Novel rights for mobile information

When the information become mobile the information is stored in the mobile device. Mobile storage is dangerous for information privacy..

Even if ChatCal benefits from a secure container architecture, the best protection against leak of information is that information

  •  does not reside in the mobile device
  • or for a very limited time, according to its location

Mobile rights prevent

Leak of information

A novel mobile policy

 Traditional document management access rights are: read, write, modify, delete, create, copy and paste.

In addition BlueChatCal  proposes a mobile document policy that does not exist in traditional  content or document management solution.

This policy governs the behavior of information when it becomes mobile

The privacy prevails in case of conflicting rules.

This policy applies for:

  • Corporate documents
  • Event documents and/or contributions
  • the entire event

Geographical audience

Information is sensitive to certain locations. The information stored in the mobile device will behave according to the device detected location (GPS) and to predefined rules.

The geographical locations are either:

  • absolute location: usually Country based or the various office premises
  • relative zone as per user perception, safe (home, office), neutral or hazardous (where the user is never supposed to be, but the device can if it is stollen…)

When GPS is off, either ChatCal succeed to force the GPS to start or worst case applies

Behavior

upon geographical localization

If the mobile is localized in a hazardous location, the information will behave automatically as predefined:

  • Hidden; the information is hidden, the user can see that it exist. The information still resides in the device and is still synchronized
  • Disappear; the information is invisible, still resides in the device and is still synchronized
  • Securely deleted: the information is securely deleted from the device (all its content space is replaced with random bytes), the information does not reside any more in the device.

when the mobile is back again in a safe location the information re-appear.

Double protection

Who can set mobile rights:

  1. Company for corporate information that are stored in BlueSafe:
    • corporate documents
    • corporate event templates
  2. User for event and its contribution upon his own perception of the geographical location

Corporate documents

Protected privacy

Corporate documents are confidential information, related to

  • its content: company strategy, legal, partnership, R&D, contract, sales proposal, finance, marketing…
  •  country specific laws or regulations

For example: Cross border documents: in Private Banking business, cross border documents are information that are valid only in a specific country and cannot be accessed legally in other countries. These document are not entitled to cross the border.

This example inspired BlueChatCal  to propose mobile rights for corporate documents sensitive to the location of the mobile.

Policy management

This policy applies to both:

  • corporate documents
  • corporate event templates

These templates and document are stored in the Record Management of the BlueDigital Safe, where a file plan specifes:

  • their respective rights
  • their behaviour when they become mobile
    • both the relative zone
    • and the absolute geographic indication

Geographical audience

The corporate document is sensitive to certain locations.

The policy can define for documents the matrix “Behaviour/location” for one or both:

  • Absolute value
  • Relative zone

Rights of documents when they become mobile

BlueChatCal  proposes a mobile document policy that does not exist in traditional  content or document management solution. In addition to the traditional document management access rights (read, write)

Downloadable

specifies if the information can be dowloaded to an event in the device.

If the information is not downloadable it can’t be downloaded to any event devices equipped ChatCal. (and a fortiori on any device). The document remains in the Blue Digital Safe. Only the URL is dowloaded to ChatCal event and will permit the user to access with authentication.

The entire event is protected in a similar manner when its privacy property is set to “Classified”

Exportable

when the document resides in the mobile ChatCal container, the document is protected in the event sealed envelope and cannot be exported out of its container This right permits to export the document out of the ChatCal container in order to be accessed by the applications installed on the mobile device and then to re-import its new version in ChatCal app. Once synchronized, at next life cycle change this document may be securely deleted from the owner mobile devices.

The right to export is given exclusively to the Event Owner. the owner can delegate this right to any participant.

For audit and traceability purposes, all exports and delegations are traced in BlueSafe.

for instance you are visiting a client on site, you want the document to be

  • modified on site according to agreed decision with the client
  • printed locally and be manually signed,
  • the new version of the document to be imported in ChatCal
  • you just take a picture of the signed document, and it is already transmitted to the head office to be processed
  • the signed paper document is either brought back with you or via postal service
  • when you close this meeting, the synchronization happens and the change of life cycle might (as predefined in its template), deleted securely the versions of the corporate document as well as its picture

User perception

Safe and hazardous zones

Users want to protect the privacy of its information. Knowing where they are they can appreciate if the location is safe or hazardous.
As an Internet coffee may be a hazardous zone, his home is a rather safe zone with its private Wifi.

Protect event privacy

The user can define safe and hazardous zone for

  • specified document
  • entire single event or collection of selected events
  • all events of the different segments of his life:
    • Professional life
    • Private life
    • Family life
    • Social life

Using a matrix, he can define the behaviour of the event when he is on the move.

For instance:

The user wants:

  • the professional events to
    • be hidden at home on the shared family PC
    • disappear while traveling, at border crossing
  • the events of his Family/Social/private life no to be displayed at the office
  • All events to be securly deleted abroad, located in countries very unlikely the mobile to be

Wherever and whenever he wants, with a multifactor authentication, the user can,

  • define the security of the geographic zone progressively, consequently he improve the mobile privacy and security
  • change the privacy setting of an event or an information

Nevertheless corporate setting prevails on professional events.

When your documents become mobile in devices, you can protect them with a novel Mobile Right policy