Secure Handling of Documents with Fields that Possibly Contain Restricted Information

US 20120047097A1
Filed: 07/25/2011
Published: 02/23/2012
Est. Priority Date: 11/23/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for processing one or more documents, the documents containing restricted information, the restricted information not to be disclosed at a minimally secure location, the method comprising software executing on a computer system to execute the steps of:

identifying one or more sections in each document, the sections defined as either critical, possibly critical or non-critical;

each critical section containing data that is defined by information security rules as individually or collectively corresponding to restricted information, each non-critical section containing data that is defined by information security rules as not corresponding to restricted information, and each possibly critical section containing data that is defined by information security rules as possibly corresponding to restricted information;

for the possibly critical sections, identifying whether that section is critical or non-critical based on the data contained in the section;

based on identification of sections as critical or non-critical, segmenting the documents into non-critical segments, sub-critical segments and critical segments, the non-critical segments and sub-critical segments suitable for processing at a minimally secure location and the critical segments suitable for processing at a secure location; and

recombining the non-critical segments, sub-critical segments and critical segments after processing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for processing documents containing restricted information. One aspect concerns identifying which sections of a document may be critical, non-critical or possibly critical.

19 Citations

View as Search Results

15 Claims

1. A computer-implemented method for processing one or more documents, the documents containing restricted information, the restricted information not to be disclosed at a minimally secure location, the method comprising software executing on a computer system to execute the steps of:
- identifying one or more sections in each document, the sections defined as either critical, possibly critical or non-critical;
  
  each critical section containing data that is defined by information security rules as individually or collectively corresponding to restricted information, each non-critical section containing data that is defined by information security rules as not corresponding to restricted information, and each possibly critical section containing data that is defined by information security rules as possibly corresponding to restricted information;
  
  for the possibly critical sections, identifying whether that section is critical or non-critical based on the data contained in the section;
  
  based on identification of sections as critical or non-critical, segmenting the documents into non-critical segments, sub-critical segments and critical segments, the non-critical segments and sub-critical segments suitable for processing at a minimally secure location and the critical segments suitable for processing at a secure location; and
  
  recombining the non-critical segments, sub-critical segments and critical segments after processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the possibly critical section comprises a single data field that is possibly individually critical.
  - 3. The method of claim 1 wherein the possibly critical section comprises a set of two or more data fields that are possibly collectively critical.
  - 4. The method of claim 1 wherein the step of identifying whether a possibly critical section is critical or non-critical depends on whether the data in the section is frequently occurring as defined by the information security rules.
  - 5. The method of claim 4 wherein the step of identifying whether a possibly critical section is critical or non-critical comprises querying a database to determine a frequency of occurrence of said data.
  - 6. The method of claim 1 wherein the step of identifying whether a possibly critical section is critical or non-critical depends on whether the data in the section is publicly available as defined by the information security rules.
  - 7. The method of claim 6 wherein the step of identifying whether a possibly critical section is critical or non-critical comprises querying public data sources to determine whether said data is publicly available.
  - 8. The method of claim 1 wherein the possibly critical section includes a free form data field.
  - 9. The method of claim 8 wherein the step of identifying whether the free form data field is critical or non-critical comprises determining whether the free form data field contains data that corresponds to restricted information.
  - 10. The method of claim 9 wherein the step of determining whether the free form data field contains data that corresponds to restricted information comprises determining whether data in the free form data field is substantially similar to data in other fields that are defined a priori as critical.
  - 11. The method of claim 9 wherein the step of determining whether the free form data field contains data that corresponds to restricted information is based on comparing said data to pre-defined data patterns that correspond to restricted information.
  - 12. The method of claim 9 wherein the step of determining whether the free form data field contains data that corresponds to restricted information is based on comparing said data to data patterns learnt by a learning algorithm from data in other fields that are defined a priori as critical.
  - 13. The method of claim 1 wherein the sections are defined a priori as either critical, possibly critical or non-critical.

14. A system implemented on a computer for processing one or more documents, the documents containing restricted information, the restricted information not to be disclosed at a minimally secure location, the system comprising:
- a section-identifying module for identifying one or more sections in each document, the sections defined as either critical, possibly critical or non-critical;
  
  each critical section containing data that is defined by information security rules as individually or collectively corresponding to restricted information, each non-critical section containing data that is defined by information security rules as not corresponding to restricted information, and each possibly critical section containing data that is defined by information security rules as possibly corresponding to restricted information;
  
  the section-identifying module further, for the possibly critical sections, identifying whether that section is critical or non-critical based on the data contained in the section;
  
  a document-dividing module for, based on identification of sections as critical or non-critical, segmenting the documents into non-critical segments, sub-critical segments and critical segments, the non-critical segments and sub-critical segments suitable for processing at a minimally secure location and the critical segments suitable for processing at a secure location; and
  
  a recombining module for recombining the non-critical segments, sub-critical segments and critical segments after processing.

15. A computer program product for use with a computer, the computer program product comprising a tangible computer usable medium having a computer program code embodied therein for processing one or more documents, the documents containing restricted information, the restricted information not to be disclosed at a minimally secure location, the computer program code performing the steps of:
- identifying one or more sections in each document, the sections defined as either critical, possibly critical or non-critical;
  
  each critical section containing data that is defined by information security rules as individually or collectively corresponding to restricted information, each non-critical section containing data that is defined by information security rules as not corresponding to restricted information, and each possibly critical section containing data that is defined by information security rules as possibly corresponding to restricted information;
  
  for the possibly critical sections, identifying whether that section is critical or non-critical based on the data contained in the section;
  
  based on identification of sections as critical or non-critical, segmenting the documents into non-critical segments, sub-critical segments and critical segments, the non-critical segments and sub-critical segments suitable for processing at a minimally secure location and the critical segments suitable for processing at a secure location; and
  
  recombining the non-critical segments, sub-critical segments and critical segments after processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beyondcore Holdings, Llc
Original Assignee
BeyondCore, Inc. (Salesforce.com, Inc.)
Inventors
Sengupta, Arijit, Stronger, Brad A.

Application Number

US13/190,358
Publication Number

US 20120047097A1
Time in Patent Office

Days
Field of Search
US Class Current

706/12
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

H04L 9/0894   Escrow, recovery or storing...

Secure Handling of Documents with Fields that Possibly Contain Restricted Information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Secure Handling of Documents with Fields that Possibly Contain Restricted Information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others