Data security system and method
First Claim
1. A method for securing data in a computer system having at least a data input device, a processor and memory, all interconnected together, said memory having distributed segments, comprising:
- establishing a group of security sensitive words, characters or icons;
filtering data input from said data input device and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data and said remainder data in different distributed memory segments; and
, permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
2 Assignments
0 Petitions
Accused Products
Abstract
The method for securing data includes establishing a group of security sensitive items, filtering data and extracting and separating the security items from remainder data. The filtered data are separately stored (locally on a PC or on another computer in a LAN or WAN or on the Internet.) A map may be generated. The filter and/or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. A plurality of security clearances may be used to enable a corresponding plurality of partial, reconstructed views of the plaintext (omitting higher security words). A computer readable medium containing programming instructions and an information processing system is encompassed.
-
Citations
262 Claims
-
1. A method for securing data in a computer system having at least a data input device, a processor and memory, all interconnected together, said memory having distributed segments, comprising:
-
establishing a group of security sensitive words, characters or icons;
filtering data input from said data input device and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data and said remainder data in different distributed memory segments; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
35. A method for securing data in a computer system with one or more security sensitive words, characters or icons, said computer system having at least a data input device, a processor and memory, all interconnected together, s aid memory having distributed segments, comprising:
-
filtering data input from said data input device and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data and said remainder data in different distributed memory segments; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
-
48. A method for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, comprising:
-
establishing a group of security sensitive words, characters or icons;
filtering data input from said data input computer and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
storing said extracted data and said remainder data in said extracted store and said remainder store, respectively; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
-
63. A method for securing data in a computer network with one or more security sensitive words, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, comprising:
-
filtering data input from said data input computer and extracting said security sensitive A words, characters or icons from said data to obtain extracted data and remainder data;
storing said extracted data and said remainder data in said extracted store and said remainder store, respectively; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
-
78. A method for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer, each of said plurality of computers having a memory therein, said plurality of computers including a first and a second designated computer therein, comprising:
-
establishing a group of security sensitive words, characters or icons;
filtering data input from said data input computer and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
designating memory in said first computer as an extract store and designating memory in said second computer as a remainder store;
storing said extracted data and said remainder data in said extracted store and said remainder store, respectively; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
-
90. A method for securing data in a computer network with one or more security sensitive words, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer, each of said plurality of computers having a memory therein, said plurality of computers including a first and a second designated computer therein, comprising:
-
filtering data input from said data input computer and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
designating memory in said first computer as an extract store and designating memory in said second computer as a remainder store;
storing said extracted data and said remainder data in said extracted store and said remainder store, respectively; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance. - View Dependent Claims (91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101)
-
-
102. A method of securing data having a group of security sensitive words, characters or icons, the method deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network comprising:
-
accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons via said client computer;
filtering said data input and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data from said remainder data in one or both of said client computer and server computer; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance on said client computer. - View Dependent Claims (103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 136, 137, 139, 140, 141, 142, 143, 145, 146, 147, 148, 149, 150, 151, 152, 154, 155, 156, 157, 158, 159, 160, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199)
-
-
117. A method of securing data from a data input, said data input having one or more security sensitive words, characters or icons, the method deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer accepting data input over a communications network comprising:
-
filtering said data input and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data from said remainder data in one or both of said client computer and server computer; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance on said client computer.
-
-
132. A method of securing data having a group of security sensitive words, characters or icons, the method deployed in a server-client computer system with at least one server computer operatively coupled to at least one client computer over a communications network, said client computer accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons, and filtering said data input and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data thereat, comprising:
-
separately storing said extracted data from said remainder data via server computer; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance via said server computer and as adapted to be downloaded to said client computer.
-
-
138. A method of securing data having a group of security sensitive words, characters or icons, the method deployed in a server-client computer system with at least one server computer operatively coupled to at least one client computer over a communications network, said client computer accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons, comprising:
-
filtering said data input and extracting said security sensitive words, characters or icons at said server computer to obtain extracted data and remainder data thereat, separately storing said extracted data from said remainder data via server computer; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance via said server computer and as adapted to be downloaded to said client computer.
-
-
144. A computer readable medium containing programming instructions for securing data in a computer system having at least a data input device, a processor and a memory with distributed segments, the programming instructions comprising:
-
establishing a group of security sensitive words or characters;
filtering data input from said data input device and extracting said security sensitive words or characters from said data to obtain extracted data and remainder data;
separately storing said extracted data and said remainder data in different distributed memory segments; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
-
153. A computer readable medium containing programming instructions for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers in said plurality of computers, the programming instructions comprising:
-
establishing a group of security sensitive words, characters or icons;
filtering data input from said data input computer and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
storing said extracted data and said remainder data in said extracted store and said remainder store, respectively; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
-
161. A computer readable medium containing programming instructions for securing data having a group of security sensitive words, characters or icons, the programming instructions utilized in conjunction with a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network, the programming instructions comprising:
-
accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons via said client computer;
filtering said data input and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data;
separately storing said extracted data from said remainder data in one or both of said client computer and server computer; and
,permitting reconstruction of said data via said extracted data and remainder data only in the presence of a predetermined security clearance on said client computer.
-
-
176. An information processing system for securing data having one or more security sensitive words, characters or icons in a computer system, said computer system having at least a data input device, a processor and memory, all interconnected together, said memory having distributed memory segments, the information processing system comprising:
-
a filter adapted to receive data input from said data input device and to separate, from said data input, said security words, characters or icons, as extracted data, leaving remainder data;
a memory store, coupled to said filter, for storing said extracted data and said remainder data in separate distributed memory segments;
a security clearance control, coupled to said memory segments, enabling access to said memory segments; and
a compiler, coupled to said security control and said memory segments, for reconstructing said data input from said extracted data and said remainder data dependent upon access provided by said security clearance control.
-
-
200. An information processing system for securing data having one or more security sensitive words, characters or icons in a computer system, said computer system having at least a data input device, a processor and memory, all interconnected together, said memory having distributed segments, the information processing system comprising:
-
a filter, coupled to said data input device, adapted to be supplied with data input having at least one of said security sensitive words, characters or icons and obtaining extracted data and remainder data therefrom;
an extracted data store and a remainder data store, adapted to be defined in said distributed memory segments, said extracted data store and remainder data store accepting and storing said extracted data and remainder data from said filter; and
,a compiler, coupled to said extracted data store and remainder data store, for reconstructing said data input via said extracted data and remainder data only in the presence of a predetermined security clearance. - View Dependent Claims (201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 251, 252, 253, 254, 255, 257, 258, 259, 260, 261)
-
-
224. An information processing system for securing data having one or more security sensitive words, characters or icons in a computer network, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer, each of said plurality of computers having a memory therein, said plurality of computers including a first and a second designated computer therein, the information processing system comprising:
-
a filter adapted to receive data input from said data input computer and to separate, from said data input, said security sensitive words, characters or icons, as extracted data, leaving remainder data;
a memory store, coupled to said filter, for storing said extracted data in said memory of said first designated computer and said remainder data in said memory of said second designated computer;
a security clearance control, coupled to said memory store of said first and second designated computers, controlling access to said memory store; and
a compiler, coupled to said security control and said memory store, for reconstructing said data input from said extracted data and said remainder data dependent upon access provided by said security clearance control.
-
-
235. An information processing system for securing data from a data input having one or more security sensitive words, characters or icons, the information processing system operative in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network, said information processing system comprising:
-
a filter adapted to receive said data input from said communications network and to separate, from said data input, said security sensitive words, characters or icons as extracted data, leaving remainder data;
at least one memory store, coupled to said filter, for separately storing said extracted data and said remainder data in one or both of said client computer and server computer;
a compiler, coupled to said at least one memory store, for reconstructing said data input via said extracted data and remainder data only in the presence of a predetermined security clearance on said client computer.
-
-
250. An information processing system for securing data having a group of security sensitive words, characters or icons, said information processing system operative on a server-client computer system with at least one server computer operatively coupled to at least one client computer over a communications network, said client computer accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons, and filtering said data input and extracting said security sensitive words, characters or icons from said data to obtain extracted data and remainder data thereat, said information processing system comprising:
-
at least one memory store adapted to be coupled to said at least one server computer for separately storing said extracted data from said remainder data via said at least one server computer; and
,a compiler coupled to said at least one memory store for reconstructing said data input via said extracted data and remainder data only in the presence of a predetermined security clearance via said at least one server computer and as adapted to be downloaded to said at least one client computer.
-
-
256. An information processing system for securing data having a group of security sensitive words, characters or icons, said information processing system adapted to operate in a server-client computer system with at least one server computer operatively coupled to at least one client computer over a communications network, said client computer accepting data input which includes some words, characters or icons from said group of security sensitive words, characters or icons, the information processing system comprising:
-
a filter adapted to receive data input from said at least one client computer and to separate at said at least one server computer from said data input said security sensitive words, characters or icons, as extracted data, leaving remainder data;
at least one memory store, coupled to said filter, for separately storing said extracted data from said remainder data via said at least one server computer; and
,a compiler, coupled to said at least one memory store, for reconstructing of said data input via said extracted data and remainder data only in the presence of a predetermined security clearance via said at least one server computer and as adapted to be downloaded to said at least one client computer.
-
-
262. An information processing system for securing data in a computer system having at least a data input device, a processor and memory, all interconnected together, said memory having distributed segments, comprising:
-
means for establishing a group of security sensitive words, characters or icons;
a filter, coupled to said data input device and said means for establishing, extracting said security sensitive words, characters or icons from data input from said data input device and obtaining extracted data and remainder data;
an extracted data store and a remainder data store defined in said distributed memory segments and accepting said extracted data and remainder data from said filter; and
,compiler, coupled to said extracted data store and a remainder data store, for reconstructing said data via said extracted data and remainder data only in the presence of a predetermined security clearance.
-
Specification