Systems and methods for providing supply-chain trust networks

US 10,033,764 B1
Filed: 11/16/2015
Issued: 07/24/2018
Est. Priority Date: 11/16/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing supply-chain trust networks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, wherein the at least one computing resource is used in computational tasks, and wherein the identifying the computational partnership further comprises;

receiving, from the primary computing entity, an identifier of the partnered computing entity as a computational partner of the primary computing entity; and

receiving, from the partnered computing entity, an agreement to provide the security data from the computing environment controlled by the partnered computing entity;

receiving, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment;

analyzing the security data to make a security determination about the computing environment controlled by the partnered computing entity, wherein;

analyzing the security data comprises identifying an indicator of a security threat in the security data that matches an indicator of a security threat from a computing environment controlled by the primary computing entity; and

making the security determination comprises inferring that the security threat from the computing environment controlled by the primary computing entity originated from the partnered computing entity based on the indicator of the security threat in the security data matching the indicator of the security threat from the computing environment controlled by the primary computing entity; and

providing, in response to identifying the computational partnership, the security determination about the computing environment controlled by the partnered computing entity to the primary computing entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for providing supply-chain trust networks may include (1) identifying a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, (2) receiving, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment, (3) analyzing the security data to make a security determination about the computing environment controlled by the partnered computing entity, and (4) providing, in response to identifying the computational partnership, the security determination about the computing environment to the primary computing entity. Various other methods, systems, and computer-readable media are also disclosed.

18 Citations

View as Search Results

17 Claims

1. A computer-implemented method for providing supply-chain trust networks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, wherein the at least one computing resource is used in computational tasks, and wherein the identifying the computational partnership further comprises;
  
  receiving, from the primary computing entity, an identifier of the partnered computing entity as a computational partner of the primary computing entity; and
  
  receiving, from the partnered computing entity, an agreement to provide the security data from the computing environment controlled by the partnered computing entity;
  
  receiving, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment;
  
  analyzing the security data to make a security determination about the computing environment controlled by the partnered computing entity, wherein;
  
  analyzing the security data comprises identifying an indicator of a security threat in the security data that matches an indicator of a security threat from a computing environment controlled by the primary computing entity; and
  
  making the security determination comprises inferring that the security threat from the computing environment controlled by the primary computing entity originated from the partnered computing entity based on the indicator of the security threat in the security data matching the indicator of the security threat from the computing environment controlled by the primary computing entity; and
  
  providing, in response to identifying the computational partnership, the security determination about the computing environment controlled by the partnered computing entity to the primary computing entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein:
    - receiving the security data comprises receiving the security data at a third-party computing system that is not controlled either by the primary computing entity or the partnered computing entity;
      
      analyzing the security data comprises analyzing the security data at the third-party computing system; and
      
      providing the security determination comprises providing the security determination from the third-party computing system.
  - 3. The computer-implemented method of claim 1, wherein the primary computing entity lacks access to the computing environment controlled by the partnered computing entity and therefore is not permitted to observe the security data without cooperation from the partnered computing entity.
  - 4. The computer-implemented method of claim 1, wherein the partnered computing entity deploys a telemetry collector within the computing environment controlled by the partnered computing entity to collect the security data and to provide the security data for external analysis.
  - 5. The computer-implemented method of claim 1, further comprising receiving, from the primary computing entity, a security requirement to apply to the partnered computing entity.
  - 6. The computer-implemented method of claim 5, further comprising receiving, from the partnered computing entity, an agreement to meet the security requirement.
  - 7. The computer-implemented method of claim 5, further comprising comparing the security determination with the security requirement to determine whether the partnered computing entity meets the security requirement.
  - 8. The computer-implemented method of claim 7, further comprising reporting to the primary computing entity whether the partnered computing entity meets the security requirement.
  - 9. The computer-implemented method of claim 1, wherein the computational partnership between the primary computing entity and the partnered computing entity entails at least one of:
    - data shared between the primary computing entity and the partnered computing entity; and
      
      computational infrastructure shared between the primary computing entity and the partnered computing entity.
  - 10. The computer-implemented method of claim 1, wherein the security data comprises at least one of:
    - software identified within the computing environment controlled by the partnered computing entity;
      
      at least one data object identified within the computing environment controlled by the partnered computing entity;
      
      at least one network location connected to from within the computing environment controlled by the partnered computing entity; and
      
      at least one security-relevant setting identified within the computing environment controlled by the partnered computing entity.
  - 11. The computer-implemented method of claim 1, wherein the security determination comprises at least one of:
    - a number of security failures identified within the computing environment controlled by the partnered computing entity;
      
      an amount of time between a security failure and a remediation of a security failure within the computing environment controlled by the partnered computing entity; and
      
      a measurement of compliance with a security policy.

12. A system for providing supply-chain trust networks, the system comprising:
- an identification module, stored in memory, that identifies a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, wherein the at least one computing resource is used in computational tasks and wherein the identification module identifies the computational partnership by;
  
  receiving, from the primary computing entity, an identifier of the partnered computing entity as a computational partner of the primary computing entity; and
  
  receiving, from the partnered computing entity, an agreement to provide the security data from the computing environment controlled by the partnered computing entity;
  
  a receiving module, stored in memory, that receives, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment;
  
  an analysis module, stored in memory, that analyzes the security data to make a security determination about the computing environment controlled by the partnered computing entity, wherein;
  
  analyzing the security data comprises identifying an indicator of a security threat in the security data that matches an indicator of a security threat from a computing environment controlled by the primary computing entity; and
  
  making the security determination comprises inferring that the security threat from the computing environment controlled by the primary computing entity originated from the partnered computing entity based on the indicator of the security threat in the security data matching the indicator of the security threat from the computing environment controlled by the primary computing entity;
  
  a providing module, stored in memory, that provides, in response to identifying the computational partnership, the security determination about the computing environment controlled by the partnered computing entity to the primary computing entity; and
  
  at least one physical processor configured to execute the identification module, the receiving module, the analysis module, and the providing module.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein:
    - the receiving module receives the security data at a third-party computing system that is not controlled either by the primary computing entity or the partnered computing entity;
      
      the analysis module analyzes the security data at the third-party computing system; and
      
      the providing module provides the security determination from the third-party computing system.
  - 14. The system of claim 12, wherein the primary computing entity lacks access to the computing environment controlled by the partnered computing entity and therefore is not permitted to observe the security data without cooperation from the partnered computing entity.
  - 15. The system of claim 12, wherein the partnered computing entity deploys a telemetry collector within the computing environment controlled by the partnered computing entity to collect the security data and to provide the security data for external analysis.
  - 16. The system of claim 12, the identification module receives, from the primary computing entity, a security requirement to apply to the partnered computing entity.

17. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, wherein the at least one computing resource is used in computational tasks and wherein identification of the computational partnership further comprises;
  
  receiving, from the primary computing entity, an identifier of the partnered computing entity as a computational partner of the primary computing entity; and
  
  receiving, from the partnered computing entity, an agreement to provide the security data from the computing environment controlled by the partnered computing entity;
  
  receive, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment;
  
  analyze the security data to make a security determination about the computing environment controlled by the partnered computing entity, wherein;
  
  analyzing the security data comprises identifying an indicator of a security threat in the security data that matches an indicator of a security threat from a computing environment controlled by the primary computing entity; and
  
  making the security determination comprises inferring that the security threat from the computing environment controlled by the primary computing entity originated from the partnered computing entity based on the indicator of the security threat in the security data matching the indicator of the security threat from the computing environment controlled by the primary computing entity; and
  
  provide, in response to identifying the computational partnership, the security determination about the computing environment controlled by the partnered computing entity to the primary computing entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Nachenberg, Carey
Primary Examiner(s)
Do, Khang D

Application Number

US14/942,995
Time in Patent Office

981 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 10/20   Administration of product r...

H04L 63/105   Multiple levels of security

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Systems and methods for providing supply-chain trust networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing supply-chain trust networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links