Methods to dynamically establish overall national security for sensitivity classification...

US 20140013433A1
Filed: 06/17/2013
Published: 01/09/2014
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1-140. -140. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to establish virtual security perimeters for classified electronic documents on a computer system. The security perimeters are based upon a full classification determination of all informational content of an electronic document file. The full classification determination is uniquely coded to identify a classification value, the classification regime used to classify the information as well as ownership of the electronic information of the electronic document, and is embedded in the electronic document. The classification determination code is matrixed with identification codes for elements of a file management system and used to control computer events initiated on a computer involving the electronic document. Computer events on computers are monitored for the coded full classification determination. The code scheme is also used to identify a breach of a security perimeter on a computer of an unauthorized classified electronic document and warning of the breach.

Citations

183 Claims

1-140. -140. (canceled)

141. A computer-implemented method for identifying on a computer system outside of a security perimeter a breach of the security perimeter for classified information in electronic format, said method comprising:
- (a) executing on at least one computer system within a security perimeter comprising;
  
  (1) establishing at least one element code on said at least one computer system, where said at least one element code is unique to at least one element of a computer network within said security perimeter, and(2) embedding said at least one element code into at least one electronic storage medium within said security perimeter,(b) executing on said at least one computer system outside said security perimeter comprising;
  
  (1) monitoring a computer event of said at least one computer system outside said security perimeter,(2) detecting said at least one element code within said at least one electronic storage medium involved with said computer event,(3) determining said detected said at least one element code as unauthorized for said at least one computer system outside said security perimeter, and(4) warning a predetermined person of said computer event where said detected said at least one element code is unauthorized.
- View Dependent Claims (142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157)
- - 142. The method of claim 141, wherein said at least one element of said computer network within said security perimeter comprising:
    - (a) said network,(b) said computer system,(c) a domain,(d) a storage disk,(e) a volume on said at least one electronic storage medium,(f) a folder within said volume,(g) an electronic document within aid folder, and(h) a profile of a user of said network.
  - 143. The method of claim 141, wherein said executing on said at least one computer system outside said security perimeter, further comprising establishing at least one resident code on said at least one computer system outside said security perimeter that matches said at least one element code.
  - 144. The method of claim 143, wherein said determining said detected said at least one element code as unauthorized for said at least one computer system outside said security perimeter, where said detected said at least one element code matches at least one resident code pre-existing on said at least one computer system outside said security perimeter.
  - 145. The method of claim 143, wherein said establishing said at least one resident code comprising providing an administrative interface for said establishing said at least one resident code on said at least one computer system outside said security perimeter.
  - 146. The method of claim 141, wherein said at least one element code comprising at least one file management code that uniquely identifies at least one element of an operating system file management system of said at least one computer system within said security perimeter.
  - 147. The method of claim 141, wherein said at least one element code comprising at least one classification code that uniquely represents a classification determination of an information security classification regime.
  - 148. The method of claim 147, wherein said at least one classification code uniquely identifies said information security classification regime.
  - 149. The method of claim 147, wherein said at least one classification code uniquely identifies ownership by an organization of said classified information classified by said information security classification regime.
  - 150. The method of claim 141, wherein said computer event comprising an operating system event on said at least one computer system outside said security perimeter.
  - 151. The method of claim 141, wherein said computer event comprising a document development application event on said at least one computer system outside said security perimeter.
  - 152. The method of claim 141, wherein said warning comprising at least one of:
    - (a) an email,(b) a text message, or(c) an on-screen notification.
  - 153. The method of claim 141, wherein said embedding said at least one element code into said at least one electronic storage medium, said at least one element code is embedded into an electronic shell of an electronic document for said at least one electronic storage medium.
  - 154. The method of claim 141, further comprising logging said computer event and details of said computer event where said at least one element code is detected.
  - 155. The method of claim 141, further comprising initiating at least one active measure for said at least one computer system outside of said security perimeter, where said detected said at least one element code is unauthorized.
  - 156. The method of claim 155, wherein said active measure comprising at least one of:
    - (a) freezing a network user account,(b) recording keystrokes,(c) disabling said at least one computer system outside of said security perimeter, or(d) isolating said at least one computer system outside of said security perimeter from a second said at least one computer system outside of said security perimeter.
  - 157. The method of claim 141, where said establishing said establishing at least one element code on said at least one computer system, further comprising providing an administrative interface to setup said at least one element code.

158. A computer-implemented method for establishing a virtual security perimeter for controlling security classified information on a computer system, said method comprising:
- (a) executing on at least one computer system,(b) establishing a code set on said at least one computer system, where said code set comprising of at least one classification code unique to a classification determination of an information security classification regime for classifying information of an electronic document,(c) establishing a matrix on said at least one computer system, where said matrix contains at least one criterion to control a computer event initiated on said at least one computer system, where said at least one criterion comprising;
  
  (1) at least one element identification code for at least one element of a file management system of an operating system for said at least one computer system, where said at least one element identification code is unique to said at least one element of said file management system, and(2) a storage authority code for said at least one element of said file management system,(d) embedding said at least one classification code into an electronic shell of said electronic document for said classification determination of said information security classification regime,(e) monitoring said at least one computer system for said computer event initiated on said at least one computer system, where said computer event involves said at least one element of said file management system,(f) intercepting said computer event before completion, where said computer event is an event that involves said at least one element of said file management system,(g) controlling said intercepted said computer event as a controlled computer event,(h) retrieving said storage authority code for said at least one element of said file management system associated with said controlled computer event,(i) detecting said at least one classification code embedded in said electronic shell of said electronic document involved with said controlled computer event,(j) determining if said detected said at least one classification code is an unauthorized said at least one classification code, where said detected said at least one classification code is not authorized for electronic storage by said retrieved said storage authority code for said at least one element of said file management system,(k) terminating said controlled computer event on said at least one computer system before storage of said electronic document in said at least one element of said file management system where said unauthorized said at least one classification code is determined for said controlled computer event,(l) warning a pre-determined person of said controlled computer event where said unauthorized said at least one classification code is determined for said controlled computer event.
- View Dependent Claims (159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181)
- - 159. The method of claim 158, further comprising an administrative interface for at least one of:
    - (a) said establishing said at least one classification code, and(b) the establishment of said at least one criterion to control said computer event on said at least one computer system.
  - 160. The method of claim 158, wherein said at least one element of said file management system, comprising:
    - (a) a network,(b) said computer system(c) a domain,(d) a storage disk,(e) a volume on said at least one electronic storage medium,(f) a folder within said volume,(g) said electronic document, and(h) a profile of a user of said computer system.
  - 161. The method of claim 160, wherein said storage authority code for said at least one element of said file management system, said storage authority code provides access authority for said user of said electronic document where said profile of said user is said at least one element of said file management system.
  - 162. The method of claim 158, wherein said at least one element identification code comprising at least one medium code that identifies an electronic storage medium, and where said method further comprising embedding said medium code into said electronic storage medium.
  - 163. The method of claim 158, wherein said at least one element identification code comprising a disk code that identifies a storage disk within an electronic storage medium, and said method further comprising embedding said disk code into said storage disk.
  - 164. The method of claim 158, wherein said at least one element identification code comprising a volume code that identifies a volume within an electronic storage medium, and said method further comprising embedding said volume code into said electronic storage medium.
  - 165. The method of claim 158, wherein said at least one element identification code comprising a document code that identifies said electronic document within an electronic storage medium, and said method further comprising embedding said document code into said electronic shell of said electronic document in said electronic storage medium.
  - 166. The method of claim 158, wherein said monitoring said at least one computer system for said event, said event comprising at least one of:
    - (a) an operating system event initiated on said at least one computer system, or(b) a document development application event initiated on said at least one computer system.
  - 167. The method of claim 158, wherein said at least one classification code further comprising a second code that uniquely identifies a domain of said at least one computer system authorized to process classified information of a specified classification level of said information security classification regime.
  - 168. The method of claim 158, wherein said at least one classification code further comprising a third code that uniquely identifies ownership by an organization of said classified information classified by said information security classification regime.
  - 169. The method of claim 158, wherein said establishing said at least one classification code for information of said electronic document, where said at least one classification code is established as an overall classification determination for information of said electronic document, where said overall classification determination is established from said classification determination for one or more informational portion of said electronic document for an entire informational content of said electronic document.
  - 170. The method of claim 169, wherein said overall classification determination is an invalid said overall classification determination where at least one of said one or more informational portion of said electronic document does not have said classification determination, and where said at least one classification code represents said invalid said overall classification determination for said electronic document.
  - 171. The method of claim 169, further comprising establishing said at least one classification code for information of said electronic document before saving said electronic document to an electronic storage medium.
  - 172. The method of claim 171, further comprising recording said at least one classification code in a relational database with identification information for said electronic document before saving said electronic document to said electronic storage medium.
  - 173. The method of claim 169, further comprising displaying a classification value of said overall classification determination in a banner of a document development application performing on said electronic document, whereby said overall classification determination is persistently displayed to a user of said document development application to inform said user of said classification value for information of said electronic document.
  - 174. The method of claim 158, further comprising re-establishing said at least one classification code in said electronic shell of said electronic document, where said at least one classification code is removed from said electronic shell of said electronic document by said computer event outside of a host document development application computer event, whereby said at least one classification code is persistently embedded in said electronic document.
  - 175. The method of claim 174, wherein said re-establishing said at least one classification code, further comprising warning a pre-determined person of an attempt to remove said at least one classification code from said electronic document.
  - 176. The method of claim 174, wherein said re-establishing said at least one classification code, further comprising recording said computer event in a relational database for said electronic document.
  - 177. The method of claim 158, wherein said warning comprising at least one of:
    - (a) an email,(b) a text message, or(c) an on-screen notification.
  - 178. The method of claim 158, further comprising logging said computer event and details of said computer event where said classification code is determined as said unauthorized said at least one classification code.
  - 179. The method of claim 158, further comprising recording said at least one element identification code for said at least one element of said file management system in a relational database and assigning said storage authority code.
  - 180. The method of claim 179, further comprising determining if said at least one element identification code is missing from said at least one element of said file management system, and further comprising re-establishing said at least one element identification code for said at least one element of said file management system from said relational database, and said method further comprising warning a predetermined person of a missing said at least one element identification code for said at least one element, whereby said at least one element identification code embedded in said at least one element of said file management system is persistent.
  - 181. The method of claim 158, wherein said storage authority code represents said classification determination of said information security classification regime.

182. A computer program product to identify on a computer system outside of a security perimeter a breach of the security perimeter for classified information in electronic format, the computer program product comprising at least one computer readable electronic storage medium, where said at least one computer readable electronic storage medium comprising at least one software engine, where said at least one software engine comprising:
- (a) establish at least one element code on at least one computer system, within a security perimeter, where said at least one element code is unique to at least one element of a computer network,(b) embed said at least one element code into at least one electronic storage medium within said security perimeter,(c) monitor a computer event of at least one computer system outside said security perimeter,(d) detect said at least one element code, as a detected said at least one element code, within said at least one electronic storage medium involved with said computer event,(e) evaluate said detected said at least one element code as unauthorized for said at least one computer system outside said security perimeter,(f) warn a predetermined person of said computer event, where said detected said at least one element code is unauthorized.

183. A computer program product to establish a virtual security perimeter to control security classified information on a computer system, the computer program product comprising at least one computer readable electronic storage medium, where said at least one computer readable electronic storage medium comprising at least one software engine, where said at least one software engine comprising:
- (b) establish a code set on at least one computer system, where said code set comprising of at least one classification code unique to a classification determination of an information security classification regime to classify information of an electronic document,(c) establish a matrix on said at least one computer system, where said matrix contains at least one criterion to control a computer event on said at least one computer system, where said at least one criterion comprising;
  
  (1) at least one element identification code for at least one element a file management system of an operating system for said at least one computer system, where said at least one element identification code is unique to said at least one element of said file management system, an(2) a storage authority code for said at least one element of said file management system,(d) embed said at least one classification code into an electronic shell of said electronic document for said classification determination of said information security classification regime,(e) monitor said at least one computer system for said computer event initiated on said at least one computer system, where said computer event involves said at least one element of said file management system,(f) intercept said computer event where said computer event involves said at least one element of said file management system,(g) control said intercepted said computer event as a controlled computer event,(h) retrieve said storage authority code for said at least one element associated with said controlled computer event,(i) detect said at least one classification code embedded in said electronic shell of said electronic document involved with said controlled computer event,(j) determine if said detected said at least one classification code is an unauthorized said at least one classification code, where said unauthorized said at least one classification code is said at least one classification code not authorized for electronic storage by said retrieved said storage authority code for said at least one element,(k) terminate completion of said controlled computer event on said at least one computer system where said unauthorized said at least one classification code is determined,(l) warn a pre-determined person of said controlled computer event where said unauthorized said at least one classification code is determined for said event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
James Luke Turner, Robert Edward Turner
Original Assignee
James Luke Turner, Robert Edward Turner
Inventors
Turner, James Luke, Turner, Robert Edward

Granted Patent

US 10,346,609 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 40/169   Annotation, e.g. comment da...

G06Q 10/10   Office automation; Time man...

Methods to dynamically establish overall national security for sensitivity classification...

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

183 Claims

Specification

Solutions

Use Cases

Quick Links

Methods to dynamically establish overall national security for sensitivity classification...

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

183 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links