Data security system and method with multiple independent levels of security
First Claim
1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:
- extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom;
storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels.
2 Assignments
0 Petitions
Accused Products
Abstract
The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with multiple independent levels of security (MILS). Each level of MILS has a computer sub-network with networked workstations. The MILS sub-networks are connected together via security guard computer(s) and each guard computer has separate memories for each level (TS, S, C, UC (or remainder)). The method extracts the security sensitive words/data (a granular action), from the source document for each MILS level, stores the extracted data in a corresponding extract store for each level and permits reconstruction/reassembly of the dispersed data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each MILS level.
207 Citations
45 Claims
-
1. A method of securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the method of securing data comprising:
-
extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom; storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels. - View Dependent Claims (2, 3, 4)
-
-
5. A computer readable medium containing programming instructions for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the instructions comprising:
-
extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom; storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels. - View Dependent Claims (6, 7, 8)
-
-
9. An information processing system for securing data having one or more security sensitive words, characters or data objects in a computer system with multiple independent security levels, each level of said multiple security levels having a computer sub-network including a plurality of computer work stations coupled together via an independent communications network at an independent security level, said sub-networks connected together via a security guard computer, said security guard computer having separate memories designated as a remainder store and a plurality of extract stores corresponding to each level of said multiple security levels, the processing system comprising:
-
means for extracting said security sensitive words, characters or data objects from said data to obtain extracted data at each said level of said multiple security levels and remainder data therefrom; means for storing said extracted data in a corresponding extract store for each said level of said multiple security levels and said remainder data in said remainder store; and
,means for permitting reconstruction of said data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each said level of said multiple security levels. - View Dependent Claims (10, 11, 12)
-
-
13. A computerized method of securing data in a plurality of security controlled data stores each with a respective security access control level thereat, said data potentially having sensitive content which is one or more sensitive words, data objects, characters, images, data elements or icons with corresponding data security levels, comprising:
-
storing separately sensitive content in secure data stores of said plurality of security data stores at control levels corresponding to the respective data security level; and permitting reconstruction of some or all of said data with appropriate access controls applied to respective secure data stores. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification