Multi-level secure information retrieval system

US 8,359,641 B2
Filed: 12/05/2008
Issued: 01/22/2013
Est. Priority Date: 12/05/2008
Status: Active Grant

First Claim

Patent Images

1. A multi-level secure information retrieval system comprising:

an enterprise access service tool configured for communications with a client application and an enterprise gateway provided by a corresponding enterprise, the enterprise access service tool implemented on a computing system communicatively coupled to the client application and the enterprise gateway, and the enterprise access service tool operable to;

host a network interface providing access for the client application;

receive, from the client application via the network interface, an information request for information stored in a data repository managed by the enterprise;

determine one security level for the information request from a plurality of differing security levels;

associate the information request with the one security level; and

transmit the information request to the enterprise gateway;

wherein the enterprise gateway is operable to transmit a filtered version of the requested information to the client application independent of the enterprise access service tool, the requested information being filtered by the enterprise gateway according to the one security level associated with the information request.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a multi-level secure information retrieval system includes an enterprise access service tool coupled to one or more client applications and at least one gateway managed by an enterprise. The enterprise access service tool executes services operating in a service oriented architecture. The enterprise access service tool receives requests from the client applications, associates each of the requests with one of a plurality of differing security levels, and transmits the requests to the gateway. The gateway transmits the requested information back to the client applications in which the information is filtered by the gateway according to their associated security levels.

Citations

23 Claims

1. A multi-level secure information retrieval system comprising:
- an enterprise access service tool configured for communications with a client application and an enterprise gateway provided by a corresponding enterprise, the enterprise access service tool implemented on a computing system communicatively coupled to the client application and the enterprise gateway, and the enterprise access service tool operable to;
  
  host a network interface providing access for the client application;
  
  receive, from the client application via the network interface, an information request for information stored in a data repository managed by the enterprise;
  
  determine one security level for the information request from a plurality of differing security levels;
  
  associate the information request with the one security level; and
  
  transmit the information request to the enterprise gateway;
  
  wherein the enterprise gateway is operable to transmit a filtered version of the requested information to the client application independent of the enterprise access service tool, the requested information being filtered by the enterprise gateway according to the one security level associated with the information request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The multi-level secure information retrieval system of claim 1, wherein the plurality of differing security levels includes a plurality of security levels that each has an ascending level of security, the enterprise access service tool operable to associate the information request with the one security level and other of the plurality of differing security levels below the one security level.
  - 3. The multi-level secure information retrieval system of claim 1, wherein the information request conforms to a publish/subscribe model.
  - 4. The multi-level secure information retrieval system of claim 1, wherein the client application comprises a web browser.
  - 5. The multi-level secure information retrieval system of claim 1, wherein the computing system is coupled to the enterprise gateway through a publicly accessible network.
  - 6. The multi-level secure information retrieval system of claim 1, wherein the enterprise gateway comprises a high assurance guard.
  - 7. The multi-level secure information retrieval system of claim 1, wherein the enterprise gateway comprises a proxy data repository that is operable to store published data.
  - 8. The multi-level secure information retrieval system of claim 1, wherein the enterprise access service tool is operable to receive, from the client application, another information request for information stored in a legacy data repository, associate the another information request with another one of the plurality of differing security levels, and transmit the requested information stored in the legacy data repository to the client application, the requested information from the legacy data repository filtered by the enterprise access service tool according to the one security level.
  - 9. The multi-level secure information retrieval system of claim 1, wherein the enterprise access service tool provides a plurality of services comprising a plurality of commercial off-the-shelf services that are operable to access the requested information from the data repository through a virtual private network.

10. A secure information retrieval method performed in a multilevel secure environment comprising:
- providing a network interface for access by a client application;
  
  receiving, from the client application, an information request for information stored in a data repository managed by at least one enterprise;
  
  determining one security level for the information request from a plurality of differing security levels;
  
  associating the information request with the one security level; and
  
  transmitting the information request and the one security level to an enterprise gateway of at least one enterprise;
  
  wherein the enterprise gateway is operable to filter the requested information according to the one security level associated with the information request and to transmit the requested information directly from the enterprise gateway to the client application, wherein the requested information is filtered by the enterprise gateway according to the one security level.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein associating the information request with the one security level comprises associating the information request with the one security level and other of the plurality of security levels below the one security level.
  - 12. The method of claim 10, wherein receiving the information request for information comprises receiving the information request conforming to a publish/subscribe model.
  - 13. The method of claim 10, wherein receiving the information request for information from the client application comprises receiving the information request from a web browser.
  - 14. The method of claim 10, wherein the requested information is filtered by the enterprise gateway comprising a high assurance guard.
  - 15. The method of claim 10, further comprising:
    - receiving, from the client application, another information request for information stored in a legacy data repository;
      
      associating the another information request with another one of the plurality of differing security levels; and
      
      transmitting the requested information stored in the legacy data repository to the client application, the requested information from the legacy data repository filtered by the enterprise access service tool according to the one security level.
  - 16. The method of claim 10, wherein receiving the information request occurs in connection with a plurality of services operating in a service oriented architecture and comprises receiving the information request by a plurality of commercial off-the-shelf services and accessing the requested information from the at least one data repository through a virtual private network.

17. A non-transitory computer-readable medium having code stored therein that, when executed by a processor, is operable to perform at least the following:
- host, by a service, a network interface for information access by a client application;
  
  receive, at the service from the client application via the network interface, an information request for information stored in a data repository managed by at least one enterprise;
  
  determine, by the service, one security level for the information request from a plurality of differing security levels;
  
  associate the information request with the one security level; and
  
  transmit the information request and the one security level to an enterprise gateway of at least one enterprise;
  
  wherein the enterprise gateway is operable to transmit a filtered version of the requested information to the client application independent of the service, the requested information being filtered by the enterprise gateway according to the one security level associated with the information request.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The non-transitory computer-readable medium of claim 17, wherein associating the information request with the one security level comprises associating the information request with the one security level and other of the plurality of security levels below the one security level.
  - 19. The non-transitory computer-readable medium of claim 17, wherein the information request conforms to a publish/subscribe model.
  - 20. The non-transitory computer-readable medium of claim 17, wherein the information request is a request from a web browser.
  - 21. The non-transitory computer-readable medium of claim 17, wherein the enterprise gateway comprises a high assurance guard.
  - 22. The non-transitory computer-readable medium of claim 17, wherein the code is further operable to:
    - receive, from the client application, another information request for information stored in a legacy data repository;
      
      associate the another information request with another one of the plurality of differing security levels; and
      
      transmit the requested information stored in the legacy data repository to the client application, the requested information from the legacy data repository filtered by the enterprise access service tool according to the one security level.
  - 23. The non-transitory computer-readable medium of claim 17, wherein the plurality of services comprises by a plurality of commercial off-the-shelf services and wherein the code is further operable to access the requested information from the at least one data repository through a virtual private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Francisco Partners Management LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
DelRocco, Anthony J., Teijido, Daniel
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Hailu, Teshome

Application Number

US12/329,407
Publication Number

US 20100146618A1
Time in Patent Office

1,509 Days
Field of Search

726/7, 726/12, 726/15, 713/166, 713/172
US Class Current

726/7
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

Multi-level secure information retrieval system

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-level secure information retrieval system

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links