Self-Operating Security Platform

US 20080127343A1
Filed: 11/28/2006
Published: 05/29/2008
Est. Priority Date: 11/28/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

monitoring a security status of a first element of a first data-processing system;

detecting that an intrusion has occurred that targeted said first element; and

composing a third workflow script from a first portion of a first workflow script and a second portion of a second workflow script, based on said security status and on said detection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A platform is disclosed that enables security monitoring and protection across a plurality of related telecommunications devices. The self-operating security platform of the present invention is based on a collection of security adapters that are tied together and are coupled with an orchestration engine that loads and executes workflow scripts. Workflow scripts have been used for business applications, but their usage in real-time telecommunications devices is relatively new. Each security adapter monitors a different aspect of the system for intrusions or other security threats. The specific security protection rules are taught to the security platform in a basic profile; as the security platform runs, it builds up the actual profile of how the telecommunications device performs in a normal state. In other words, the security platform “composes” new workflow scripts from basic workflow scripts. The self-expanding nature of the workflow enables the telecommunications device to learn the behavioral patterns of its users.

18 Citations

View as Search Results

23 Claims

1. A method comprising:
- monitoring a security status of a first element of a first data-processing system;
  
  detecting that an intrusion has occurred that targeted said first element; and
  
  composing a third workflow script from a first portion of a first workflow script and a second portion of a second workflow script, based on said security status and on said detection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein said intrusion constitutes the accessing of a computer file without authorization.
  - 3. The method of claim 2 further comprising executing said third workflow script, wherein the execution results in an access permission of said computer file being changed.
  - 4. The method of claim 2 further comprising executing said third workflow script, wherein the execution results in reverting to an earlier version of said computer file.
  - 5. The method of claim 1 wherein said first element is a log file.
  - 6. The method of claim 1 wherein said first workflow script represents a first type of security attack.
  - 7. The method of claim 6 wherein said second workflow script represents a second type of security attack, and wherein the composition of said third workflow script is based on a rule about how said first type of security attack and said second type of security attack are combined.
  - 8. The method of claim 1 wherein said security status is monitored by a second data-processing system that is physically distinct from said first data-processing system.
  - 9. The method of claim 8 wherein said first data-processing system performs a first telecommunications function and wherein said second data-processing system performs a second telecommunications function.

10. A method comprising:
- receiving, at a first data-processing system, a first status indication from a second data-processing system, wherein said second data-processing system monitors a first element of said first data-processing system, and wherein said first status indication provides information about said first element; and
  
  executing;
  
  1) a first software module that performs a first telecommunications function, wherein said first software module utilizes said first element, and2) a first workflow script that is based on said first status indication;
  
  wherein said first data-processing system and said second data-processing system are physically distinct.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10 further comprising:
    - receiving, at said first data-processing system, a second status indication from a third data-processing system, wherein said third data-processing system monitors a second element of said first data-processing system, and wherein said second status indication provides information about said second element; and
      
      executing a second workflow script that is based on said second status indication;
      
      wherein said third data-processing system is physically distinct from said first data-processing system and said second data-processing system.
  - 12. The method of claim 11 further comprising executing a third workflow script that is based on said first workflow script and said second workflow script.
  - 13. The method of claim 12 wherein said first workflow script represents a first type of security attack.
  - 14. The method of claim 13 wherein said second workflow script represents a second type of security attack, and wherein the composition of said third workflow script is based on a rule about how said first type of security attack and said second type of security attack are combined.
  - 15. The method of claim 10 wherein said first telecommunications function is for initiating a call.
  - 16. The method of claim 10 wherein said second data-processing system performs a second telecommunications function.

17. A first data-processing system comprising:
- an interface for receiving a first status indication from a second data-processing system, wherein said second data-processing system monitors a first element of said first data-processing system, and wherein said first status indication provides information about said first element; and
  
  a processor for executing;
  
  1) a first software module that performs a first telecommunications function, wherein said first software module utilizes said first element, and2) a first workflow script that is based on said first status indication;
  
  wherein said first data-processing system and said second data-processing system are physically distinct.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The first data-processing system of claim 17 wherein:
    - said interface is also for receiving a second status indication from a third data-processing system, wherein said third data-processing system monitors a second element of said first data-processing system, and wherein said second status indication provides information about said second element; and
      
      said processor is also for executing a second workflow script that is based on said second status indication;
      
      wherein said third data-processing system is physically distinct from said first data-processing system and said second data-processing system.
  - 19. The first data-processing system of claim 17 further comprising executing a third workflow script that is based on said first workflow script and said second workflow script.
  - 20. The first data-processing system of claim 19 wherein said first workflow script represents a first type of security attack.
  - 21. The first data-processing system of claim 20 wherein said second workflow script represents a second type of security attack, and wherein the composition of said third workflow script is based on a rule about how said first type of security attack and said second type of security attack are combined.
  - 22. The first data-processing system of claim 17 wherein said first telecommunications function is for initiating a call.
  - 23. The first data-processing system of claim 17 wherein said second data-processing system performs a second telecommunications function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Scaria, Lincy, Baker, Albert J., Block, Frederick Peter, Schell, Scott Allan

Application Number

US11/564,210
Publication Number

US 20080127343A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06Q 10/06   Resources, workflows, human...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

Self-Operating Security Platform

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Self-Operating Security Platform

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links