Method, system and apparatus for selecting encryption levels based on policy profiling
First Claim
Patent Images
1. A method of using structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, comprising steps of:
- identifying one or more security-sensitive document content sections in each of a plurality of structured documents encoded in a markup language by delimiting each of the security-sensitive sections in each of the structured documents using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section;
receiving, at the server from a requester located at the client, a request for a particular one of the structured documents;
determining a maximum security level for which the requester is authorized;
filtering out, from the requested document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and
if the filtered document is not empty, performing the steps of;
determining a most-restrictive one of the security levels indicated by the markup language tag syntax delimiting any security-sensitive sections that remain in the filtered document;
identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and
if any ciphers were identified, encrypting the filtered document using one of the identified ciphers and transmitting the encrypted filtered document to the requester at the client.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention depicts a method, system and program product for controlling levels of security and levels of encryption based on a predefined policy profile. This enables administrators and those who control the network to easily respond to changes in the requirements of the security levels for specific applications. It also allows for response to changes in personnel (such as someone being removed from a position that had topsecret security access) and accommodates variations in access by client devices.
199 Citations
15 Claims
-
1. A method of using structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, comprising steps of:
-
identifying one or more security-sensitive document content sections in each of a plurality of structured documents encoded in a markup language by delimiting each of the security-sensitive sections in each of the structured documents using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section;
receiving, at the server from a requester located at the client, a request for a particular one of the structured documents;
determining a maximum security level for which the requester is authorized;
filtering out, from the requested document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and
if the filtered document is not empty, performing the steps of;
determining a most-restrictive one of the security levels indicated by the markup language tag syntax delimiting any security-sensitive sections that remain in the filtered document;
identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and
if any ciphers were identified, encrypting the filtered document using one of the identified ciphers and transmitting the encrypted filtered document to the requester at the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for using structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, comprising:
-
a plurality of structured documents encoded in a markup language, each of the structured documents identifying one or more security-sensitive document content sections therein by delimiting each of the security-sensitive sections using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section;
means for receiving, at the server from a requester located at the client, a request for a particular one of the structured documents;
means for determining a maximum security level for which the requester is authorized;
means for filtering out, from the requested document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and
means for, if the filtered document is not empty, (1) determining a most-restrictive one of the security levels indicated by the markup language tag be syntax delimiting any security-sensitive sections that remain in the filtered document;
(2) identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and
(3) if any ciphers were identified, encrypting the filtered document using one of the identified ciphers.
-
-
15. A computer program for us structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, the computer program product residing on programmable media and comprising:
-
computer executable program code means for receiving, at the serer from a requester located at the client, a request for a structured document;
computer executable program code means for locating the requested structured document among a plurality of structured documents encoded in a markup language, each of the structured documents identifying one or more security-sensitive document content sections therein by delimiting each of the security-sensitive sections using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section;
computer executable program code means for determining a maximum security level for which the requester is authorized;
computer executable program code means for filtering out, from the located document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and
computer executable program code means for, if the filtered document is not empty, (1) determining a most-restrictive one of the security levels indicated by the markup language tag syntax delimiting any security-sensitive sections that remain in the filtered document;
(2) identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and
(3) if any ciphers were identified, encrypting the filtered document using one of the identified ciphers and transmitting the encrypted filtered document to the requester at the client.
-
Specification