Method for providing customized and automated security assistance, a document marking regime, and central tracking and control for sensitive or classified documents in electronic format

US 7,958,147 B1
Filed: 09/13/2006
Issued: 06/07/2011
Est. Priority Date: 09/13/2005
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising of a computer containing a CPU and computer readable electronic storage media with the CPU processing computer usable instructions encoded on the electronic storage media to provide a central service that performs in congruity with a user computer desktop tool, operating on a computer on a network controlled by said central service, to establish a client server relationship to support and control a computer desktop tool by means of said central service providing the requirements of a controlling national security and sensitive information classification and marking regime to automate the assessment, classification and marking process for information contained in electronic documents generated, revised, edited or changed by users of host document development applications and marking said electronic documents in accordance with the national security and sensitive information classification determination and marking elements of said controlling national security and/or sensitive information classification and marking regime of said central service on a computer network further comprising:

reliably associating national security or sensitive information classification guides and security instructions with each element of the national security or sensitive information classification regime, providing version control in event of changes and modifications of the guidance, reliably making the guidance available to a client classification tool in an electronic environment in accordance with a user access profile and assuring proper identification of the version of classification guidance used for classifying individual electronic documents and properly associating with the electronic document;

identifying generating and assigning a unique code such as a Globally Unique Identifier (GUID) or a Universally Unique Identifier (UUID) for representing each element of the national security or sensitive information classification regime, each electronic document resident on the network, each authorized network User each individual computer on or comprising the network, each classification guide or security instruction every document storage media/volume device existing on the network, as well as the network and capturing the codes and the assignments in a relational database matrix, and monitoring the network for new, modified and removed elements that require code assignments or adjustments and automatically providing or adjusting, and registering the additional unique code identification assignments into the matrix as appropriate;

setting up classification access authorization templates and assigning national security or sensitive information classification regime access profiles to each authorized user or group of users on the network, profiles that entail the full classification regime or a subset of the regime elements and positively and reliably controlling user access profiles across the network(s) for individual users or groups of users for client document classification tool control and control of electronic documents in an electronic environment;

enabling network administrators or network security administrators to select and establish criteria upon which to base warnings or alerts regarding electronic documents or related user initiated network activity that may be indicative of possible compromise or insecure user handling or miss-classification of electronic documents/information resident on the network;

designing, establishing, implementing, modifying and managing a unique system for a network high classification mark for the national security or sensitive information document classification regime for a computer network to be automatically and dynamically applied to electronic documents, and resultant printed hard copy formats of an electronic document, when electronic documents are in design, draft or otherwise not completely or finally classified in accordance with established national security or sensitive information classification regime to ensure user awareness of the potential classification value of un-assessed or not-classified information and the associated security handling and control necessary to assure appropriate handling electronically and physically of the information contained therein until proper classification of the electronic document/information is complete;

designing establishing, implementing, modifying and managing visible appearance of all classification document marks, in association with the national security or sensitive information classification regime, for and within electronic documents and resultant printed hard copy forms or output of an electronic document, with respect to position, font, color, style, textual content of the full mark and abbreviations for the full classification mark, portion marks, default classification marks, the overall electronic document file classification marks and classification block to provide document classification marking consistency for electronic documents on a network or domain of networks;

automatically and dynamically identifying, capturing and recording the status and state of electronic documents in accordance with an established network national security or sensitive information document classification regime for an electronic environment regarding Legacy electronic documents, Foreign electronic documents Foreign Legacy, Opt-Out, Opt-In, Active, In-Active, Valid, and Invalid document classification and assignment and embedding of an associated unique status identification code;

reliably and automatically updating client electronic classification tools from an electronic classification regime established for a network to assure classification marking regime consistency to include mark format, user access profiles and administrative settings for the client electronic document classification and marking tool for each user of the network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software engine runs in a compatible mode with off-the-shelf word processors, e-mail programs and presentation development software and other document development software. The software engine is used for the security classification of sensitive or national security classified information in electronic and resultant hard copy document formats. The software engine ensures that the individual considers all informational portions of a document, that appropriate document marks are employed, that document marks in their electronic format are persistent and that all necessary information, such as classification guides, standards and security regulations, provided by the organization to classify information is at hand and immediately available. In addition to the document sensitivity or classification determination and marking support, the software engine tracks and controls documents and the electronic media storing documents. It also provides warnings and alarms, ad hoc document security analysis and reporting capability to system security administrators with respect to document or network events or captured information that may be indicative of risk to the information requiring protection. The software also provides the ability for an organization to centrally establish and control a security classification or sensitivity marking hierarchy for automated security classification support.

Citations

5 Claims

1. A computer implemented method comprising of a computer containing a CPU and computer readable electronic storage media with the CPU processing computer usable instructions encoded on the electronic storage media to provide a central service that performs in congruity with a user computer desktop tool, operating on a computer on a network controlled by said central service, to establish a client server relationship to support and control a computer desktop tool by means of said central service providing the requirements of a controlling national security and sensitive information classification and marking regime to automate the assessment, classification and marking process for information contained in electronic documents generated, revised, edited or changed by users of host document development applications and marking said electronic documents in accordance with the national security and sensitive information classification determination and marking elements of said controlling national security and/or sensitive information classification and marking regime of said central service on a computer network further comprising:
- reliably associating national security or sensitive information classification guides and security instructions with each element of the national security or sensitive information classification regime, providing version control in event of changes and modifications of the guidance, reliably making the guidance available to a client classification tool in an electronic environment in accordance with a user access profile and assuring proper identification of the version of classification guidance used for classifying individual electronic documents and properly associating with the electronic document;
  
  identifying generating and assigning a unique code such as a Globally Unique Identifier (GUID) or a Universally Unique Identifier (UUID) for representing each element of the national security or sensitive information classification regime, each electronic document resident on the network, each authorized network User each individual computer on or comprising the network, each classification guide or security instruction every document storage media/volume device existing on the network, as well as the network and capturing the codes and the assignments in a relational database matrix, and monitoring the network for new, modified and removed elements that require code assignments or adjustments and automatically providing or adjusting, and registering the additional unique code identification assignments into the matrix as appropriate;
  
  setting up classification access authorization templates and assigning national security or sensitive information classification regime access profiles to each authorized user or group of users on the network, profiles that entail the full classification regime or a subset of the regime elements and positively and reliably controlling user access profiles across the network(s) for individual users or groups of users for client document classification tool control and control of electronic documents in an electronic environment;
  
  enabling network administrators or network security administrators to select and establish criteria upon which to base warnings or alerts regarding electronic documents or related user initiated network activity that may be indicative of possible compromise or insecure user handling or miss-classification of electronic documents/information resident on the network;
  
  designing, establishing, implementing, modifying and managing a unique system for a network high classification mark for the national security or sensitive information document classification regime for a computer network to be automatically and dynamically applied to electronic documents, and resultant printed hard copy formats of an electronic document, when electronic documents are in design, draft or otherwise not completely or finally classified in accordance with established national security or sensitive information classification regime to ensure user awareness of the potential classification value of un-assessed or not-classified information and the associated security handling and control necessary to assure appropriate handling electronically and physically of the information contained therein until proper classification of the electronic document/information is complete;
  
  designing establishing, implementing, modifying and managing visible appearance of all classification document marks, in association with the national security or sensitive information classification regime, for and within electronic documents and resultant printed hard copy forms or output of an electronic document, with respect to position, font, color, style, textual content of the full mark and abbreviations for the full classification mark, portion marks, default classification marks, the overall electronic document file classification marks and classification block to provide document classification marking consistency for electronic documents on a network or domain of networks;
  
  automatically and dynamically identifying, capturing and recording the status and state of electronic documents in accordance with an established network national security or sensitive information document classification regime for an electronic environment regarding Legacy electronic documents, Foreign electronic documents Foreign Legacy, Opt-Out, Opt-In, Active, In-Active, Valid, and Invalid document classification and assignment and embedding of an associated unique status identification code;
  
  reliably and automatically updating client electronic classification tools from an electronic classification regime established for a network to assure classification marking regime consistency to include mark format, user access profiles and administrative settings for the client electronic document classification and marking tool for each user of the network.

2. A computer implemented method and process comprising providing an automated point and click client document classification and marking assistance tool for users of a computer network or networks, functioning in conjunction with host document development applications, assuring appropriate user national security or sensitivity classification and marking procedure for electronic document information consistent with established network national security or sensitive information classification regime by:
- dynamically guiding the network user through all information contained in an electronic document via a portion by portion assessment and classification process and assuring that all portions are assessed, classified and marked in accordance with the established network classification regime;
  
  dynamically providing immediate classification assistance to Users assessing a document information portion by providing electronic access to classification guides and other security assistance within the tool user interlace, as established and assigned in the classification regime and as authorized under the User'"'"'s access profile established in the network classification regime;
  
  dynamically capturing User portion classification assessment and classification determinations and inserting appropriate portion classification marks into the text of an electronic document at the appropriate location in accordance with the network classification regime;
  
  dynamically embedding and hiding unique classification codes and/or other codes in the electronic text portion of the document in order to facilitate the document marking and assessment process of the tool;
  
  dynamically assuring that a document classification block with appropriate classification information is present, complete and visible in the current view of the electronic document, in accordance with national security classification policy and when required by the network classification regime;
  
  automatically and dynamically determining the correct overall electronic document/information classification determination and related classification mark for the current informational view of an electronic document provided by the host document development application by means of the cumulative individual portion classification determination values in accordance with the network classification regime;
  
  dynamically and persistently inserting by means of the host document development application the corresponding overall text based document classification mark for the current informational view of an electronic document into the headers and footers on each page of an electronic document for the electronic display and/or subsequent hardcopy output in accordance to the position, font, color, style, and textual content of the mark as established in the network classification regime;
  
  dynamically and automatically establishing the overall text based classification determination mark for the entire electronic document file and displaying the status and classification value in the document identification string in the host document development application separately from the electronic document classification mark for the current informational view of an electronic document;
  
  dynamically capturing and embedding unique classification codes associated with the current state and overall classification oldie current informational view of an electronic document as well as the overall classification determination of the electronic document file and persistently embedding those codes in the electronic shell/file of any saved electronic document;
  
  saving an electronic document to assure electronic recording of classification values, informational changes, edits, before printing, or other hardcopy output or electronic movement of the document information, by means of electronic attachment, copy, rename;
  
  automatically and dynamically capturing recording and embedding current document status, user identification information, date and time, location or path, and classification determination as well as multiple other pertinent informational elements into the electronic shell/file of saved electronic documents and recording and associating the current document status, user identification information, date and time, location or path, and classification determination as well as multiple other pertinent informational elements with the document'"'"'s unique identification code in the relational data matrix;
  
  dynamically controlling the electronic appearance with respect to classification marks and any resultant hard copy output of an electronic document consistent with current informational electronic display established via a host document development application in accordance with the established network classification and marking regime.
- View Dependent Claims (3)
- - 3. The method and process of claim 2, further comprising:
    - dynamically accumulating all non-repetitive portion marks unique classification identification codes contained in the total electronic document file and dynamically embed a list of the codes into the electronic shell/file of the document, in the hierarchy of the established network national security or sensitive information classification regime upon the establishment or subsequent save of the electronic document on the network;
      
      dynamically recording and associating new electronic documents copied, renamed, saved or otherwise established to a new name or other similar techniques of creating a new document from an existing document and recording/registering the document relationships by means of the documents'"'"' unique identification codes in the relational data matrix to capture and establish the historical derivation of documents and their classification values;
      
      allowing the User of the classification marking tool to disconnect from the tool'"'"'s normal guided portion by portion marking process to manually mark selected portions of an electronic document, or to use an automated method provided by the tool to establish the overall electronic document classification mark as well as the document classification block; and
      
      requiring a determination of the reason from the User to bypass the portion by portion classification method of the tool and capturing and recording that the User opted to use the alternate overall document classification method, with the reason for such decision and associating the reason with the unique document identification code in the relational data matrix for administrative and security oversight;
      
      automatically and dynamically identifying, evaluating, accepting and acting upon manually placed text based portion classification marks (pre-existing or placed outside of the classification and marking tool) in an electronic document providing for the automated classification assessments to be applied to Legacy documents as long as the manual classification marks meet the marking requirements of the established network national security or sensitive information document classification regime and applying interim system high classification values in accordance to the classification regime when such manual or legacy classification marks do not meet the established network national security or sensitive information document classification regime criteria;
      
      providing immediate, dynamic electronic feed back across a network to network administrators and/or network security administrator'"'"'s when network users via “
      
      reasons for disconnecting from the classification tool”
      
      identify potential omissions, errors, the need for additional elements or other necessary adjustments in the network classification regime or the user'"'"'s access profile;
      
      automatically and dynamically assigning, persistent interim classification marks, or system high classification marks, for the overall electronic document file and within the body of the current informational view of an electronic document provided by host document development application(s) for electronic documents that are established/saved on network document storage media/volume without undergoing a complete classification and classification mark assessment/determination in accordance with the network national security or sensitive information classification regime requirements and recording and associating the document'"'"'s incomplete classification status with the document'"'"'s unique identification code in the relational data matrix and embedding the unique codes in the electronic shell/file of the document;
      
      dynamically identifying, upon original establishment or subsequent additional saves of an electronic document, capture and embed document attributes/metadata (example;
      
      last user, last print information, current path . . . ) by means of unique codes embedded and hidden in non-visible portions of the document'"'"'s electronic file shell and registering that information in the systems data matrix for the purpose of document administration and security oversight;
      
      dynamically allowing a network user of the document classification tool to assess an informational portion of a document as requiring no classification determination and no classification mark, prompting the classification tool to make such classification determination non-visible for that particular informational portion of the document and treating such determinations as properly assessed and unclassified when calculating the overall classification determination for the current view of the document as well as the overall classification determination for electronic document file;
      
      dynamically making visible classification marks (both overall document marks as well as portion marks) non-visible in an electronic document, as well as eliminating the classification block requirement, for a properly assessed electronic document, if every informational portion of the current informational view of an electronic document has been assessed and “
      
      classified”
      
      as unclassified, requires no classification mark, or is non-sensitive, if such “
      
      overall document classifications”
      
      do not require any visible classification marks under the network national security or sensitive information document classification regime, and the assuring that such classification marks are or are not visible in the electronic display of an electronic document as well as any subsequent hard copy output of the document, while providing the user of host document development applications the classification status and classification value in the document identification string of the host application to assure that the user knows that while the display of the electronic document contains no visible classification marks the electronic document has been properly assessed and classified in accordance with the network classification regime;
      
      dynamically capturing the status of an electronic document, as well as the overall current classification value and mark, based on an automated evaluation of the current assessment status and/or classification determination of all information portions contained in the entire electronic document, or the overall document classification mark for legacy documents or documents manually previously marked, in relation to the network national security or sensitive information classification regime and displaying that informational result in a dynamic and persistent manner to the User by means of the document identification string in the host application interface, outside of and separate from the host application'"'"'s display of the current text view of an electronic document and associated classification values/marks, displayed within the current electronic document view providing positive consistent and dynamic feedback to users of such legacy electronic documents of the status of the document and the overall current classification value of the document'"'"'s complete electronic file for the purpose of assuring that Users are aware of the classification value of the complete electronic document file and associated secure handling requirements as opposed to the current text view of the electronic document which may be a subset of the entire electronic file and thus display classification marks that are different from the electronic file mark and thus have different secure handling requirements for a legacy or other electronic document;
      
      dynamically capturing and registering User initiated electronic document “
      
      cut and paste”
      
      activity in relation to the classification assessment status and/or classification mark, if any, of informational portions of the electronic document that are being copied or cut by means of the cut action as well as the corresponding transmission of the classification value, if any, to other documents receiving the information in the paste activity, date and time stamping and recording the activity in the relational data matrix associating the activity the User'"'"'s unique identification code who initiated the activity to the document'"'"'s unique identification code from which information was copied or removed with the unique identification code of documents into which information was pasted, and in the event that the method can detect no portion classification designations during the cut activity the method defaults to the overall document classification designation and mark, if any, when associating likely or possible classification value to the document text selected during the copy or cut operation;
      
      quickly identifying and dynamically moving the classification tool interface focus on portions of a document not assessed, or properly classified within and electronic document to facilitate user assessment and appropriate classification and marking;
      
      quickly and dynamically locating electronic document classification block and related classification block criteria for editing reviewing and or deleting classification clock criteria or removing or adding the classification block.

4. A computer implemented method comprising of centrally monitoring, in real time, electronic document/information activity comprising copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text, for a network, by means of a relational database matrix of unique codes assigned to elements of the network'"'"'s national security or sensitive information classification regime, each electronic document on document storage media associated with the network, each storage media on the network each computers on the network, each user of the network, and the network to assure positive identification of the electronic document and the electronic document storage media and the classification determination of the electronic document with respect to the monitored electronic document/information activity, further comprising:
- automatically and dynamically preventing or allowing a User initiated operating system or host document development application activity (copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text across the network) dependent upon predetermined configurations established in the network national security or sensitive information classification regime and assessing the activity in relation to network preset controls and recording/logging the activity or the attempted activity and associating the event with all pertinent available information such as the date and time, unique identification code of the user involved, machine or computer identification media/volume unique identification code document unique identification code and the description of the monitored activity in the relational data matrix;
  
  dynamically monitoring User initiated activity on a network relating to electronic documents (copy, move, rename, delete, print, user access, user modification, changes to document classification status and document type status and the modification of document text or the attachment, detachment, introduction and movement of electronic document storage media and unauthorized removal or the alteration of the means for positive control) in relation to preset warning and alert criteria established in the network national security or sensitive information classification regime and immediately alerting or warning Security or administrative personnel in the selected manner if the activity meets the alert and warning criteria; and
  
  capturing and recording/logging the activity or the attempted activity and associating the event with all pertinent available information such as the date and time, system User involved, machine or computer identification, media/volume identification, document identification and description of the monitored activity;
  
  dynamic and positively identifying, upon connection or re-connection to an authorized network of electronic document storage media/volume, registered with the relational data matrix, whether electronic documents were added or removed to or from the electronic document storage media/volume when the storage media/volume was not connected to the authorized network as well as the positive identification and monitoring of modification activity to the text of individual electronic documents on such registered storage media/volume that occurred outside of authorized host document development application or while not connected to the authorized network;
  
  the recording of the such event(s) with associated identification of the connection computer, the unique identification code of the User, and the time and date of the activity and the unique identification of each electronic document and/or media storage in the relational data matrix and alerting and warning in the manner selected in the administrative portion of the network classification regime;
  
  dynamically identifying, logging, alerting or warning on any unauthorized removal, manipulation or modification of the system of positive identification and control methods for electronic documents, and electronic document storage media/volumes and other elements of a computer network and a process to immediately reestablish a proper unique identification for proper identification and control and reestablish the embedded codes relating to the electronic document within the electronic shell of the document of such unauthorized altered elements;
  
  dynamic and positively identifying intentional or unintentional breaches of security perimeters without exposing or compromising the textual elements of a network national security or sensitive information classification regime by the immediate identification and subsequent alert of the connection of registered electronic storage media to unauthorized networks by means of the persistent existence of the embedded unique identification code in document storage media or the actual cumulative coded classification value of the portions of an electronic document embedded in an electronic document or embedded coded classification value of the electronic document or the electronic document file stored on document storage media or the electronic presence of an electronic document moved to unauthorized computers or networks by means of the cumulative coded classification value of the portions of an electronic document embedded in an electronic document or embedded coded classification value of the electronic document or the coded classification value of an electronic document file.

5. A computer implemented method comprising providing immediate and reliable statistical administrative information regarding an electronic document, an electronic document storage media and a network user activity in relation to the national security and sensitive information classification of said electronic document, and controlling and protecting national security and sensitive classified information contained in said electronic document by positive identification information for said electronic document and positive information identifying of the location of said electronic document in response to specific national security and sensitive information query criteria, by means of a unique coding system in a relational data matrix that associates a unique identification code with elements of a network to store to and retrieve from said positive identification information for said electronic document further comprising:
- dynamically and positively identifying electronic documents resident on a network or networks that are drafts, working document, unnecessary copies improperly or not completely classified or other electronic documents that represent unnecessary security risk to the information contained therein and requiring removal or modification to reduce the potential of inadvertent or intentional compromise on a computer network or networks;
  
  quickly and dynamically identifying the unique classification values/marks for all portions of a document to provide positive identification of all portion classifications within an electronic document to identify classifications used in the document that may not be used or visible in the document'"'"'s overall classification mark in accordance with the hierarchy of the network national security or sensitive information marking regime, thereby positively identifying and locating individual documents containing specific portion marks or combination of marks for declassification activity, administrative or security oversight purposes;
  
  quickly and dynamically and positively accumulating all of the individual electronic document file overall classification determination/marks for a subfolder, folder, volume, document storage media, computer or network and determine the highest classification value/mark as determined by the network national security or sensitive information regime and dynamically displaying both the highest classification value/mark as well as the accumulated classification portion values for the selected file system element in a tree display of the network for positive administrative or security oversight for information on the network and providing remote security and protection auditing of network document storage media;
  
  dynamically identifying and recording the status of an electronic document file as to whether or not the file is active or inactive (deleted) providing for the monitoring and search capability to extend to electronic documents that have been deleted/erased from document storage media/volumes and are no longer visible to or retrievable by document development applications, or computer system/network operating systems, yet the electronic information requires continual protection on electronic document storage media because it is still retrievable from the document storage media/volume via special means, allowing the relational data matrix to positively identify deleted/erased electronic documents on related document storage media but flagging corresponding records as inactive in the matrix when operating system deletion activity occurs for the electronic document;
  
  quickly and positively identifying and locating all electronic documents that match particular classification block criteria, date of declassification, declassification exemptions, version of classification guidance, reason for classification, for a document storage volume, document storage media, resident on an individual computer on the network, as well as the entire network or networks for administrative and/or security oversight purposes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
James Luke Turner, Robert Edward Turner
Original Assignee
James Luke Turner, Robert Edward Turner
Inventors
Turner, James Luke, Turner, Robert Edward
Primary Examiner(s)
Alam; Shahid A
Assistant Examiner(s)
LAWSON, DONALD L

Application Number

US11/520,857
Time in Patent Office

1,728 Days
Field of Search

707/10, 358/1.14, 340/572.1
US Class Current

707/783
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 21/604   Tools and structures for ma...

G06Q 10/10   Office automation; Time man...

Method for providing customized and automated security assistance, a document marking regime, and central tracking and control for sensitive or classified documents in electronic format

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing customized and automated security assistance, a document marking regime, and central tracking and control for sensitive or classified documents in electronic format

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links