Data security system and method for separation of user communities
First Claim
1. A method of securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding a plurality of security levels each with a respective security clearance, comprising:
- filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
storing said subsets of extracted data and said remainder data in said extract store and said remainder store, respectively; and
, permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels.
2 Assignments
0 Petitions
Accused Products
Abstract
Data is secured in a computer network to transparently establish and manage a separation of user-based communities of interest based upon cryptographically separated, need to know, security levels. Data from a source document, data object or data stream is filtered to form subsets of extracted data and remainder data based upon security levels for the communities. Extracts are stored in assigned memories. Full or partial plaintext reconstruction is permitted only in the presence of assigned security clearance for the community of the inquiring party. Encryption, corresponding to security levels, establishes separation of secured data. The information processing system uses a data filter to extract security sensitive words, data objects, etc., a distributed storage system and a compiler is used to reconstruct plaintext based on security clearance. Multiple level encryption in one document is also available.
-
Citations
73 Claims
-
1. A method of securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding a plurality of security levels each with a respective security clearance, comprising:
-
filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
storing said subsets of extracted data and said remainder data in said extract store and said remainder store, respectively; and
,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
29. A computer readable medium containing programming instructions for securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding a plurality of security levels each with a respective security clearance, the programming instructions comprising:
-
filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
storing said subsets of extracted data and said remainder data in said extract store and said remainder store, respectively; and
,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels.
-
-
47. An information processing system for securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers for a plurality of users all interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a first and a second memory designated as a remainder store and an extract store in one or more computers of said plurality of computers, said user-based communities of interest representing said plurality of users having a corresponding a plurality of security levels each with a respective security clearance, comprising:
-
means for filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
means for storing said subsets of extracted data and said remainder data in said extract store and said remainder store, respectively; and
,means for permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels.
-
-
72. A method of securing data and transparently managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels with a plurality of encryption types, said data having one or more security sensitive words, data objects, characters or icons, said user-based communities of interest representing a plurality of users having a corresponding a plurality of security levels each with a respective security clearance, comprising:
-
filtering data and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
encrypting said subsets of extracted data with said plurality of encryption types; and
,permitting reconstruction of some or all of said data via one or more of said subsets of encrypted extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels.
-
-
73. A method of securing data and transparently managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels with a plurality of encryption types, said data having one or more security sensitive words, data objects, characters or icons, said user-based communities of interest representing a plurality of users having a corresponding a plurality of security levels each with a respective security clearance, comprising:
-
filtering data and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
encrypting said subsets of extracted data with said plurality of encryption types to obtain multiple level encryption in one document or data object; and
,decrypting all or portions of said one document or data object with multiple level encryption only in the presence of a predetermined security clearance of said plurality of security levels.
-
Specification