Data security system and method with multiple independent levels of security

US 7,669,051 B2
Filed: 11/26/2004
Issued: 02/23/2010
Est. Priority Date: 11/13/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:

extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;

storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and

,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with multiple independent levels of security (MILS). Each level of MILS has a computer sub-network with networked workstations. The MILS sub-networks are connected together via security guard computer(s) and each guard computer has separate memories for each level (TS, S, C, UC (or remainder)). The method extracts the security sensitive words/data (a granular action), from the source document for each MILS level, stores the extracted data in a corresponding extract store for each level and permits reconstruction/reassembly of the dispersed data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each MILS level.

207 Citations

45 Claims

1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:
- extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
  
  storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
  
  ,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
- View Dependent Claims (2, 3, 4)
- - 2. A method of securing data as claimed in claim 1 wherein said storing and permitting reconstruction is facilitated by said security guard computer.
  - 3. A method of securing data as claimed in claim 1 wherein said security guard computer has coupled thereto said separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method comprising:
    - storing said extracted data via said security guard computer in said remainder store and said plurality of extract stores corresponding to each level of said multiple security levels; and
      
      permitting reconstruction solely via said security guard computer.
  - 4. A method of securing data as claimed in claim 1 wherein said security guard computer determines the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.

5. A computer readable medium containing programming instructions for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the instructions comprising:
- extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
  
  storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
  
  ,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
- View Dependent Claims (6, 7, 8)
- - 6. A computer readable medium containing programming instructions for securing data as claimed in claim 5 wherein said storing and permitting reconstruction is facilitated by said security guard computer.
  - 7. A computer readable medium containing programming instructions for securing data as claimed in claim 5 wherein said security guard computer has coupled thereto said separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the instructions comprising:
    - storing said extracted data via said security guard computer in said remainder store and said plurality of extract stores corresponding to each level of said multiple security levels; and
      
      permitting reconstruction solely via said security guard computer.
  - 8. A computer readable medium containing programming instructions for securing data as claimed in claim 5 wherein said security guard computer determines the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.

9. An information processing system for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the processing system comprising:
- means for extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
  
  means for storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
  
  ,means for permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
- View Dependent Claims (10, 11, 12)
- - 10. An information processing system for securing data as claimed in claim 9 wherein security guard computer stores and permits reconstruction.
  - 11. An information processing system for securing data as claimed in claim 9 wherein said security guard computer has coupled thereto said separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the system further comprising:
    - means for storing said extracted data via said security guard computer in said remainder store and said plurality of extract stores corresponding to each level of said multiple security levels; and
      
      means for permitting reconstruction solely via said security guard computer.
  - 12. An information processing system for securing data as claimed in claim 9 wherein said security guard computer determines the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.

13. A computerized method of securing data in a plurality of security controlled data stores each with a respective security access control level thereat, said data potentially having sensitive content which is one or more sensitive words, data objects, characters, images, data elements or icons with corresponding data security levels, comprising:
- storing separately sensitive content in secure data stores of said plurality of security data stores at control levels corresponding to the respective data security level; and
  
  permitting reconstruction of some or all of said data with appropriate access controls applied to respective secure data stores.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 14. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or both of filtering or extracting said sensitive content in said secure data stores.
  - 15. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or both of removing or copying said sensitive content in said secure data stores.
  - 16. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or both of translating said sensitive content in said secure data stores or transforming said sensitive content in said secure data stores.
  - 17. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or both of filtering and transferring or extracting and transferring said sensitive content in said secure data stores.
  - 18. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or both of transforming or converting said sensitive content in said secure data stores.
  - 19. A computerized method of securing data as claimed in claim 13 wherein said storing includes at least one or more of rendering, archiving and transposing said sensitive content in said secure data stores.
  - 20. A computerized method of securing data as claimed in claim 13 wherein said storing of said sensitive content in said secure data stores includes at least one or both of partially or completely storing said sensitive content in said secure data stores.
  - 21. A computerized method of securing data as claimed in claim 13 wherein said storing of said sensitive content in said secure data stores includes partially or completely storing said sensitive content in said secure data stores with at least one of encryption, data compression, or with parsed transmission of data.
  - 22. A computerized method of securing data as claimed in claim 13 wherein said storing of said sensitive content in said secure data stores includes at least one or more of tagging, labeling, or classifying said sensitive content in said secure data stores.
  - 23. A computerized method of securing data as claimed in claim 13 including manually or automatically at least one of:
    - prior to storing, at least one or more of tagging, labeling, or classifying said sensitive content in said secure data stores;
      
      orconcurrent with storing, at least one or more of tagging, labeling, or classifying said sensitive content in said secure data stores.
  - 24. A computerized method of securing data as claimed in claim 13 including at least one of:
    - prior to storing, at least one or more of tagging, labeling, or classifying said sensitive content in said secure data stores;
      
      orconcurrent with storing, at least one or more of tagging, labeling, or classifying said sensitive content in said secure data stores; and
      
      whereinsaid sensitive content has different levels of sensitive content therein corresponding to respective ones of said secure data stores.
  - 25. A computerized method of securing data as claimed in claim 13 wherein said sensitive content is defined as at least one of security sensitive content, content of significance, trade secret content, personal identifying information, content subject to regulatory provisions, or back-up content and said respective ones of said secure data stores are correspondingly designated as at least one of security sensitive stores, stores for content of significance, trade secret stores, personal identifying information stores, regulatory provision stores, or back-up stores.
  - 26. A computerized method of securing data as claimed in claim 13 wherein said sensitive content is defined as at least one of litigation specific content, aged content, archival content, historical content and said respective ones of said secure data stores are correspondingly designated as at least one of litigation specific stores, aged content stores, archival stores, or historical content stores.
  - 27. A computerized method of securing data as claimed in claim 13 wherein said storing of sensitive content in said secure data stores includes at least one or more of storing in predetermined security data stores, storing in a predetermined manner by random selection of security data stores, storing by data class in said security data stores, storing data by data type in said security data stores, or storing by level of security in said security data stores.
  - 28. A computerized method of securing data as claimed in claim 13 wherein said storing of sensitive content in said secure data stores includes storing data in said security data stores in a predetermined manner with an algorithmic selection.
  - 29. A computerized method of securing data as claimed in claim 13 wherein said storing of sensitive content in said secure data stores includes storing data in optical media data stores.
  - 30. A computerized method of securing data as claimed in claim 13 wherein said storing sensitive content in said secure data stores includes storing data in at least one of non-magnetic media stores or print stores.
  - 31. A computerized method of securing data as claimed in claim 13 wherein storing of said sensitive content is done separately with respect to at least one of remainder data, left-over data, non-sensitive content data, surplus data, residue data, remnant data, or data complementary to sensitive content data.
  - 32. A computerized method of securing data as claimed in claim 13 wherein permitting reconstruction includes at least one of reassembly, reconstitution, regeneration, compilation, reorganization, reclamation or reformation of some or all of said data with appropriate access controls applied to respective secure data stores.
  - 33. A computerized method of securing data as claimed in claim 13 wherein permitting reconstruction includes the use of at least one of predetermined access controls, assigned access controls, access controls generated with said storing of said secure data, or access controls and encryption.
  - 34. A computerized method of securing data as claimed in claim 13 wherein permitting reconstruction includes at least one of reassembly, reconstitution, regeneration, compilation, reorganization, reclamation or reformation of some or all of said data with appropriate access controls applied to respective secure data stores.
  - 35. A computerized method of securing data as claimed in claim 13 wherein said access controls are applied to respective secure data stores in at least one of the following manners:
    - said access controls applied sequentially to respective secure data stores;
      
      said access controls applied concurrently to respective secure data stores;
      
      said access controls applied to respective secure data stores subsequent to application of a security protocol;
      
      said secure data stores are mapped and said access controls are applied to obtain the mapped secure data stores;
      
      orsaid access controls are applied subsequent to an exchange of compensation or an exchange of data;
      
      said access controls applied to respective secure data stores subsequent to application of a hierarchical security protocol.
  - 36. A computerized method of securing data as claimed in claim 13 wherein said access controls are applied to at least one or more of predetermined respective secure data stores, associated respective secure data stores, correlated respective secure data stores, or designated respective secure data stores.
  - 37. A computerized method of securing data as claimed in claim 13 wherein said access controls are applied to at least one or more of archival respective secure data stores, copy protected respective secure data stores, electromagnetic protected respective secure data stores.
  - 38. A computerized method of securing data as claimed in claim 13 wherein the method of securing data is deployed in a client-server computer system with at least one server computer and a plurality of secure data stores, said server operatively coupled to at least one client computer and said secure data stores over a communications network,said server effecting said storing of sensitive content in secure data stores of said plurality of security data stores;
    - andsaid server permitting reconstruction of some or all of said data by controlling the application of said access controls to respective secure data stores.
  - 39. A computerized method of securing data as claimed in claim 13 wherein the method of securing data is deployed in a client-server computer system with at least one server computer and a plurality of secure data stores, said server operatively coupled to at least one client computer and said secure data stores over a communications network,said server effecting said storing of sensitive content in secure data stores of said plurality of security data stores.
  - 40. A computerized method of securing data as claimed in claim 13 wherein the method of securing data is deployed in a client-server computer system with at least one server computer and a plurality of secure data stores, said server operatively coupled to at least one client computer and said secure data stores over a communications network,said server permitting reconstruction of some or all of said data by controlling the application of said access controls to respective secure data stores.
  - 41. A computerized method of securing data as claimed in claim 13 wherein the method of securing data is deployed in a client-server computer system with at least one server computer and a plurality of secure data stores, said server operatively coupled to at least one client computer and said secure data stores over a communications network,said server effecting said storing of sensitive content in secure data stores of said plurality of security data stores;
    - andsaid server controlling the application of said access controls.
  - 42. A computerized method of securing data as claimed in claim 13 wherein said sensitive content is at least one or more of:
    - select sensitive words, data objects, characters, images, data elements or icons;
      
      defined sensitive words, data objects, characters, images, data elements or icons;
      
      known sensitive words, data objects, characters, images, data elements or icons;
      
      certain sensitive words, data objects, characters, images, data elements or icons;
      
      a collection of sensitive words, data objects, characters, images, data elements or icons;
      
      a plurality of predetermined sensitive words, data objects, characters, images, data elements or icons;
      
      ora plurality of predetermined sensitive words, data objects, characters, images, data elements or icons having different hierarchal or orthogonal levels of sensitive content.
  - 43. A computerized method of securing data as claimed in claim 13 wherein said sensitive content is at least one or more of:
    - formatives of predetermined sensitive words, data objects, characters, images, data elements or icons;
      
      orwords, data objects, characters, images, data elements or icons which are not from a plurality of predetermined words, data objects, characters, images, data elements or icons.
  - 44. A computerized method of securing data as claimed in claim 13 wherein said sensitive content is correlated to sensitive words, data objects, characters, images, data elements or icons, by at least or more of function, meaning, semiotic relationship, syntactic relationship, semantic relationship, pragmatic relationship, or taxonomic relationship.
  - 45. A computerized method of securing data as claimed in claim 13 wherein said storing separately uses a correlation related to said sensitive words, data objects, characters, images, data elements or icons, with at least or more of a function, meaning, semiotic relationship, syntactic relationship, semantic relationship, pragmatic relationship, or taxonomic relationship.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigitalDoors, Inc.
Original Assignee
DigitalDoors, Inc.
Inventors
Redlich, Ron M., Nemzow, Martin A.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US10/998,366
Publication Number

US 20050138110A1
Time in Patent Office

1,915 Days
Field of Search

713/164, 713/166, 713/167
US Class Current

713/166
CPC Class Codes

A61K 38/00   Medicinal preparations cont...

C07K 14/70575   NGF/TNF-superfamily, e.g. C...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

Data security system and method with multiple independent levels of security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

207 Citations

45 Claims

Specification

Use Cases

Quick Links

Others

Data security system and method with multiple independent levels of security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

207 Citations

45 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others