SERVICE ORIENTED SECURE COLLABORATIVE SYSTEM FOR COMPARTMENTED NETWORKS

US 20130097688A1
Filed: 10/16/2012
Published: 04/18/2013
Est. Priority Date: 10/17/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a computer processor configured to;

receive a request from a user to store a document in a database;

receive a user security token;

analyze the document to determine an adjudicated security level for the document;

compare the user security token to the adjudicated security level;

store the document in the database when the user security token is equal to the adjudicated security level;

when the user security token is not equal to the adjudicated security level, query the user as to whether the document should be stored in the database with the adjudicated security level;

receive a response to the query from the user;

store the document in the database when the user agrees to store the document in the database with the adjudicated security level; and

when the user does not agree to store the document in the database with the adjudicated security level, transmit a message to a security officer and quarantine the document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system receives a request to store a document in a database, receives a user security token, analyzes the document to determine an adjudicated security level for the document, compares the user security token to the adjudicated security level, stores the document when the user security token is equal to the adjudicated security level, when the user security token is not equal to the adjudicated security level, queries the user as to whether the document should be stored with the adjudicated security level, receives a response to the query from the user, stores the document when the user agrees to store the document with the adjudicated security level, and when the user does not agree to store the document with the adjudicated security level, transmits a message to a security officer and quarantine the document.

69 Citations

View as Search Results

24 Claims

1. A system comprising:
- a computer processor configured to;
  
  receive a request from a user to store a document in a database;
  
  receive a user security token;
  
  analyze the document to determine an adjudicated security level for the document;
  
  compare the user security token to the adjudicated security level;
  
  store the document in the database when the user security token is equal to the adjudicated security level;
  
  when the user security token is not equal to the adjudicated security level, query the user as to whether the document should be stored in the database with the adjudicated security level;
  
  receive a response to the query from the user;
  
  store the document in the database when the user agrees to store the document in the database with the adjudicated security level; and
  
  when the user does not agree to store the document in the database with the adjudicated security level, transmit a message to a security officer and quarantine the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the computer processor is configured to check for the user security token in the request to store the document in the database;
    - and wherein when the request to store the document in the database does not include a user security token, the computer processor is configured to generate a user security token.
  - 3. The system of claim 1, wherein the computer processor is configured to automatically generate the user security token when the user logs on to the system.
  - 4. The system of claim 1, wherein the user security token and the adjudicated security level comprise a first portion relating to a security clearance and a second portion relating to a security caveat.
  - 5. The system of claim 4, wherein the security clearance comprises one or more of unclassified, confidential, secret, or top secret, and the security caveat comprises a particular topic.
  - 6. The system of claim 1, wherein the user security token comprises a first portion relating to a user security clearance and a second portion relating to a device security clearance.
  - 7. The system of claim 1, wherein the user security token or the adjudicated security level for the document is stored as metadata associated with the document.
  - 8. The system of claim 1, wherein the computer processor is configured to store the document at the security token level or the adjudicated security level as a function of a decision by the security officer.
  - 9. The system of claim 1, wherein the analyzing by the computer processor comprises scanning the document for an appearance of one or more keywords, each of the one of more keywords associated with a particular security level.
  - 10. The system of claim 1, wherein the user security token is generated by a union of a user security clearance and a device security clearance, the union comprising a least security clearance between the user and the device.
  - 11. The system of claim 1, wherein the computer processor is configured to generate a workflow process when the user does not agree to store the document in the database with the adjudicated security level;
    - and wherein the workflow process is provided to the security officer.
  - 12. The system of claim 1, wherein the computer processor is configured to:
    - generate the user security token by compiling a user security clearance, one or more user security caveats, a device security clearance, and one or more device caveats into a group; and
      
      transferring ownership of the document from the user to the security officer.
  - 13. The system of claim 12, wherein the computer processor comprises a Sharepoint®
    - system.
  - 14. The system of claim 1, wherein the computer processor is configured to monitor a document folder or a network filing sharing system to identify a document check-in request, and to invoke the analysis and adjudication upon the identification of the check-in request.
  - 15. The system of claim 1, wherein the computer processor is configured to:
    - receive a request from a second user to access the document stored in the database;
      
      receive a second user security token;
      
      compare the second user security token with the security level of the stored document; and
      
      when the second user security token is greater than or equal to the security level of the stored document, permit the second user to access the stored document.
  - 16. The system of claim 1, wherein the computer processor comprises one or more of a hosting processor for a file management system, a directory domain controller, and a security processor in communication with the directory domain controller.
  - 17. The system of claim 16, wherein the security processor is configured to acquire security token information from the directory domain controller, and wherein the security processor is configured to transmit the security token to the hosting processor.
  - 18. The system of claim 6, wherein the device security clearance comprises one or more of an Internet Protocol address, a public security key, and a private security key.

19. A system comprising:
- a computer processor configured to;
  
  receive a user security token;
  
  receive a labeled message from a user;
  
  store the message from the user in a computer storage device, the computer storage device comprising a list security level;
  
  analyze the content of the message and assign an adjudicated security level to the message as a function of the analysis;
  
  compare the adjudicated security level to the list security level;
  
  post the message for one or more other users to view when the adjudicated security level is less than or equal to the list security level; and
  
  when the adjudicated security level is greater than the list security level, notify the user without disclosing additional information to the user and transmit a second message to a security officer.

20. A system comprising:
- a computer processor configured to;
  
  enable a user to create an electronic mail message;
  
  lookup or receive a user security token for the user;
  
  enable a user to label the electronic mail message using a classification line and apply a user security level from the user security token as metadata to the electronic mail message;
  
  analyze the electronic mail message to determine an adjudicated security level as a function of content of the electronic mail message;
  
  record an electronic mail message identifier and the adjudicated security level;
  
  compare the user security token with the adjudicated security level;
  
  validate the user security level of the electronic mail message with a mail security level as a function of the comparison of the user security token with the adjudicated security level;
  
  lookup a recipient security level;
  
  compare the recipient security level with the mail security level of the labeled electronic mail message;
  
  remove the recipient from the labeled electronic mail message or maintain the recipient on the labeled electronic mail message as a function of the comparison of the recipient security level with the mail security level of the labeled electronic mail message;
  
  transmit a message to a security officer as a function of the comparison of the user security token with the adjudicated security level and the comparison of the recipient security token with the mail security level of the labeled electronic mail message; and
  
  transmit the labeled electronic mail message to the recipient when the recipient is maintained on the labeled electronic mail message.
- View Dependent Claims (21)
- - 21. The system of claim 20, comprising one or more of a calendar functionality, a contact functionality, and a voice messaging functionality.

22. A system comprising:
- a computer processor configured to;
  
  receive visual data;
  
  receive input from a security operator labeling the visual data with a security level;
  
  receive a request from a user to view the visual data;
  
  compare a user security token associated with the user to the security level of the visual data; and
  
  grant or deny access to the visual data for the user as a function of the comparison of the user security token with the security level of the video data.

23. A process comprising:
- storing a document in a database, the document including a plurality of portion marked segments, each of the plurality of portion marked segments labeled with a security level;
  
  receiving a search request from a user to retrieve data from the database, wherein a user security token is associated with the user;
  
  retrieving a segment from the document when the user security token is equal to or greater than the security level for the segment; and
  
  displaying the retrieved segment to the user.

24. A process comprising:
- receiving data input from a first user;
  
  storing the first user data input on a computer storage device;
  
  creating a session and label the session with a session security level;
  
  receiving a log on command from a second user;
  
  receiving a security token associated with the second user;
  
  comparing the second user security token with the session security level;
  
  permitting the second user to simultaneously view the first user data input during the session as the first user inputs the data if the second user security token is equal to or greater than the session security level; and
  
  transmitting a message to a security officer when the second user security token is less than the session security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Bradley, Charles B. II, Farley, Thomas D., Nadeau, Jason S.

Granted Patent

US 8,978,124 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/6218 to a system of files or obj...

SERVICE ORIENTED SECURE COLLABORATIVE SYSTEM FOR COMPARTMENTED NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SERVICE ORIENTED SECURE COLLABORATIVE SYSTEM FOR COMPARTMENTED NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links