METHOD FOR SECURE ACCESS TO AND SECURE DATA TRANSFER FROM A VIRTUAL SENSITIVE COMPARTMENTED INFORMATION FACILITY (SCIF)
First Claim
1. A computer program product for limiting access to a virtual sensitive compartmented information facility (SCIF) comprising:
- computer usable code configured to create a virtual SCIF, the virtual SCIF augmented with a SCIF security label;
computer usable code configured to augment a virtual subject with a subject security label;
computer usable code configured to receive a request for access to the virtual SCIF from the virtual subject;
computer usable code configured to load an access rule set into an object request broker;
computer usable code configured to relay the request for access to the object request broker;
computer usable code configured to receive a reply from the object request broker of a comparison of the SCIF security label to the subject security label in accordance with the access rule set;
computer usable code configured to grant access to the virtual SCIF to the virtual subject if the request conforms to the access rule set; and
computer usable code configured to deny access to the virtual SCIF to the virtual subject if the request does not conform to the access rule set.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure is directed to a method for limiting access to a virtual sensitive compartmented information facility (SCIF) and secure transport of information between two virtual SCIFs. The method may comprise creating a virtual SCIF, allowing access to the to the virtual SCIF to only those virtual subjects having the proper security clearance as analyzed by an access rule set loaded into an object request broker, creating a second virtual SCIF, creating a key lockable secure container to transport the information from the first virtual SCIF to the second virtual SCIF, and restricting access to the key to unlock the secure container in the second virtual SCIF.
12 Citations
2 Claims
-
1. A computer program product for limiting access to a virtual sensitive compartmented information facility (SCIF) comprising:
-
computer usable code configured to create a virtual SCIF, the virtual SCIF augmented with a SCIF security label; computer usable code configured to augment a virtual subject with a subject security label; computer usable code configured to receive a request for access to the virtual SCIF from the virtual subject; computer usable code configured to load an access rule set into an object request broker; computer usable code configured to relay the request for access to the object request broker; computer usable code configured to receive a reply from the object request broker of a comparison of the SCIF security label to the subject security label in accordance with the access rule set; computer usable code configured to grant access to the virtual SCIF to the virtual subject if the request conforms to the access rule set; and computer usable code configured to deny access to the virtual SCIF to the virtual subject if the request does not conform to the access rule set.
-
-
2. A computer program product for secure transport of information between virtual sensitive compartmented information facilities (virtual SCIF) comprises:
-
computer usable code configured to designate a first virtual SCIF, the first virtual SCIF augmented with a first security label and overseen by a first virtual SCIF owner; computer usable code configured to designate a second virtual SCIF, the second virtual SCIF augmented with a second security label and overseen by a second virtual SCIF owner; computer usable code configured to receive a request from a virtual subject for transport of information from the first virtual SCIF to the second virtual SCIF; computer usable code configured to create a secure container to transport the information; computer usable code configured to place the information in the secure container; computer usable code configured to lock the secure container with a key; computer usable code configured to transport the secure container from the first virtual SCIF to the second virtual SCIF; computer usable code configured to restrict access to the key in the second virtual SCIF, further including; computer usable code configured to load an access rule set into an object request broker; computer usable code configured to receive a request for access to the key in the second virtual SCIF from the second virtual SCIF owner; computer usable code configured to relay the request for access to the object request broker; computer usable code configured to receive a reply from the object request broker of a comparison of the first security label to the second security label in accordance with the access rule set; computer usable code configured to grant access to the key only if the secure container is in the second virtual SCIF; computer usable code configured to grant access to the key to the second virtual SCIF owner if the reply conforms to the access rule set; and computer usable code configured to deny access to the key to the second virtual SCIF owner if the reply does not conform to the access rule set.
-
Specification