. Digital rights management through virtual container partitioning
CA2871600A1 (en) 2012-04-27 2013-10-31 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange
US20140245015A1 (en) 2012-04-27 2014-08-28 Intralinks, Inc. Offline file access
CA2880904A1 (en) 2012-08-06 2014-02-13 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
EP2909770B1 (en) 2012-10-19 2018-02-14 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange environment
AU2014236602A1 (en) 2013-03-14 2015-09-03 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange environment

Patent Citations (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050060584A1 (en) * 1995-02-13 2005-03-17 Intertrust Technologies Corp. Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management
US5813009A (en) * 1995-07-28 1998-09-22 Univirtual Corp. Computer based records management system method
US6672506B2 (en) * 1996-01-25 2004-01-06 Symbol Technologies, Inc. Statistical sampling security methodology for self-scanning checkout system
US6374653B1 (en) * 1997-12-22 2002-04-23 Security People, Inc. Mechanical/electronic lock and key therefor
US6539419B2 (en) * 1998-09-11 2003-03-25 Genesys Telecommunications Laboratories, Inc. Method and apparatus for providing media-independent self-help modules within a multimedia communication-center customer interface
US20020007330A1 (en) * 1998-12-08 2002-01-17 Srihari Kumar Interactive transaction center interface
US6415321B1 (en) * 1998-12-29 2002-07-02 Cisco Technology, Inc. Domain mapping method and system
US20040034646A1 (en) * 1998-12-30 2004-02-19 Kimball Jeffrey David Customized user interface based on user profile information
US6839850B1 (en) * 1999-03-04 2005-01-04 Prc, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US7124101B1 (en) * 1999-11-22 2006-10-17 Accenture Llp Asset tracking in a network-based supply chain environment
US6904449B1 (en) * 2000-01-14 2005-06-07 Accenture Llp System and method for an application provider framework
US7085800B2 (en) * 2000-06-01 2006-08-01 Annette M. Abbott Comprehensive system, process and article of manufacture to facilitate institutional, regulatory and individual continuing education requirements via a communications network
US20040025052A1 (en) * 2000-07-26 2004-02-05 David Dickenson Distributive access controller
US20020138582A1 (en) * 2000-09-05 2002-09-26 Mala Chandra Methods and apparatus providing electronic messages that are linked and aggregated
US7349912B2 (en) * 2000-12-22 2008-03-25 Oracle International Corporation Runtime modification of entries in an identity system
US20030105978A1 (en) * 2001-11-13 2003-06-05 Sun Microsystems, Inc. Filter-based attribute value access control
US20030105862A1 (en) * 2001-11-30 2003-06-05 Villavicencio Francisco J. Impersonation in an access system
US7225256B2 (en) * 2001-11-30 2007-05-29 Oracle International Corporation Impersonation in an access system
US20050018858A1 (en) * 2002-02-08 2005-01-27 John Michael Sasha Rapid screening, threshold, and diagnostic tests for evaluation of hearing
US20050160065A1 (en) * 2002-04-05 2005-07-21 Lisa Seeman System and method for enhancing resource accessibility
US20030217127A1 (en) * 2002-05-15 2003-11-20 Richard P. Sinn Employing job code attributes in provisioning
US20040010791A1 (en) * 2002-07-11 2004-01-15 Vikas Jain Supporting multiple application program interfaces
US7467142B2 (en) * 2002-07-11 2008-12-16 Oracle International Corporation Rule based data management
US20040153472A1 (en) * 2003-01-31 2004-08-05 Rieffanaugh Neal King Human resource networking system and method thereof
US20040229199A1 (en) * 2003-04-16 2004-11-18 Measured Progress, Inc. Computer-based standardized test administration, scoring and analysis system
US20070083615A1 (en) * 2003-06-04 2007-04-12 Hollebeek Robert J Cross-enterprise wallplug for connecting internal hospital/clinic imaging systems to external storage and retrieval systems
US20050060572A1 (en) * 2003-09-02 2005-03-17 Trulogica, Inc. System and method for managing access entitlements in a computing network
US20050102534A1 (en) * 2003-11-12 2005-05-12 Wong Joseph D. System and method for auditing the security of an enterprise
US20050108283A1 (en) * 2003-11-18 2005-05-19 Oracle International Corporation Method of and system for associating an electronic signature with an electronic record
US20110022836A1 (en) * 2004-01-30 2011-01-27 Murphy Frederick J Method and apparatus for securing the privacy of a computer network
US20050187972A1 (en) * 2004-02-20 2005-08-25 Kruger Michael W. System and method for analyzing and correcting retail data
US20060064434A1 (en) * 2004-09-21 2006-03-23 International Business Machines Corporation Case management system and method for collaborative project teaming
US20060143447A1 (en) * 2004-12-23 2006-06-29 Microsoft Corporation Managing elevated rights on a network
US20060206622A1 (en) * 2005-03-11 2006-09-14 Ge Mortgage Holdings, Llc Methods and apparatus for data routing and processing

Non-Patent Citations (23)

* Cited by examiner, † Cited by third party
Title
Baker et al., "PCASSO: a design for secure communication of personal health information via the Internet", 1999 *
Crispo et al., "Reasoning about Accountability within Delegation", 2001 *
Datta, "(MURI-08) Collaborative Policies and Assured Information Sharing", 2013 *
Divya et al., "Scalable and Competent Aduit Service for Storage Data in Clouds Retaining IHT", 2016 *
Florian et al., "Trustworthy Evidence Gathering Mechanism for Multilayer Cloud Compliance", 2013 *
Giles, "Modelling the Tax Compliance Profiles of New Zealand Firms: Evidence from Audit Records", Chapter 12, "Taxation and the Limits of Government", 2000 *
Heames et al., "Data Accountability in Cloud Using Reliable Log Files Forwarding", 2013 *
Jaegar et al., "Cloud Computing and Information Policy: Computing in a Policy Cloud?", 2008 *
Juric et al., "Chapter 4 Oracle BPEL Process Manager", "Business Process Execution Lanaguage for Web Services", 2006 *
Kartheek et al., "Secure Data Storage and Log Records Using JAR, AES", 2014 *
Kent et al., "Guide to Computer Security Log Management", 2014 *
Kiniry et al., "A Hands-on Look at Java Mobile Agents", 1997 *
Latham, "Trusted Computer System Evaluation Criteria", "Orange Book", 1985 *
Mandal et al., "Enhanced Security Framework to Ensure Data Security in Cloud Using Security Blanket Algorithm", 2013 *
Meng et al., "The Research of Network Database Security Technology based on WebService", 2012 *
Nisbet, "Cinderella science", 2007 *
Punitha et al., "Data Storage Security in Cloud by Using JAR Files and Hierarchical ID-based Cryptography", 2013 *
Schimm, "Process Miner - A Tool for Mining Process Schemes from Event-Based Data", 2002 *
Sundareswaran et al., "Ensuring Distributed Accountability for Data Sharing in the Cloud", 2012 *
Viljamaa et al., "Java and Internet Security", 1998 *
Wallach, "A New Approach to Mobile Code Security", 1999 *
Wang et al., "Privacy-Preserving Public Auditing for Secure Cloud Storage", 2013 *
Wikipedia, "Audit trail", 2017 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9547770B2 (en) 2012-03-14 2017-01-17 Intralinks, Inc. System and method for managing collaboration in a networked secure exchange environment
US9369454B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing a community facility in a networked secure collaborative exchange environment
US9596227B2 (en) 2012-04-27 2017-03-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US10142316B2 (en) 2012-04-27 2018-11-27 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US9397998B2 (en) 2012-04-27 2016-07-19 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9251360B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
US9369455B2 (en) 2012-04-27 2016-06-14 Intralinks, Inc. Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment
US10356095B2 (en) 2012-04-27 2019-07-16 Intralinks, Inc. Email effectivity facilty in a networked secure collaborative exchange environment
US9654450B2 (en) 2012-04-27 2017-05-16 Synchronoss Technologies, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US9807078B2 (en) 2012-04-27 2017-10-31 Synchronoss Technologies, Inc. Computerized method and system for managing a community facility in a networked secure collaborative exchange environment
US10278114B2 (en) 2013-09-25 2019-04-30 Gamesys Ltd. Systems, methods, and apparatus for geolocation platform mechanics
US20170332306A1 (en) * 2013-09-25 2017-11-16 Gamesys Ltd. Systems, Methods, and Apparatus for Geolocation Platform Mechanics
US9961614B2 (en) * 2013-09-25 2018-05-01 Gamesys Ltd. Systems, methods, and apparatus for geolocation platform mechanics
US9514327B2 (en) 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US10346937B2 (en) 2013-11-14 2019-07-09 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9762553B2 (en) 2014-04-23 2017-09-12 Intralinks, Inc. Systems and methods of secure data exchange
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
CN111210198A (en) * 2019-12-30 2020-05-29 广州高企云信息科技有限公司 Information delivery method and device and server

Also Published As

Publication number Publication date
US9069436B1 (en) 2015-06-30

Similar Documents

Publication Publication Date Title
US9069436B1 (en) System and method for information delivery based on at least one self-declared user attribute
US7774365B2 (en) Organizational reference data and entitlement system
US11604791B2 (en) Automatic resource ownership assignment systems and methods
US7673323B1 (en) System and method for maintaining security in a distributed computer network
US8312516B1 (en) Security permissions with dynamic definition
US5751909A (en) Database system with methods for controlling object interaction by establishing database contracts between objects
Alces Debunking the corporate fiduciary myth
Zekos Ethics versus corruption in globalization
US7805330B2 (en) System and method for cross-selling products and services across an enterprise
US20030115322A1 (en) System and method for analyzing security policies in a distributed computer network
US8447682B2 (en) Method of operating a venture business
US20120215809A1 (en) Search mediation system
US9031983B2 (en) System and method for providing a standardized data sharing platform
US20080163335A1 (en) Method and arrangement for role management
JP2011513870A (en) Method and system for group data management and classification
CN102542412A (en) Scoped resource authorization policies
Lautsch The influence of regular work systems on compensation for contingent workers
Crook et al. Towards an analytical role modelling framework for security requirements
US20070192323A1 (en) System and method of access and control management between multiple databases
US8607308B1 (en) System and methods for facilitating privacy enforcement
US20080027939A1 (en) Method, system, and program product for controlling access to personal attributes across enterprise domains
Walczuch et al. An analysis of the cultural motivations for transborder data flowlegislation
Berger Statutory Close or Closely Held Corporation
Duta et al. P4A: A new privacy model for XML
Mander et al. Reserved powers in BVI and Cayman trusts: what we see now

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTRALINKS, INC., NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FIEWEGER, ANDREW;WADLEY, MATTHEW;AZZOLINO, ANGELA;AND OTHERS;SIGNING DATES FROM 20060403 TO 20060601;REEL/FRAME:036599/0706

AS Assignment

Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW Y

Free format text: SECURITY INTEREST;ASSIGNOR:INTRALINKS, INC., AS GRANTOR;REEL/FRAME:041046/0919

Effective date: 20170119

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:GOIDMAN SACHS BANK USA;REEL/FRAME:044123/0110

Effective date: 20171114

AS Assignment

Owner name: ROYAL BANK OF CANADA, AS COLLATERAL AGENT, CANADA

Free format text: FIRST LIEN SECURITY AGREEMENT;ASSIGNOR:INTRALINKS, INC.;REEL/FRAME:044455/0479

Effective date: 20171114

AS Assignment

Owner name: ROYAL BANK OF CANADA, AS COLLATERAL AGENT, CANADA

Free format text: SECOND LIEN SECURITY AGREEMENT;ASSIGNOR:INTRALINKS, INC.;REEL/FRAME:044477/0445

Effective date: 20171114

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE CONVEYING PARTY NAME PREVIOUSLY RECORDED ON REEL 044123 FRAME 0110. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST;ASSIGNOR:GOLDMAN SACHS BANK USA;REEL/FRAME:044566/0919

Effective date: 20171114

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE OF 1ST LIEN SECURITY INTEREST;ASSIGNOR:ROYAL BANK OF CANADA;REEL/FRAME:047587/0828

Effective date: 20181116

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE OF 2ND LIEN SECURITY INTEREST;ASSIGNOR:ROYAL BANK OF CANADA;REEL/FRAME:047587/0836

Effective date: 20181116