Data security system and method with multiple independent levels of security
First Claim
1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:
- extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
, permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
2 Assignments
0 Petitions
Accused Products
Abstract
The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with multiple independent levels of security (MILS). Each level of MILS has a computer sub-network with networked workstations. The MILS sub-networks are connected together via security guard computer(s) and each guard computer has separate memories for each level (TS, S, C, UC(or remainder)). The method extracts the security sensitive words/data (a granular action), from the source document for each MILS level, stores the extracted data in a corresponding extract store for each level and permits reconstruction/reassembly of the dispersed data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each MILS level.
-
Citations
12 Claims
-
1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:
-
extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels. - View Dependent Claims (2, 3, 4, 6, 7, 8)
-
-
5. A computer readable medium containing programming instructions for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the instructions comprising:
-
extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
-
-
9. An information processing system for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the processing system comprising:
-
means for extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
means for storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,means for permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels. - View Dependent Claims (10, 11, 12)
-
Specification