Device for Preventing, Detecting and Responding to Security Threats

US 20110238979A1
Filed: 03/23/2010
Published: 09/29/2011
Est. Priority Date: 03/23/2010
Status: Active Grant

First Claim

Patent Images

1. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprisinga microcomputer;

one or more communications ports for connecting the device tothe controlled host; and

the one or more services connected to the controlled host;

memory for storinginformation pertaining to one or more user permitted to use the controlled host; and

one or more configuration for communication between the controlled host and the one or more services;

input device for collecting information for authenticating a user of the controlled host;

a user authenticator; and

communications protocol for controlling communications between the controlled host and the one or more services.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services.

80 Citations

View as Search Results

20 Claims

1. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprisinga microcomputer;
- one or more communications ports for connecting the device tothe controlled host; and
  
  the one or more services connected to the controlled host;
  
  memory for storinginformation pertaining to one or more user permitted to use the controlled host; and
  
  one or more configuration for communication between the controlled host and the one or more services;
  
  input device for collecting information for authenticating a user of the controlled host;
  
  a user authenticator; and
  
  communications protocol for controlling communications between the controlled host and the one or more services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The device of claim 1, wherein the communications protocolincludes a cryptographic engine;
    - monitors communication between the controlled host and the one or more services;
      
      includes stateful internet protocol firewall;
      
      filters communications based on media access control addresses;
      
      proxies address resolution protocol;
      
      includes a network intrusion detection system;
      
      includes a proxy server; and
      
      applies security protocol to the communication between the controlled host and the one or more services.
  - 3. The device of claim 2, wherein the security protocol is the Internet Protocol Security (IPSec).
  - 4. The device of claim 3, wherein the cryptographic enginenegotiates cryptographic keys between the controlled host and the one or more services;
    - encrypts communications between the controlled host and the one or more services; and
      
      ensures privacy and integrity of communications between the controlled host and the one or more services.
  - 5. The device of claim 4, wherein the user authenticatorcompares the information pertaining to the user of the controlled host with the information pertaining to the one or more user permitted to use the controlled host;
    - anddesignates the user of the controlled host as one ofan authorized user if the information pertaining to the user of the controlled host matches the information pertaining to the one or more user permitted to use the controlled host; and
      
      an unauthorized user if the information pertaining to the user of the controlled host does not match the information pertaining to the one or more user permitted to use the controlled host.
  - 6. The device of claim 5, wherein the one or more user specific configuration for communication comprises one or more offiltering rules;
    - monitoring rules;
      
      authorization rules; and
      
      proxy configurations.
  - 7. The device of claim 6, whereinthe one or more configuration for communication is for the authorized user;
    - the one or more configuration for communication is for the unauthorized user; and
      
      the one or more configuration for communication is for preventing malicious intent.
  - 8. The device of claim 7, wherein the communications protocol activates and controls communication between the controlled host and the one or more services withthe one or more configuration for communication for preventing malicious intent;
    - the one or more configuration for communication for the authorized user if the user authenticator designates the user of the controlled host as the authorized user; and
      
      the one or more configuration for communication for the unauthorized user if the user authenticator designates the user of the controlled host as the unauthorized user.
  - 9. The device of claim 8, wherein the communications protocolcompares the one or more activated configuration with the communication between the controlled host and the one or more services;
    - authorizes the communication if the communication is in compliance with the one or more activated configurations;
      
      prevents the communication if the communication is not in compliance with the one or more activated configurations; and
      
      changes the activated configurations upon detecting communications comprising one or more ofmalicious intent; and
      
      malformed packets.
  - 10. The device of claim 9, wherein the user is prevented from using one or more ofthe controlled host;
    - andone or more services.
  - 11. The device of claim 10, wherein the controlled host is prevented from accessing one or more services.
  - 12. The device of claim 11, wherein the means for connecting the device to the controlled host and to the one or more services comprises one or more ofa cross-over cable;
    - a universal serial bus connection;
      
      a serial cable;
      
      a parallel cable; and
      
      wireless connectivity.
  - 13. The device of claim 12, wherein the input device for collecting information for authenticating a user of the controlled host includes one or more ofa smart card reader;
    - a biometric device;
      
      a retina scanner;
      
      a finger print scanner;
      
      a palm print scanner; and
      
      a face scanner.
  - 14. The device of claim 13, wherein the one or more services includes one or more ofa computer network;
    - a display unit;
      
      a keyboard; and
      
      a mouse.
  - 15. The device of claim 14 connected to a network switch, wherein the device prevents, detects and responds to one or more security threats between one or more controlled host and one or more services connected to the network switch.

16. A method for preventing, detecting and responding to one or more security threats between a controlled host and one or more services connected to the controlled host, the method comprising the steps ofcollecting information for authenticating a user of the controlled host;
- comparing the information of the user of the controlled host with information for one or more user permitted to use the controlled host;
  
  designating the user of the controlled host as one ofan authorized user if the information pertaining to the user of the controlled host matches the information pertaining to the one or more user permitted to use the controlled host; and
  
  an unauthorized user if the information pertaining to the user of the controlled host does not match the information pertaining to the one or more user permitted to use the controlled host;
  
  activating one or more configurations for communication between the controlled host and the one or more services, wherein the one or more activated configuration comprisesconfigurations associated with the user of the controlled host;
  
  configuration for preventing malicious intent; and
  
  configuration for one ofthe authorized user; and
  
  the unauthorized user.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, further comprising the steps ofnegotiating cryptographic keys between the controlled host and the one or more services;
    - monitoring communication between the controlled host and the one or more services;
      
      configuring the communication between the controlled host and the one or more services into one or more packets;
      
      evaluating internet protocol tables;
      
      filtering media access control address;
      
      applying address resolution protocol;
      
      checking for network intrusion detection;
      
      evaluating the one or more packets with a proxy server; and
      
      applying security protocol to the communication between the controlled host and the one or more services.
  - 18. The method of claim 17, further comprising the steps ofcomparing the one or more activated configuration with the communication between the controlled host and the one or more services;
    - authorizing the communication if the communication is in compliance with the one or more activated configuration;
      
      preventing the communication if the communication is not in compliance with the one or more activated configuration; and
      
      changing the activated configurations upon detecting communications comprising one or more ofmalicious intent; and
      
      malformed packets.

19. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprisingmeans for collecting information for authenticating a user of the controlled host;
- means for comparing the information of the user of the controlled host with information for one or more user permitted to use the controlled host;
  
  means for designating the user of the controlled host as one ofan authorized user if the information pertaining to the user of the controlled host matches the information pertaining to the one or more user permitted to use the controlled host; and
  
  an unauthorized user if the information pertaining to the user of the controlled host does not match the information pertaining to the one or more user permitted to use the controlled host;
  
  means for activating one or more configurations for communication between the controlled host and the one or more services, wherein the one or more activated configuration comprisesconfigurations associated with the user of the controlled host;
  
  configuration for preventing malicious intent; and
  
  configuration for one ofthe authorized user; and
  
  the unauthorized user.
- View Dependent Claims (20)
- - 20. The device of claim 19, further comprisingmeans for negotiating cryptographic keys between the controlled host and the one or more services;
    - means for monitoring communication between the controlled host and the one or more services;
      
      means for configuring the communication between the controlled host and the one or more services into one or more packets;
      
      means for evaluating internet protocol tables;
      
      means for filtering media access control address;
      
      means for applying address resolution protocol;
      
      means for checking for network intrusion detection;
      
      means for evaluating the one or more packets with a proxy server;
      
      means for applying security protocol to the communication between the controlled host and the one or more services;
      
      means for comparing the one or more activated configuration with the communication between the controlled host and the one or more services;
      
      means for authorizing the communication if the communication is in compliance with the one or more activated configuration;
      
      means for preventing the communication if the communication is not in compliance with the one or more activated configuration; and
      
      means for changing the activated configurations upon detecting communications comprising one or more ofmalicious intent; and
      
      malformed packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adventium Enterprises, Adventium Enterprises LLC
Original Assignee
Adventium Labs
Inventors
Harp, Steven Alex, O'Brien, Richard C., Payne, Charles N. JR., Gohde, Johnathan A., VanRiper, Ryan A., Haigh, J. Thomas

Granted Patent

US 9,485,218 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0281   Proxies

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 63/164   at the network layer

Device for Preventing, Detecting and Responding to Security Threats

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device for Preventing, Detecting and Responding to Security Threats

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links