Secure Compartmented Mode Knowledge Management Portal
First Claim
Patent Images
1. A layered defense-in-depth knowledge-based management system, comprising:
- a reception zone operable to authenticate a user for access to the system;
an operations zone operable to adjudicate on a user level access to the data objects stored in a system database; and
a security zone operable to issue certificates of accessibility for defined users.
1 Assignment
0 Petitions
Accused Products
Abstract
A layered defense-in-depth knowledge-based data management comprises a reception zone for authenticating a user for access to the system and an operations zone for adjudicating on a user level access to data objects stored in the system database. In addition, the data management comprises a security zone for issuing certificates of accessibility for defined users and a screening zone to interrogate data packets during processing thereof. The first line of defense is firewall protection and packet filtering preceding the reception zone.
22 Citations
20 Claims
-
1. A layered defense-in-depth knowledge-based management system, comprising:
-
a reception zone operable to authenticate a user for access to the system;
an operations zone operable to adjudicate on a user level access to the data objects stored in a system database; and
a security zone operable to issue certificates of accessibility for defined users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of accessing an electronic support library for layered defense-in-depth knowledge-based management, comprising:
-
authenticating in a reception zone a user in response to a request for data;
document manipulation and administration in an operations zone of a request by an authenticated user; and
issuing authorization certificates in a security zone for users to allow access to data managed in the operations zone. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A layered defense-in-depth knowledge-based management system, comprising:
-
a reception zone operable to authenticate a user for access to the system, wherein the reception zone comprises a public key infrastructure operable to authenticate users for accessing contents of the system, the reception zone further operable to;
authenticate a server;
determine the clearance level of the requested document;
determine the clearance level of the authenticated user;
compare the clearance level of the document with the clearance level of the authenticated user;
determine a number of document caveats associated with the requested document;
for each of the number of document caveats, obtain the respective document caveat for the requested document, the respective document caveat representing a necessary condition for access to the document;
determine a number of user caveats of the authenticated user;
for each of the number of user caveats, obtain the respective user caveat representing a condition necessary for the authenticated user to have access to a document having an associated document caveat;
for all combinations of the user caveats and the document caveats, compare the document caveat of the requested document to the user caveat of the authenticated user; and
display the secure document to the authenticated user in response to the clearance level of the user dominating the clearance level of the requested document and the comparison of all combinations of the user caveats to the document caveats;
a screening zone operable to interrogate data packets during processing thereof;
an operations zone operable to adjudicate on a user level access to the data objects stored in a system database, wherein the operations zone is further operable to packet filter incoming and outgoing messages, wherein the operations zone comprises a document management server operable to establish access to data stored in a library of the management system; and
a security zone operable to;
issue certificates of accessibility for defined users;
revoke certificates for users no longer allowed access to the system;
perform key recovery operations; and
wherein the security zone comprises filters operable to control and limit access to a predefined set of user workstations, wherein the security zone is further operable to packet filter incoming and outgoing messages for access control.
-
Specification