Abstract: A security apparatus and method that provides Multi-Level and Multi-Category Mandatory Access Control (MAC) for controlling access to data within a database at the granularity of the data record. The access control mechanism is implemented so that it has no impact on the database. A standard labeling technology is used in which access to data is dependent on the label of the accessing entity and the label of the data being accessed. The data labels designate security access requirements for data within the database and are stored or generated in a label server that intercepts access requests to the database from remote users. User labels define user access rights and are retrieved or generated and linked to all access requests. The label server compares the user labels linked to an access request with the data label for the data requested to determine if user access is granted or denied.

Abstract: A security apparatus and method that provides Multi-Level and Multi-Category Mandatory Access Control (MAC) for controlling access to data within a database at the granularity of the data record. The access control mechanism is implemented so that it has no impact on the database. A standard labeling technology is used in which access to data is dependent on the label of the accessing entity and the label of the data being accessed. The data labels designate security access requirements for data within the database and are stored or generated in a label server that intercepts access requests to the database from remote users. User labels define user access rights and are retrieved or generated and linked to all access requests. The label server compares the user labels linked to an access request with the data label for the data requested to determine if user access is granted or denied.

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, and an electronically-activated switch for activating only the selected and authorized security level. Access to each level of restricted data requires a user to insert his smart card into a smart-card reader. The selection of an authorized level generates an activation signal, for a selected security level and permitted computer assets for the selected security level. Since only one security level is ever active and the switching from one level to another requires the computer RAM to be powered off, there can be no possibility of user access to unauthorized data.

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, and an electronically-activated switch for activating only the selected and authorized security level. Access to each level of restricted data requires a user to insert his smart card into a smart-card reader. The selection of an authorized level generates an activation signal, for a selected security level and permitted computer assets for the selected security level. Since only one security level is ever active and the switching from one level to another requires the computer RAM to be powered off, there can be no possibility of user access to unauthorized data.

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert-his smart card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart card.

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert his smart-card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart-card.