Methods to dynamically establish overall national security or sensitivity classification for information contained in electronic documents; to provide control for electronic document/information access and cross domain document movement; to establish virtual security perimeters within or among computer networks for electronic documents/information; to enforce physical security perimeters for electronic documents between or among networks by means of a perimeter breach alert system

Abstract

The invention is an a document classification and marking engine / method that functions in a real-time compatible mode with off-the-shelf word processors, e-mail programs and presentation or other document development software applications. The software engine is used for the security classification of sensitive or national security classified information in electronic format and is enhanced by methods and processes that ensure that the software classification engine considers all document informational elements regardless of attributes assigned to the text that may hide text from the user. The software engine provides a complete and reliable document classification determination interface method based on user selections and uniquely codes the full text classification determination in a persistent manner within the electronic shell of the document in real-time and dynamically displays the text based full classification determination in the banner of the host document development application. The unique codes of the full classification embedded in the electronic shell of the document enable effective and reliable software processes and methods that establish controls for access, movement, storage etc. for electronic documents, as well as virtual electronic security perimeters, on a computer, networks of computers and / or among computer networks and domains of networks. The full or complete and persistent classification codes embedded in the document shell also enables reliable software processes and methods that immediately warn or alert security personnel of a beach of a physical security perimeter between or among computers networks or domains of networks established to protect the information contained in electronic document format.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority from U.S. provisional application No. 61 / 127,385—filed May 13, 2008 which is hereby incorporated by reference. As well as pending utility patent application Ser. No. 11 / 520,857, filed Sep. 13, 2006, both applications filed by inventors James Luke Turner and Robert E. Turner.STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT[0002]The current patent development and submission involved no federal funds or sponsorship.REFERENCE TO SEQUENCING LISTING, OR COMPUTER PROGRAM LISTING COMPACT DISK APPENDIX[0003]Not ApplicableTHE TECHNICAL FIELD OF THE INVENTION[0004]The present invention relates to the identification, classification, marking, protection and control of sensitive, personal or proprietary information as well as sensitive or national security classified government information hereinafter referenced as “classified” in its electronic document form on a computer, computer network or among compu...

AI Technical Summary

Benefits of technology

[0032]The processes and methods of the present invention provides additional significant utility to recent advances in methods to enable computer or computer network users to assess and to classify information contained in electronic documents by means of an assistance interface that identifies document portions and provides a point and click classification determination process, and associates the text based classification determination with unique codes representing the sensitivity or classification level determinations for information contained in a document and embedding the codes in the shell of an electronic document, as well as assuring persistent classification marks for electronic documents in viewed or printed output. The present invention improves the positive and unique, non-text based codes that are imbedded in a document's electronic shell, unique codes that correspond to a document's sensitivity or classification. The invention is a method to ensure that a system user assesses and classifies all information contained in an electronic document, assuring that a classification determination has been made for each portion of the informational content of an electronic document to include portions of information that may be hidden from view of the classifier or subsequent users of an electronic document and thereby missed or not considered for it's classification value. The invention's methods work dynamically in conjunction with host document development software to provide the classifier or subsequent users of an electronic document with visible, positive classification mark determinations for both the full or complete informational content of an electronic document as well as providing dynamically in real-time the classification value of any informational subset view of the document that may be displayed by means of features in document development software applications.

[0033]The methods of the invention not only assures a full and complete classification determination that includes all information contained in an electronic document and positively and persistently displays that classification text within the host application's display, but it also assigns a unique classification code to represent the text classification determination for the total information content of the electronic document and embeds the unique code in the electronic shell of the document in a reliable and persistent manner. The invention further provides methods for the System Security Administrator (SSA) for a computer network to develop and initiate reliable, virtual changeable perimeter controls that manage a document's movement or access within, or among computer networks, based on the coded classification value of the full or complete document content, assigning and assuring proper access control at the document, subfolder, folder, drive, or volume level of document electronic storage. The invention's methods also improves previous methods of electronic document control by establishing the capability to assign and code “Need to Know” access lists to an electronic document for additional access control within national security classification designations. “Kneed to Know” document access lists become reliable in the electronic environment as a result of the invention's methods to reliably ascertain the full or complete classification content of documents / information electronic format in real-time.

[0034]The invention uses the same unique; non-text based coding capability within the document's electronic shell to control whether or not documents of specific sensitivity or classification may cross network domains for dissemination, access and document control on computer networks of other network domains. The invention provides a software interface that allows the SSA to setup the criteria and controls based on the full sensitivity or classification of information contained in electronic documents that may need to be disseminated or controlled on other authorized computer network or domains. The unique coding scheme which can enable a unique classification code set for each domain enabling the SSA to identify the organizational ownership of documents that may have crossed computer network domains and reliably provide consistent tracking, control and oversight capabilities based on the full content classification of an electronic document and the unique, organizationally specific, representative code.

[0035]By means of the reliable full classification of a document's information content and the unique and persistent coding capability within a document's electronic shell, as well as the unique coding capability and assignment associated with storage media that contain classified and / or sensitive documents / information, the present invention also provides methods to immediately and accurately identify a breach of physical security perimeters. This aspect of the invention is a method that is established and resident on a computer, computer network or system of networks that “watches” for and / or senses specific unique classification codes that occur in the documents electronic shell, or are imbedded on document storage media that are not authorized on the receiving computer, network of computers or domain of networks. The unique classification codes that represent text based classification determinations allow the invention's methods and processes to be resident on computers not authorized to receive the text based information and to function on unclassified or lower classified computers without compromising or allowing unnecessary insight into the text based classification regime of higher level classification computers.

Problems solved by technology

The productivity attributes of document development software applications have compounded this document / information security problem by providing hard copy output generation or other electronic output views of the information contained in electronic documents, that may not reflect the full content of the information contained in an electronic document, and thus may not reflect the full sensitivity or national security classification of the information contained in the electronic document, thereby subjecting the document / information to possible mishandling and / or compromise.

The productivity gains of computers, computer networks, and document development software, have led to the development of sensitive and classified computer networks without sufficient methods for positive identification and persistent and consistent feedback for the developer / user of an electronic document of all possible information in the electronic document as well as the lack of developer / user capability to assign or determine corresponding sensitivity or classification designation for the informational content of the entire electronic document.

This significant shortcoming has resulted in lack of positive controls at the document level to adequately control access to information in electronic document format within a physical security perimeter set for a sensitive or classified network or domain.

In addition, current security processes and software to control information in electronic documents do not provide adequate assurance and verification and alerting capabilities to determine that the information is not breaching physical security perimeters among networks or domains of networks, approved for different levels of sensitive or classified information.

Recent inventions that provide user assurance of appropriate national security or sensitivity classification assessment and classification determinations for information in electronic documents, persistent document marking capability for electronic documents, and the association of unique classification codes embedded in the document's electronic shell, have not fully accounted for the information classification problem associated with productivity features found in most document development host software applications.

The ability to provide comments or notes within a document or to hide text / information in an electronic document or it's electronic shell, as well as the ability to provide application or user driven subset views of the information contained in an electronic document are some typical document development software application features that may mislead a user's understanding or ability to ascertain the full or complete classification or sensitivity value of the information contained within the total electronic document and may cause the mishandling or compromise of information contained in an electronic document.

Currently, user's of electronic document files are unable to determine a classification or sensitivity distinction between a subset view of the informational content of a document generated by a document development software application that they may be handling and the full or complete classification determination of the all the information regardless of the application attributes, visible, hidden, etc, assigned to information contained in the document.

Control systems based on document / information sensitivity and classification determinations that do not account for the full or complete sensitivity or classification potential of the information contained in an electronic document have ineffective control structures and establish potential systemic or “programmed-in” vulnerabilities into the control systems for electronic documents.

The current state of developing, processing and disseminating sensitive and / or classified electronic information for stand-alone computers, networked computers and domains of networks is piecemeal, relying on disparate, text based sensitivity determinations on possible subset informational or “print” views of the electronic document to identify sensitivity or national security classification, and provide ineffective security control of the movement of, and access to, sensitive and / or classified electronic documents / information on computer networks.

Such control systems have not accounted for the potential to overlook portions of the content of an electronic document that may change the value of the document's sensitivity or classification.

Failure to view or account for such potentially hidden information when classifying a document as to it's sensitivity or national security designation may lead to catastrophic miss-classification of the document / information and have a ripple effect for subsequent users of the document that rely on the text classification marks of the “print” view of the document to determine how to appropriately disseminate, move or store an electronic document on a computer network.

The productivity gains of computers and computer networks as well as associated communication capability to transmit electronic document information exacerbate this information control problem.

In addition, subsequent users of such documents may be mislead by subset views provided by modern document development software applications of the information contained in an electronic document which may result in false assumptions of the classification value of the displayed or subset information, resulting in mishandling of the electronic documents as well as mishandling printed views of the subset information.

In addition to an improperly marked hard copy of the information, the second user unknowingly forwards the electronic document to another user on the network who is not authorized to have access to the information contained in the comments, thereby compromising the information.

Document development and dissemination software has also led to multiple computers, possibly representing multiple networks, side by side on users desks at different levels of sensitivity or classification without sufficient capability to alert security personnel to breaches or spills of information, whether intentional or inadvertent, among the various systems.

Compounding these systemic flaws, there currently is little positive and accurate control and tracking over the access to and the movement of such information within the security perimeters of authorized computer networks or among authorized network domains.

As a result, Government and businesses are grappling with intentional insider threats and perimeter breaches to sensitive and classified information on their systems, as well as inadvertent disclosures from their systems that compromise protected critical or national security classified information.

Attempts at text-based controls for sensitive and classified information have been ineffective due to false negatives as well as false positives, and their inability to adequately handle compilation classification designations as well as the inability to handle graphics and other modern features of computer document development software.

Images