Automatic information sanitizer
First Claim
1. A method for use in a multi-level secure system for sanitizing a message, said method comprising the steps of:
- establishing a computer-based sanitization tool for sanitizing messages based on predefined sanitization rules, wherein said multi-level secure system includes at least first and second security levels and wherein first security level users are authorized to receive sensitive information that second security level users are not authorized to receive;
first using said computer-based sanitization tool for receiving a message for potential distribution;
second operating said computer-based sanitization tool for identifying at least first and second potential recipients having first and second security clearances, respectively;
third operating said computer-based sanitization tool for sanitizing said received message to generate a first sanitized message for transmission to said first potential recipient; and
fourth operating said computer-based sanitization tool for sanitizing said received message to generate a second sanitized message, different than the first sanitized message, for transmission to said second potential recipient,wherein said step of third operating comprises identifying first sensitive information within said message based on said first security clearance of said first potential recipient and protecting said first sensitive information such that said first sensitive information is not useable by said first potential recipient, and said step of fourth operating comprises identifying second sensitive information based on said second security clearance of said second potential recipient and protecting said second sensitive information such that said second sensitive information is not useable by said second potential recipient.
1 Assignment
0 Petitions
Accused Products
Abstract
An automatic data sanitizer module sanitizes formatted data from an external source system according to stored sanitization rules for release to an external destination system so that the destination system receives only that data for which it is authorized. The module generally includes an Input Comms module, a Message Processor, an Output Guard a Downgrader and an Output Comms module. The Input Comms module supports the communications protocol dictated by the external source system. The Processor sanitizes the message according to the rules written for the specific external system under consideration. The Guard verifies the modifications performed by the Processor. The Downgrader moves the resulting file to the Output Comms working directory and the Output Comms makes the resulting message available to the destination system. The system supports a variety of different formats and greatly facilitates the timely dissemination of information within a multi-level secure environment while protecting security interests.
-
Citations
10 Claims
-
1. A method for use in a multi-level secure system for sanitizing a message, said method comprising the steps of:
-
establishing a computer-based sanitization tool for sanitizing messages based on predefined sanitization rules, wherein said multi-level secure system includes at least first and second security levels and wherein first security level users are authorized to receive sensitive information that second security level users are not authorized to receive; first using said computer-based sanitization tool for receiving a message for potential distribution; second operating said computer-based sanitization tool for identifying at least first and second potential recipients having first and second security clearances, respectively; third operating said computer-based sanitization tool for sanitizing said received message to generate a first sanitized message for transmission to said first potential recipient; and fourth operating said computer-based sanitization tool for sanitizing said received message to generate a second sanitized message, different than the first sanitized message, for transmission to said second potential recipient, wherein said step of third operating comprises identifying first sensitive information within said message based on said first security clearance of said first potential recipient and protecting said first sensitive information such that said first sensitive information is not useable by said first potential recipient, and said step of fourth operating comprises identifying second sensitive information based on said second security clearance of said second potential recipient and protecting said second sensitive information such that said second sensitive information is not useable by said second potential recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for use in a multi-level secure system for sanitizing a message, said method comprising steps of:
-
receiving an input file that includes information associated with at least first and second security levels of the multi-level secure system, wherein a user associated with said first security level of the multi-level secure system is entitled to receive information that a user associated with said second security level of the multi-level secure system is not entitled to receive; determining a security level associated with at least one user of the multi-level secure system to be said first security level; determining a security level associated with at least one user of the multi-level secure system to be said second security level; generating a first output file from the input file based on the first security level; transferring the first output file to said at least one user with the first security level; parsing intelligible elements from the information of the input file; analyzing said intelligible elements to select a portion of the intelligible elements for sanitization according to the second security level; sanitizing the information of the selected portion of the intelligible elements according to the second security level to generate a second output file for said at least one user with the second security level, wherein said second output file has a first format; and formatting the second output file to a second format for said at least one user with the second security level; and transferring the second output file in the second format to said at least one user with the second security level.
-
-
9. A method for use in a multi-level secure system for sanitizing a message, said method comprising the steps of:
-
establishing rules based logic determining a level of access to sensitive information as a function of information regarding an intended recipient of a message including at least a portion of said sensitive information, wherein different recipients are associated with different levels of access to said sensitive information, said rules based logic analyzing specific items of said sensitive information in the context of a given message relative to a selected rule set of a number of rule sets, wherein different ones of said rule sets correspond to set different levels of access to said sensitive information; receiving, in a processing system including said rules based logic, a first message including a first item of said sensitive information; analyzing, in said processing system, said first message to obtain recipient information regarding a first intended recipient of said first message; based on said recipient information, accessing a first rule of a first rule set of said number of rule sets using said processing system; applying said first rule to process said first item of sensitive information, using said processing system, so as to generate a processed first message having a difference in relation to said first message, said difference being a function of said recipient information regarding said first intended recipient; processing the said first item of sensitive information according to the first rule, wherein said processing includes altering the first item of sensitive information or removing the first item of sensitive information; processing the first message according to a second rule associated with a second recipient to generate a second message that differs from the first message; and operating said processing system to cause said processed first message to be transmitted to said first intended recipient. - View Dependent Claims (10)
-
Specification