Secure Compartmented Mode Knowledge Management Portal

US 20070204336A1
Filed: 02/14/2007
Published: 08/30/2007
Est. Priority Date: 06/30/2000
Status: Active Grant

First Claim

Patent Images

1. A layered defense-in-depth knowledge-based management system, comprising:

a reception zone operable to authenticate a user for access to the system;

an operations zone operable to adjudicate on a user level access to the data objects stored in a system database; and

a security zone operable to issue certificates of accessibility for defined users.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A layered defense-in-depth knowledge-based data management comprises a reception zone for authenticating a user for access to the system and an operations zone for adjudicating on a user level access to data objects stored in the system database. In addition, the data management comprises a security zone for issuing certificates of accessibility for defined users and a screening zone to interrogate data packets during processing thereof. The first line of defense is firewall protection and packet filtering preceding the reception zone.

22 Citations

View as Search Results

20 Claims

1. A layered defense-in-depth knowledge-based management system, comprising:
- a reception zone operable to authenticate a user for access to the system;
  
  an operations zone operable to adjudicate on a user level access to the data objects stored in a system database; and
  
  a security zone operable to issue certificates of accessibility for defined users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the security zone is further operable to revoke certificates for users no longer allowed access to the system.
  - 3. A layered defense-in-depth knowledge-based management system as in claim 2, wherein the security zone is further operable to perform key recovery operations.
  - 4. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the security zone comprises filters operable to control and limit access to a predefined set of user workstations.
  - 5. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the reception zone comprises a public key infrastructure operable to authenticate users for accessing contents of the system.
  - 6. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the reception zone is further operable to authenticate a server.
  - 7. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the reception zone is further operable to:
    - determine the clearance level of the requested document;
      
      determine the clearance level of the authenticated user;
      
      compare the clearance level of the document with the clearance level of the authenticated user;
      
      determine a number of document caveats associated with the requested document;
      
      for each of the number of document caveats, obtain the respective document caveat for the requested document, the respective document caveat representing a necessary condition for access to the document;
      
      determine a number of user caveats of the authenticated user;
      
      for each of the number of user caveats, obtain the respective user caveat representing a condition necessary for the authenticated user to have access to a document having an associated document caveat;
      
      for all combinations of the user caveats and the document caveats, compare the document caveat of the requested document to the user caveat of the authenticated user; and
      
      display the secure document to the authenticated user in response to the clearance level of the user dominating the clearance level of the requested document and the comparison of all combinations of the user caveats to the document caveats.
  - 8. A layered defense-in-depth knowledge-based management system as in claim 1, further comprising a screening zone operable to interrogate data packets during processing thereof.
  - 9. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the operations zone is further operable to packet filter incoming and outgoing messages.
  - 10. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the security zone is further operable to packet filter incoming and outgoing messages for access control.
  - 11. A layered defense-in-depth knowledge-based management system as in claim 1, wherein the operations zone comprises a document management server operable to establish access to data stored in a library of the management system.

12. A method of accessing an electronic support library for layered defense-in-depth knowledge-based management, comprising:
- authenticating in a reception zone a user in response to a request for data;
  
  document manipulation and administration in an operations zone of a request by an authenticated user; and
  
  issuing authorization certificates in a security zone for users to allow access to data managed in the operations zone.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of accessing an electronic support library as in claim 12, wherein authenticating a user in the reception zone comprises authenticating the user to a public key infrastructure.
  - 14. The method of accessing an electronic support library as in claim 12, further comprising accessing data stored in the electronic support library by a document management server.
  - 15. The method of accessing an electronic support library as in claim 12, further comprising packet filtering incoming and outgoing messages in and through the operations zone.
  - 16. The method of accessing an electronic support library as in claim 15, further comprising packet filtering incoming and outgoing messages for access to authorization certificates issued by the security zone.
  - 17. The method of accessing an electronic support library as in claim 12, further comprising authenticating, in the reception zone, a server
  - 18. The method of accessing an electronic support library as in claim 12, further comprising:
    - determining the clearance level of the requested document;
      
      determining the clearance level of the authenticated user;
      
      comparing the clearance level of the document with the clearance level of the authenticated user;
      
      determining a number of document caveats associated with the requested document;
      
      for each of the number of document caveats, obtaining the respective document caveat for the requested document, the respective document caveat representing a necessary condition for access to the document;
      
      determining a number of user caveats of the authenticated user;
      
      for each of the number of user caveats, obtaining the respective user caveat representing a condition necessary for the authenticated user to have access to a document having an associated document caveat;
      
      for all combinations of the user caveats and the document caveats, comparing the document caveat of the requested document to the user caveat of the authenticated user; and
      
      displaying the secure document to the authenticated user in response to the clearance level of the user dominating the clearance level of the requested document and the comparison of all combinations of the user caveats to the document caveats.
  - 19. The method of accessing an electronic support library as in claim 12, further comprising interrogating, in a screening zone, data packets during processing thereof.

20. A layered defense-in-depth knowledge-based management system, comprising:
- a reception zone operable to authenticate a user for access to the system, wherein the reception zone comprises a public key infrastructure operable to authenticate users for accessing contents of the system, the reception zone further operable to;
  
  authenticate a server;
  
  determine the clearance level of the requested document;
  
  determine the clearance level of the authenticated user;
  
  compare the clearance level of the document with the clearance level of the authenticated user;
  
  determine a number of document caveats associated with the requested document;
  
  for each of the number of document caveats, obtain the respective document caveat for the requested document, the respective document caveat representing a necessary condition for access to the document;
  
  determine a number of user caveats of the authenticated user;
  
  for each of the number of user caveats, obtain the respective user caveat representing a condition necessary for the authenticated user to have access to a document having an associated document caveat;
  
  for all combinations of the user caveats and the document caveats, compare the document caveat of the requested document to the user caveat of the authenticated user; and
  
  display the secure document to the authenticated user in response to the clearance level of the user dominating the clearance level of the requested document and the comparison of all combinations of the user caveats to the document caveats;
  
  a screening zone operable to interrogate data packets during processing thereof;
  
  an operations zone operable to adjudicate on a user level access to the data objects stored in a system database, wherein the operations zone is further operable to packet filter incoming and outgoing messages, wherein the operations zone comprises a document management server operable to establish access to data stored in a library of the management system; and
  
  a security zone operable to;
  
  issue certificates of accessibility for defined users;
  
  revoke certificates for users no longer allowed access to the system;
  
  perform key recovery operations; and
  
  wherein the security zone comprises filters operable to control and limit access to a predefined set of user workstations, wherein the security zone is further operable to packet filter incoming and outgoing messages for access control.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Teijido, Daniel, Kobren, Craig, Silcox, Joseph, Moehl, Robert

Granted Patent

US 7,921,289 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/101   Access control lists [ACL]

Secure Compartmented Mode Knowledge Management Portal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Compartmented Mode Knowledge Management Portal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links