System and techniques to bind information objects to security labels
First Claim
Patent Images
1. A method for providing multilevel security for a data object requested by a workstation user, the method comprising:
- providing a security label for the data object;
associating security rules including a security clearance level for the data object with the security label;
binding the security label to the data object;
validating the correctness of the security label;
associating the user'"'"'s security clearance level with at least one user certificate;
verifying the at least one user certificate; and
determining whether the user has clearance to receive the requested data object.
1 Assignment
0 Petitions
Accused Products
Abstract
A method to providing multilevel security for a data object requested by a workstation user includes providing a security label for the data object, associating security rules including a security clearance level for the data object with the security label, binding the security label to the data object, validating the correctness of the security label, associating the user'"'"'s security clearance level with at least one user certificate, verifying the at least one user certificate, and determining whether the user has clearance to receive the requested data.
188 Citations
29 Claims
-
1. A method for providing multilevel security for a data object requested by a workstation user, the method comprising:
-
providing a security label for the data object;
associating security rules including a security clearance level for the data object with the security label;
binding the security label to the data object;
validating the correctness of the security label;
associating the user'"'"'s security clearance level with at least one user certificate;
verifying the at least one user certificate; and
determining whether the user has clearance to receive the requested data object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A multilevel security system for controlling access to data objects in a secure network comprising:
-
a plurality of security integration code processors coupled to the secure network;
a secure manager workstation coupled to one of the plurality of security integration code processors;
at least one application workstation coupled to a corresponding one the of the plurality of security integration code processors; and
at least one of a multi-level protection database and a multi-level protection server coupled to a corresponding one of the plurality of security integration code processors. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification