Data security system and method
First Claim
1. A method for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a plurality of memories respectively designated as a remainder store and a plurality of extract stores in others of said plurality of computers, comprising:
- establishing a group of security sensitive words, characters or icons for each of a plurality of security levels, each with a respective security clearance;
filtering data input from said data input computer and extracting said security sensitive words, characters or icons for each security level from said data to obtain extracted data and remainder data;
storing said extracted data in extract stores corresponding to respective security levels and said remainder data in said remainder store; and
,accessing respective extract stores and permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of a respective security clearance corresponding to a respective security level.
2 Assignments
0 Petitions
Accused Products
Abstract
The method for securing data includes establishing a group of security sensitive items, filtering data and extracting and separating the security items from remainder data. The filtered data are separately stored (locally on a PC or on another computer in a LAN or WAN or on the Internet.) A map may be generated. The filter and/or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. A plurality of security clearances may be used to enable a corresponding plurality of partial, reconstructed views of the plaintext (omitting higher security words). A computer readable medium containing programming instructions and an information processing system is encompassed.
-
Citations
73 Claims
-
1. A method for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a plurality of memories respectively designated as a remainder store and a plurality of extract stores in others of said plurality of computers, comprising:
-
establishing a group of security sensitive words, characters or icons for each of a plurality of security levels, each with a respective security clearance; filtering data input from said data input computer and extracting said security sensitive words, characters or icons for each security level from said data to obtain extracted data and remainder data; storing said extracted data in extract stores corresponding to respective security levels and said remainder data in said remainder store; and
,accessing respective extract stores and permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of a respective security clearance corresponding to a respective security level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for securing data in a computer network with one or more security sensitive words, characters or icons and a plurality of security levels each with a respective security clearance, subsets of said security sensitive words, characters or icons being correlated with respective ones of said plurality of security levels, said computer network having a plurality of computers interconnected together, each of said plurality of computers having a memory therein, one of said plurality of computers designated as a data input computer, a first memory designated as a remainder store in said plurality of computers, and a corresponding plurality of memories in other ones of said plurality of computers designated as extract stores for respective ones of said plurality of security levels, comprising:
-
filtering data input from said data input computer for said plurality of security levels and extracting said security sensitive words, characters or icons for each of said security levels from said data to obtain extracted data for said security levels and remainder data; storing said extracted data in extract stores corresponding to respective security levels and said remainder data in said remainder store; presenting a plurality of predetermined security clearances to obtain access to respective ones of said extract stores; and
,permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of said predetermined security clearance after presentment of respective ones of said plurality of predetermined security clearances. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer, each of said plurality of computers having a memory therein, said plurality of computers including a plurality of first designated computers each with a corresponding security level and security clearance and a second designated computer, comprising:
-
establishing a group of security sensitive words, characters or icons for each said security level; filtering data input from said data input computer and extracting said security sensitive words, characters or icons for each respective security level from said data to obtain extracted data for the respective security level and remainder data; designating corresponding memory in said first designated computers as an extract store for each said respective security level and designating memory in said second computer as a remainder store; storing said extracted data in said corresponding memory for each said respective security level and said remainder data in said remainder store; and
,accessing respective corresponding memories and permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of a respective security clearance corresponding to the respective security level. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for securing data in a computer network with one or more security sensitive words, characters or icons and a plurality of security levels each with a respective security clearance, subsets of said security sensitive words, characters or icons being correlated with respective ones of said plurality of security levels, said computer network having a plurality of computers interconnected together, each of said plurality of computers having a memory therein, one of said plurality of computers designated as a data input computer, said plurality of computers including a first computer designated as a remainder store and a further plurality of computers designated as extract stores for respective ones of said plurality of security levels, comprising:
-
extracting said security sensitive words, characters or icons for said plurality of security levels from said data to obtain extracted data for respective security levels and remainder data;
storing said extracted data in extract stores corresponding to respective security levels and said remainder data in said remainder store;
presenting a plurality of predetermined security clearances to obtain access to respective ones of said extract stores; and
,permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of respective ones of said predetermined security clearances after presentment thereof. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A computer readable medium containing programming instructions for securing data in a computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, a plurality of memories respectively designated as a remainder store and a plurality of extract stores in other computers in said plurality of computers, the programming instructions comprising:
-
establishing a group of security sensitive words, characters or icons for each of a plurality of security levels, each level having a respective security clearance; filtering data input from said data input computer and extracting said security sensitive words, characters or icons for a respective security level from said data to obtain extracted data and remainder data; storing said extracted data in extract stores corresponding to respective security levels and said remainder data in said remainder store; and
,accessing respective extract stores and permitting full or partial reconstruction of said data via said extracted data and remainder data only in the presence of a respective security clearance corresponding to the respective security level. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62)
-
-
63. An information processing system for securing data having one or more security sensitive words, characters or icons in a computer network, a plurality of security levels each with a respective security clearance, subsets of said security sensitive words, characters or icons being correlated with respective ones of said plurality of security levels, said computer network having a plurality of computers interconnected together, each of said plurality of computers having a memory therein, one of said plurality of computers designated as a data input computer, said plurality of computers including a first computer designated as a remainder computer store and a plurality of other computers designated as extract stores for respective ones of said plurality of security levels, the information processing system comprising:
-
a filter adapted to receive data input from said data input computer and to separate, from said data input, said security sensitive words, characters or icons into extracted data corresponding to respective ones of said plurality of security levels and remainder data; a memory storage facility, coupled to said filter, for storing said extracted data in corresponding extract stores and said remainder data in said remainder store; a security clearance control for each of said extract stores controlling access thereto only in the presence of a predetermined respective one of a plurality of security clearances for each of said plurality of security levels; and a compiler, coupled to said security control and said extract stores and said remainder store, for fully or partially reconstructing said data from said extracted data and said remainder data dependent upon access provided by respective ones of said plurality of security clearances. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
-
Specification