Methods to dynamically establish overall national security for sensitivity classification...
0 Assignments
0 Petitions
Accused Products
Abstract
A method to establish virtual security perimeters for classified electronic documents on a computer system. The security perimeters are based upon a full classification determination of all informational content of an electronic document file. The full classification determination is uniquely coded to identify a classification value, the classification regime used to classify the information as well as ownership of the electronic information of the electronic document, and is embedded in the electronic document. The classification determination code is matrixed with identification codes for elements of a file management system and used to control computer events initiated on a computer involving the electronic document. Computer events on computers are monitored for the coded full classification determination. The code scheme is also used to identify a breach of a security perimeter on a computer of an unauthorized classified electronic document and warning of the breach.
-
Citations
183 Claims
-
1-140. -140. (canceled)
-
141. A computer-implemented method for identifying on a computer system outside of a security perimeter a breach of the security perimeter for classified information in electronic format, said method comprising:
-
(a) executing on at least one computer system within a security perimeter comprising; (1) establishing at least one element code on said at least one computer system, where said at least one element code is unique to at least one element of a computer network within said security perimeter, and (2) embedding said at least one element code into at least one electronic storage medium within said security perimeter, (b) executing on said at least one computer system outside said security perimeter comprising; (1) monitoring a computer event of said at least one computer system outside said security perimeter, (2) detecting said at least one element code within said at least one electronic storage medium involved with said computer event, (3) determining said detected said at least one element code as unauthorized for said at least one computer system outside said security perimeter, and (4) warning a predetermined person of said computer event where said detected said at least one element code is unauthorized. - View Dependent Claims (142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157)
-
-
158. A computer-implemented method for establishing a virtual security perimeter for controlling security classified information on a computer system, said method comprising:
-
(a) executing on at least one computer system, (b) establishing a code set on said at least one computer system, where said code set comprising of at least one classification code unique to a classification determination of an information security classification regime for classifying information of an electronic document, (c) establishing a matrix on said at least one computer system, where said matrix contains at least one criterion to control a computer event initiated on said at least one computer system, where said at least one criterion comprising; (1) at least one element identification code for at least one element of a file management system of an operating system for said at least one computer system, where said at least one element identification code is unique to said at least one element of said file management system, and (2) a storage authority code for said at least one element of said file management system, (d) embedding said at least one classification code into an electronic shell of said electronic document for said classification determination of said information security classification regime, (e) monitoring said at least one computer system for said computer event initiated on said at least one computer system, where said computer event involves said at least one element of said file management system, (f) intercepting said computer event before completion, where said computer event is an event that involves said at least one element of said file management system, (g) controlling said intercepted said computer event as a controlled computer event, (h) retrieving said storage authority code for said at least one element of said file management system associated with said controlled computer event, (i) detecting said at least one classification code embedded in said electronic shell of said electronic document involved with said controlled computer event, (j) determining if said detected said at least one classification code is an unauthorized said at least one classification code, where said detected said at least one classification code is not authorized for electronic storage by said retrieved said storage authority code for said at least one element of said file management system, (k) terminating said controlled computer event on said at least one computer system before storage of said electronic document in said at least one element of said file management system where said unauthorized said at least one classification code is determined for said controlled computer event, (l) warning a pre-determined person of said controlled computer event where said unauthorized said at least one classification code is determined for said controlled computer event. - View Dependent Claims (159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181)
-
-
182. A computer program product to identify on a computer system outside of a security perimeter a breach of the security perimeter for classified information in electronic format, the computer program product comprising at least one computer readable electronic storage medium, where said at least one computer readable electronic storage medium comprising at least one software engine, where said at least one software engine comprising:
-
(a) establish at least one element code on at least one computer system, within a security perimeter, where said at least one element code is unique to at least one element of a computer network, (b) embed said at least one element code into at least one electronic storage medium within said security perimeter, (c) monitor a computer event of at least one computer system outside said security perimeter, (d) detect said at least one element code, as a detected said at least one element code, within said at least one electronic storage medium involved with said computer event, (e) evaluate said detected said at least one element code as unauthorized for said at least one computer system outside said security perimeter, (f) warn a predetermined person of said computer event, where said detected said at least one element code is unauthorized.
-
-
183. A computer program product to establish a virtual security perimeter to control security classified information on a computer system, the computer program product comprising at least one computer readable electronic storage medium, where said at least one computer readable electronic storage medium comprising at least one software engine, where said at least one software engine comprising:
-
(b) establish a code set on at least one computer system, where said code set comprising of at least one classification code unique to a classification determination of an information security classification regime to classify information of an electronic document, (c) establish a matrix on said at least one computer system, where said matrix contains at least one criterion to control a computer event on said at least one computer system, where said at least one criterion comprising; (1) at least one element identification code for at least one element a file management system of an operating system for said at least one computer system, where said at least one element identification code is unique to said at least one element of said file management system, an (2) a storage authority code for said at least one element of said file management system, (d) embed said at least one classification code into an electronic shell of said electronic document for said classification determination of said information security classification regime, (e) monitor said at least one computer system for said computer event initiated on said at least one computer system, where said computer event involves said at least one element of said file management system, (f) intercept said computer event where said computer event involves said at least one element of said file management system, (g) control said intercepted said computer event as a controlled computer event, (h) retrieve said storage authority code for said at least one element associated with said controlled computer event, (i) detect said at least one classification code embedded in said electronic shell of said electronic document involved with said controlled computer event, (j) determine if said detected said at least one classification code is an unauthorized said at least one classification code, where said unauthorized said at least one classification code is said at least one classification code not authorized for electronic storage by said retrieved said storage authority code for said at least one element, (k) terminate completion of said controlled computer event on said at least one computer system where said unauthorized said at least one classification code is determined, (l) warn a pre-determined person of said controlled computer event where said unauthorized said at least one classification code is determined for said event.
-
Specification