Method and system of quantifying risk

US 8,533,840 B2
Filed: 03/25/2003
Issued: 09/10/2013
Est. Priority Date: 03/25/2003
Status: Active Grant

First Claim

Patent Images

1. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content in target data processed by a computer system, said security sensitive words consisting essentially of content understood by humans identifying personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, comprising:

categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories;

obtaining and compiling preexisting data for each category;

ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein;

comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and

processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and

establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;

ranking and assigning a respective risk rank quantifier to said indeterminable category;

modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method of quantifying risk, implemented as a computerized program, quantifies the risk of releasing security sensitive words, data objects, characters or icons which may be part of data subject to analysis (target data). Security words, etc. are categorized, pre-existing data for each category is obtained and the categories (and subsumed pre-existing data) are ranked by risk. The target data is compared to the compiled pre-existing data and a risk output is generated. For unknown or undefined words, an indeterminable category is created and is ranked. The method may include inference engines, and contextual routines to add semantic equivalents and opposites to the critical list. Search engines may be employed to add to the list. A differential rank quantifier is assigned to the security words, etc. which has a different rank than the associated category. Frequency analysis, source analysis and stochastic analysis is also used. The risk output is altered.

85 Citations

View as Search Results

139 Claims

1. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content in target data processed by a computer system, said security sensitive words consisting essentially of content understood by humans identifying personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, comprising:
- categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories;
  
  obtaining and compiling preexisting data for each category;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein;
  
  comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and
  
  processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
  
  establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The method as claimed in claim 1 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 3. The method as claimed in claim 2 wherein the step of ranking includes ranking said security sensitive words.
  - 4. The method as claimed in claim 3 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 5. The method as claimed in claim 4 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 6. The method as claimed in claim 5 wherein the step of categorizing said security sensitive words includes matching said security sensitive words, data objects, characters, images, data elements or icons with a predetermined plurality of preexisting categories.
  - 7. The method as claimed in claim 6 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 8. The method as claimed in claim 7 including inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 9. The method as claimed in claim 8 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 10. The method as claimed in claim 9 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 11. The method as claimed in claim 10 including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 12. The method as claimed in claim 11 including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 13. The method as claimed in claim 1 including aggregating risk rank quantifiers representing said indeterminable words in said target data with said risk rank quantifiers associated with preexisting data found in said target data.
  - 14. The method as claimed in claim 1 wherein the step of ranking includes ranking said security sensitive words.
  - 15. The method as claimed in claim 14 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 16. The method as claimed in claim 1 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 17. The method as claimed in claim 1 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 18. The method as claimed in claim 17 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 19. The method as claimed in claim 1 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 20. The method as claimed in claim 19 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 21. The method as claimed in claim 20 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 22. The method as claimed in claim 1 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which are different than said risk rank quantifier assigned to the subsumed category.
  - 23. The Method as claimed in claim 1 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 24. The method as claimed in claim 1 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 25. The computerized method as claimed in claim 24 wherein the step of ranking includes risk ranking said security sensitive words.
  - 26. The computerized method as claimed in claim 25 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 27. The computerized method as claimed in claim 26 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 28. The computerized method as claimed in claim 27 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 29. The computerized method as claimed in claim 28 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 30. The computerized method as claimed in claim 29 including inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 31. The computerized method as claimed in claim 30 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 32. The computerized method as claimed in claim 31 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 33. The computerized method as claimed in claim 32 including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 34. The computerized method as claimed in claim 33 including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 35. The method as claimed in claim 1 including aggregating risk rank quantifiers representing said indeterminable words in said target data with said risk rank quantifiers associated with preexisting data found in said target data.
  - 36. The method as claimed in claim 1 including aggregating risk rank quantifiers representing said indeterminable words in said target data with said risk rank quantifiers associated with preexisting data found in said target data.

37. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, data objects, characters, images, data elements or icons in said target data processed by a computer system comprising:
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 38. The computerized method as claimed in claim 37 wherein the step of ranking includes risk ranking said security sensitive words.
  - 39. The computerized method as claimed in claim 38 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 40. The computerized method as claimed in claim 37 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 41. The computerized method as claimed in claim 37 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 42. The computerized method as claimed in claim 41 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 43. The computerized method as claimed in claim 37 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 44. The computerized method as claimed in claim 43 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 45. The computerized method as claimed in claim 44 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 46. The computerized method as claimed in claim 37 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 47. The computerized method as claimed in claim 37 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.

48. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, wherein each one of said security sensitive words is categorized into one of a plurality of categories, and wherein said plurality of categories include an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of categories, the method comprising:
- obtaining and compiling preexisting data for each category;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and to preexisting data subsumed therein;
  
  comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and
  
  processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing sensitive word data in said computer system; and
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 49. The method as claimed in claim 48 wherein the step of ranking includes ranking said security sensitive words.
  - 50. The method as claimed in claim 49 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 51. The method as claimed in claim 48 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 52. The method as claimed in claim 51 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 53. The method as claimed in claim 52 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 54. The method as claimed in claim 48 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words, data objects, characters, images, data elements or icons which is different than said risk rank quantifier assigned to the subsumed category.
  - 55. The method as claimed in claim 48 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 56. The method as claimed in claim 48 wherein the step of ranking includes ranking said security sensitive words.
  - 57. The method as claimed in claim 56 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 58. The method as claimed in claim 57 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method including inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 59. The method as claimed in claim 58 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 60. The method as claimed in claim 59 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 61. The Method as claimed in claim 60 including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 62. The method as claimed in claim 61 including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.

63. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data in a computer system wherein each one of said security sensitive words is categorized into one of a plurality of categories, and wherein said plurality of categories include an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of categories, the method comprising:
- obtaining and compiling preexisting data for each category;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and to preexisting data subsumed therein;
  
  comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and
  
  processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing sensitive word data in said computer system; and
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
- - 64. The computerized method as claimed in claim 63 wherein the step of ranking includes ranking said security sensitive words.
  - 65. The computerized method as claimed in claim 64 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 66. The computerized method as claimed in claim 63 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 67. The computerized method as claimed in claim 66 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 68. The computerized method as claimed in claim 67 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 69. The computerized method as claimed in claim 63 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 70. The computerized method as claimed in claim 63 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 71. The computerized method as claimed in claim 63 wherein the step of ranking includes ranking said security sensitive words.
  - 72. The computerized method as claimed in claim 71 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 73. The computerized method as claimed in claim 72 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method including inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 74. The computerized method as claimed in claim 73 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 75. The computerized method as claimed in claim 74 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 76. The computerized method as claimed in claim 75 including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 77. The computerized method as claimed in claim 76 including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.

78. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network comprising:
- categorizing each one of said security sensitive words into one of a plurality of categories on said at least one server computer;
  
  obtaining and compiling preexisting data for each category via said at least one server computer;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein via said at least one server computer;
  
  comparing said target data to said preexisting data and generating risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content in an exchange between said at least one server computer and said at least one client computer; and
  
  processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
  
  establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
- - 79. The computerized method as claimed in claim 78 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 80. The computerized method as claimed in claim 78 including aggregating rank quantifiers representing said indeterminable words in said target data with said rank quantifiers associated with preexisting data found in said target data via said at least one server computer.
  - 81. The computerized method as claimed in claim 78 wherein the step of ranking includes ranking said security sensitive words.
  - 82. The computerized method as claimed in claim 81 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 83. The computerized method as claimed in claim 78 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 84. The computerized method as claimed in claim 78 wherein the step of categorizing said security sensitive words includes matching said security sensitive words, data objects, characters, images, data elements or icons with a predetermined plurality of preexisting categories on said at least one server computer.
  - 85. The computerized method as claimed in claim 84 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 86. The computerized method as claimed in claim 78 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories on said at least one server computer.
  - 87. The computerized method as claimed in claim 86 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 88. The computerized method as claimed in claim 87 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet via said at least one server computer, the step of searching used to infer said additional security sensitive words.
  - 89. The computerized method as claimed in claim 78 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category on said at least one server computer.
  - 90. The computerized method as claimed in claim 78 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data via said at least one server computer; and
      
      altering said risk score output based upon said analysis in said exchange between said at least one server computer and said at least one client computer.

91. A server-based computerized method, operating on target data, of quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer deployed in a client-server computer system with at least one server computer operatively coupled to at least one client computer over a communications network comprising:
- categorizing each one of said security sensitive words into one of a plurality of categories on said at least one server computer;
  
  obtaining and compiling preexisting data for each category via said at least one server computer;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein via said at least one server computer;
  
  comparing said target data to said preexisting data and generating risk score output, directed at said at least one client computer, representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content; and
  
  ,processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
  
  establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104)
- - 92. The server-based computerized method as claimed in claim 91 including:
    - wherein ranking and assigning a respective risk rank quantifier to said indeterminable category utilizes said at least one server computer; and
      
      directing the modified risk score output to said at least one client computer.
  - 93. The server-based computerized method as claimed in claim 92 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 94. The server-based computerized method as claimed in claim 92 including aggregating rank quantifiers representing said indeterminable words in said target data with said rank quantifiers associated with preexisting data found in said target data via said at least one server computer.
  - 95. The server-based computerized method as claimed in claim 91 wherein the step of ranking includes ranking said security sensitive words.
  - 96. The server-based computerized method as claimed in claim 95 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 97. The server-based computerized method as claimed in claim 91 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 98. The server-based computerized method as claimed in claim 91 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories on said at least one server computer.
  - 99. The server-based computerized method as claimed in claim 98 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 100. The server-based computerized method as claimed in claim 91 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories on said at least one server computer.
  - 101. The server-based computerized method as claimed in claim 100 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 102. The server-based computerized method as claimed in claim 101 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet via said at least one server computer, the step of searching used to infer said additional security sensitive words.
  - 103. The server-based computerized method as claimed in claim 91 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category on said at least one server computer.
  - 104. The server-based computerized method as claimed in claim 91 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data via said at least one server computer; and
      
      altering said risk score output based upon said analysis and directing the altered risk score output to said at least one client computer.

105. A non-transitory computer readable storage medium having stored thereon and encoded with non-transitory programming instructions, operating on target data, for quantifying the risk of releasing security sensitive words, said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, the programming instructions comprising:
- categorizing each one of said security sensitive words into one of a plurality of categories;
  
  obtaining and compiling preexisting data for each category;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein;
  
  comparing said target data to said preexisting data and generating risk score output representative of all risk rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive word content, and,processing said target data through a security program based upon said security risk score prior to release of said sensitive word content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
  
  establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127)
- - 106. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 107. The non-transitory computer readable medium with programming instructions as claimed in claim 106 wherein the step of ranking includes ranking said security sensitive words.
  - 108. The non-transitory computer readable medium with programming instructions as claimed in claim 107 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 109. The non-transitory computer readable medium with programming instructions as claimed in claim 108 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 110. The non-transitory computer readable medium with programming instructions as claimed in claim 109 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 111. The non-transitory computer readable medium with programming instructions as claimed in claim 110 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 112. The non-transitory computer readable medium with programming instructions as claimed in claim 111 including inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 113. The non-transitory computer readable medium with programming instructions as claimed in claim 112 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 114. The non-transitory computer readable medium with programming instructions as claimed in claim 113 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 115. The non-transitory computer readable medium with programming instructions as claimed in claim 114 including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 116. The non-transitory computer readable medium with programming instructions as claimed in claim 115 including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.
  - 117. The non-transitory computer readable medium with programming instructions as claimed in claim 105 including aggregating risk rank quantifiers representing said indeterminable words in said target data with said risk rank quantifiers associated with preexisting data found in said target data.
  - 118. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein the step of ranking includes ranking said security sensitive words.
  - 119. The non-transitory computer readable medium with programming instructions as claimed in claim 118 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 120. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 121. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 122. The non-transitory computer readable medium with programming instructions as claimed in claim 121 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 123. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the computer readable medium with programming instructions includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 124. The non-transitory computer readable medium with programming instructions as claimed in claim 123 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 125. The non-transitory computer readable medium with programming instructions as claimed in claim 124 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 126. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the computer readable medium with programming instructions including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 127. The non-transitory computer readable medium with programming instructions as claimed in claim 105 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the computer readable medium with programming instructions including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis in said and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.

128. A computerized method, operating on target data, of quantifying the risk of releasing security sensitive content represented by sensitive words, said security sensitive words not including malicious data but said security sensitive words consisting essentially of personal names, addresses, geographic terms, conceptual words and abbreviations derived from original security sensitive words, words in dictionaries and lists, personal identifying information, names associated with business entities, words which identify projects, tasks, tools, machines, systems and products and technical terms, societal groups or associations related to heritage, demographics, religion, race, ethnicity, or political beliefs, in said target data processed by a computer system, comprising:
- categorizing each one of said sensitive content words into one of a plurality of categories which includes the use of a semantic check for synonyms and antonyms with a thesaurus and a dictionary for categorizing each one of said sensitive content words into one of a plurality of categories;
  
  obtaining and compiling preexisting data for each category;
  
  ranking said categories by risk and assigning a risk rank quantifier to each respective category and preexisting data subsumed therein;
  
  comparing said target data to said preexisting data and generating a security risk score output representative of all rank quantifiers associated with preexisting data found in said target data to quantify the risk of releasing security sensitive content; and
  
  processing said target data through a security program based upon said security risk score prior to release of said sensitive content, the security program including at least one of extracting word data, encrypting word data or extracting and securely distributing word data in said computer system; and
  
  establishing an indeterminable category for unknown or undefined words which are not present in said preexisting data in the plurality of ranked categories;
  
  ranking and assigning a respective risk rank quantifier to said indeterminable category;
  
  modifying said risk score output with rank quantifiers representing said indeterminable words in said target data.
- View Dependent Claims (129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139)
- - 129. The method as claimed in claim 128 wherein the step of comparing said target data to said preexisting data compilation occurs after establishing said indeterminable category for unknown or undefined words.
  - 130. The method as claimed in claim 128 wherein the step of ranking includes ranking said security sensitive words.
  - 131. The method as claimed in claim 130 wherein ranking said security sensitive words occurs concurrently or prior to ranking said categories.
  - 132. The method as claimed in claim 128 wherein said security sensitive words are subsumed in respective ones of said plurality of categories.
  - 133. The method as claimed in claim 128 wherein the step of categorizing said security sensitive words includes matching said security sensitive words with a predetermined plurality of preexisting categories.
  - 134. The method as claimed in claim 133 wherein each preexisting category of said predetermined plurality of preexisting categories has associated therewith preexisting data and the step of matching correlates said security sensitive words with said preexisting data in said predetermined plurality of preexisting categories.
  - 135. The method as claimed in claim 128 wherein said security sensitive words are subsumed in respective ones of said plurality of categories and the method includes inferring additional security sensitive words from said respective ones of said plurality of categories.
  - 136. The method as claimed in claim 135 wherein the step of inferring utilizes contextual and semantic rules to identify said additional security sensitive words.
  - 137. The method as claimed in claim 136 including the step of searching one or more data sources from the group of data sources including the Internet, an intranet and an extranet, the step of searching used to infer said additional security sensitive words.
  - 138. The method as claimed in claim 128 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including assigning a differential risk rank quantifier to said security sensitive words which is different than said risk rank quantifier assigned to the subsumed category.
  - 139. The method as claimed in claim 128 wherein said security sensitive words are subsumed in respective ones of said plurality of categories, the method including:
    - analyzing the presence of said security sensitive words in said target data, said analysis including a frequency analysis and a stochastic analysis in said target data; and
      
      altering said risk score output based upon said analysis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigitalDoors, Inc.
Original Assignee
DigitalDoors, Inc.
Inventors
Redlich, Ron M., Nemzow, Martin A.
Primary Examiner(s)
Schwartz, Darren B
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US10/396,088
Publication Number

US 20040193870A1
Time in Patent Office

3,822 Days
Field of Search

726 1- 3, 726/5, 726/18, 726 22- 23, 726 25- 27, 713/165, 713/193, 711/100, 709/215, 709/225, 709/312, 709230-231, 705/24, 705/29, 705/37, 705/404
US Class Current

726/25
CPC Class Codes

G06F 16/355   Class or cluster creation o...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6245   Protecting personal data, e...

G06F 40/247   Thesauruses; Synonyms

Method and system of quantifying risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

85 Citations

139 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system of quantifying risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

139 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links