Methods to dynamically establish overall national security or sensitivity classification for information contained in electronic documents; to provide control for electronic document/information access and cross domain document movement; to establish virtual security perimeters within or among computer networks for electronic documents/information; to enforce physical security perimeters for electronic documents between or among networks by means of a perimeter breach alert system

Abstract

The invention is an a document classification and marking engine/method that functions in a real-time compatible mode with off-the-shelf word processors, e-mail programs and presentation or other document development software applications. The software engine is used for the security classification of sensitive or national security classified information in electronic format and is enhanced by methods and processes that ensure that the software classification engine considers all document informational elements regardless of attributes assigned to the text that may hide text from the user. The software engine provides a complete and reliable document classification determination interface method based on user selections and uniquely codes the full text classification determination in a persistent manner within the electronic shell of the document in real-time and dynamically displays the text based full classification determination in the banner of the host document development application. The unique codes of the full classification embedded in the electronic shell of the document enable effective and reliable software processes and methods that establish controls for access, movement, storage etc. for electronic documents, as well as virtual electronic security perimeters, on a computer, networks of computers and/or among computer networks and domains of networks. The full or complete and persistent classification codes embedded in the document shell also enables reliable software processes and methods that immediately warn or alert security personnel of a beach of a physical security perimeter between or among computers networks or domains of networks established to protect the information contained in electronic document format.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority from U.S. provisional application No. 61 / 127,385—filed May 13, 2008 which is hereby incorporated by reference. As well as pending utility patent application Ser. No. 11 / 520,857, filed Sep. 13, 2006, both applications filed by inventors James Luke Turner and Robert E. Turner.STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT[0002]The current patent development and submission involved no federal funds or sponsorship.REFERENCE TO SEQUENCING LISTING, OR COMPUTER PROGRAM LISTING COMPACT DISK APPENDIX[0003]Not ApplicableTHE TECHNICAL FIELD OF THE INVENTION[0004]The present invention relates to the identification, classification, marking, protection and control of sensitive, personal or proprietary information as well as sensitive or national security classified government information hereinafter referenced as “classified” in its electronic document form on a computer, computer network or among compu...

AI Technical Summary

Benefits of technology

[0032]The processes and methods of the present invention provides additional significant utility to recent advances in methods to enable computer or computer network users to assess and to classify information contained in electronic documents by means of an assistance interface that identifies document portions and provides a point and click classification determination process, and associates the text based classification determination with unique codes representing the sensitivity or classification level determinations for information contained in a document and embedding the codes in the shell of an electronic document, as well as assuring persistent classification marks for electronic documents in viewed or printed output. The present invention improves the positive and unique, non-text based codes that are imbedded in a document's electronic shell, unique codes that correspond to a document's sensitivity or classification. The invention is a method to ensure that a system user assesses and classifies all information contained in an electronic document, assuring that a classification determination has been made for each portion of the informational content of an electronic document to include portions of information that may be hidden from view of the classifier or subsequent users of an electronic document and thereby missed or not considered for it's classification value. The invention's methods work dynamically in conjunction with host document development software to provide the classifier or subsequent users of an electronic document with visible, positive classification mark determinations for both the full or complete informational content of an electronic document as well as providing dynamically in real-time the classification value of any informational subset view of the document that may be displayed by means of features in document development software applications.

Problems solved by technology

The productivity attributes of document development software applications have compounded this document / information security problem by providing hard copy output generation or other electronic output views of the information contained in electronic documents, that may not reflect the full content of the information contained in an electronic document, and thus may not reflect the full sensitivity or national security classification of the information contained in the electronic document, thereby subjecting the document / information to possible mishandling and / or compromise.

The productivity gains of computers, computer networks, and document development software, have led to the development of sensitive and classified computer networks without sufficient methods for positive identification and persistent and consistent feedback for the developer / user of an electronic document of all possible information in the electronic document as well as the lack of developer / user capability to assign or determine corresponding sensitivity or classification designation for the informational content of the entire electronic document.

This significant shortcoming has resulted in lack of positive controls at the document level to adequately control access to information in electronic document format within a physical security perimeter set for a sensitive or classified network or domain.

In addition, current security processes and software to control information in electronic documents do not provide adequate assurance and verification and alerting capabilities to determine that the information is not breaching physical security perimeters among networks or domains of networks, approved for different levels of sensitive or classified information.

Recent inventions that provide user assurance of appropriate national security or sensitivity classification assessment and classification determinations for information in electronic documents, persistent document marking capability for electronic documents, and the association of unique classification codes embedded in the document's electronic shell, have not fully accounted for the information classification problem associated with productivity features found in most document development host software applications.

The ability to provide comments or notes within a document or to hide text / information in an electronic document or it's electronic shell, as well as the ability to provide application or user driven subset views of the information contained in an electronic document are some typical document development software application features that may mislead a user's understanding or ability to ascertain the full or complete classification or sensitivity value of the information contained within the total electronic document and may cause the mishandling or compromise of information contained in an electronic document.

Currently, user's of electronic document files are unable to determine a classification or sensitivity distinction between a subset view of the informational content of a document generated by a document development software application that they may be handling and the full or complete classification determination of the all the information regardless of the application attributes, visible, hidden, etc, assigned to information contained in the document.

Control systems based on document / information sensitivity and classification determinations that do not account for the full or complete sensitivity or classification potential of the information contained in an electronic document have ineffective control structures and establish potential systemic or “programmed-in” vulnerabilities into the control systems for electronic documents.

The current state of developing, processing and disseminating sensitive and / or classified electronic information for stand-alone computers, networked computers and domains of networks is piecemeal, relying on disparate, text based sensitivity determinations on possible subset informational or “print” views of the electronic document to identify sensitivity or national security classification, and provide ineffective security control of the movement of, and access to, sensitive and / or classified electronic documents / information on computer networks.

Such control systems have not accounted for the potential to overlook portions of the content of an electronic document that may change the value of the document's sensitivity or classification.

Failure to view or account for such potentially hidden information when classifying a document as to it's sensitivity or national security designation may lead to catastrophic miss-classification of the document / information and have a ripple effect for subsequent users of the document that rely on the text classification marks of the “print” view of the document to determine how to appropriately disseminate, move or store an electronic document on a computer network.

The productivity gains of computers and computer networks as well as associated communication capability to transmit electronic document information exacerbate this information control problem.

In addition, subsequent users of such documents may be mislead by subset views provided by modern document development software applications of the information contained in an electronic document which may result in false assumptions of the classification value of the displayed or subset information, resulting in mishandling of the electronic documents as well as mishandling printed views of the subset information.

In addition to an improperly marked hard copy of the information, the second user unknowingly forwards the electronic document to another user on the network who is not authorized to have access to the information contained in the comments, thereby compromising the information.

Document development and dissemination software has also led to multiple computers, possibly representing multiple networks, side by side on users desks at different levels of sensitivity or classification without sufficient capability to alert security personnel to breaches or spills of information, whether intentional or inadvertent, among the various systems.

Compounding these systemic flaws, there currently is little positive and accurate control and tracking over the access to and the movement of such information within the security perimeters of authorized computer networks or among authorized network domains.

As a result, Government and businesses are grappling with intentional insider threats and perimeter breaches to sensitive and classified information on their systems, as well as inadvertent disclosures from their systems that compromise protected critical or national security classified information.

Attempts at text-based controls for sensitive and classified information have been ineffective due to false negatives as well as false positives, and their inability to adequately handle compilation classification designations as well as the inability to handle graphics and other modern features of computer document development software.

Images