Data security system and method for separation of user communities
First Claim
1. A method of securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, respective memories designated as a remainder store and respective extract stores in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract store, comprising:
- filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data;
storing said subsets of extracted data and said remainder data in said respective extract stores and said remainder store, respectively; and
,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels.
2 Assignments
0 Petitions
Accused Products
Abstract
Data is secured in a computer network to transparently establish and manage a separation of user-based communities of interest based upon crypto-graphically separated, need to know, security levels. Data from a source document, data object or data stream is filtered to form subsets of extracted data and remainder data based upon security levels for the communities. Extracts are stored in assigned memories. Full or partial plaintext reconstruction is permitted only in the presence of assigned security clearance for the community of the inquiring party. Encryption, corresponding to security levels, establishes separation of secured data. The information processing system uses a data filter to extract security sensitive words, data objects, etc., a distributed storage system and a compiler is used to reconstruct plaintext based on security clearance. Multiple level encryption in one document is also available.
1642 Citations
73 Claims
-
1. A method of securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, respective memories designated as a remainder store and respective extract stores in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract store, comprising:
-
filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data; storing said subsets of extracted data and said remainder data in said respective extract stores and said remainder store, respectively; and
,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer readable medium containing programming instructions for securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, respective memories designated as a remainder store and respective extract stores in one or more computers of said plurality of computers, said user-based communities of interest representing a plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract store, the programming instructions comprising:
-
filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data; storing said subsets of extracted data and said remainder data in said respective extract stores and said remainder store, respectively; and
,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. An information processing system for securing data in a computer network and transparently establishing and managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels, said data having one or more security sensitive words, data objects, characters or icons, said computer network having a plurality of computers for a plurality of users all interconnected together, one of said plurality of computers designated as a data input computer and each of said plurality of computers having a memory therein, respective memories designated as a remainder store and respective extract stores in one or more computers of said plurality of computers, said user-based communities of interest representing said plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract store, comprising:
-
means for filtering data input from said data input computer and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data and (b) remainder data; means for storing said subsets of extracted data and said remainder data in said respective extract store and said remainder store, respectively; and
,means for permitting reconstruction of some or all of said data via one or more of said subsets of extracted data and remainder data only in the presence of a predetermined security clearance of said plurality of security levels. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. A method of securing data and transparently managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels with a plurality of encryption types, said data having one or more security sensitive words, data objects, characters or icons, said user-based communities of interest representing a plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract stores, comprising:
-
filtering data and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data for said respective extract stores and (b) remainder data; encrypting said subsets of extracted data with said plurality of encryption types and storing extracted and remainder data in respective extract stores and remainder store; and
,permitting reconstruction of some or all of said data via one or more of said subsets of encrypted extracted data and remainder data from said extract stores and remainder store only in the presence of a respective predetermined security clearance of said plurality of security levels.
-
-
73. A method of securing data and transparently managing the separation of user-based communities of interest based upon crypto-graphically separated, need to know security levels with a plurality of encryption types, said data having one or more security sensitive words, data objects, characters or icons, said user-based communities of interest representing a plurality of users having a corresponding plurality of security levels each with a respective security clearance and respective extract stores, comprising:
-
filtering data and extracting said security sensitive words, data objects, characters or icons from said data to obtain (a) subsets of extracted data for said respective extract stores and (b) remainder data; encrypting said subsets of extracted data with said plurality of encryption types to obtain multiple level encryption and storing extracted and remainder data in respective extract stores and remainder store; and
,decrypting all or portions of said data from said extract stores and remainder store with multiple level encryption only in the presence of a respective predetermined security clearance of said plurality of security levels.
-
Specification