Security state vector for mobile network platform

US 20050254654A1
Filed: 12/03/2004
Published: 11/17/2005
Est. Priority Date: 04/19/2004
Status: Active Grant

First Claim

Patent Images

1. A method for communicating state of security in a mobile communications network, the method comprising:

generating data regarding severity of a plurality of security events onboard at least one mobile platform in a mobile communications network;

processing the data;

generating a message that includes the processed data; and

periodically transmitting the message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

State of security in a mobile communications network is communicated. Data regarding nature and severity of security events onboard at least one mobile platform is generated and processed. A message that includes the processed data is generated and transmitted periodically. The processed data makes up a security state vector that includes the number of security events detected since power-up of the mobile platform node, sum of highest severity security events since power-up or counter rollover, sum of the second highest severity security events detected since power-up or counter rollover, sum of the third highest severity security events detected since power-up or counter rollover, highest security event classification, second-highest security event classification, and third-highest security event classification. The processed data may be used in a network operations center to prioritize mobile platforms from which logged data should be retrieved for further investigation and monitoring.

118 Citations

27 Claims

1. A method for communicating state of security in a mobile communications network, the method comprising:
- generating data regarding severity of a plurality of security events onboard at least one mobile platform in a mobile communications network;
  
  processing the data;
  
  generating a message that includes the processed data; and
  
  periodically transmitting the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein processing the data includes:
    - tallying a total number of security events detected since startup;
      
      tallying a total number of security events detected since startup having a first level of severity;
      
      tallying a total number of security events detected since startup having a second severity level; and
      
      tallying a total number of security events detected since startup having a third severity level.
  - 3. The method of claim 1, wherein processing the data includes:
    - determining a highest level of severity within a predetermined time period;
      
      determining a second highest level of severity within the predetermined time period; and
      
      determining a third highest level of severity within the predetermined time period.
  - 4. The method of claim 1, further comprising:
    - outputting intrusion data from an intrusion detection system; and
      
      writing the intrusion data to a log.
  - 5. The method of claim 3, further comprising displaying, at a network management system, security status of the at least one mobile platform.
  - 6. The method of claim 5, further comprising:
    - deriving a security status indicator from the highest level of severity detected;
      
      sending a security status indicator event to the network management system; and
      
      issuing events in a network security management system for every intrusion detection event logged.
  - 7. The method of claim 6, further comprising at least one of accessing and clearing mobile platform security events.

8. A system for communicating state of security in a mobile communications network, the system comprising:
- a server onboard a mobile platform in a mobile communications network, the server including;
  
  a first component configured to generate data regarding severity of a plurality of security events onboard the mobile platform;
  
  a second component configured to process the data; and
  
  a third component configured to generate a message that includes the processed data; and
  
  a transmitter configured to periodically transmit the message.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, wherein the second component is configured to:
    - tally a total number of security events detected since startup;
      
      tally a total number of security events detected since startup having a first level of severity;
      
      tally a total number of security events detected since startup having a second severity level; and
      
      tally a total number of security events detected since startup having a third severity level.
  - 10. The system of claim 8, wherein the second component is configured to:
    - determine a highest level of severity within a predetermined time period;
      
      determine a second highest level of severity within the predetermined time period; and
      
      determine a third highest level of severity within the predetermined time period.
  - 11. The system of claim 8, further comprising an intrusion detection system configured to output intrusion data and write the intrusion data to a log.
  - 12. The system of claim 8, wherein the server further includes a fourth component configured to store upon receipt and periodically communicate the message to the transmitter.
  - 13. The system of claim 10, further comprising a network management system including a display device configured to display, at a network management system, security status of the mobile platform.
  - 14. The system of claim 13, wherein the network management system further includes:
    - a fifth component configured to derive a security status indicator from the highest level of severity determined;
      
      a sixth component configured to send a security status indicator event;
      
      a seventh component configured to retrieve a log of security events from at least one mobile platform based on relative severity of security events reported on the at least one mobile platform; and
      
      an eighth component configured to issue events for every intrusion detection event logged.
  - 15. The system of claim 14, wherein the network management system further includes an ninth component configured to at least one of access and clear raw mobile platform security events.

16. A mobile, platform comprising:
- a vehicle;
  
  a server onboard a mobile platform in a mobile communications network, the server including;
  
  a first component configured to generate data regarding severity of a plurality of security events onboard the mobile platform;
  
  a second component configured to process the data; and
  
  a third component configured to generate a message that includes the processed data; and
  
  a transmitter configured to periodically transmit the message.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The mobile platform of claim 16, wherein the second component is configured to:
    - tally a total number of security events detected since startup;
      
      tally a total number of security events detected since startup having a first level of severity;
      
      tally a total number of security events detected since startup having a second severity level; and
      
      tally a total number of security events detected since startup having a third severity level.
  - 18. The mobile platform of claim 16, wherein the second component is configured to:
    - determine a highest level of severity within a predetermined time period;
      
      determine a second highest level of severity within the predetermined time period; and
      
      determine a third highest level of severity within the predetermined time period.
  - 19. The mobile platform of claim 16, further comprising an intrusion detection system configured to output intrusion data and write the intrusion data to a log.
  - 20. The mobile platform of claim 16, wherein the server further includes a fourth component configured to store upon receipt and periodically communicate the message to the transmitter.
  - 21. The mobile platform of claim 16, wherein the vehicle includes at least one of an airplane, a maritime vessel, and a land vehicle.

22. A method for communicating state of security in a mobile communications network, the method comprising:
- generating data regarding severity of a plurality of security events onboard at least one mobile platform in a mobile communications network;
  
  processing the data;
  
  generating a message that includes the processed data;
  
  periodically transmitting the message;
  
  receiving the message at a network operations center;
  
  deriving security status of the mobile platform from the message; and
  
  displaying the derived security status.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein processing the data includes:
    - tallying a total number of security events detected since startup;
      
      tallying a total number of security events detected since startup having a first level of severity;
      
      tallying a total number of security events detected since startup having a second severity level; and
      
      tallying a total number of security events detected since startup having a third severity level.
  - 24. The method of claim 22, wherein processing the data includes:
    - determining a highest level of severity within a predetermined time period;
      
      determining a second highest level of severity within the predetermined time period; and
      
      determining a third highest level of severity within the predetermined time period.

25. A system for communicating state of security in a mobile communications network, the method comprising:
- a first subsystem disposed onboard a mobile platform in a mobile communications system, the first subsystem including;
  
  a server onboard the mobile platform, the server including;
  
  a first component configured to generate data regarding severity of a plurality of security events onboard the mobile platform;
  
  a second component configured to process the data; and
  
  a third component configured to generate a message that includes the processed data; and
  
  a transmitter configured to periodically transmit the message; and
  
  a second subsystem disposed at a network operations center, the second subsystem including;
  
  a receiver configured to receive the message;
  
  a processor configured to derive security status of the mobile platform from the message; and
  
  a display device configured to display the derived security status.
- View Dependent Claims (26, 27)
- - 26. The system of claim 25, wherein the second component is configured to:
    - tally a total number of security events detected since startup;
      
      tally a total number of security events detected since startup having a first level of severity;
      
      tally a total number of security events detected since startup having a second severity level; and
      
      tally a total number of security events detected since startup having a third severity level.
  - 27. The system of claim 25, wherein the second component is configured to:
    - determine a highest level of severity within a predetermined time period;
      
      determine a second highest level of severity within the predetermined time period; and
      
      determine a third highest level of severity within the predetermined time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Rockwell, Laurence I., Aldrich, Timothy M.

Granted Patent

US 8,051,477 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 67/12   specially adapted for propr...

H04W 12/121   Wireless intrusion detectio...

Security state vector for mobile network platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

118 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Security state vector for mobile network platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links