Search

US-12625994-B2 - Tying access/redaction to authentication levels

US12625994B2US 12625994 B2US12625994 B2US 12625994B2US-12625994-B2

Abstract

A media is created. The media may be a document, an image, a video file, an audio file, a real-time communication session, an email, a chat session, and/or the like. The media is associated with a plurality of authentication levels. For example, the media may use a first authentication level that requires a username/password and a second authentication level that requires a fingerprint scan of a user. The media is created based on a security process according to the plurality of authentication levels. For example, the security process may be an encryption process and/or a tokenization process. The media is divided into a plurality of sections based on the plurality of authentication levels. The security process is applied to the plurality of sections based on the plurality of authentication levels.

Inventors

  • Douglas Max Grover
  • Michael F. Angelo

Assignees

  • MICRO FOCUS LLC

Dates

Publication Date
20260512
Application Date
20240223

Claims (20)

  1. 1 . A system, comprising: a microprocessor; and a computer readable memory, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to: create media, wherein the media is associated with a plurality of authentication levels, wherein the media is created based on a security process according to the plurality of authentication levels; divide the media, during creation of the media, into a plurality of sections, wherein each section of the plurality of sections corresponds to at least one of the plurality of authentication levels; and apply the security process, during creation of the media, to each of the plurality of sections based on a corresponding authentication level, such that different sections of the plurality of sections of the media are subject to different security processes according to their authentication levels, wherein the media is a real-time communication session and wherein the security process removes content in real-time according to which authentication level each member in the real-time communication session is authenticated to, and wherein a first member of the real-time communication session is logged in at a first authentication level, wherein a second member of the real-time communication session is logged in at a second authentication level authentication level, which is higher than the first authentication level, wherein the first member of the real-time communication session cannot see an identity of a third member in the real-time communication session, and wherein the second member of the real-time communication session can see the identity of the third member.
  2. 2 . The system of claim 1 , wherein the security process is encryption and where the plurality of sections are encrypted using a different encryption process and/or different encryption key.
  3. 3 . The system of claim 1 , wherein the real-time communication session is a real-time audio/video communication session, wherein a first member of the real-time audio/video communication session is logged in at a first authentication level, wherein a second member of the real-time audio/video communication session is logged in at a second authentication level authentication level, which is higher than the first authentication level, wherein the first member of the real-time audio/video communication session can only listen to the real-time audio/video communication session, and wherein the second member of the real-time audio/video communication session can listen to the real-time audio/video communication session and view the real-time audio/video communication session.
  4. 4 . The system of claim 1 , wherein the real-time communication session is a real-time audio communication session, wherein a first member of the real-time audio communication session is logged in at a first authentication level, wherein a second member of the real-time audio communication session is logged in at a second authentication level authentication level, which is higher than the first authentication level, wherein the first member of the real-time audio communication session can only listen to a first portion of the real-time audio communication session, and wherein the second member of the real-time audio communication session can listen to all of the real-time audio communication session.
  5. 5 . The system of claim 4 , wherein an announcement is made in the real-time audio communication session to the first member of the real-time audio communication that the first member of the real-time communication session will not be able to listen to a second portion of the real-time audio communication session.
  6. 6 . The system of claim 1 , wherein security process is a tokenization process and wherein the microprocessor readable and executable instructions further cause the microprocessor to: remove the plurality of sections from the media; and replace the plurality of sections in the media with a plurality of tokens.
  7. 7 . The system of claim 6 , wherein the plurality of tokens are also stored in a tokenization table, wherein the plurality of tokens in the tokenization table reference the removed plurality of sections, and wherein a user can access the removed plurality of sections by providing authentication credentials for the plurality of authentication levels.
  8. 8 . The system of claim 6 , wherein one or more of the removed plurality of sections are redacted in a display based on a user's current authentication level.
  9. 9 . The system of claim 8 , wherein the one or more of the removed plurality of sections that are redacted in the display indicate an authentication level required to display the one or more of the removed plurality of sections.
  10. 10 . The system of claim 1 , wherein the security process is a key fragmentation process that requires a plurality of users to be authenticated at specific authentication levels in order to access one of the plurality sections of the media.
  11. 11 . The system of claim 1 , wherein an Artificial Intelligence (AI) model is used to classify the media and compartmentalize the media into the plurality of sections based on the AI model learning what types of sensitive information is associated with the plurality of authentication levels.
  12. 12 . A method, comprising: creating, by a microprocessor, media, wherein the media is associated with a plurality of authentication levels, wherein the media is created based on a security process according to the plurality of authentication levels; dividing, by the microprocessor, the media, during creation of the media, into a plurality of sections, wherein each section of the plurality of sections corresponds to at least one of the plurality of authentication levels; and applying, by the microprocessor, the security process, during creation of the media, to each of the plurality of sections based on the plurality of authentication levels, such that different sections of the plurality of sections of the media are subject to different security processes according to their authentication levels, wherein the media is a real-time communication session and wherein the security process removes content in real-time according to which authentication level each member in the real-time communication session is authenticated to, and wherein a first member of the real-time communication session is logged in at a first authentication level, wherein a second member of the real-time communication session is logged in at a second authentication level authentication level, which is higher than the first authentication level, wherein the first member of the real-time communication session cannot see an identity of a third member in the real-time communication session, and wherein the second member of the real-time communication session can see the identity of the third member.
  13. 13 . The method of claim 12 , wherein the security process is encryption and where the plurality of sections are encrypted using a different encryption process and/or different encryption key.
  14. 14 . The method of claim 12 , wherein security process is a tokenization process and wherein the microprocessor readable and executable instructions further cause the microprocessor to: remove the plurality of sections from the media; and replace the plurality of sections in the media with a plurality of tokens.
  15. 15 . The method of claim 12 , wherein the security process is a key fragmentation process that requires a plurality of users to be authenticated at specific authentication levels in order to access one of the plurality sections of the media.
  16. 16 . A system, comprising: a microprocessor; and a computer readable memory, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to: retrieve media, wherein the media is associated with a plurality of authentication levels, wherein the media is created based on a security process according to the plurality of authentication levels, wherein the media is divided during creation of the media, into a plurality of sections with each section of the plurality of sections corresponding to at least one of the plurality of authentication levels, wherein the security process is applied during creation of the media to each of the plurality of sections based on a corresponding authentication level, such that different sections of the plurality of sections of the media are subject to different security processes according to their authentication levels, wherein the media is a real-time communication session and wherein the security process removes content in real-time according to which authentication level each member in the real-time communication session is authenticated to, and wherein a first member of the real-time communication session is logged in at a first authentication level, wherein a second member of the real-time communication session is logged in at a second authentication level authentication level, which is higher than the first authentication level, wherein the first member of the real-time communication session cannot see an identity of a third member in the real-time communication session, and wherein the second member of the real-time communication session can see the identity of the third member; retrieve a current authentication level of the first member; determine sections of the media that the first member can access based on the current authentication level of the first member; display the sections of the media that the first member can access based on the current authentication level of the first member; and not display or redact sections of the media that the first member cannot access based the current authentication level of the first member.
  17. 17 . The system of claim 16 , wherein the security process is encryption and where the plurality of sections are encrypted using a different encryption process and/or different encryption key.
  18. 18 . The system of claim 16 , wherein security process is a tokenization process and wherein the microprocessor readable and executable instructions further cause the microprocessor to: remove the plurality of sections from the media; and replace the plurality of sections in the media with a plurality of tokens.
  19. 19 . The system of claim 16 , wherein the security process is a key fragmentation process that requires a plurality of users to be authenticated at specific authentication levels in order to access one of the plurality sections of the media.
  20. 20 . The system of claim 16 , wherein an Artificial Intelligence (AI) model is used to classify the media and compartmentalize the media into the plurality of sections based on the AI model learning what types of sensitive information is associated with the plurality of authentication levels.

Description

FIELD The disclosure relates generally to multi-level authentication and particularly to managing how information is accessed and redacted using multi-level authentication. BACKGROUND Access to sensitive information is not always properly controlled. For example, data that does not have fine controls on access may allow a user, who should not have access to data, to be able to gain access to sensitive information. Alternatively, users who need access cannot get access to some types of sensitive information because the controls are not fine grained enough. SUMMARY These and other needs are addressed by the various embodiments and configurations of the present disclosure. The present disclosure can provide a number of advantages depending on the particular configuration. These and other advantages will be apparent from the disclosure contained herein. A media is created. The media may be a document, an image, a video file, an audio file, a real-time communication session, an email, a chat session, and/or the like. The media is associated with a plurality of authentication levels. For example, the media may use a first authentication level that requires a username/password and a second authentication level that requires a fingerprint scan of a user. The media is created based on a security process according to the plurality of authentication levels. For example, the security process may be an encryption process and/or a tokenization process. The media is divided into a plurality of sections based on the plurality of authentication levels. The security process is applied to the plurality of sections based on the plurality of authentication levels. In a second embodiment, the media is retrieved. The media is associated with the plurality of authentication levels. The media is created based on the security process according to the plurality of authentication levels. A current authentication level of a user is retrieved. Sections of the media that the user can access based on the current authentication level of the user are determined. The sections of the media that the user can access based on the current authentication level of the user are displayed to the user. Sections of the media that the user cannot access based the current authentication level of the user are not displayed or are redacted. The phrases “at least one”, “one or more”, “or,” and “and/or” are open-ended expressions that are both conjunctive and disjunctive in operation. For example, each of the expressions “at least one of A, B and C”, “at least one of A, B, or C”, “one or more of A, B, and C”, “one or more of A, B, or C”, “A, B, and/or C”, and “A, B, or C” means A alone, B alone, C alone, A and B together, A and C together, B and C together, or A, B and C together. The term “a” or “an” entity refers to one or more of that entity. As such, the terms “a” (or “an”), “one or more” and “at least one” can be used interchangeably herein. It is also to be noted that the terms “comprising,” “including,” and “having” can be used interchangeably. The term “automatic” and variations thereof, as used herein, refers to any process or operation, which is typically continuous or semi-continuous, done without material human input when the process or operation is performed. However, a process or operation can be automatic, even though performance of the process or operation uses material or immaterial human input, if the input is received before performance of the process or operation. Human input is deemed to be material if such input influences how the process or operation will be performed. Human input that consents to the performance of the process or operation is not deemed to be “material.” Aspects of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable