Prevalence-based reputations

US 10,237,303 B2
Filed: 12/20/2013
Issued: 03/19/2019
Est. Priority Date: 09/29/2013
Status: Active Grant

First Claim

Patent Images

1. One or more tangible, non-transitory computer-readable mediums having stored thereon software instructions for providing a data exchange layer (DXL) domain master, the instructions operable to instruct a processor to:

communicatively couple to a DXL via a DXL broker configured to natively provide a brokered request-response (1;

1) framework on a publish-subscribe (1;

N) fabric by maintaining a message queuing telemetry transport (MQTT) DXL routing table of DXL endpoints registered to the DXL broker;

provide DXL messaging services to a plurality of DXL endpoints via the DXL, including providing control of a data domain comprising reconciling multiple conflicting inputs into a single record of truth;

store the record of truth in a domain database;

receive from a DXL endpoint a request for a reputation for an object via the DXL;

query the domain database for a record of truth comprising a prevalence for the object; and

respond to the reputation request by publishing via the DXL a DXL response comprising a prevalence-based reputation for the object.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, there is disclosed a method and system for calculating an object'"'"'s trust level for security purposes based on prevalence in a context-aware network. In an embodiment, as objects are accessed, a client queries a domain master such as a reputation server to evaluate the object'"'"'s reputation. The domain master may maintain a prevalence-based reputation database, which may be updated as new clients report object prevalences.

Citations

21 Claims

1. One or more tangible, non-transitory computer-readable mediums having stored thereon software instructions for providing a data exchange layer (DXL) domain master, the instructions operable to instruct a processor to:
- communicatively couple to a DXL via a DXL broker configured to natively provide a brokered request-response (1;
  
  1) framework on a publish-subscribe (1;
  
  N) fabric by maintaining a message queuing telemetry transport (MQTT) DXL routing table of DXL endpoints registered to the DXL broker;
  
  provide DXL messaging services to a plurality of DXL endpoints via the DXL, including providing control of a data domain comprising reconciling multiple conflicting inputs into a single record of truth;
  
  store the record of truth in a domain database;
  
  receive from a DXL endpoint a request for a reputation for an object via the DXL;
  
  query the domain database for a record of truth comprising a prevalence for the object; and
  
  respond to the reputation request by publishing via the DXL a DXL response comprising a prevalence-based reputation for the object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more tangible, non-transitory computer-readable mediums of claim 1, wherein the instructions operable to query the domain database for a record of truth are further operable to determine whether the object has an existing prevalence, and upon determining that the object does not have an existing prevalence, return a null prevalence.
  - 3. The one or more tangible, non-transitory computer-readable mediums of claim 2, wherein the null prevalence corresponds to a low reputation.
  - 4. The one or more tangible, non-transitory computer-readable mediums of claim 1, wherein the instructions operable to respond to the reputation request are further operable to calculate a reputation based on the prevalence for the object.
  - 5. The one or more tangible, non-transitory computer-readable mediums of claim 1, wherein the instructions operable to respond to the reputation request are further operable to query an existing reputation based on the prevalence for the object.
  - 6. The one or more tangible, non-transitory computer-readable mediums of claim 1, wherein the instructions are further operable to initialize the domain database for a record of truth by sending to the plurality of DXL endpoints a demand for initial reports.
  - 7. The one or more tangible, non-transitory computer-readable mediums of claim 1, wherein the instructions are further operable to receive prevalence updates from a plurality of clients, and to update the domain database for a record of truth based on the prevalence updates.

8. A data exchange layer (DXL) domain master comprising:
- a processor;
  
  a network interface; and
  
  a memory having stored thereon executable instructions operable to instruct the processor to;
  
  communicatively couple to a DXL via a DXL broker configured to natively provide a brokered request-response (1;
  
  1) framework on a publish-subscribe (1;
  
  N) fabric by maintaining a message queuing telemetry transport (MQTT) DXL routing table of DXL endpoints registered to the DXL broker;
  
  provide DXL messaging services to a plurality of DXL endpoints via the DXL,including providing control of a data domain comprising reconciling multiple conflicting inputs into a single record of truth, and storing the record of truth in a domain database; and
  
  receive from a DXL endpoint a request for a reputation for an object via the DXL;
  
  query the domain database for a record of truth comprising a prevalence for the object; and
  
  respond to the reputation request by publishing via the DXL a DXL response comprising a prevalence-based reputation for the object.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The DXL domain master of claim 8, wherein the instructions operable to query the domain database for a record of truth are further operable to determine whether the object has an existing prevalence, and upon determining that the object does not have an existing prevalence, return a null prevalence.
  - 10. The DXL domain master of claim 9, wherein the null prevalence corresponds to a low reputation.
  - 11. The DXL domain master of claim 8, wherein the instructions operable to respond to the reputation request are further operable to calculate a reputation based on the prevalence for the object.
  - 12. The DXL domain master of claim 8, wherein the instructions operable to respond to the reputation request are further operable to query an existing reputation based on the prevalence for the object.
  - 13. The DXL domain master of claim 8, wherein the instructions are further operable to initialize the domain database for a record of truth by sending to the plurality of DXL endpoints a demand for initial reports.
  - 14. The DXL domain master of claim 8, wherein the instructions are further operable to receive prevalence updates from a plurality of clients, and to update the domain database for a record of truth based on the prevalence updates.

15. A method of providing data exchange layer (DXL) domain master services on a DXL enterprise service bus, comprising:
- communicatively coupling to a DXL via a DXL broker configured to natively provide a brokered request-response (1;
  
  1) framework on a publish-subscribe (1;
  
  N) fabric by maintaining a message queuing telemetry transport (MQTT) DXL routing table of DXL endpoints registered to the DXL broker;
  
  providing DXL messaging services to a plurality of DXL endpoints via the DXL, including providing control of a data domain comprising reconciling multiple conflicting inputs into a single record of truth;
  
  storing the record of truth in a domain database;
  
  receiving from a DXL endpoint a request for a reputation for an object via the DXL;
  
  querying the domain database for a record of truth comprising a prevalence for the object; and
  
  responding to the reputation request by publishing via the DXL a DXL response comprising a prevalence-based reputation for the object.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein querying the domain database for a record of truth further comprises determining whether the object has an existing prevalence, and upon determining that the object does not have an existing prevalence, returning a null prevalence.
  - 17. The method of claim 16, wherein the null prevalence corresponds to a low reputation.
  - 18. The method of claim 15, wherein responding to the reputation request further comprises calculating a reputation based on the prevalence for the object.
  - 19. The method of claim 15, wherein responding to the reputation request further comprises querying an existing reputation based on the prevalence for the object.
  - 20. The method of claim 15, further comprising initializing the domain database for a record of truth by sending to the plurality of DXL endpoints a demand for initial reports.
  - 21. The method of claim 15, further comprising receiving prevalence updates from a plurality of clients, and to update the domain database for a record of truth based on the prevalence updates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, LLC
Inventors
Simone, Jr., Kenneth D., Whitehurst, Paul A., Boudreaux, Mark Joseph
Primary Examiner(s)
Harris, Christopher C

Application Number

US14/913,437
Publication Number

US 20160212173A1
Time in Patent Office

1,915 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/145 the attack involving the pr...

H04L 63/20 for managing network securi...

Prevalence-based reputations

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Prevalence-based reputations

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links