Method to establish virtual security perimeters

US 10,346,609 B2
Filed: 06/17/2013
Issued: 07/09/2019
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to identify on a computer system outside of a security perimeter for classified information a breach of said security perimeter of said classified information in electronic format, said method comprising:

(a) executing a classification software engine on at least one computer system authorized for said classified information, where said classification software engine comprising;

(1) establishing at least one unique code on said at least one computer system for said classified information authorized for said at least one computer system, where said at least one unique code uniquely identifies said classified information authorized for said at least one computer system, and(2) embedding said at least one unique code into at least one electronic storage media of said at least one computer system, thereby establishing a security perimeter for said classified information authorized for said at least one computer system,(b) executing a classification software engine on at least one computer system not authorized for said classified information and outside said security perimeter for said classified information, where said classification software engine comprising;

(1) establishing said at least one unique code as a non-authorized said at least one unique code for said at least one computer system not authorized for said classified information and outside said security perimeter for said classified information,(2) monitoring a computer event of said at least one computer system not authorized for said classified information and outside said security perimeter,(3) detecting said non-authorized said at least one unique code within at least one electronic storage media involved with said computer event, where a detected said non-authorized said at least one unique code identifies a breach of said security perimeter for classified information on said at least one computer system not authorized for said classified information and outside said security perimeter, and(4) warning a predetermined entity of said breach of said security perimeter with information about said breach.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to establish virtual security perimeters for classified electronic documents on a computer system. The security perimeters are based upon a full classification determination of all informational content of an electronic document file. The full classification determination is uniquely coded to identify a classification value, the classification regime used to classify the information as well as ownership of the electronic information of the electronic document, and is embedded in the electronic document. The classification determination code is matrixed with identification codes for elements of a file management system and used to control computer events initiated on a computer involving the electronic document. Computer events on computers are monitored for the coded full classification determination. The code scheme is also used to identify a breach of a security perimeter on a computer of an unauthorized classified electronic document and warning of the breach.

Citations

37 Claims

1. A computer-implemented method to identify on a computer system outside of a security perimeter for classified information a breach of said security perimeter of said classified information in electronic format, said method comprising:
- (a) executing a classification software engine on at least one computer system authorized for said classified information, where said classification software engine comprising;
  
  (1) establishing at least one unique code on said at least one computer system for said classified information authorized for said at least one computer system, where said at least one unique code uniquely identifies said classified information authorized for said at least one computer system, and(2) embedding said at least one unique code into at least one electronic storage media of said at least one computer system, thereby establishing a security perimeter for said classified information authorized for said at least one computer system,(b) executing a classification software engine on at least one computer system not authorized for said classified information and outside said security perimeter for said classified information, where said classification software engine comprising;
  
  (1) establishing said at least one unique code as a non-authorized said at least one unique code for said at least one computer system not authorized for said classified information and outside said security perimeter for said classified information,(2) monitoring a computer event of said at least one computer system not authorized for said classified information and outside said security perimeter,(3) detecting said non-authorized said at least one unique code within at least one electronic storage media involved with said computer event, where a detected said non-authorized said at least one unique code identifies a breach of said security perimeter for classified information on said at least one computer system not authorized for said classified information and outside said security perimeter, and(4) warning a predetermined entity of said breach of said security perimeter with information about said breach.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 36)
- - 2. The method of claim 1, wherein said at least one unique code comprising a classification regime code, where said classification regime code uniquely identifies an information security classification regime for classified information, where said classification regime code is embedded into at least one element of a computer network authorized for said classified information, thereby establishing a security perimeter for classified information for said at least one computer system authorized for classified information communicating with another said at least one computer system authorized for classified information on a network.
  - 3. The method of claim 1, wherein said establishing said at least one unique code, further comprising providing an administrative interface to generate said at least one unique code for an element of an information security regime for classified information.
  - 4. The method of claim 1, wherein said at least one unique code comprising a classification code, where said classification code uniquely represents a classification determination for information resident on said at least one electronic storage media within said security perimeter, where said classification code is generated from an information security classification regime for said at least one computer system authorized for classified information, and where said classification code represents said classification determination for at least one element of a file management system of said at least one computer system authorized for said classified information.
  - 5. The method of claim 1, wherein said at least one unique code comprising at least one classification code, where said at least one classification code uniquely represents at least one element of an information security classification regime for electronic information on said at least one computer system within said security perimeter.
  - 6. The method of claim 5, wherein said at least one classification code further uniquely identifies said information security classification regime for a network of said at least one computer system authorized for said classified information within said security perimeter.
  - 7. The method of claim 1, wherein said at least one unique code further comprises a coding scheme that is unique to an organizational ownership of said classified information residing on said at least one computer system authorized for said classified information within said security perimeter.
  - 8. The method of claim 1, wherein said computer event comprising an operating system event on said at least one computer system outside said security perimeter.
  - 9. The method of claim 1, wherein said computer event comprising a document development application event on said at least one computer system outside said security perimeter.
  - 10. The method of claim 1, wherein said warning comprising at least one of:
    - (a) an email,(b) a text message, or(c) an on-screen notification.
  - 11. The method of claim 1, wherein said embedding said at least one unique code into said at least one electronic storage media, said at least one unique code is embedded into an electronic shell of an electronic document resident on said at least one electronic storage media.
  - 12. The method of claim 1, wherein said non-authorized said at least one unique code is detected, further comprising logging said computer event and details of said computer event.
  - 13. The method of claim 1, wherein said non-authorized said at least one unique code is detected, further comprising initiating at least one active measure for said at least one computer system outside of said security perimeter.
  - 14. The method of claim 13, wherein said at least one active measure comprising at least one of:
    - (a) freezing a network user account,(b) recording keystrokes,(c) disabling said at least one computer system not authorized for said classified information and outside of said security perimeter, or(d) isolating said at least one computer system not authorized for said classified information and outside of said security perimeter from a second computer system, and(e) displaying a persistent screen message warning of said breach.
  - 15. The method of claim 1, wherein said establishing at least one unique code on said at least one computer system authorized for classified information, further comprising providing an administrative interface to setup said at least one unique code for at least one element of an information security classification regime for said at least one computer system authorized for said classified information.
  - 17. The method of claim 1, wherein said detecting said non-authorized said at least one unique code, further comprising parsing multiple said at least one unique code into a single code and comparing each said single code to each said non-authorized said at least one unique code on said at least one computer system outside said security perimeter.
  - 18. The method of claim 4, wherein said at least one element of a file management system comprising:
    - (a) an electronic storage media,(b) a volume on said electronic storage media,(c) a folder within said volume, and(d) an electronic document within said folder.
  - 36. The method of claim 2, wherein said at least one element of a computer network comprising:
    - (a) a computer system,(b) a domain,(c) an electronic storage media,(d) a volume on said at least one electronic storage media,(e) a folder within said volume, and(f) an electronic document within said folder.

16. A computer program product stored on non-transitory storage media to identify on a computer system outside of a security perimeter for classified information a breach of said security perimeter for said classified information in electronic format, said computer program product comprising at least one non-transitory storage media for electronic information, where said at least one non-transitory storage media for electronic information comprising at least one software classification engine, where said at least one software classification engine contains computer usable instructions comprising:
- (a) establish at least one unique code on at least one computer system authorized for classified information, where said at least one unique code uniquely identifies said classified information authorized for said at least one computer system,(b) embed said at least one unique code into at least one non-transitory storage media for electronic information within said at least one computer system authorized for said classified information, thereby establishing a security perimeter for said classified information authorized for said at least one computer system,(c) establish said at least one unique code as a non-authorized said at least one unique code on at least one computer system not authorized for said classified information and outside of said security perimeter,(d) monitor a computer event of said at least one computer system outside said security perimeter,(e) detect said non-authorized said at least one unique code within a non-transitory storage media for electronic information involved with said computer event for said at least one computer system not authorized for said classified information, thereby identifying a breach of said security perimeter for said classified information,(f) warn a predetermined entity of said a breach of said security perimeter for said classified information with information about said breach.

19. A system to identify on a computer system outside of a security perimeter for classified information a breach of said security perimeter of said classified information in electronic format, said system comprising:
- (a) at least one computer system where said at least one computer system comprising at least one non-transitory storage media for electronic information, where said at least one non-transitory storage media for electronic information comprising at least one software classification engine, where said at least one software classification engine contains computer usable instructions comprising;
  
  (1) establish at least one unique code on said at least one computer system authorized for said classified information, where said at least one unique code uniquely identifies said classified information authorized for said at least one computer system,(2) embed said at least one unique code into at least one non-transitory storage media for electronic information of said at least one computer system, thereby establishing a security perimeter for said classified information authorized for said at least one computer system,(b) at least one computer system not authorized for said classified information and outside said security perimeter, where said at least onecomputer system comprising at least one non-transitory storage media for electronic information, where said at least one non-transitory storage media for electronic information comprising at least one software classification engine, where said at least one software classification engine contains computer usable instructions comprising;
  
  (1) establish said at least one unique code as a non-authorized said at least one unique code for said at least one computer system not authorized for said classified information and outside said security perimeter for said classified information,(2) monitor a computer event of said at least one computer system not authorized for said classified information,(3) detect said non-authorized said at least one unique code within at least one-non-transitory storage media for electronic information involved with said computer event, where when detected said non-authorized said at least one unique code is identifies a breach of said security perimeter for said classified information on said at least one computer system not authorized for said classified information and outside said security perimeter for said classified information, and(4) warn a predetermined entity of said breach of said security perimeter for said classified information with information about said breach.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37)
- - 20. The system of claim 19, wherein said at least one unique code is comprising a classification regime code, where said classification regime code uniquely identifies an information security classification regime for classified information where said classification regime code is embedded into at least one element of a computer network authorized for said classified information, thereby establishing a security perimeter for classified information for said at least one computer system authorized for classified information communicating with another said at least one computer system authorized for classified information on a computer network.
  - 21. The system of claim 19, wherein said establish said at least one unique code, further comprising an administrative interface to generate said at least one unique code for an element of an information security classification regime for classified information.
  - 22. The system of claim 19, wherein said at least one unique code comprising a classification code, where said classification code uniquely represents a classification determination for information resident on said non-transitory storage media for electronic information within said security perimeter, where said classification code is generated from an information security classification regime for said at least one computer system authorized for said classified information, and where said classification code represents said classification determination for at least one element of a file management system of said at least one computer system authorized for said classified information.
  - 23. The system of claim 19, wherein said at least one unique code comprising at least one classification code, where said at least one classification code uniquely represents at least one element of an information security classification regime for electronic information on said computer system within said security perimeter.
  - 24. The system of claim 23, wherein said at least one classification code, further uniquely identifies said information security classification regime for a network of said at least one computer system authorized for classified information within said security perimeter.
  - 25. The system of claim 19, wherein said at least one unique code, further comprising a coding scheme that is unique to an organizational ownership of said classified information residing on said at least one computer system authorized for said classified information residing on said at least one computer system authorized for said classified information within said security perimeter.
  - 26. The system of claim 19, wherein said computer event comprising an operating system event on said at least one computer system outside said security perimeter.
  - 27. The system of claim 19, wherein said computer event comprising a document development application event on said at least one computer system outside said security perimeter.
  - 28. The system of claim 19, wherein said warning comprising at least one of:
    - a. an email,b. a text message, orc. an on-screen notification.
  - 29. The system of claim 19, wherein said embedding said at least one unique code into said at least one non-transitory storage media for electronic information, said at least one code is embedded into an electronic shell of an electronic document resident on said at least one non-transitory storage media for electronic information.
  - 30. The system of claim 19, further comprising logging said computer event and details of said computer event where said non-authorized unique code is detected.
  - 31. The system of claim 19, further comprising initiating at least one active measure for said at least one computer system not authorized for said classified information and outside of said security perimeter, where said non-authorized at least one unique code is detected.
  - 32. The system of claim 31, wherein said active measure comprising at least one of:
    - d. freeze a network user account,e. record keystrokes,f. disable said at least one computer system not authorized for said classified information and outside of said security perimeter, org. isolate said at least one computer system not authorized for said classified information and outside of said security perimeter from a second computer system, and(h) display a persistent screen message warning of said breach.
  - 33. The system of claim 19, wherein said establishing at least one unique code on said at least one computer system authorized for said classified information, further comprising providing an administrative interface to setup said at least one unique code for at least one element of an information security classification regime for said at least one computer system authorized for said classified information.
  - 34. The system of claim 19, wherein said detecting said non-authorized said at least one unique code, further comprising parsing multiple said at least one unique code into a single code and comparing each said single code to each said non-authorized said at least one unique code on said at least one computer system not authorized for said classified information and outside said security perimeter.
  - 35. The system of claim 22, wherein said at least one element of a file management system comprising:
    - (a) non-transitory storage media for electronic information,(b) a volume on said non-transitory storage media for electronic information,(c) a folder within said volume, and(d) an electronic document within said folder.
  - 37. The system of claim 20, wherein said at least one element of a computer network comprising:
    - (a) a computer system,(b) a domain,(c) an electronic storage media,(d) a volume on said at least one electronic storage media,(e) a folder within said volume, and(f) an electronic document within said folder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
James Luke Turner, Robert Edward Turner
Original Assignee
James Luke Turner, Robert Edward Turner
Inventors
Turner, James Luke, Turner, Robert Edward
Primary Examiner(s)
Henderson, Esther B.

Application Number

US13/986,899
Publication Number

US 20140013433A1
Time in Patent Office

2,213 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 40/169   Annotation, e.g. comment da...

G06Q 10/10   Office automation; Time man...

Method to establish virtual security perimeters

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method to establish virtual security perimeters

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links