Multi-focused fine-grained security framework

US 9,881,166 B2
Filed: 04/16/2015
Issued: 01/30/2018
Est. Priority Date: 04/16/2015
Status: Expired due to Fees

First Claim

Patent Images

1. An information handling system comprising:

one or more processors;

a memory coupled to at least one of the processors; and

a set of computer program instructions stored in the memory and executed by at least one of the processors in order to perform actions of;

assigning a plurality of security annotation tags to at least one document in a corpus of electronic documents based upon one or more document properties corresponding to the at least one document;

building, by the one or more processors processor, an electronic knowledge structure from the corpus of electronic documents, wherein the building further comprises;

generating a plurality of term tokens and storing the plurality of term tokens in a plurality of text fields, wherein the plurality of term tokens correspond to a plurality of terms included in the corpus of documents;

generating a plurality of security annotation tokens based on the plurality of security annotation tags and storing the plurality of security annotation tokens in a plurality of parallel fields that correspond to the plurality of text fields, wherein each of the plurality of security annotation tokens indicate a security level of one of the plurality of term tokens stored in the corresponding one of the plurality of text fields; and

storing the electronic knowledge structure in a memory;

matching, by the one or more processors processor, one or more security policies corresponding to a search request to one or more of the plurality of security annotation tokens, wherein the search request is received over a computer network;

identifying, by the one or more processors processor, a first subset of the plurality of term tokens that correspond to the matched one or more of the plurality of security annotation tokens and identifying a second subset of the plurality of term tokens not corresponding to the matched one or more of the plurality of security annotation tokens; and

generating, by the one or more processors processor, one or more answers to the search request, wherein at least one of the one or more answers provides the second set of term tokens and obfuscates the first subset of term tokens.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided in which a knowledge manager generates a knowledge structure that includes security annotation tokens and term tokens. Each of the security annotation tokens are stored in a parallel field and align to at least one of the term tokens. The knowledge manager matches security policies corresponding to a search request to one or more of the security annotation tokens and, in turn, generates search results based upon obfuscation of one or more of the term tokens aligned to the matched security annotation tokens.

44 Citations

12 Claims

1. An information handling system comprising:
- one or more processors;
  
  a memory coupled to at least one of the processors; and
  
  a set of computer program instructions stored in the memory and executed by at least one of the processors in order to perform actions of;
  
  assigning a plurality of security annotation tags to at least one document in a corpus of electronic documents based upon one or more document properties corresponding to the at least one document;
  
  building, by the one or more processors processor, an electronic knowledge structure from the corpus of electronic documents, wherein the building further comprises;
  
  generating a plurality of term tokens and storing the plurality of term tokens in a plurality of text fields, wherein the plurality of term tokens correspond to a plurality of terms included in the corpus of documents;
  
  generating a plurality of security annotation tokens based on the plurality of security annotation tags and storing the plurality of security annotation tokens in a plurality of parallel fields that correspond to the plurality of text fields, wherein each of the plurality of security annotation tokens indicate a security level of one of the plurality of term tokens stored in the corresponding one of the plurality of text fields; and
  
  storing the electronic knowledge structure in a memory;
  
  matching, by the one or more processors processor, one or more security policies corresponding to a search request to one or more of the plurality of security annotation tokens, wherein the search request is received over a computer network;
  
  identifying, by the one or more processors processor, a first subset of the plurality of term tokens that correspond to the matched one or more of the plurality of security annotation tokens and identifying a second subset of the plurality of term tokens not corresponding to the matched one or more of the plurality of security annotation tokens; and
  
  generating, by the one or more processors processor, one or more answers to the search request, wherein at least one of the one or more answers provides the second set of term tokens and obfuscates the first subset of term tokens.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The information handling system of claim 1 wherein at least one of the one or more processors perform additional actions comprising:
    - determining that at least one of the one or more security policies is a search restriction policy corresponding to the matched one or more security annotation tokens; and
      
      omitting the first subset of term tokens during a search of the electronic knowledge structure.
  - 3. The information handling system of claim 1 wherein at least one of the one or more processors perform additional actions comprising:
    - determining that at least one of the one or more security policies is a scoring restriction policy corresponding to the matched one or more security annotation tokens; and
      
      omitting the first subset of term tokens during a scoring of one or more search results corresponding to the one or more answers.
  - 4. The information handling system of claim 1 wherein at least one of the one or more processors perform additional actions comprising:
    - determining that at least one of the one or more security policies is a passage authorization security policy corresponding to the matched one or more security annotation tokens; and
      
      deleting one or more candidate answers based upon the passage authorization security policy.
  - 5. The information handling system of claim 1 wherein at least one of the one or more processors perform additional actions comprising:
    - determining that at least one of the one or more security policies is a visualization security policy corresponding to the matched one or more security annotation tokens; and
      
      displaying a modified one of the one or more answers that masks one or more of the first subset of term tokens.
  - 6. The information handling system of claim 5 wherein at least one of the one or more processors perform additional actions comprising:
    - replacing the masked one or more of the first subset of term tokens with one or more security warning messages.

7. A computer program product stored in a computer readable storage device, comprising computer program code that, when executed by an information handling system, causes the information handling system to perform actions comprising:
- assigning a plurality of security annotation tags to at least one document in a corpus of electronic documents based upon one or more document properties corresponding to the at least one document;
  
  building, by a processor, an electronic knowledge structure from the corpus of electronic documents, wherein the building further comprises;
  
  generating a plurality of term tokens and storing the plurality of term tokens in a plurality of text fields, wherein the plurality of term tokens correspond to a plurality of terms included in the corpus of documents;
  
  generating a plurality of security annotation tokens based on the plurality of security annotation tags and storing the plurality of security annotation tokens in a plurality of parallel fields that correspond to the plurality of text fields, wherein each of the plurality of security annotation tokens indicate a security level of one of the plurality of term tokens stored in the corresponding one of the plurality of text fields; and
  
  storing the electronic knowledge structure in a memory;
  
  matching, by the processor, one or more security policies corresponding to a search request to one or more of the plurality of security annotation tokens, wherein the search request is received over a computer network;
  
  identifying, by the processor, a first subset of the plurality of term tokens that correspond to the matched one or more of the plurality of security annotation tokens and identifying a second subset of the plurality of term tokens not corresponding to the matched one or more of the plurality of security annotation tokens; and
  
  generating, by the processor, one or more answers to the search request, wherein at least one of the one or more answers provides the second set of term tokens and obfuscates the first subset of term tokens.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7 wherein the information handling system performs additional actions comprising:
    - determining that at least one of the one or more security policies is a search restriction policy corresponding to the matched one or more security annotation tokens; and
      
      omitting the first subset of term tokens during a search of the electronic knowledge structure.
  - 9. The computer program product of claim 7 wherein the information handling system performs additional actions comprising:
    - determining that at least one of the one or more security policies is a scoring restriction policy corresponding to the matched one or more security annotation tokens; and
      
      omitting the first subset of term tokens during a scoring of one or more search results corresponding to the one or more answers.
  - 10. The computer program product of claim 7 wherein the information handling system performs additional actions comprising:
    - determining that at least one of the one or more security policies is a passage authorization security policy corresponding to the matched one or more security annotation tokens; and
      
      deleting one or more candidate answers based upon the passage authorization security policy.
  - 11. The computer program product of claim 7 wherein the information handling system performs additional actions comprising:
    - determining that at least one of the one or more security policies is a visualization security policy corresponding to the matched one or more security annotation tokens; and
      
      displaying a modified one of the one or more answers that masks one or more of the first subset of term tokens.
  - 12. The computer program product of claim 11 wherein the information handling system performs additional actions comprising:
    - replacing the masked one or more of the first subset of term tokens with one or more security warning messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Beamon, Bridget B., Debroni, Bradley M., Filoti, Octavian F., Kyle, Bryan J., Nolan, Christopher M.
Primary Examiner(s)
Sholeman, Abu

Application Number

US14/688,985
Publication Number

US 20160306985A1
Time in Patent Office

1,020 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Multi-focused fine-grained security framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Multi-focused fine-grained security framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others