Notifications in a computer system

US 10,708,307 B2
Filed: 08/10/2017
Issued: 07/07/2020
Est. Priority Date: 12/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method in a computer system, comprising:

configuring an analyzer provided in the computer system for detection of at least one adverse condition based at least in part on information of usage of or actions on at least one authentication credential obtained from the computer system,obtaining, by the analyzer provided in the computer system, the information of the usage of or the actions on the at least one authentication credential, by at least one host for authentication with at least one other host, wherein the computer system has received the at least one authentication credential from the at least one host and generated the information of the usage of or the actions on the at least one authentication credential,detecting, by the analyzer provided in the computer system and based at least in part on the information of the usage of or the actions on the at least one authentication credential, the at least one adverse condition relating to the at least one authentication credential, andtriggering, by the analyzer provided in the computer system, a notification in response to the detecting of the at least one adverse condition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

115 Citations

20 Claims

1. A method in a computer system, comprising:
- configuring an analyzer provided in the computer system for detection of at least one adverse condition based at least in part on information of usage of or actions on at least one authentication credential obtained from the computer system,obtaining, by the analyzer provided in the computer system, the information of the usage of or the actions on the at least one authentication credential, by at least one host for authentication with at least one other host, wherein the computer system has received the at least one authentication credential from the at least one host and generated the information of the usage of or the actions on the at least one authentication credential,detecting, by the analyzer provided in the computer system and based at least in part on the information of the usage of or the actions on the at least one authentication credential, the at least one adverse condition relating to the at least one authentication credential, andtriggering, by the analyzer provided in the computer system, a notification in response to the detecting of the at least one adverse condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, comprising detecting an adverse condition indicating improper or unauthorized management of the at least one authentication credential.
  - 3. The method of claim 1, comprising detecting an adverse condition indicating that the at least one authentication credential has been compromised.
  - 4. The method of claim 1, comprising detecting an adverse condition indicating an error in system administration in relation to the at least one authentication credential.
  - 5. The method of claim 1, comprising detecting an adverse condition indicating that the at least one authentication credential has not been used during a time period.
  - 6. The method of claim 1, comprising detecting an adverse condition indicating that the at least one authentication credential is used to authorize more than one user.
  - 7. The method of claim 1, wherein detecting an adverse condition comprises detecting a changed trust relationship without information of approval based on an existing trust relationship.
  - 8. The method of claim 1, comprising detecting an adverse condition indicating that the at least one authentication credential is used when no approval matching the at least one authentication credential can be found from a database.
  - 9. The method of claim 1, comprising detecting an adverse condition indicating that the at least one authentication credential is used to execute a shell or is used to execute at least one command that is not on a list of approved commands.
  - 10. The method according to claim 1, wherein at least one host associated with the at least one authentication credential comprises a virtual data processing instance.
  - 11. The method according to claim 1, wherein the at least one authentication credential comprises an authentication key such as a Secure Shell (SSH) authentication key.

12. An apparatus for a computer system, the apparatus comprising at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to:
- obtain information associated with usage of or actions on at least one authentication credential by at least one host for authentication with at least one other host, wherein the computer system has received the at least one authentication credential and generated the information associated with the usage of or the actions on the at least one authentication credential,detect, based at least in part on the information associated with the usage of or the actions on the at least one authentication credential, at least one adverse condition relating to the at least one authentication credential, andtrigger a notification in response to the detecting of the at least one adverse condition.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The apparatus of claim 12, configured to detect an adverse condition indicating that the at least one authentication credential has been compromised.
  - 14. The apparatus of claim 12, configured to detect an adverse condition indicating at least one of improper or unauthorized management of the at least one authentication credential and an error in system administration in relation to the at least one authentication credential.
  - 15. The apparatus of claim 12, configured to detect an adverse condition indicating that the at least one authentication credential has not been used during a time period.
  - 16. The apparatus of claim 12, configured to detect an adverse condition indicating that the at least one authentication credential is used to authorize more than one user.
  - 17. The apparatus of claim 12, configured to detect an adverse condition indicating at least one of:
    - the at least one authentication credential is used when no approval matching the at least one authentication credential can be found from a database,the at least one authentication credential is used to execute a shell, andthe at least one authentication credential is used to execute at least one command that is not on a list of approved commands.
  - 18. The apparatus according to claim 12, wherein at least one host associated with the at least one authentication credential comprises a virtual data processing instance.
  - 19. The apparatus of claim 18, configured to analyse information associated with authentication credentials used by hosts operated in a virtualized environment wherein a kernel can be shared by a multiple of virtual data processing instances.

20. A non-transitory computer readable media comprising program code for causing a processor of an analyzer to perform instructions in a computer system, the instructions performing a method comprising:
- obtaining information associated with usage of or actions on at least one authentication credential by at least one host for authentication with at least one other host, wherein the computer system has received the at least one authentication credential and generated the information associated with the usage of or the actions on the at least one authentication credential,detecting, by the analyzer and based at least in part on the information associated with the usage of or the actions on the at least one authentication credential, at least one adverse condition relating to the at least one authentication credential, andtriggering a notification in response to the detecting of the at least one adverse condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SSH Communications Security Oyj
Original Assignee
SSH Communications Security Oyj
Inventors
Ylonen, Tatu J.
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/673,625
Publication Number

US 20170366581A1
Time in Patent Office

1,062 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 61/4523   using lightweight directory...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321 : involving a third party or ...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3268 : using certificate validatio...

View All

Notifications in a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

115 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Notifications in a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links