Method and system of quantifying risk
First Claim
1. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content in target data processed by a computer system, said security sensitive words consisting essentially of content understood by humans identifying personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, comprising:
- categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories;
obtaining and compiling preexisting data for each category;
ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein;
comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and
processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
ranking and assigning a respective risk rank quantifier to said indeterminable category;
modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
1 Assignment
0 Petitions
Accused Products
Abstract
The method of quantifying risk, implemented as a computerized program, quantifies the risk of releasing security sensitive words, data objects, characters or icons which may be part of data subject to analysis (target data). Security words, etc. are categorized, pre-existing data for each category is obtained and the categories (and subsumed pre-existing data) are ranked by risk. The target data is compared to the compiled pre-existing data and a risk output is generated. For unknown or undefined words, an indeterminable category is created and is ranked. The method may include inference engines, and contextual routines to add semantic equivalents and opposites to the critical list. Search engines may be employed to add to the list. A differential rank quantifier is assigned to the security words, etc. which has a different rank than the associated category. Frequency analysis, source analysis and stochastic analysis is also used. The risk output is altered.
85 Citations
139 Claims
-
1. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content in target data processed by a computer system, said security sensitive words consisting essentially of content understood by humans identifying personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, comprising:
-
categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories; obtaining and compiling preexisting data for each category; ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein; comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories; ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
- 37. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, data objects, characters, images, data elements or icons in said target data processed by a computer system comprising:
-
48. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, wherein each one of said security sensitive words is categorized into one of a plurality of categories, and wherein said plurality of categories include an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of categories, the method comprising:
-
obtaining and compiling preexisting data for each category; ranking said categories by risk and assigning a risk rank quantifier to each respective category and to preexisting data subsumed therein; comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing sensitive word data in said computer system; and ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data in a computer system wherein each one of said security sensitive words is categorized into one of a plurality of categories, and wherein said plurality of categories include an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of categories, the method comprising:
-
obtaining and compiling preexisting data for each category; ranking said categories by risk and assigning a risk rank quantifier to each respective category and to preexisting data subsumed therein; comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing sensitive word data in said computer system; and ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
-
-
78. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network comprising:
-
categorizing each one of said security sensitive words into one of a plurality of categories on said at least one server computer; obtaining and compiling preexisting data for each category via said at least one server computer; ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein via said at least one server computer; comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content in an exchange between said at least one server computer and said at least one client computer; and processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories; ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
-
-
91. A server-based computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network comprising:
-
categorizing each one of said security sensitive words into one of a plurality of categories on said at least one server computer; obtaining and compiling preexisting data for each category via said at least one server computer; ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein via said at least one server computer; comparing said target data to said preexisting data and generating risk score output, directed at said at least one client computer, representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and
,processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories; ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104)
-
-
105. A non-transitory computer readable storage medium having stored thereon and encoded with non-transitory programming instructions, operating on target data, for quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, the programming instructions comprising:
-
categorizing each one of said security sensitive words into one of a plurality of categories; obtaining and compiling preexisting data for each category; ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein; comparing said target data to said preexisting data and generating risk score output representative of all risk rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content, and, processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories; ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127)
-
-
128. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content represented by sensitive words, said security sensitive words not including malicious data but said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, comprising:
-
categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories; obtaining and compiling preexisting data for each category; ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein; comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories; ranking and assigning a respective risk rank quantifier to said indeterminable category; modifying said risk score output with rank quantifiers representing said indeterminable words in said target data. - View Dependent Claims (129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139)
-
Specification