| 摘要 |
In an information management system, activity data is collected and analyzed for patterns. The information management system may be policy based. Activity data may be organized as entries including information on user, application, machine, action, object or document, time, and location. When checking for patterns in the activity or historical data, techniques may include inferencing, frequency checking, location and distance checking, and relationship checking, and any combination of these. Analyzing the activity data may include comparing like types or categories of information for two or more entries. |
| 主权项 |
1. A method of operating an information management system comprising:
providing a plurality of devices coupled to a network of the information management system, wherein a plurality of users can log into the information management system using the devices; determining whether to allow operations performed by the users using the plurality of devices, wherein the determining whether to allow the operations comprises:
receiving at a server from the plurality of devices requests for operations on information managed by the information management system;for each requested operation, selecting a policy from a plurality of policies stored at the server, wherein each policy of the plurality of policies comprises a first conditional statement and an abstraction component, the abstraction component comprises a second conditional statement, stored separately from the policy at a first computer different than the server;for a selected policy, retrieving the second conditional statement stored at the first computer, separate from the server;determining a first result for a first conditional statement associated with the selected policy;determining a second result for the second conditional statement associated with the abstraction component associated with the selected policy;determining a third result based on the first result associated with the first conditional statement and the second result associated with the second conditional statement; andif the third result corresponds to allowing the requested operation, storing usage information associated with the requested operation; analyzing collected usage information on the operations performed by the users using the plurality of devices, where in the collected usage information further comprises:
determining whether at least one rule of the information management system is satisfied; andif the at least one rule of the information management system is satisfied, determining whether the collected usage information is relevant, based on the at least one rule of the information management system; analyzing the relevant usage information comprising allowed requested operations to detect when a first user has attempted more than X accesses to documents of the information management system during a Y time period, where X divided by Y is a value Z, and X, Y, and Z are numbers, and wherein the Y time period has a first time and a second time, wherein the first time is at a time of a first attempt to access the documents, and the second time is one of the first time plus a length of time of the Y time period or the first time minus the length of time of the Y time period; and if a number of attempts by the user to access documents of the information management system during the Y time period is greater than a threshold value T, blocking the first user from accessing one or more documents of the information management system. |
