Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-06-25
2004-05-11
Wright, Norman M. (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000
Reexamination Certificate
active
06735701
ABSTRACT:
BACKGROUND
1. Field of the Invention
This invention relates in general to networked computing systems, and more particularly, to a system for maintaining network security policy compliance.
2. Description of Related Art
The Internet and computer networks allow organizations to store applications and information on central servers, waiting to be called up and manipulated from any location. Networks allow people greater access to files and other confidential information. Global networks, including the Internet, and remote access increase the vulnerability of corporate data, increase the risk of information leaks, unauthorized document access and disclosure of confidential information, fraud, and privacy.
Employees are the greatest threat to an organization's information security. Employees with access to information resources including email, the Internet, and on-line networks significantly increase the security risks.
Employees are using email for personal purposes creating questions of appropriate use of company resources, workplace productivity and appropriateness of message content. One of the greatest sources of information leaks is employee sent email. With electronic communication and networks, an electronic paper trail is harder to determine, since no record of who accessed, altered, tampered with, reviewed, or copied a file can make it very difficult to determine a document's authenticity, and provide an audit and paper trail. In addition, there is no automated system to centrally collect, analyze, measure, index, organize, track, determine authorized and unauthorized file access and disclosure, link hard copy information with electronic files including email, and report on how information flows in and out of an organization.
Setting proper use and security policies are a method to create order and set standards for network use. Policies are ineffective unless users understand and comply with the policies. Unfortunately, most organizations do not have tangible proof when, and if, a network-based policy violation has occurred until long after the damage has been done. Due to the technical nature of network policy violations, policy enforcement officers may not have adequate knowledge, skill, and evidence to properly execute a policy violation claim. Cases of selective policy enforcement can occur if policy violations are not consistently reported, filed, investigated, and resolved.
Employees often view e-mail as equivalent to a private conversation. This view often does not reflect the official position of the organization. These communications reflect preliminary thoughts or ideas that have not been reviewed by the organization and typically only reflect the personal opinion of the parties involved. Yet, since employees of the organization create these communications, courts and regulatory agencies have concluded that employee communications can reflect the organization's view. There is a further need for network communications software programs that offers robust policy compliance assistance, policy effectiveness monitoring and reporting.
There is a need for an automated system to assist policy enforcement officers with proper policy enforcement procedure, and methods to measure policy effectiveness, appropriateness, user system activity and compliance.
SUMMARY OF THE INVENTION
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method and apparatus for maintaining policy compliance on a computer network. A system in accordance with the principles of the invention performs the steps of electronically monitoring network user compliance with a network security policy stored in a database, electronically evaluating network security policy compliance based on network user compliance, and electronically undertaking a network policy compliance action in response to network security policy compliance. The network policy compliance actions may include electronically implementing a different network security policy selected from network security policies stored in the database, generating policy effectiveness reports, and providing a retraining module to network users.
One preferred embodiment of the present invention includes notifying a network user and a policy administrator, providing a retraining module to the network user, and restricting the network user's network access rights in response to monitoring network user compliance.
REFERENCES:
patent: 5142612 (1992-08-01), Skeirik
patent: 5197114 (1993-03-01), Skeirik
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5408586 (1995-04-01), Skeirik
patent: 5440744 (1995-08-01), Jacobson et al.
patent: 5579222 (1996-11-01), Bains et al.
patent: 5603054 (1997-02-01), Theimer et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5797128 (1998-08-01), Birnbaum
patent: 5845065 (1998-12-01), Conte et al.
patent: 6070244 (2000-05-01), Orchier et al.
patent: WO 93/11480 (1993-06-01), None
“Data Exchange Executive,” IBM TDB, Jul. 1993, vol. 36, Iss No. 7, p. 435-438; {IDB-ACC-No:NN9307435.*
Grimm, R. et al., “Security policies in OSI-management experiences from the DeTeBerkom project BMSec”,Computer Networks and ISDN Systems, vol. 28, No. 4, pp. 499-511 (Feb. 1996).
“SecureDelete—a utility to delete files securely”, http://www.gammon.com.au/utilities/securedelete.htm (Sep. 14, 1998); 3 pgs.
“Review: Burn It”, http://macworld.zdnet.com/pages/april.97/Reviews.3342.html (Sep. 14, 1998); 3 pgs.
“Content Advisor—Products Page”, http://www.contentadvisor.com/products.products.html (Sep. 14, 1998); 1 pg.
“Content Advisor—Corporate Profile”, http://www.contentadvisor.com/company/company.html (Sep. 14, 1998); 1 pg.
“SmartFilter—Tour, Monitoring and Control Features”, http://www.sctc.com/P_Tool_SF_Tour_monandcont.html (Sep. 19, 1998); 1 pg.
“SF—Key Advantages”, http://www.sctc.com/P_Tool_SF_Keys.html (Sep. 19, 1998); 2 pgs.
“SF—Requirements”, http://www.sctc.com/P_Tool_SF_Regs.html (Sep. 19, 1998); 1 pg.
“Vendor's Guide to Software Pricing . . . ter Articles on License Management”, http://www.globetrotter.com/ms_titl.html (Apr. 7, 1998); 6 pgs.
“No Excuses Licensing”, http://www.globetrotter.com/ecs1.htm (Feb. 3, 1998); 5 pgs.
“Seven Steps to Overcome Pricing Un . . . ter Articles on License Management”, http://www.globetrotter.com/ms_2do.htm (Apr. 7, 1998) 2 pgs.
“Conceptual description of a generi . . . ter Articles on License Management”, http://globetrotter.com/ms_lm.htm (May 18, 1998) 3 pgs.
“Press Release—Poulton Associates, Inc.”, http://www.poulton.com/ispPR4-98.htm (Sep. 23, 1998), 2 pgs.
“ISPCweb—Poulton Associates, Inc.”, http://www.poulton.com/ispcweb.htm (Sep. 23, 1998); 2 pgs.
“As courts increasingly hold firms . . . fast becoming a . . . legal necessity”, http://www.drj.com
ew2dr/w2_022.htm (Feb. 2, 1998); 5 pgs.
“Risk Analysis Techniques”, http://www.drj.com
ew2dr/w3_030.htm (Feb. 2, 1998); 8 pgs.
“White papers—Watermarking”, http://www.dupont.com/Antron/mark.html (Jul. 16, 1998); 1 pg.
“About Digital Watermarks”, http://www.digimarc.com/about_wm.html (Mar. 10, 1998); 4 pgs.
“Digimarc Corporate Series”, http://www.digimarc.com/corp_solutions.html (Mar. 10, 1998); 3 pgs.
“Welcome to Digimarc”, http://www.digimarc.com/ (Mar. 10, 1998); 2 pgs.
“MarcCentre”, http://www.digimarc.com/marc_page.html (Mar. 10, 1998); 1 pg.
“Data Devices International—Tape Backup Procedures and Maintenance”, http://www.datadev.com/tapebackup/tapebackup.htm (Sep. 9, 1998); 2pgs.
“Halebopp Backup Procedures”, http://www.gb.nrao.edu/~cmyers/backup.html (Sep. 9, 1998); 2 pgs.
“ISSEL—Intra.doc! Management System”, http://www.issel.co.uk/intradoc_ms.html (Feb. 23, 1998); 2 pgs.
“ISSEL—Intra.doc! Architecture”, http://www.issel.co.uk/intradoc_architecture.html (Feb. 23, 1998); 2 pgs.
“Intra.doc! Product Suite”, http://www.intranetsol.com/products/prodsuit.html (Feb. 23, 1998); 8 pgs.
“Intra.doc! Management System—Web . . . nagement
MacArthur Investments, LLC
Moore, Hansen & Sumner
Wright Norman M.
LandOfFree
Network policy management and effectiveness system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network policy management and effectiveness system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network policy management and effectiveness system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3238630