Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-03-16
2001-05-01
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C707S793000
Reexamination Certificate
active
06226745
ABSTRACT:
The present invention relates to security systems for limiting or controlling access to information in a computer system, and more particularly to a security mediator system for sharing information stored in a computer system among collaborators in accordance with one or more sets of information sharing rules.
BACKGROUND OF THE INVENTION
When some information must be shared among collaborating, but distinct, enterprises security to protect against excessive release must be achieved. Collaborating enterprises cannot fully share their data and information resources, although some information exchange is essential.
To address collaboration one must address a specific gap which exists in the current model of security management, which consists of authentication, authorization, access certification, and presenting the information that is the result from the access execution to an authenticator requester. In most practical enterprises it is unlikely that the partitioning used to organize data for internal storage and retrieval will match the structure of access rights given external requestors, unless a very simple model (say: open, secret, top secret) is used and rigorously employed.
Exchange of information is being enabled by rapidly growing communication networks. Such communications are moving inexorably towards automation, but needs for security when collaborating are inadequately served. The focus of security research and current systems is on infrastructure improvements. Communication links are being secured, authentication of users is being improved, and fences (firewalls) around protected domains are being erected, so that enterprises can be protected against actions by enemies.
However, little thought is being given on how to protect information selectively when the accessors we are dealing with are legitimate but diverse, and their legitimate rights to information overlap. These access rights then form a complex web, which will not match the capabilities of the record systems used to enter, store, use, and maintain the information.
Ideally, the information flow among collaborating enterprises would by protected by both automated and manual systems for:
1. maintaining a perfect data organization to deal with external requests;
2. providing assurance that no piece of data is ever misfiled in the computer systems being accessed.
3. avoiding erroneous interpretation of access rights where requesters have multiple, intersecting rights;
4. preventing system software failures that might cause erroneous access rights to be assigned;
5. preventing human or system software errors that cause erroneous authorizations to be assigned;
6. preventing purposeful misfilings that would give an external requestor excessive information;
7. bonding database system staff to reduce the risk of loss due to mishandling of data; and
8. manual record-keeping to track the release of information out of an enterprise.
However, these requirements are so onerous that many enterprises either ignore them, at substantial risk, or build replicated data systems when collaboration is needed. It is a goal of the present invention to avoid or greatly mitigate the above requirements.
Examples of enterprises that must collaborate include:
Hospitals with public health agencies;
Hospitals with insurance companies;
Hospitals with suppliers and distributors;
Factories with suppliers, forming virtual enterprises;
Factories with distributors and shipping companies;
Military commanders with shipping companies.
Individuals and institutions in these settings must share information so they can collaborate. In large organizations, such as the military, substantial internal collaboration takes place. In many organization, not all groups have common access rights, although little secure protection is afforded by systems within an enterprise. However, there are often are (or should be) requirements for protecting internal collaboration in settings such as:
Medical records departments with physicians;
Medical records departments with billing clerks;
Factory design departments with external sales staff;
Military commanders with intelligence resources;
Military commanders with troops in the field.
There have been handcrafted systems built to deal with specific collaborations. However, when unusual or emergency cases occur their operation is bypassed, and needed information is passed sub-rosa, and such transmissions are rarely logged. Violations in all cases require tedious investigations and information leakage is often a mystery.
Thus, the problem of how to enable selective sharing of information with collaborators, without the risk of exposing related information in one's enterprise domain or enclave that needs to be protected. The following are some examples to clarify the problem.
In a hospital the medical record system collects a wide variety of information on its patients. Most information on a patient must be accessible to the treating health care personnel, including community physicians, and a substantial fraction of the information must be available to the hospital billing clerks. Similar data are requested by insurance companies, and certain data and summarization information are required for hospital accreditation and public health monitoring. Information sharing with each of these groups must be handled distinctly.
In a manufacturing company collaborations are often formed with suppliers and marketing organizations. Such virtual enterprises are formed to design, assemble, and market some specific products. Design specifications and market intelligence must be rapidly shared to remain competitive. These collaborations overlap, producing security problems which are stated to be the primary barrier to the acceptance of this approach. Uncontrolled sharing of proprietary data is too risky for a manufacturer to grant a supplier. The supplier will also be wary of giving information to the customers.
In a joint military action situation, information must be shared from a variety of sources with a variety of forces, one's own and allies'. The source information ranges from current force status, logistics backup, to intelligence about the opponents. While opponents should be denied all information, not all of one's troops are authorized to access intelligence sources, and one's allies may be further restricted.
These three scenarios have the following commonality.
1. We are dealing with friends, not enemies, and should provide relevant information expeditiously.
2. The collected information is not organized according to the needs of a security protocol.
3. It is impossible to rigorously classify the data, a priori, by potential recipient.
4. It cannot be fully determined from the queries submitted by potential recipients whether the results will including information that should be withheld.
For instance, a medical record on a cardiac patient can include notations that would reveal a diagnosis of HIV, which should not be widely revealed, and (it is assumed here) should withheld from cardiology researchers. A design document on a plastic component, to be outsourced, also indicates the incorporation of a novel component supplied by another manufacturer, which provides a competitive advantage. Military planning information indicates intelligence sources that are not to be made public to one's allies.
SUMMARY OF THE INVENTION
The present invention provides a new mechanism, called a security mediator, that formalizes the role of a security officer who has the responsibility and the authority to assure that no inappropriate information leaves an enterprise domain. A firewall protects the domain vis-a-vis invaders. Distinct gateways, each owned and controlled by a security officer, provide the only legitimate pathways out of, and into, the domain. This gateway is best envisaged as a distinct computer system; we refer to such a system as a security mediator, as depicted in FIG.
1
. In the security mediator, the policies set by the enterprise on security and privacy are implemented, under control of, and
Beausoliel, Jr. Robert W.
Elisca Pierre Eddy
Pennie & Edmonds LLP
LandOfFree
Information sharing system and method with requester... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Information sharing system and method with requester..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Information sharing system and method with requester... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2448636