Use of artificial intelligence techniques to identify possible inadvertent data disclosures in emails
US-2024422114-A1 · Dec 19, 2024 · US
Policy based auditing of workflows
US9444786B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9444786-B2 |
| Application number | US-201213478951-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 23, 2012 |
| Priority date | Apr 19, 2005 |
| Publication date | Sep 13, 2016 |
| Grant date | Sep 13, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An auditing system is disclosed comprising a Policy Validation Mechanism Program (PVMP) that operates in conjunction with a Workflow Engine (WE), and a Policy Validation Server Program (PVSP) that operates on a Policy Validation Server (PVS) connected to the WE by a secure communication link. The PVMP converts a workflow to a workflow representation (WR) and sends the WR to the PVS. The PVSP compares the steps in the WR to a security policy identified for that WR and determines whether the WR is in compliance. In addition, the PVSP validates a checksum for the WR and logs the checksum for subsequent comparisons. The PVSP uses the checksum to determine whether a policy has changed during execution of the workflow.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: a computer receiving from a workflow engine a workflow representation of a workflow, the workflow representation including a first numerical value that was calculated using a formula prior to a transmission of the workflow representation to the computer, the workflow representation being a format to which the workflow was converted prior to the transmission; the computer performing a post-transmission checksum calculation on the workflow representation, the performing comprising using the formula to determine a second numerical value for the workflow representation; and the computer, using the post-transmission checksum, determining a snapshot of what the workflow represents; wherein a difference between the first numerical value and the second numerical value is indicative of a policy change to the workflow representation during the transmission; the method further comprising: the computer transmitting a failure response in response to the difference indicating a policy change; and the computer transmitting a success response in response to the difference indicating no policy change. 2. The method of claim 1 , further comprising: before the computer, using the post-transmission checksum, determining the snapshot of what the workflow represents, the computer determining, using the post-transmission checksum, what operation is being executed with the workflow representation. 3. The method of claim 1 , further comprising: the computer identifying the workflow representation; the computer interrogating the workflow representation; the computer determining a plurality of steps being performed by the workflow representation; the computer comparing the plurality of steps to a security policy for the workflow representation; before the computer performing the post-transmission checksum on the workflow representation, the computer determining a compliance of the workflow representation with the security policy; after the computer performing the post-transmission checksum on the workflow representation, the computer using the post-transmission checksum to determine what operation is being executed with the workflow representation; the computer validating the post-transmission checksum; the computer logging the post-transmission checksum; the computer comparing the post-transmission checksum to a plurality of previously logged checksums; and after the computer comparing the post-transmission checksum to the plurality of previously logged checksums, the computer determining whether a policy changed during execution of the workflow. 4. A computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable tangible storage devices; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to receive a workflow representation of a workflow from a workflow engine, the workflow representation including a first numerical value that was calculated using a formula prior to a transmission of the workflow representation to the computer system, the workflow representation being a format to which the workflow was converted prior to the transmission; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform a post-transmission checksum on the workflow representation, wherein the program instructions to perform the post-transmission checksum use the formula to determine a second numerical value for the workflow representation; and program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine, using the post-transmission checksum, a snapshot of what the workflow represent; wherein a difference between the first numerical value and the second numerical value is indicative of a policy change to the workflow representation during the transmission; the computer system further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to: transmit a failure response in response to the difference indicating a policy change; and transmit a success response in response to the difference indicating no policy change. 5. The computer system of claim 4 , further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, before determining, using the post-transmission checksum, the snapshot of what the workflow represents, to: determine, using the post-transmission checksum, what operation is being executed with the workflow representation. 6. The computer system of claim 4 , further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to identify the workflow representation; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to interrogate the workflow representation; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine a plurality of steps being performed by the workflow representation; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to compare the plurality of steps to a security policy for the workflow representation; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, before performing the post-transmission checksum on the workflow representation, to determine a compliance of the workflow representation with the security policy; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, after performing the post-transmission checksum on the workflow representation, to determine, using the post-transmission checksum, what operation is being executed with the workflow representation; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to validate the post-transmission checksum; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to log the post-transmission checksum; program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one o
Assignees
Inventors
Classifications
received data contents, e.g. message integrity · CPC title
Workflow analysis · CPC title
- H04L63/0263Primary
Rule management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9444786B2 cover?
- An auditing system is disclosed comprising a Policy Validation Mechanism Program (PVMP) that operates in conjunction with a Workflow Engine (WE), and a Policy Validation Server Program (PVSP) that operates on a Policy Validation Server (PVS) connected to the WE by a secure communication link. The PVMP converts a workflow to a workflow representation (WR) and sends the WR to the PVS. The PVSP co…
- Who is the assignee on this patent?
- Childress Rhonda L, Chow Edmond, Kumhyr David Bruce, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 13 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).