Classification separation router

US 8,627,494 B2
Filed: 09/17/2009
Issued: 01/07/2014
Est. Priority Date: 09/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method for addressing a request for classified electronic data, comprising:

segregating data stored in a storage into at least two classifications;

receiving a request for data, wherein an identifier associated with the request includes a security attribute and a subject category;

filtering data from the storage based upon presence of the security attribute in at least one of the classifications of the data and based upon presence of a security policy defining access to the classifications of data;

dynamically creating a partition to contain request-specific filtered data in response to the request;

populating the created partition with a copy of the filtered data, wherein the created partition contains only data meeting the security policy and the subject category of the request; and

redirecting the request to the created partition to satisfy the request from the created partition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided to classify and convey data to satisfy a client request. The classification system is a two dimensional data classification system, including a first dimension pertaining to subject matter and a second dimension pertaining to data security. A partition is dynamically created, and data that satisfies the request populates the created partition to convey parsed data based satisfying both dimensions of the request.

Citations

17 Claims

1. A method for addressing a request for classified electronic data, comprising:
- segregating data stored in a storage into at least two classifications;
  
  receiving a request for data, wherein an identifier associated with the request includes a security attribute and a subject category;
  
  filtering data from the storage based upon presence of the security attribute in at least one of the classifications of the data and based upon presence of a security policy defining access to the classifications of data;
  
  dynamically creating a partition to contain request-specific filtered data in response to the request;
  
  populating the created partition with a copy of the filtered data, wherein the created partition contains only data meeting the security policy and the subject category of the request; and
  
  redirecting the request to the created partition to satisfy the request from the created partition.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising assigning a time interval for active status of the created partition.
  - 3. The method of claim 2, further comprising destroying the created partition following expiration of the time interval.
  - 4. The method of claim 3, further comprising destroying the filtered data maintained local to the partition.
  - 5. The method of claim 2, further comprising archiving the created partition following expiration of the time interval.
  - 6. The method of claim 1, wherein the created partition is configured to receive data filtered for a single classification.

7. A computer system, comprising:
- a server in communication with a data storage medium;
  
  data stored local to the storage medium segregated into at least two classifications;
  
  a receiving manager in communication with the server configured to receive a request for data, the request having an identifier with a security attribute and a subject category;
  
  a filter in communication with the receiving manager, the filter to parse data from the storage medium based upon presence of the security attribute in at least one of the classifications of the data and based upon presence of a security policy that defines access to the classifications of data;
  
  a partition manager in communication with the receiving manager, the partition manager to dynamically create a partition to contain request-specific filtered data in response to the request, wherein the created partition contains only data meeting the security policy and the subject category of the request;
  
  the partition manager to populate the created partition with a copy of the filtered data to satisfy the request.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, further comprising a time interval assigned to an active status of the created partition.
  - 9. The system of claim 8, further comprising a time manager to destroy the created partition following expiration of the time interval, including destroying the filtered data maintained local to the partition.
  - 10. The system of claim 8, further comprising a time manager to archive the created partition following expiration of the time interval, including maintenance of a copy of the filtered data in local data storage.
  - 11. The system of claim 7, wherein the created partition is configured to receive data for a single classification.

12. An article comprising:
- a computer-readable data storage device including computer program instructions configured to address a request for classified electronic data, the instructions comprising;
  
  instructions to separate stored data into at least two classifications;
  
  instructions to receive a request for data, wherein an identifier associated with the request includes a security attribute;
  
  instructions to filter data from a storage based upon presence of the security parameter in at least one of the classifications of the data and based upon presence of a security policy defining access to the classifications of data;
  
  instructions to dynamically create a partition configured to contain the filtered data in response to the request; and
  
  instructions to satisfy the request from the created partition, including populating the created partition with a copy of request-specific filtered data and redirecting the request to the created partition, wherein the created partition contains only data meeting the security policy and the subject category of the request.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The article of claim 12, further comprising instructions to assign a time interval for active status of the created partition.
  - 14. The article of claim 13, further comprising instructions to destroy the created partition following expiration of the time interval.
  - 15. The article of claim 14, further comprising instructions to destroy the filtered data maintained local to the partition.
  - 16. The article of claim 13, further comprising instructions to archive the created partition following expiration of the time interval.
  - 17. The article of claim 12, wherein the created partition is configured to receive data filtered for a single classification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jones, Daniel H., Lendacky, Thomas G., Wilson, George C., Ratliff, Emily J
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US12/561,813
Publication Number

US 20110067113A1
Time in Patent Office

1,573 Days
Field of Search

726/27, 711/173
US Class Current

726/27
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6227   where protection concerns t...

H04L 63/105   Multiple levels of security

Classification separation router

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Classification separation router

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links