[특허]Method, system and apparatus for selecting encryption levels based on policy profiling

Method, system and apparatus for selecting encryption levels based on policy profiling 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-009/00
출원번호	US-0240387 (1999-01-29)
발명자 / 주소	Fletcher,James Corvin Kaminsky,David Louis Kessler,Carl Shawn
출원인 / 주소	International Business Machines Corporation
인용정보	피인용 횟수 : 80 인용 특허 : 11

초록 ▼

The present invention depicts a method, system and program product for controlling levels of security and levels of encryption based on a predefined policy profile. This enables administrators and those who control the network to easily respond to changes in the requirements of the security levels for specific applications. It also allows for response to changes in personnel (such as someone being removed from a position that had topsecret security access) and accommodates variations in access by client devices.

대표청구항 ▼

What is claimed is: 1. A method of using structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, comprising steps of: identifying one or more security-sensitive document content sections in each of a plurality of structured documents encoded in a markup language by delimiting each of the security-sensitive sections in each of the structured documents using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section; receiving, at the server from a requester located at the client, a request for a particular one of the structured documents; determining a maximum security level for which the requester is authorized; filtering out, from the requested document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and if the filtered document is not empty, performing the steps of: determining a most-restrictive one of the security levels indicated by the markup language tag syntax delimiting any security-sensitive sections that remain in the filtered document; identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and if any ciphers were identified, encrypting the filtered document using one of the identified ciphers and transmitting the encrypted filtered document to the requester at the client. 2. The method as claimed in claim 1, wherein the filtering out step further comprises the step of filtering out, from the filtered document, all of the identified security-sensitive sections for which the indicated security level is higher than the security level of all ciphers available for decryption at the client. 3. The method as claimed in claim 1, wherein an author who created the requested document is identified in a header associated with the requested document, and wherein the filtering out step further comprises the steps of: determining a role of the identified author; consulting a mapping that correlates the determined role to an interpretation of the security levels indicated by the markup language tag syntax in the requested document; and using the interpretation from the mapping when determining whether the indited security levels are higher than the determined maximum security level for which the requester is authorized. 4. The method as claimed in claim 3, further comprising the step of changing the interpretation of the security levels by changing the correlation it the mapping. 5. The method as claimed in claim 3, wherein the identification of the author indicates a user group of which the author is a member, and the determined role is the role of the user group. 6. The method as claimed in claim 1, wherein the security level provided by the cipher used to encrypt the filtered document is a least secure one of the security levels provided by the identified ciphers. 7. The method according to claim 1, wherein the step of determining the main security level for which the requester is authorized further comprises the step of using an identifier and password of the requester to access a repository wherein requesters and their maximum authorized security levels are identified. 8. The method according to claim 7, wherein the identifier and password of the requester are communicated with the request for the structured document. 9. The method as claimed in claim 1, wherein the step of identifying any ciphers further comprises the step of consulting a repository where a mapping between ciphers and the security level provided by those ciphers is stored. 10. The method as claimed in claim 9, further comprising the step of changing the security level which a particular cipher is capable of providing by changing the security level in the mapping for the particular cipher. 11. The method as claimed in claim 1, wherein the cipher used for encrypting the filtered document is selected from the identified ciphers by selecting that one of the identified ciphers which is available for decryption on the client and which provides a least secure one of the security levels provided by the identified ciphers. 12. The method as claimed in claim 1, wherein the requested structured document is dynamically composed from a plurality of subdocuments, at least one of which has at least one security-sensitive section and others of which may have zero or more security-sensitive sections. 13. The method as claimed in claim 1, wherein the markup language in which the requested structured document is encoded is the Extensible Markup Language ("XML"). 14. A system for using structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, comprising: a plurality of structured documents encoded in a markup language, each of the structured documents identifying one or more security-sensitive document content sections therein by delimiting each of the security-sensitive sections using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section; means for receiving, at the server from a requester located at the client, a request for a particular one of the structured documents; means for determining a maximum security level for which the requester is authorized; means for filtering out, from the requested document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and means for, if the filtered document is not empty, (1) determining a most-restrictive one of the security levels indicated by the markup language tag be syntax delimiting any security-sensitive sections that remain in the filtered document; (2) identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and (3) if any ciphers were identified, encrypting the filtered document using one of the identified ciphers. 15. A computer program for us structured documents to specify selective encryption requirements for document content to be transmitted from a server to a client, the computer program product residing on programmable media and comprising: computer executable program code means for receiving, at the serer from a requester located at the client, a request for a structured document; computer executable program code means for locating the requested structured document among a plurality of structured documents encoded in a markup language, each of the structured documents identifying one or more security-sensitive document content sections therein by delimiting each of the security-sensitive sections using markup language tag syntax, wherein the markup language tag syntax is encoded in the markup language and indicates a security level of the delimited security-sensitive section; computer executable program code means for determining a maximum security level for which the requester is authorized; computer executable program code means for filtering out, from the located document, all of the identified security-sensitive sections for which the indicated security level is higher than the determined maximum security level for which the requester is authorized, thereby creating a filtered document; and computer executable program code means for, if the filtered document is not empty, (1) determining a most-restrictive one of the security levels indicated by the markup language tag syntax delimiting any security-sensitive sections that remain in the filtered document; (2) identifying, from one or more ciphers that are available to the server for encryption, any ciphers which are capable of providing the determined most-restrictive security level; and (3) if any ciphers were identified, encrypting the filtered document using one of the identified ciphers and transmitting the encrypted filtered document to the requester at the client.

이 특허에 인용된 특허 (11)

Anderson Mark Stephen (Salisbury AUX) Yesberg John Desborough (Salisbury AUX) Pope Michael (Salisbury AUX) Nayda Lisa (Salisbury AUX) Hayman Ken (Salisbury AUX) Beahan Brendan (Salisbury AUX), Complex document security.
상세보기
Barlow Douglas C. (Redmond WA), Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding s.
상세보기
Orita Yukio (Tokyo JPX), Computer system with file security function.
상세보기
Witt Dale Edward ; Potter Judy James ; Wang Chung-Hsi, Image statement preparation by work flow management using statement cycles and statement interactive sessions.
상세보기
Chan, Hark C., Information distribution and processing system.
상세보기
Kanevsky Dimitri ; Yung Marcel Mordechay ; Zadrozny Wlodek Wlodzimierz, Method and apparatus utilizing dynamic questioning to provide secure access control.
상세보기
Wang Diana S. (Trophy Club TX), Method and system for controlling public access to a plurality of data objects within a data processing system.
상세보기
Vincent James P. (Arlington TX), Method for providing information security protocols to an electronic calendar.
상세보기
Holden James M. ; Levin Stephen E. ; Wrench ; Jr. Edwin H. ; Snow ; deceased David W., Mixed enclave operation in a computer network with multi-level network security.
상세보기
Rourke John L. (Fairport NY) Wing Peter D. (Webster NY) Ratcliffe ; II Jack F. (Pittsford NY) Valliere Paul J. (Fairport NY), Security system for electronic printing systems.
상세보기
O'Flaherty Kenneth W. ; Stellwagen ; Jr. Richard G. ; Walter Todd A. ; Watts Reid M. ; Ramsey David A. ; Veldhuisen Adriaan W. ; Ozden Renda K. ; Dempster Patric B., System and method for managing data privacy in a database management system.
상세보기

이 특허를 인용한 특허 (80)

Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., Adaptive pattern recognition based controller apparatus and method and human-interface therefore.
상세보기
Agrawal, Sunil; Hebbar, Vivek, Classification of security sensitive information and application of customizable security policies.
상세보기
Isaacs, Scott; Moore, George; Thorpe, Danny; Zissimopoulos, Vasileios, Communication across domains.
상세보기
Isaacs, Scott; Moore, George; Thorpe, Danny; Zissimopoulos, Vasileios, Communication across domains.
상세보기
Isaacs, Scott; Moore, George; Thorpe, Danny; Zissimopoulos, Vasileios, Communication across domains.
상세보기
Sato,Eiichi, Communication apparatus and method for discriminating confidentiality of received data.
상세보기
Himmelstein, Richard B., Communications between a mobile device and vehicle based computer.
상세보기
Tribble, Alexander Julian; Barry, Robert Michael; Boynes, Jeremy; Spac, Igor, Content delivery employing multiple security levels.
상세보기
McLean, Robert I.G.; Anderson, Rodney J., Continuously updated data processing system and method for measuring and reporting on value creation performance that supports real-time benchmarking.
상세보기
Bird, John J.; McCoy, Doyle J., Converting data into natural language form.
상세보기
Bird, John J.; McCoy, Doyle J., Converting data into natural language form.
상세보기
Bird, John J.; McCoy, Doyle J., Converting data into natural language form.
상세보기
Bird, John J.; McCoy, Doyle J., Converting data into natural language form.
상세보기
Wack, C. Jay; Scheidt, Edward M.; Kolouch, James L., Cryptographic key split binder for use with tagged data elements.
상세보기
Scheidt, Edward M.; Wack, C. Jay, Cryptographic key split combiner.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method.
상세보기
Redlich,Ron M.; Nemzow,Martin A., Data security system and method for portable device.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method with adaptive filter.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method with editor.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method with multiple independent levels of security.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and with territorial, geographic and triggering event protocol.
상세보기
Gajjala, Vijay K.; Della-Libera, Giovanni M.; Balayoghan, Vaithialingam B.; Janczuk, Tomasz, Digests to identify elements in a signature process.
상세보기
Gajjala, Vijay K.; Della-Libera, Giovanni M.; Balayoghan, Vaithialingam; Janczuk, Tomasz, Digests to identify elements in a signature process.
상세보기
Moore, James F.; Wood, Charles B., Dynamic feed generation.
상세보기
Endoh, Tsuneo, Encrypted communication system, encrypted communication method, encrypting device, and decrypting device.
상세보기
Moore, James F., Enhanced syndication.
상세보기
Rubin, Gregory Alan; Campagna, Matthew John; Roth, Gregory Branchek, Enhanced-security random data.
상세보기
Tsao, Yeongtau Louis; Piazza, Kevin, Generating and storing document data.
상세보기
Della Libera, Giovanni M.; Gajjala, Vijay K.; Janczuk, Tomasz; Lambert, John R.; Waingold, Elliot, Generic security claim processing model.
상세보기
Holt, Thomas D.; Burke, Larry Stephen, Information search, retrieval and distillation into knowledge objects.
상세보기
Holt, Thomas D.; Burke, Larry Stephen, Information search, retrieval and distillation into knowledge objects.
상세보기
Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., Internet appliance system and method.
상세보기
Oeda,Shigeto; Naito,Akira; Shinagawa,Tetsuo; Ozaki,Tomochika; Ito,Hiromichi, Log accumulation device with user accuracy setting means and pseudo-information generating means.
상세보기
Girouard, Janice Marie; Hamzy, Mark Joseph; Ratliff, Emily Jane, Method and apparatus for a proximity warning system.
상세보기
Girouard, Janice Marie; Hamzy, Mark Joseph; Ratliff, Emily Jane, Method and apparatus for a proximity warning system.
상세보기
Girouard,Janice Marie; Hamzy,Mark Joseph; Ratliff,Emily Jane, Method and apparatus for a proximity warning system.
상세보기
Asai,Arito; Suganuma,Hiroshi; Haneda,Norihisa, Method and apparatus for distributing digital contents to various terminals and recording medium containing same.
상세보기
Nylander, Tomas; Vikberg, Jari; Zee, Oscar, Method and arrangement for deciding a security setting.
상세보기
Stedron, Robert Allen; Chmielewski, John L., Method of encrypting and transmitting data and system for transmitting encrypted data.
상세보기
Stedron, Robert Allen; Chmielewski, John L., Method of encrypting and transmitting data and system for transmitting encrypted data.
상세보기
Staddon, Jessica N.; Golle, Philippe Jean-Paul, Method, apparatus, and program product for enabling access to flexibly redacted content.
상세보기
Staddon, Jessica N.; Golle, Philippe Jean-Paul, Method, apparatus, and program product for flexible redaction of content.
상세보기
Staddon, Jessica N.; Golle, Philippe Jean-Paul, Method, apparatus, and program product for revealing redacted information.
상세보기
Gillette, Zachary Lynn; Sorensen, Amanda, Monitoring communications.
상세보기
Dellow, Andrew; Gurney, Howard, Monolithic semiconductor integrated circuit and method for selective memory encryption and decryption.
상세보기
Stedron, Robert Allen, Multiple level security system and method for encrypting data within documents.
상세보기
Moore, James F., Network-accessible database of remote services.
상세보기
Doyle, Ronald P.; Kaminsky, David L., Network-aware structured content downloads.
상세보기
Doyle, Ronald P.; Kaminsky, David L., Network-aware structured content downloads.
상세보기
Doyle, Ronald P.; Kaminsky, David L., Network-aware structured content downloads.
상세보기
Doyle, Ronald P.; Kaminsky, David L., Network-aware structured content downloads.
상세보기
Choi, In-sung, Printing device capable of authorizing printing limitedly according to user level, printing system using the same and printing method thereof.
상세보기
Wang, Jiahe Helen; Fan, Xiaofeng; Jackson, Collin Edward; Howell, Jonathan Ryan; Xu, Zhenbin, Protection and communication abstractions for web browsers.
상세보기
Ho, Min-Hank; Samuel, Javed; Knaggs, Peter; Lim, Dah-Yoh; Youn, Paul, Real-time data redaction in a database management system.
상세보기
Ho, Min-Hank; Samuel, Javed; Knaggs, Peter; Lim, Dah-Yoh; Youn, Paul, Real-time data redaction in a database management system.
상세보기
Franco, Roberto A.; Ganjam, Anantha P; Bedworth, John G.; Brundrett, Peter T.; Tokumi, Roland K, Running internet applications with low rights.
상세보기
Himmelstein, Richard B., Security and safety processing by a vehicle based computer.
상세보기
Moore, James F., Security facility for maintaining health care data pools.
상세보기
Della-Libera, Giovanni M.; Gajjala, Vijay K.; Janczuk, Tomasz; Lambert, John R., Security scopes and profiles.
상세보기
Elvanoglu,Ferhan; Dujari,Rajeev, Security settings for markup language elements.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Security system with extraction, reconstruction and secure recovery and storage of data.
상세보기
Moore, James F.; Labovitch, Bela A., Security systems and methods for use with structured and unstructured data.
상세보기
Lin, Jason T.; Barzilai, Ron, Storage device and method for providing a scalable content protection system.
상세보기
Lin, Jason T.; Schreiber, Daniel; Hutton, Henry R.; Halpern, Joseph E., Storage device and method for resuming playback of content.
상세보기
Moore, James F., Syndicating surgical data in a healthcare environment.
상세보기
Moore, James F., Syndicating ultrasound echo data in a healthcare environment.
상세보기
Weber, Barry Jay, System and method for delivering satellite services at multiple security levels.
상세보기
Weber, Barry Jay, System and method for delivering satellite services at multiple security levels.
상세보기
Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., System and method for intermachine markup language communications.
상세보기
Harrington, Steven J., System and method for managing dynamic document references.
상세보기
Harrington, Steven J., System and method for managing dynamic document references.
상세보기
Harrington, Steven J., System and method for managing dynamic document references.
상세보기
Baentsch, Michael; Hermann, Reto; Kramp, Thorsten; Weigold, Thomas D.; Buhler, Peter; Eirich, Thomas; Visegrady, Tamas; Hoering, Frank; Kuyper-Hammond, Michael P., System and method of performing electronic transactions.
상세보기
Baentsch, Michael; Hermann, Reto; Kramp, Thorsten; Weigold, Thomas D.; Buhler, Peter; Eirich, Thomas; Visegrady, Tamas, System and method of performing electronic transactions with encrypted data transmission.
상세보기
Stedron, Robert Allen; Chmielewski, John L., System for transmitting encrypted data.
상세보기
Moore, James F.; Labovitch, Bela A., Systems and methods for use of structured and unstructured distributed data.
상세보기
Moore, James F, Using RSS archives.
상세보기
Gangi, Frank J., Wallet consolidator to facilitate a transaction.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Method, system and apparatus for selecting encryption levels based on policy profiling 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (11)

이 특허를 인용한 특허 (80)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Method, system and apparatus for selecting encryption levels based on policy profiling 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (11)

이 특허를 인용한 특허 (80)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트