Method for providing customized and automated security assistance, a document marking regime, and central tracking and control for sensitive or classified documents in electronic format
First Claim
1. A computer implemented method comprising of a computer containing a CPU and computer readable electronic storage media with the CPU processing computer usable instructions encoded on the electronic storage media to provide a central service that performs in congruity with a user computer desktop tool, operating on a computer on a network controlled by said central service, to establish a client server relationship to support and control a computer desktop tool by means of said central service providing the requirements of a controlling national security and sensitive information classification and marking regime to automate the assessment, classification and marking process for information contained in electronic documents generated, revised, edited or changed by users of host document development applications and marking said electronic documents in accordance with the national security and sensitive information classification determination and marking elements of said controlling national security and/or sensitive information classification and marking regime of said central service on a computer network further comprising:
- reliably associating national security or sensitive information classification guides and security instructions with each element of the national security or sensitive information classification regime, providing version control in event of changes and modifications of the guidance, reliably making the guidance available to a client classification tool in an electronic environment in accordance with a user access profile and assuring proper identification of the version of classification guidance used for classifying individual electronic documents and properly associating with the electronic document;
identifying generating and assigning a unique code such as a Globally Unique Identifier (GUID) or a Universally Unique Identifier (UUID) for representing each element of the national security or sensitive information classification regime, each electronic document resident on the network, each authorized network User each individual computer on or comprising the network, each classification guide or security instruction every document storage media/volume device existing on the network, as well as the network and capturing the codes and the assignments in a relational database matrix, and monitoring the network for new, modified and removed elements that require code assignments or adjustments and automatically providing or adjusting, and registering the additional unique code identification assignments into the matrix as appropriate;
setting up classification access authorization templates and assigning national security or sensitive information classification regime access profiles to each authorized user or group of users on the network, profiles that entail the full classification regime or a subset of the regime elements and positively and reliably controlling user access profiles across the network(s) for individual users or groups of users for client document classification tool control and control of electronic documents in an electronic environment;
enabling network administrators or network security administrators to select and establish criteria upon which to base warnings or alerts regarding electronic documents or related user initiated network activity that may be indicative of possible compromise or insecure user handling or miss-classification of electronic documents/information resident on the network;
designing, establishing, implementing, modifying and managing a unique system for a network high classification mark for the national security or sensitive information document classification regime for a computer network to be automatically and dynamically applied to electronic documents, and resultant printed hard copy formats of an electronic document, when electronic documents are in design, draft or otherwise not completely or finally classified in accordance with established national security or sensitive information classification regime to ensure user awareness of the potential classification value of un-assessed or not-classified information and the associated security handling and control necessary to assure appropriate handling electronically and physically of the information contained therein until proper classification of the electronic document/information is complete;
designing establishing, implementing, modifying and managing visible appearance of all classification document marks, in association with the national security or sensitive information classification regime, for and within electronic documents and resultant printed hard copy forms or output of an electronic document, with respect to position, font, color, style, textual content of the full mark and abbreviations for the full classification mark, portion marks, default classification marks, the overall electronic document file classification marks and classification block to provide document classification marking consistency for electronic documents on a network or domain of networks;
automatically and dynamically identifying, capturing and recording the status and state of electronic documents in accordance with an established network national security or sensitive information document classification regime for an electronic environment regarding Legacy electronic documents, Foreign electronic documents Foreign Legacy, Opt-Out, Opt-In, Active, In-Active, Valid, and Invalid document classification and assignment and embedding of an associated unique status identification code;
reliably and automatically updating client electronic classification tools from an electronic classification regime established for a network to assure classification marking regime consistency to include mark format, user access profiles and administrative settings for the client electronic document classification and marking tool for each user of the network.
0 Assignments
0 Petitions
Accused Products
Abstract
A software engine runs in a compatible mode with off-the-shelf word processors, e-mail programs and presentation development software and other document development software. The software engine is used for the security classification of sensitive or national security classified information in electronic and resultant hard copy document formats. The software engine ensures that the individual considers all informational portions of a document, that appropriate document marks are employed, that document marks in their electronic format are persistent and that all necessary information, such as classification guides, standards and security regulations, provided by the organization to classify information is at hand and immediately available. In addition to the document sensitivity or classification determination and marking support, the software engine tracks and controls documents and the electronic media storing documents. It also provides warnings and alarms, ad hoc document security analysis and reporting capability to system security administrators with respect to document or network events or captured information that may be indicative of risk to the information requiring protection. The software also provides the ability for an organization to centrally establish and control a security classification or sensitivity marking hierarchy for automated security classification support.
-
Citations
5 Claims
-
1. A computer implemented method comprising of a computer containing a CPU and computer readable electronic storage media with the CPU processing computer usable instructions encoded on the electronic storage media to provide a central service that performs in congruity with a user computer desktop tool, operating on a computer on a network controlled by said central service, to establish a client server relationship to support and control a computer desktop tool by means of said central service providing the requirements of a controlling national security and sensitive information classification and marking regime to automate the assessment, classification and marking process for information contained in electronic documents generated, revised, edited or changed by users of host document development applications and marking said electronic documents in accordance with the national security and sensitive information classification determination and marking elements of said controlling national security and/or sensitive information classification and marking regime of said central service on a computer network further comprising:
-
reliably associating national security or sensitive information classification guides and security instructions with each element of the national security or sensitive information classification regime, providing version control in event of changes and modifications of the guidance, reliably making the guidance available to a client classification tool in an electronic environment in accordance with a user access profile and assuring proper identification of the version of classification guidance used for classifying individual electronic documents and properly associating with the electronic document; identifying generating and assigning a unique code such as a Globally Unique Identifier (GUID) or a Universally Unique Identifier (UUID) for representing each element of the national security or sensitive information classification regime, each electronic document resident on the network, each authorized network User each individual computer on or comprising the network, each classification guide or security instruction every document storage media/volume device existing on the network, as well as the network and capturing the codes and the assignments in a relational database matrix, and monitoring the network for new, modified and removed elements that require code assignments or adjustments and automatically providing or adjusting, and registering the additional unique code identification assignments into the matrix as appropriate; setting up classification access authorization templates and assigning national security or sensitive information classification regime access profiles to each authorized user or group of users on the network, profiles that entail the full classification regime or a subset of the regime elements and positively and reliably controlling user access profiles across the network(s) for individual users or groups of users for client document classification tool control and control of electronic documents in an electronic environment; enabling network administrators or network security administrators to select and establish criteria upon which to base warnings or alerts regarding electronic documents or related user initiated network activity that may be indicative of possible compromise or insecure user handling or miss-classification of electronic documents/information resident on the network; designing, establishing, implementing, modifying and managing a unique system for a network high classification mark for the national security or sensitive information document classification regime for a computer network to be automatically and dynamically applied to electronic documents, and resultant printed hard copy formats of an electronic document, when electronic documents are in design, draft or otherwise not completely or finally classified in accordance with established national security or sensitive information classification regime to ensure user awareness of the potential classification value of un-assessed or not-classified information and the associated security handling and control necessary to assure appropriate handling electronically and physically of the information contained therein until proper classification of the electronic document/information is complete; designing establishing, implementing, modifying and managing visible appearance of all classification document marks, in association with the national security or sensitive information classification regime, for and within electronic documents and resultant printed hard copy forms or output of an electronic document, with respect to position, font, color, style, textual content of the full mark and abbreviations for the full classification mark, portion marks, default classification marks, the overall electronic document file classification marks and classification block to provide document classification marking consistency for electronic documents on a network or domain of networks; automatically and dynamically identifying, capturing and recording the status and state of electronic documents in accordance with an established network national security or sensitive information document classification regime for an electronic environment regarding Legacy electronic documents, Foreign electronic documents Foreign Legacy, Opt-Out, Opt-In, Active, In-Active, Valid, and Invalid document classification and assignment and embedding of an associated unique status identification code; reliably and automatically updating client electronic classification tools from an electronic classification regime established for a network to assure classification marking regime consistency to include mark format, user access profiles and administrative settings for the client electronic document classification and marking tool for each user of the network.
-
-
2. A computer implemented method and process comprising providing an automated point and click client document classification and marking assistance tool for users of a computer network or networks, functioning in conjunction with host document development applications, assuring appropriate user national security or sensitivity classification and marking procedure for electronic document information consistent with established network national security or sensitive information classification regime by:
-
dynamically guiding the network user through all information contained in an electronic document via a portion by portion assessment and classification process and assuring that all portions are assessed, classified and marked in accordance with the established network classification regime; dynamically providing immediate classification assistance to Users assessing a document information portion by providing electronic access to classification guides and other security assistance within the tool user interlace, as established and assigned in the classification regime and as authorized under the User'"'"'s access profile established in the network classification regime; dynamically capturing User portion classification assessment and classification determinations and inserting appropriate portion classification marks into the text of an electronic document at the appropriate location in accordance with the network classification regime; dynamically embedding and hiding unique classification codes and/or other codes in the electronic text portion of the document in order to facilitate the document marking and assessment process of the tool; dynamically assuring that a document classification block with appropriate classification information is present, complete and visible in the current view of the electronic document, in accordance with national security classification policy and when required by the network classification regime; automatically and dynamically determining the correct overall electronic document/information classification determination and related classification mark for the current informational view of an electronic document provided by the host document development application by means of the cumulative individual portion classification determination values in accordance with the network classification regime; dynamically and persistently inserting by means of the host document development application the corresponding overall text based document classification mark for the current informational view of an electronic document into the headers and footers on each page of an electronic document for the electronic display and/or subsequent hardcopy output in accordance to the position, font, color, style, and textual content of the mark as established in the network classification regime; dynamically and automatically establishing the overall text based classification determination mark for the entire electronic document file and displaying the status and classification value in the document identification string in the host document development application separately from the electronic document classification mark for the current informational view of an electronic document; dynamically capturing and embedding unique classification codes associated with the current state and overall classification oldie current informational view of an electronic document as well as the overall classification determination of the electronic document file and persistently embedding those codes in the electronic shell/file of any saved electronic document; saving an electronic document to assure electronic recording of classification values, informational changes, edits, before printing, or other hardcopy output or electronic movement of the document information, by means of electronic attachment, copy, rename; automatically and dynamically capturing recording and embedding current document status, user identification information, date and time, location or path, and classification determination as well as multiple other pertinent informational elements into the electronic shell/file of saved electronic documents and recording and associating the current document status, user identification information, date and time, location or path, and classification determination as well as multiple other pertinent informational elements with the document'"'"'s unique identification code in the relational data matrix; dynamically controlling the electronic appearance with respect to classification marks and any resultant hard copy output of an electronic document consistent with current informational electronic display established via a host document development application in accordance with the established network classification and marking regime. - View Dependent Claims (3)
-
-
4. A computer implemented method comprising of centrally monitoring, in real time, electronic document/information activity comprising copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text, for a network, by means of a relational database matrix of unique codes assigned to elements of the network'"'"'s national security or sensitive information classification regime, each electronic document on document storage media associated with the network, each storage media on the network each computers on the network, each user of the network, and the network to assure positive identification of the electronic document and the electronic document storage media and the classification determination of the electronic document with respect to the monitored electronic document/information activity, further comprising:
-
automatically and dynamically preventing or allowing a User initiated operating system or host document development application activity (copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text across the network) dependent upon predetermined configurations established in the network national security or sensitive information classification regime and assessing the activity in relation to network preset controls and recording/logging the activity or the attempted activity and associating the event with all pertinent available information such as the date and time, unique identification code of the user involved, machine or computer identification media/volume unique identification code document unique identification code and the description of the monitored activity in the relational data matrix; dynamically monitoring User initiated activity on a network relating to electronic documents (copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text or the attachment, detachment, introduction and movement of electronic document storage media and unauthorized removal or the alteration of the means for positive control) in relation to preset warning and alert criteria established in the network national security or sensitive information classification regime and immediately alerting or warning Security or administrative personnel in the selected manner if the activity meets the alert and warning criteria; and
capturing and recording/logging the activity or the attempted activity and associating the event with all pertinent available information such as the date and time, system User involved, machine or computer identification, media/volume identification, document identification and description of the monitored activity;dynamic and positively identifying, upon connection or re-connection to an authorized network of electronic document storage media/volume, registered with the relational data matrix, whether electronic documents were added or removed to or from the electronic document storage media/volume when the storage media/volume was not connected to the authorized network as well as the positive identification and monitoring of modification activity to the text of individual electronic documents on such registered storage media/volume that occurred outside of authorized host document development application or while not connected to the authorized network;
the recording of the such event(s) with associated identification of the connection computer, the unique identification code of the User, and the time and date of the activity and the unique identification of each electronic document and/or media storage in the relational data matrix and alerting and warning in the manner selected in the administrative portion of the network classification regime;dynamically identifying, logging, alerting or warning on any unauthorized removal, manipulation or modification of the system of positive identification and control methods for electronic documents, and electronic document storage media/volumes and other elements of a computer network and a process to immediately reestablish a proper unique identification for proper identification and control and reestablish the embedded codes relating to the electronic document within the electronic shell of the document of such unauthorized altered elements; dynamic and positively identifying intentional or unintentional breaches of security perimeters without exposing or compromising the textual elements of a network national security or sensitive information classification regime by the immediate identification and subsequent alert of the connection of registered electronic storage media to unauthorized networks by means of the persistent existence of the embedded unique identification code in document storage media or the actual cumulative coded classification value of the portions of an electronic document embedded in an electronic document or embedded coded classification value of the electronic document or the electronic document file stored on document storage media or the electronic presence of an electronic document moved to unauthorized computers or networks by means of the cumulative coded classification value of the portions of an electronic document embedded in an electronic document or embedded coded classification value of the electronic document or the coded classification value of an electronic document file.
-
-
5. A computer implemented method comprising providing immediate and reliable statistical administrative information regarding an electronic document, an electronic document storage media and a network user activity in relation to the national security and sensitive information classification of said electronic document, and controlling and protecting national security and sensitive classified information contained in said electronic document by positive identification information for said electronic document and positive information identifying of the location of said electronic document in response to specific national security and sensitive information query criteria, by means of a unique coding system in a relational data matrix that associates a unique identification code with elements of a network to store to and retrieve from said positive identification information for said electronic document further comprising:
-
dynamically and positively identifying electronic documents resident on a network or networks that are drafts, working document, unnecessary copies improperly or not completely classified or other electronic documents that represent unnecessary security risk to the information contained therein and requiring removal or modification to reduce the potential of inadvertent or intentional compromise on a computer network or networks; quickly and dynamically identifying the unique classification values/marks for all portions of a document to provide positive identification of all portion classifications within an electronic document to identify classifications used in the document that may not be used or visible in the document'"'"'s overall classification mark in accordance with the hierarchy of the network national security or sensitive information marking regime, thereby positively identifying and locating individual documents containing specific portion marks or combination of marks for declassification activity, administrative or security oversight purposes; quickly and dynamically and positively accumulating all of the individual electronic document file overall classification determination/marks for a subfolder, folder, volume, document storage media, computer or network and determine the highest classification value/mark as determined by the network national security or sensitive information regime and dynamically displaying both the highest classification value/mark as well as the accumulated classification portion values for the selected file system element in a tree display of the network for positive administrative or security oversight for information on the network and providing remote security and protection auditing of network document storage media; dynamically identifying and recording the status of an electronic document file as to whether or not the file is active or inactive (deleted) providing for the monitoring and search capability to extend to electronic documents that have been deleted/erased from document storage media/volumes and are no longer visible to or retrievable by document development applications, or computer system/network operating systems, yet the electronic information requires continual protection on electronic document storage media because it is still retrievable from the document storage media/volume via special means, allowing the relational data matrix to positively identify deleted/erased electronic documents on related document storage media but flagging corresponding records as inactive in the matrix when operating system deletion activity occurs for the electronic document; quickly and positively identifying and locating all electronic documents that match particular classification block criteria, date of declassification, declassification exemptions, version of classification guidance, reason for classification, for a document storage volume, document storage media, resident on an individual computer on the network, as well as the entire network or networks for administrative and/or security oversight purposes.
-
Specification