CONTEXT-AWARE NETWORK ON A DATA EXCHANGE LAYER

US 20160219063A1
Filed: 12/19/2013
Published: 07/28/2016
Est. Priority Date: 09/28/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having stored thereon software instructions for a data exchange layer (DXL) device operable to:

connect to an enterprise service bus;

receive a DXL message on the enterprise service bus;

identify a DXL domain for the message;

if the DXL domain for the message is a first domain, process the message; and

if the DXL domain for the message is a second domain, ignore the message.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a context-aware network is disclosed, including threat intelligence services provided over a data exchange layer (DXL). The data exchange layer may be provided on an enterprise service bus, and may include services for classifying objects as malware or not malware. One or more DXL brokers may provide messaging services including, for example, publish-subscribe messaging and request-response messaging. Advantageously, DXL endpoint devices must make very few assumptions about other DXL endpoint devices.

Citations

20 Claims

1. A computer-readable medium having stored thereon software instructions for a data exchange layer (DXL) device operable to:
- connect to an enterprise service bus;
  
  receive a DXL message on the enterprise service bus;
  
  identify a DXL domain for the message;
  
  if the DXL domain for the message is a first domain, process the message; and
  
  if the DXL domain for the message is a second domain, ignore the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable medium of claim 1, further comprising instructions operable to:
    - identify a namespace for the message;
      
      If the namespace is a first namespace, process the message; and
      
      If the namespace is a second namespace, ignore the message.
  - 3. The computer-readable medium of claim 1, further comprising instructions operable to provide DXL broker services.
  - 4. The computer-readable medium of any of claim 1, wherein the instructions operable to provide DXL broker services are further operable to:
    - receive a plurality of DXL messages; and
      
      route each DXL message to a DXL endpoint.
  - 5. The computer-readable medium of any of claim 1, wherein the instructions operable to provide DXL broker services are further operable to:
    - provide a publish-subscribe architecture, wherein the publish-subscribe architecture is configured to receive a published message from a DXL endpoint and to deliver the published message to a plurality of other DXL endpoints.
  - 6. The computer-readable medium of any of claim 1, wherein the instructions operable to provide DXL broker services are further operable to:
    - provide a request-response architecture, wherein the request-response architecture is configured receive a request message from a first DXL endpoint directed to a second DXL endpoint; and
      
      route the request to the second DXL endpoint.
  - 7. The computer-readable medium of claim 6, wherein the instructions operable to provide DXL broker services are further operable to:
    - receive a response message from the second DXL endpoint; and
      
      route the response to the first DXL endpoint.
  - 8. The computer-readable medium of any of claim 1, wherein the instructions operable to process the message are further operable to:
    - identify the massage as a DXL publish message;
      
      determine that the DXL device subscribes to the publish message; and
      
      store data from the publish message in a local domain data repository.
  - 9. The computer-readable medium of any of claim 1, wherein the instructions operable to process the message are further operable to:
    - identify the message as a DXL request message; and
      
      publish a DXL response message, wherein the DXL response message is responsive to the DXL request message.

10. A data exchange layer (DXL) client comprising:
- a processor;
  
  a network interface communicatively coupled to the processor;
  
  a local domain data repository; and
  
  a memory having stored therein executable instructions operable to instruct the processor to;
  
  identify an object;
  
  query the local domain data repository;
  
  determine that the object has no stored attribute in the local domain data repository; and
  
  provide a DXL request message on the network interface requesting attribute data for the object.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The DXL client of claim 10, wherein the instructions are further operable to:
    - receive a DXL response message on the network interface, the DXL response message including attribute data for the object; and
      
      update the local reputation repository with the attribute data for the object.
  - 12. The DXL client of claim 10, wherein the DXL response message is a published DXL message.
  - 13. The DXL client of any of claim 10, wherein the instructions are further operable to:
    - determine a local attribute for the object; and
      
      publish a DXL message on the network interface containing the determined local reputation.
  - 14. The DXL client of any of claim 10, further comprising:
    - a user interface configured to provide user input and output; and
      
      wherein the instructions are further operable to;
      
      solicit a user confirmation response before loading the object into memory; and
      
      publish the user'"'"'s confirmation response on the network interface.

15. A data exchange layer (DXL) broker comprising:
- a processor;
  
  a network interface configured to communicatively couple the processor to a DXL enterprise service bus;
  
  a local object repository; and
  
  a memory having stored thereon executable instructions operable to instruct the processor to provide DXL broker services on the network interface, and further configured to;
  
  receive a DXL message;
  
  determine a recipient for the DXL message; and
  
  forward the DXL message to the recipient.
- View Dependent Claims (16, 17, 18)
- - 16. The DXL broker of claim 15, wherein the DXL message is a DXL request.
  - 17. The DXL broker of claim 15, wherein the DXL message is a DXL response.
  - 18. The DXL broker of any of claim 15, wherein the DXL message is a DXL published message.

19. A method of providing data exchange layer (DXL) services comprising:
- connecting to an enterprise service bus;
  
  receiving a data value from a first client on the enterprise service bus;
  
  receiving a data value from a second client on the enterprise service bus, wherein the data value from the first client does not match the data value from the second client;
  
  reconciling the data values to create a reconciled data value; and
  
  storing the reconciled data value in a local data repository.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising publishing the reconciled value on the enterprise service bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Nadkarni, Hemang, Das, Sudeep

Granted Patent

US 10,135,845 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 67/01   Protocols

CONTEXT-AWARE NETWORK ON A DATA EXCHANGE LAYER

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTEXT-AWARE NETWORK ON A DATA EXCHANGE LAYER

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links