Data security system and method associated with data mining

US 7,322,047 B2
Filed: 12/31/2002
Issued: 01/22/2008
Est. Priority Date: 11/13/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method of securing data based upon a plurality of security levels, each with a predetermined security clearance, in a computer system having a plurality of computers therein and a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels operatively coupled over a communications network, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:

extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data;

storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and

,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

The data security method, system and associated data mining enables multiple users, each having a respective security clearance level to access security sensitive words, data objects, characters or icons. The method extracts security sensitive words, data objects, characters or icons from plaintext or other source documents to obtain (a) subsets of extracted data and (b) remainder data. The extracted data is, in one embodiment, stored in a multilevel security system (MLS) which separates extract data of different security levels with MLS guards. Some or all of the original data is reconstructed via one or more of the subsets of extracted data and remainder data only in the presence of a predetermined security level. In this manner, an inquiring party, with the proper security clearance, can data mine the data in the MLS secured storage.

282 Citations

90 Claims

1. A method of securing data based upon a plurality of security levels, each with a predetermined security clearance, in a computer system having a plurality of computers therein and a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels operatively coupled over a communications network, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:
- extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data;
  
  storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method of securing data as claimed in claim 1 operating over a plurality of computers interconnected together.
  - 3. A method of securing data as claimed in claim 2 including encrypting said subsets of extracted data with corresponding degrees of encryption associated with said plurality of security levels, and including decrypting, during the reconstruction, of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 4. A method of securing data as claimed in claim 3 including encrypting said subsets of extracted data and remainder data prior to storing.
  - 5. A method of securing data as claimed in claim 4 wherein the step of extracting utilizes one of an inference engine, neural network and artificial intelligence process.
  - 6. A method of securing data as claimed in claim 5 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 7. A method of securing data as claimed in claim 6 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 8. A method as claimed in claim 7 wherein the step of reconstruction including the step of permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 9. A method of securing data as claimed in claim 1 wherein the step of extracting utilizes one of an inference engine, neural network and artificial intelligence process.
  - 10. A method of securing data as claimed in claim 1 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 11. A method of securing data as claimed in claim 10 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 12. A method as claimed in claim 1 wherein the step of reconstruction including the step of permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 13. A method as claimed in claim 1 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the reconstruction step including interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 14. A method as claimed in claim 1 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the step of reconstruction including displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.

15. A computerized method of securing data based upon a plurality of security levels, each with a predetermined security clearance, in memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:
- extracting said security sensitive content from said data to obtain subsets of extracted data and remainder data;
  
  storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 16. A method of securing data as claimed in claim 15 operating over a plurality of computers interconnected together.
  - 17. A method of securing data as claimed in claim 16 wherein said subsets of extracted data are encrypted with corresponding degrees of encryption associated with said plurality of security levels, and including decrypting, during the reconstruction, of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 18. A method of securing data as claimed in claim 17 including encrypting said subsets of extracted data and remainder data prior to storing.
  - 19. A method of securing data as claimed in claim 15 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 20. A method of securing data as claimed in claim 19 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 21. A method of securing data as claimed in claim 20 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 22. A method of securing data as claimed in claim 21 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 23. A method as claimed in claim 22 wherein the step of reconstruction including the step of permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 24. A method as claimed in claim 15 wherein the step of reconstruction including the step of permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 25. A method as claimed in claim 15 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the reconstruction step including interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 26. A method as claimed in claim 15 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the step of reconstruction including displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.
  - 27. The computerized method of securing data as claimed in claim 15 wherein the method of securing data operates on source data and the method includes storing said source data in addition to extracting, storing said extracted data and permitting reconstruction.
  - 28. The computerized method of securing data as claimed in claim 15 including separating into groups said subsets of extracted data and storing the same in a predefined customized manner in said respective extract store.
  - 29. The computerized method of securing data as claimed in claim 28 including, prior to permitting reconstruction, applying a security clearance protocol on a supplied user'"'"'s security clearance to determine respective levels of clearance and the respective full or partial reconstruction of some or all of said data.
  - 30. The computerized method of securing data as claimed in claim 29 including, substantially concurrently with permitting reconstruction, logging at least one reconstruction condition from the group of conditions including a location of a user making a reconstruction inquiry, a type of reconstruction inquiry, a chronologic marker for a reconstruction inquiry, said supplied user'"'"'s security clearance, and said respective security level corresponding to said respective extract stores.
  - 31. The computerized method of securing data as claimed in claim 15 including, prior to permitting reconstruction, applying a security clearance protocol on a supplied user'"'"'s security clearance to determine respective levels of clearance and the respective full or partial reconstruction of some or all of said data.
  - 32. The computerized method of securing data as claimed in claim 15 including, substantially concurrently with permitting reconstruction, logging at least one reconstruction condition from the group of conditions including a location of a user making a reconstruction inquiry, a type of reconstruction inquiry, a chronologic marker for a reconstruction inquiry, said supplied user'"'"'s security clearance, and said respective security level corresponding to said respective extract stores.

33. A computer readable storage medium containing programming instructions for securing data based upon a plurality of security levels, each with a predetermined security clearance, in a computer system having a plurality of computers therein and a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels operatively coupled over a communications network, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements, or icons, the programming instructions comprising:
- extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data;
  
  storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 34. A medium with programming instructions as claimed in claim 33 including programming instructions to store said extracted data and said remainder data over a plurality of computers interconnected together.
  - 35. A medium with programming instructions as claimed in claim 33 including instructions for encrypting said subsets of extracted data with corresponding degrees of encryption associated with said plurality of security levels, and including decrypting, during the reconstruction, of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 36. A medium with programming instructions as claimed in claim 35 wherein extracting utilizes one of an inference engine, neural network and artificial intelligence process.
  - 37. A medium with programming instructions as claimed in claim 36 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 38. A medium with programming instructions as claimed in claim 37 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 39. A medium with programming instructions as claimed in claim 38 wherein the reconstruction includes permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 40. A medium with programming instructions as claimed in claim 33 including instructions for encrypting said subsets of extracted data and remainder data prior to storing.
  - 41. A medium with programming instructions as claimed in claim 33 wherein the extracting utilizes one of an inference engine, neural network and artificial intelligence process.
  - 42. A medium with programming instructions as claimed in claim 33 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 43. A medium with programming instructions as claimed in claim 33 including instructions for permitting reconstruction of some or all of said data after securing compensation therefor.
  - 44. A medium with programming instructions as claimed in claim 33 wherein the reconstruction includes permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 45. A medium with programming instructions as claimed in claim 33 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the reconstruction including interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 46. A medium with programming instructions as claimed in claim 33 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the reconstruction including displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.

47. A computer readable storage medium containing programming instructions for securing data based upon a plurality of security levels, each with a predetermined security clearance, in a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:
- extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data;
  
  storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 48. A medium with programming instructions as claimed in claim 47 operating over a plurality of computers interconnected together.
  - 49. A medium with programming instructions as claimed in claim 48 wherein said subsets of extracted data are encrypted with corresponding degrees of encryption associated with said plurality of security levels, and including decrypting, during the reconstruction, of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 50. A medium with programming instructions as claimed in claim 49 including encrypting said subsets of extracted data and remainder data prior to storing.
  - 51. A medium with programming instructions as claimed in claim 47 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 52. A medium with programming instructions as claimed in claim 51 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 53. A medium with programming instructions as claimed in claim 52 wherein said reconstruction partially reconstructs said data in response to a query and represents data mining of said data.
  - 54. A medium with programming instructions as claimed in claim 53 including permitting reconstruction of some or all of said data after securing compensation therefor.
  - 55. A medium with programming instructions as claimed in claim 54 wherein the reconstruction includes permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 56. A medium with programming instructions as claimed in claim 47 wherein the reconstruction includes permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 57. A medium with programming instructions as claimed in claim 47 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the reconstruction includes interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 58. A medium with programming instructions as claimed in claim 47 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the reconstruction including displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.
  - 59. A medium with programming instructions for securing data as claimed in claim 47 wherein the program operates on source data and the program includes storing said source data in addition to extracting, storing said extracted data and permitting reconstruction.
  - 60. A medium with programming instructions for securing data as claimed in claim 47 including separating into groups said subsets of extracted data and storing the same in a predefined customized manner in said respective extract store.
  - 61. A medium with programming instructions for securing data as claimed in claim 60 including, prior to permitting reconstruction, applying a security clearance protocol on a supplied user'"'"'s security clearance to determine respective levels of clearance and the respective full or partial reconstruction of some or all of said data.
  - 62. A medium with programming instructions for securing data as claimed in claim 61 including, substantially concurrently with permitting reconstruction, logging at least one reconstruction condition from the group of conditions including a location of a user making a reconstruction inquiry, a type of reconstruction inquiry, a chronologic marker for a reconstruction inquiry, said supplied user'"'"'s security clearance, and said respective security level corresponding to said respective extract stores.
  - 63. A medium with programming instructions for securing data as claimed in claim 47 including, prior to permitting reconstruction, applying a security clearance protocol on a supplied user'"'"'s security clearance to determine respective levels of clearance and the respective full or partial reconstruction of some or all of said data.
  - 64. A medium with programming instructions for securing data as claimed in claim 47 including, substantially concurrently with permitting reconstruction, logging at least one reconstruction condition from the group of conditions including a location of a user making a reconstruction inquiry, a type of reconstruction inquiry, a chronologic marker for a reconstruction inquiry, said supplied user'"'"'s security clearance, and said respective security level corresponding to said respective extract stores.

65. An information processing system for securing data based upon a plurality of security levels, each with a predetermined security clearance, in a computer system having a plurality of computers therein and a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels operatively coupled over a communications network, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:
- means for extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data;
  
  means for storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,means for permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
- - 66. An information processing system as claimed in claim 65 including means for storing said extracted data and said remainder data over a plurality of computers interconnected together.
  - 67. An information processing system as claimed in claim 65 including means for encrypting said subsets of extracted data with corresponding degrees of encryption associated with said plurality of security levels, and including means for decrypting, during the reconstruction, of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 68. An information processing system as claimed in claim 65 including means for encrypting said subsets of extracted data and remainder data prior to storing.
  - 69. An information processing system as claimed in claim 65 wherein said means for extracting utilizes one of an inference engine, neural network and artificial intelligence system.
  - 70. An information processing system as claimed in claim 65 wherein said means for reconstruction partially reconstructs said data in response to a query and includes means for data mining said data.
  - 71. An information processing system as claimed in claim 65 including means for permitting reconstruction of some or all of said data after securing compensation therefor.
  - 72. An information processing system as claimed in claim 65 wherein said means for reconstruction including means for permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 73. An information processing system as claimed in claim 65 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the means for reconstruction including means for interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 74. An information processing system as claimed in claim 65 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the means for reconstruction including means for displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.
  - 75. An information processing system as claimed in claim 67 wherein the means for extracting utilizes one of an inference engine, neural network and artificial intelligence process.
  - 76. An information processing system as claimed in claim 75 wherein said means for reconstruction partially reconstructs said data in response to a query and includes means for data mining said data.
  - 77. An information processing system as claimed in claim 76 including means for permitting reconstruction of some or all of said data after securing compensation therefor.
  - 78. An information processing system as claimed in claim 77 wherein the means for reconstruction including means for permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.

79. An information processing system for securing data based upon a plurality of security levels, each with a predetermined security clearance, in a plurality of memories designated as a remainder store and a plurality of extract stores for respective ones of said plurality of security levels, said data having security sensitive content represented by one or more security sensitive words, data objects, characters, images, data elements or icons, comprising:
- means for extracting said security sensitive content to obtain (a) subsets of extracted data and (b) remainder data;
  
  means for storing said extracted data and said remainder data in respective extract stores, corresponding to the respective security level of the extracted data, and said remainder store, respectively; and
  
  ,means for permitting reconstruction of some or all of said data via one or more of said subsets of extracted data from respective extract stores and remainder data only in the presence of predetermined security clearance for said respective security level corresponding to said respective extract stores.
- View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
- - 80. An information processing system as claimed in claim 79 operating over a plurality of computers interconnected together.
  - 81. An information processing system as claimed in claim 80 wherein said subsets of extracted data are encrypted with corresponding degrees of encryption associated with said plurality of security levels, and including means for decrypting of some or all of said subsets of extracted data only in the presence of said predetermined security clearance of said plurality of security levels.
  - 82. An information processing system as claimed in claim 81 including means for encrypting said subsets of extracted data and remainder data prior to storing.
  - 83. An information processing system as claimed in claim 79 wherein said means for reconstruction partially reconstructs said data in response to a query and includes data mining means for said data.
  - 84. An information processing system as claimed in claim 83 including means for permitting reconstruction of some or all of said data after securing compensation therefor.
  - 85. An information processing system as claimed in claim 84 wherein said means for reconstruction partially reconstructs said data in response to a query and includes means for data mining said data.
  - 86. An information processing system as claimed in claim 85 including means for permitting reconstruction of some or all of said data after securing compensation therefor.
  - 87. An information processing system as claimed in claim 86 wherein the means for reconstruction includes means for permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 88. An information processing system as claimed in claim 79 wherein means for reconstruction including means for permitting a plurality of partial reconstructions of said data in the presence of respective ones of said plurality of security clearance levels.
  - 89. An information processing system as claimed in claim 79 wherein said computer system includes a display fed from video memory having a plurality of frame memory segments, the means for reconstruction including means for interleaving extracted data and remainder data into respective ones of said plurality of frame memory segments.
  - 90. An information processing system as claimed in claim 79 wherein said computer system includes a data display system with at least two separate but visually overlaid displays, the means for reconstruction including means for displaying said extracted data on one of said at least two displays and displaying said remainder data on another of said at least two displays.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
DigitalDoors, Inc.
Original Assignee
DigitalDoors, Inc.
Inventors
Redlich, Ron M., Nemzow, Martin A.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Pyzocha, Michael

Application Number

US10/277,196
Publication Number

US 20030120949A1
Time in Patent Office

1,848 Days
Field of Search

726/27, 713/166, 713/193, 715/530, 715/540, 715/751, 709/229
US Class Current

726/27
CPC Class Codes

A61K 38/00   Medicinal preparations cont...

C07K 14/70575   NGF/TNF-superfamily, e.g. C...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

Data security system and method associated with data mining

First Claim

2 Assignments

Litigations

1 Petition

Accused Products

Abstract

282 Citations

90 Claims

Specification

Use Cases

Quick Links

Others

Data security system and method associated with data mining

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

282 Citations

90 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others