DOCUMENT ACCESSING THROUGH MULTIPLE SECURITY DOMAINS

US 20070282752A1
Filed: 05/17/2007
Published: 12/06/2007
Est. Priority Date: 05/17/2006
Status: Active Grant

First Claim

Patent Images

1. A processor implemented method, comprising:

saving by a processor from a first security domain to a second security domain a version of a document, including determining whether the document contains one or more components not to be accessible through the second security domain, and writing components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain, the first security domain being a higher security domain than the second security domain; and

opening by the processor through the first security domain the document, including determining whether a version of the document has been saved to the second security domain, and if a version of the document has been saved to the second security domain, further determining whether one or more components of the version of the document has been modified, or one or more new components have been added to the version of the document through the second security domain, and if so, retrieve a copy of the one or more modified or new components from the second security domain, and merging the retrieved copy of the one or more modified or new components into the document being open at the first security domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for accessing documents in a multi-security domain environment are described herein. The novel methods may be processor implemented methods and may include saving by a processor from a first to a second security domain a version of a document, wherein the first security is a higher security domain than the second security domain. As part of the saving operation, a determination may be made as to whether the document includes one or more components not to be accessible through the second security domain, and writing the components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain. The methods may further include opening the document through the security domain by determining whether a version of the document has been saved to the second security domain, and if so, merging a copy of modifications made to version of the document, if there are any, into the document being open. In various embodiments, a domain specific document server and a cross security domain trusted services are employed to enable among other things, reduction of number of storage devices needed.

33 Citations

View as Search Results

28 Claims

1. A processor implemented method, comprising:
- saving by a processor from a first security domain to a second security domain a version of a document, including determining whether the document contains one or more components not to be accessible through the second security domain, and writing components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain, the first security domain being a higher security domain than the second security domain; and
  
  opening by the processor through the first security domain the document, including determining whether a version of the document has been saved to the second security domain, and if a version of the document has been saved to the second security domain, further determining whether one or more components of the version of the document has been modified, or one or more new components have been added to the version of the document through the second security domain, and if so, retrieve a copy of the one or more modified or new components from the second security domain, and merging the retrieved copy of the one or more modified or new components into the document being open at the first security domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein said merging of one or more new components into the document comprises adding the one or more new components into the document.
  - 3. The method of claim 1, further comprising modifying by the processor, in response to a user input received through the first security domain, a first component included in the document.
  - 4. The method of claim 3, further comprising modifying by the processor, in response to a user input received through the second security domain, a second component included in the version of the document saved to the second security domain.
  - 5. The method of claim 4, wherein said second component included in the version of the document correspond to the first component included in the document, and said merging of the retrieved copy of the one or more modified components comprises determining by the processor whether the modification made to the second component through the second security domain conflict with the modification made to the first component through the first security domain, and if so, resolving at least in part the conflict by the processor transmitting to a user through the first security domain an inquiry as to how the conflict should be resolved.
  - 6. The method of claim 5, wherein said resolving at least in part the conflict by the processor comprises receiving by the processor, in response to said inquiry, user input through the first security domain that includes, for the conflict, an acceptance of the modification made to the second component through the second security domain, an acceptance of the modification made to the first component through the first security domain, or an indication to at least discard the conflicting modifications made through the first and second security domains and data to facilitate creation of a new modification.
  - 7. The method of claim 1, wherein said opening by the processor through the first security domain of the document comprises reading the document from first one or more storage devices associated with the first security domain and said retrieving of the one or more modified or new components from the version of the document comprises reading the one or more modified or new components from second one or more storage devices associated with the second security domain.
  - 8. The method of claim 1, wherein said document includes a first, a second, and a third component that are each associated with one of at least two alternative attribute values, a first attribute value indicating that a component associated with the first attribute value is to be accessible for viewing and/or editing only through security domains that include the first security domain, but not the second security domain, and a second attribute value indicating that a component associated with the second attribute value is to be accessible for viewing and/or editing through security domains that include both the first and the second security domains, the third component being dependent on the second component, which is in turn dependent on the first component, and said saving comprises determining by the processor whether the first or the second component is associated with the first attribute value, and if so, writing components of the document, excluding at least the third component, into the second security domain.
  - 9. The method of claim 1, further comprising saving by the processor from the second security domain to a third security domain another version of the document, including determining whether the document contains one or more components not to be accessible through the third security domain, and writing components of the documents excluding the one or more components determined not to be accessible through the third security domain into the third security domain, the second security domain being a higher security domain than the third security domain;
    - andwherein said opening by the processor through the first security domain the document further comprises determining whether another version of the document has been saved from the second security domain to the third security domain, and if the document has been saved to the third security domain, further determining whether one or more components of the other version of the document has been modified, or one or more new components has been added to the other version of the document through the third security domain, and if so, retrieve a copy of the one or more modified or new components from the third security domain, and merging the retrieved copy of the one or more modified or new components from the third security domain into the document being open at the first security domain.
  - 10. The method of claim 1, wherein said saving by the processor from a first security domain to a second security domain a version of a document comprises saving from a first security domain to a second security domain a version of a word processing document, a streaming media file, a sequence of sensor readings, or a web page document.
  - 11. The method of claim 1, further comprising providing by the processor in response to a user input received through the first security domain a document having a plurality of components, each of the components being associated with one of at least two alternative attribute values, a first attribute value indicating that a component associated with the first attribute value is to be accessible for viewing and/or editing only through security domains comprising the first security domain and not the second security domain and a second attribute value indicating that a component associated with the second attribute value is to be accessible for viewing and/or editing through security domains comprising both the first and the second security domains.
  - 12. The method of claim 11, wherein said writing components of the document excluding the one or more determined not to be accessible through the second security domain comprises filtering the components of the document based on the attribute values associated with components to determine which of the components are not to be accessible through the second security domain, and to exclude those determined not to be accessible through the second security domain to be written into the second security domain.

13. An apparatus, comprising:
- one or more processors;
  
  storage medium coupled to the processors having stored therein programming instructions to be operated by the one or more processors to;
  
  save from a first security domain to a second security domain a version of a document, including determining whether the document contains one or more components not to be accessible through the second security domain, and writing components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain, the first security domain being a higher security domain than the second security domain; and
  
  open through the first security domain the document, including determining whether a version of the document has been saved to the second security domain, and if a version of the document has been saved to the second security domain, further determining whether one or more components of the version of the document has been modified, or one or more new components has been added to the version of the document through the second security domain, and if so, retrieve a copy of the one or more modified or new components from the second security domain, and merging the retrieved copy of the one or more modified or new components into the document being open at the first security domain.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13, further comprising a first and a second one or more storage devices operationally coupled to the one or more processors to store data to be accessed through the first and the security domain, respectively, the first storage device to store the document and the second storage device to store the version of the document.
  - 15. The apparatus of claim 14, wherein the programming instructions are adapted to be operated by the one or more processor to save from the second security domain to a third security domain another version of the document, including determining whether the document contains one or more components not to be accessible through the third security domain, and writing components of the documents excluding the one or more components determined not to be accessible through the third security domain into the third security domain, the second security domain being a higher security domain than the security domain;
    - andwherein said opening through the first security domain the document includes determining whether another version of the document has been saved to the third security domain, and if the document has been saved to the third security domain, further determining whether one or more components of the other version of the document has been modified, or one or more new components has been added to the other version of the document through the third security domain, and if so, retrieve a copy of the one or more modified or new components from the third security domain, and merging the retrieved copy of the one or more modified or new components from the third security domain into the document being open at the first security domain.
  - 16. The apparatus of claim 15, further comprising a third one or more storage device operationally coupled to the one or more processors to store data to be accessed through the third security domain, the third storage device to store the other version of the document.
  - 17. The apparatus of claim 14, wherein the programming instructions implement a security domain specific document server engine and a cross security domain trusted services engine to be operated by the one or more processors to cooperatively effectuate said save from the first security domain to the second security domain the version of the document and said open through the first security domain the document.
  - 18. The apparatus of claim 17, wherein said document server engine is adapted to be first instantiated to interface with one or more communication networks to communicate with a first client device having access to the first security domain, and to be second instantiated to communicate with a second client device having access to the second security domain, via the one or more communication networks.
  - 19. The apparatus of claim 17, wherein said trusted service engine is adapted to interface with the first and the second one or more storage devices to selectively channel data to be saved to and retrieved from the first and the second one or more storage devices.

20. An article of manufacture, comprising:
- a storage medium;
  
  a plurality of programming instructions stored in the storage medium to program an apparatus to enable to the apparatus tosave from a first security domain to a second security domain a version of a document, including determining whether the document contains one or more components not to be accessible through the second security domain, and writing components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain, the first security domain being a higher security domain than the second security domain; and
  
  open through the first security domain the document, including determining whether a version of the document has been saved to the second security domain, and if a version of the document has been saved to the second security domain, further determining whether one or more components of the version of the document has been modified, or one or more new components have been added to the version of the document through the second security domain, and if so, retrieve a copy of the one or more modified or new components from the second security domain, and merging the retrieved copy of the one or more modified or new components into the document being open at the first security domain.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The article of claim 20, wherein said programming instructions are adapted to add the one or more new components into the document, when performing said merging of one or more new components into the document.
  - 22. The article of claim 20, wherein said programming instructions are further adapted to modify in response to a user input received through the first security domain, a first component included in the document.
  - 23. The article of claim 22, wherein said programming instructions are further adapted to modify in response to a user input received through the second security domain, a second component included in the version of the document saved to the second security domain.
  - 24. The article of claim 20, wherein said programming instructions are further adapted to perform said open through the first security domain of the document by reading the document from first one or more storage devices associated with the first security domain, and said retrieve of the one or more modified or new components from the version of the document by reading the one or more modified or new components from second one or more storage devices associated with the second security domain.
  - 25. The article of claim 20, wherein said document includes a first, a second, and a third component that are each associated with one of at least two alternative attribute values, a first attribute value indicating that a component associated with the first attribute value is to be accessible for viewing and/or editing only through security domains that include the first security domain, but not the second security domain, and a second attribute value indicating that a component associated with the second attribute value is to be accessible for viewing and/or editing through security domains that include both the first and the second security domains, the third component being dependent on the second component, which is in turn dependent on the first component, and said programming instructions are further adapted to perform said saving including determining whether the first or the second component is associated with the first attribute value, and if so, writing components of the document, excluding at least the third component, into the second security domain.
  - 26. The article of claim 20, said programming instructions are further adapted to save from the second security domain to a third security domain another version of the document, including determining whether the document contains one or more components not to be accessible through the third security domain, and writing components of the documents excluding the one or more components determined not to be accessible through the third security domain into the third security domain, the second security domain being a higher security domain than the third security domain;
    - andwherein said opening through the first security domain the document further comprises determining whether another version of the document has been saved from the second security domain to the third security domain, and if the document has been saved to the third security domain, further determining whether one or more components of the other version of the document has been modified, or one or more new components has been added to the other version of the document through the third security domain, and if so, retrieve a copy of the one or more modified or new components from the third security domain, and merging the retrieved copy of the one or more modified or new components from the third security domain into the document being open at the first security domain.
  - 27. The article of claim 20, wherein said programming instructions are adapted to save from a first security domain to a second security domain a version of a word processing document, a streaming media file, a sequence of sensor readings, or a web page document.
  - 28. The article of claim 20, wherein said programming instructions are further adapted to provide in response to a user input received through the first security domain a document having a plurality of components, each of the components being associated with one of at least two alternative attribute values, a first attribute value indicating that a component associated with the first attribute value is to be accessible for viewing and/or editing only through security domains comprising the first security domain and not the second security domain and a second attribute value indicating that a component associated with the second attribute value is to be accessible for viewing and/or editing through security domains comprising both the first and the second security domains.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Galois, Inc.
Original Assignee
Galois Connections Incorporated (Galois, Inc.)
Inventors
Jones, M. Isaac, McNamee, Dylan J.

Granted Patent

US 8,171,557 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/57
CPC Class Codes

H04L 63/105 Multiple levels of security

DOCUMENT ACCESSING THROUGH MULTIPLE SECURITY DOMAINS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

DOCUMENT ACCESSING THROUGH MULTIPLE SECURITY DOMAINS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links