Security record transfer in a computing system

US 10,275,604 B2
Filed: 10/31/2014
Issued: 04/30/2019
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computing system, comprising:

a security information transfer subsystem, comprising;

an input monitoring agent to;

monitor output of a security scanning application;

detect storage of a security record by the security scanning application;

encrypt a copy of the security record; and

delete the security record after the copy is encrypted;

a secure transfer queue to;

decrypt the copy of the security record;

translate the decrypted copy of the security record to a form useable by a security monitor application; and

encrypt the translated copy of the security record; and

an output monitoring agent to;

predict a time when the security monitor application will attempt to import a new unencrypted security file;

decrypt the encrypted translated security record no more than a time interval prior to the predicted time;

store the decrypted translated security record as the new unencrypted security file; and

delete the new unencrypted security file after the security monitor application imports the file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An input monitoring agent detects storage of a security record by a security scanning application, encrypts a copy of the security record, and deletes the security record. A secure transfer queue decrypts the encrypted security record, translates the security record for use by a security monitoring application, and encrypts the translated security record. An output monitoring agent predicts when a security monitoring application will attempt to import a new security file, decrypts and stores the encrypted translated security record as the new security file, and deletes the new security file when the security monitoring application has completed importation.

Citations

15 Claims

1. A computing system, comprising:
- a security information transfer subsystem, comprising;
  
  an input monitoring agent to;
  
  monitor output of a security scanning application;
  
  detect storage of a security record by the security scanning application;
  
  encrypt a copy of the security record; and
  
  delete the security record after the copy is encrypted;
  
  a secure transfer queue to;
  
  decrypt the copy of the security record;
  
  translate the decrypted copy of the security record to a form useable by a security monitor application; and
  
  encrypt the translated copy of the security record; and
  
  an output monitoring agent to;
  
  predict a time when the security monitor application will attempt to import a new unencrypted security file;
  
  decrypt the encrypted translated security record no more than a time interval prior to the predicted time;
  
  store the decrypted translated security record as the new unencrypted security file; and
  
  delete the new unencrypted security file after the security monitor application imports the file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the input monitoring agent is to:
    - generate a transport block that includes the encrypted copy of the security record;
      
      wherein the system further comprises a transport processing engine to;
      
      receive the transport block from the input monitoring agent;
      
      extract, from the transport block, information describing content of the security record; and
      
      record and store the information in a security information transfer audit log;
      
      wherein the input monitoring agent is to further to establish a secure communication link with the transport processing engine; and
      
      transfer the transport block to the transport processing engine via the secure link.
  - 3. The system of claim 1, wherein the input monitoring agent is to apply a public key provided by the secure transfer queue to encrypt a symmetric encryption key applied to encrypt the copy of the security record, and transfer the encrypted symmetric encryption key in conjunction with the encrypted copy of the security record.
  - 4. The system of claim 1, wherein the secure transfer queue is to:
    - extract from data provided by the input monitoring agent, in conjunction with the encrypted security record, information specifying a format of the security record provided by the security scanning application, and a format of a security record useable by the security monitor application;
      
      translate the decrypted copy of the security record using the information;
      
      create a new symmetric encryption key;
      
      apply the new encryption key to encrypt the translated copy of the security record;
      
      encrypt the new symmetric encryption key using a public key of the output monitoring agent; and
      
      transfer the encrypted new symmetric encryption key to the output monitoring agent in conjunction with the encrypted translated security record.
  - 5. The system of claim 1, wherein the secure transfer queue to:
    - establish a secure communication link with the output monitoring agent;
      
      transfer the encrypted translated security record to the output monitoring agent via the secure link; and
      
      terminate the secure link on completion of transfer of the encrypted translated security record.

6. A method, comprising:
- scanning a computing system for vulnerabilities;
  
  monitoring, by an input monitoring agent, output of a security scanning tool performing the scanning;
  
  detecting, by the input monitoring agent, storage of a security record by the security scanning tool;
  
  encrypting, by the input monitoring agent, a copy of the security record; and
  
  deleting, by the input monitoring agent, the security record stored by the security scanning tool on completion of the copy of the security record;
  
  transferring the encrypted security record to a secure transfer queue;
  
  decrypting, by the secure transfer queue, the encrypted copy of the security record;
  
  translating, by the secure transfer queue, the decrypted copy of the security record to a form useable by a security monitor application;
  
  encrypting, by the secure transfer queue, the translated copy of the security record;
  
  transferring, by the secure transfer queue, the encrypted translated security record to an output monitoring agent;
  
  predicting, by the output monitoring agent, when the security monitor application will attempt to import a new security file;
  
  decrypting, by the output monitoring agent, the encrypted translated security record no more than a predetermined time interval prior to a predicted time that the security monitor application will attempt to import the new security file;
  
  storing, by the output monitoring agent, the decrypted translated security record as the new security file; and
  
  deleting, by the output monitoring agent, the new security file based on the security monitor application having completed importation of the file.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein transferring the encrypted security record to the secure transfer queue comprises:
    - transferring the encrypted security record via a transport processing engine;
      
      establishing a secure communication link with the transport processing engine;
      
      and transferring the encrypted security record to the transport processing engine via the secure link; and
      
      in the transport processing engine;
      
      extracting from data provided by the input monitoring agent in conjunction with the encrypted security record, information describing content of the security record; and
      
      storing the information in a security information transfer audit log.
  - 8. The method of claim 6, wherein encrypting the copy of the security record comprises applying a public key of the secure transfer queue to encrypt a symmetric encryption key applied to encrypt the copy of the security record, and transferring the encrypted security record to the secure transfer queue comprises transferring the encrypted symmetric encryption key in conjunction with the encrypted copy of the security record.
  - 9. The method of claim 6, further comprising:
    - extracting, by the secure transfer queue, from data provided by the input monitoring agent, in conjunction with the encrypted security record, information specifying an arrangement of the security record provided by the security scanning application, and an arrangement of a security record useable by the security monitor application;
      
      translating the decrypted copy of the security record using the information;
      
      creating a new symmetric encryption key;
      
      applying the new symmetric encryption key to encrypt the translated copy of the security record;
      
      encrypting the new symmetric encryption key using a public key of output monitoring agent; and
      
      transferring the encrypted new symmetric encryption key to the output monitoring agent in conjunction with the encrypted translated security record.

10. A computing system, comprising:
- a security information transfer subsystem, comprising;
  
  an input monitoring agent to;
  
  monitor output of computer system security scanning application;
  
  detect storage of a security record by the security scanning application;
  
  generate a copy of the security record stored by the security scanning application;
  
  delete the security record stored by the security scanning application on completion of the copy of the security record;
  
  encrypt the copy of the security record; and
  
  generate a transport block that includes the encrypted copy of the security record;
  
  a transport processing engine to;
  
  receive the transport block from the input monitoring agent;
  
  extract, from the transport block, information describing content of the security record; and
  
  store the information in a security information transfer audit log;
  
  a secure transfer queue to;
  
  receive the transport block from the transport processing engine;
  
  decrypt the copy of the security record;
  
  translate the decrypted copy of the security record to a form useable by a security monitor;
  
  encrypt the translated copy of the security record; and
  
  generate a processed block that includes the encrypted translated copy of the security record; and
  
  an output monitoring agent to;
  
  receive the encrypted, translated security record;
  
  monitor input timing of the security monitor;
  
  decrypt the encrypted, translated security record no more than a predetermined time interval prior to when, based on the monitored input timing of the security monitor, the security monitor is to check for availability of a file containing the translated security record;
  
  create the file containing the decrypted translated security record in storage that is accessible to the security monitor;
  
  determine whether the security monitor has imported the file containing the decrypted translated security record;
  
  delete the file containing the decrypted translated security record from the storage based on the security monitor having completed importation of the file.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the input monitoring agent is to establish a secure communication link with the transport processing engine, and transfer the transport block to the transport processing engine via the secure link.
  - 12. The system of claim 10, wherein the input monitoring agent is to apply a public key of the secure transfer queue to encrypt a symmetric encryption key applied to encrypt the copy of the security record, and include the encrypted symmetric encryption key in the transport block.
  - 13. The system of claim 10, wherein the secure transfer queue is to:
    - extract from the transport block information specifying an arrangement of the security record provided by the security scanning application, and an arrangement of a security record useable by a security monitor;
      
      translate the decrypted copy of the security record using the information.
  - 14. The system of claim 10, wherein the secure transfer queue is to:
    - create a new symmetric encryption key;
      
      apply the new symmetric encryption key to encrypt the translated copy of the security record;
      
      encrypt the new symmetric encryption key with a public key of the output monitoring agent;
      
      include the encrypted new symmetric encryption key in the processed block;
      
      establish a secure communication link with the output monitoring agent;
      
      transfer the processed block to the output monitoring agent via the secure link; and
      
      terminate the secure link on completion of transfer of the processed block.
  - 15. The system of claim 10, wherein the security scanning application is to continually monitor computers of the computer system for security vulnerabilities, and the security monitor is to track resolution of the security vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Lopez, Scott, Kalibjian, Jeff
Primary Examiner(s)
Su, Sarah

Application Number

US15/500,905
Publication Number

US 20170220812A1
Time in Patent Office

1,642 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 2221/034   Test or assess a computer o...

H04L 9/0822   using key encryption key

Security record transfer in a computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security record transfer in a computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links