Security system and method for computers connected to network

US 5,919,258 A
Filed: 02/06/1997
Issued: 07/06/1999
Est. Priority Date: 02/08/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A security system for a network including a plurality of computers, at least one computer from said plurality of computers on said network comprising:

an internal status monitor unit for monitoring an internal status of said one computer to detect an occurrence of a fault and a type of said fault occurred in said one computer;

an access control unit for controlling access to resources of said one computer to protect the resources from intrusion in accordance with the type of said fault occurred in said one computer;

a memory containing destination information of other computers on said network in accordance with the type of said fault occurred in said one computer; and

an information transmission unit for obtaining the destination information from said memory in accordance with the type of said fault occurred in said one computer, and for transmitting, through said network, a message indicating the occurrence of a fault and the type of said fault occurred in said one computer to at least one other computer from said plurality of computers on said network in accordance with the destination information obtained from said memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for a network connected with a plurality of computers is disclosed, in which one of the computers monitors the internal status thereof. An internal status monitor unit of the one computer detects the occurrence of a fault and the type of the fault in the one computer. An access control unit of the one computer controls the access to the resources of the one computer. An information transmission unit of the one computer transmits a message to other computers of the network indicating the occurrence of a fault and the type of the fault in the one computer through the network in the case where the internal status monitor unit detects the occurrence of the fault in the one computer. The access control unit executes the processing for protecting the resources of the one computer in accordance with the type of the fault of the one computer in the case where the internal status monitor unit detects the fault of the one computer.

205 Citations

31 Claims

1. A security system for a network including a plurality of computers, at least one computer from said plurality of computers on said network comprising:
- an internal status monitor unit for monitoring an internal status of said one computer to detect an occurrence of a fault and a type of said fault occurred in said one computer;
  
  an access control unit for controlling access to resources of said one computer to protect the resources from intrusion in accordance with the type of said fault occurred in said one computer;
  
  a memory containing destination information of other computers on said network in accordance with the type of said fault occurred in said one computer; and
  
  an information transmission unit for obtaining the destination information from said memory in accordance with the type of said fault occurred in said one computer, and for transmitting, through said network, a message indicating the occurrence of a fault and the type of said fault occurred in said one computer to at least one other computer from said plurality of computers on said network in accordance with the destination information obtained from said memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A security system according to claim 1, wherein:
    - said internal status monitor unit determines that a number of processes being executed in said one computer by a user is abnormal when the number of processes being executed in said one computer is not less than a predetermined value, andsaid access control unit limits initiation of a process in said one computer by said user when said internal status monitor unit determines that the number of processes being executed by said one computer is abnormal.
  - 3. A security system according to claim 2, wherein said access control unit limits the initiation of processes in said one computer by said user in a stepwise manner in accordance with the number of processes being executed in said one computer when said internal status monitor unit determines that the number of processes being executed by said one computer is abnormal.
  - 4. A security system according to claim 2, wherein said internal status monitor unit includes a table containing a limited value of the number of processes in execution permitted by said one computer for each of a plurality of predetermined users, said internal status monitor unit determining that the number of processes being executed in said one computer by said user is abnormal when the number of processes being executed by said user is not less than a corresponding limited value contained in said table.
  - 5. A security system according to claim 2, wherein said information transmission unit transmits a message indicating that the number of processes being executed in said one computer is abnormal and identifying said user when said internal status monitor unit determines that the number of processes being executed in said one computer is abnormal.
  - 6. A security system according to claim 1, wherein:
    - said internal status monitor unit determines that a volume of traffic in said one computer from said other computer is abnormal when a number of data packets received per unit of time from said other computer over said network is not less than a predetermined value, andsaid access control unit limits access to said one computer by said other computer on said network when said internal status monitor unit determines that the volume of traffic from said other computer is abnormal.
  - 7. A security system according to claim 6, wherein said access control unit limits access to said one computer by said other computer in a stepwise manner in accordance with the number of data packets received per unit of time from said other computer over said network when said internal status monitor unit determines that the volume of traffic from said other computer is abnormal.
  - 8. A security system according to claim 6, wherein said internal status monitor unit includes a table containing a limited value of the number of data packets which said other computer on said network is permitted to receive per unit of time, said internal status monitor unit determining that the number of data packets received from said other computer over said network is abnormal when the number of data packets per unit of time from said other computer is not less than said limited value contained in said table.
  - 9. A security system according to claim 6, wherein said information transmission unit transmits a message indicating that the volume of traffic from said other computer is abnormal and identifying said other computer when said internal status monitor unit determines that the volume of traffic from said other computer is abnormal.
  - 10. A security system according to claim 1, wherein:
    - said internal status monitor unit determines that one of a plurality of predetermined files is accessed abnormally when said one file is accessed by a user other than a predetermined user or when said one file is accessed using a program other than a predetermined program, andsaid access control unit limits access to said one file of said one computer when said internal status monitor unit determines that said file of said one computer is accessed abnormally.
  - 11. A security system according to claim 10, wherein said access control unit limits access to the files of said one computer by said user in a stepwise manner in accordance with the number of files in said one computer being accessed abnormally when said internal status monitor unit determines that said files of said one computer are accessed abnormally.
  - 12. A security system according to claim 10, wherein said internal status monitor unit includes a table for determining a user accessible to each of a plurality of predetermined files and a program usable for accessing said file, said internal status monitor unit determining that a file of said one computer is accessed abnormally when one of said predetermined files is accessed by a user other than a corresponding user registered in said table or when said one file is accessed using a program other than a corresponding program registered in said table.
  - 13. A security system according to claim 10, wherein said information transmission unit transmits a message indicating that a file of said one computer is accessed abnormally when said internal status monitor unit determines that said file of said one computer is accessed illegitimately or abnormally.
  - 14. A security system according to claim 1, wherein:
    - said information transmission unit further receives a message transmitted from said other computer over said network indicating occurrence of a fault and the type of said fault occurred in said other computer, andsaid access control unit executes access control processing for protecting the resources of said one computer in accordance with the type of said fault occurred in said other computer indicated in said message received from said other computer over said network.
  - 15. A security system according to claim 1, wherein said other computer on said network receives the message transmitted from said one computer over said network, and includes an access control unit for controlling access to protect resources from intrusion in accordance with the type of said fault occurred in said one computer indicated by the message received over said network.
  - 16. A security system according to claim 1, further comprising:
    - a firewall for connecting said plurality of computers to an external network; and
      
      said memory in said one computer further including information representing said firewall as a destination in accordance with a predetermined type of said fault occurred in said one computer;
      
      said information transmission unit in said one computer further obtaining, when said internal status monitor unit determines the type of said fault occurred in said one computer, the information representing said firewall as the destination from said memory in accordance with the type of said fault occurred and transmitting through said network a message indicating the occurrence of a fault and the type of said fault occurred in said one computer to said firewall, wherein said firewall performs access control processing for said plurality of computers in response to the message received from said one computer over said network.
  - 17. A security system according to claim 14, wherein said message received from said other computer over said network is determined for legitimacy with reference to the destination information contained in said memory, by decrypting an electronic signature indicating a source written in said message.

18. A security system for a network including a plurality of computers connected thereto, each computer comprising:
- an internal status monitor unit for monitoring an internal status of said computer to detect an occurrence of a fault and a type of said fault occurred in said computer;
  
  an access control unit for controlling access to resources of said computer;
  
  a memory containing destination information of other computers on said network in accordance with the type of said fault occurred in said computer; and
  
  an information transmission unit for obtaining the destination information from said memory in accordance with the type of said fault occurred in said computer, and for transmitting, through said network, to at least one other computer on said network a message indicating the occurrence of said fault in said computer and the type of said fault occurred in said computer in accordance with the destination information obtained from said memory, said information transmission unit further receiving from said other computer over said network a message indicating the occurrence of a fault and the type of said fault occurred in said other computer, and wherein said access control unit executes processing for protecting the resources of said computer in accordance with either the type of said fault occurred in said computer or the type of said fault indicated by a message received from said other computer over said network.
- View Dependent Claims (19, 22)
- - 19. A security system according to claim 18, wherein said message received from said other computer over said network is determined for legitimacy with reference to the destination information contained in said memory, by decrypting an electronic signature indicating a source written in said message.
  - 22. A security system according to claim 18, wherein said information transmission unit includes:
    - means for transmitting a message indicating that a number of processes being executed by said one computer is abnormal and identifying a user when said internal status monitor unit determines that the number of processes being executed in said one computer is abnormal;
      
      means for transmitting a message indicating that a volume of traffic from said external network or from said other computer on said internal network is abnormal and identifying said other computer when said internal status monitor unit determines that the volume of traffic from said external network or from said other computer on said internal network is abnormal; and
      
      means for transmitting a message indicating that one file of said one computer is accessed abnormally and identifying said one file when said internal status monitor unit determines that said one file of said one computer is accessed abnormally.

20. A security system for a network including a plurality of computers connected to an internal network, and at least one computer connected to an external network, said one computer comprising:
- an internal status monitor unit for monitoring an internal status of said one computer to detect an occurrence of a fault and a type of said fault occurred in said one computer;
  
  an access control unit for controlling access to resources of said one computer to protect the resources from intrusion in accordance with the type of said fault occurred in said one computer;
  
  a memory containing destination information of other computers on said internal network in accordance with the type of said fault occurred in said one computer; and
  
  an information transmission unit for obtaining the destination information from said memory in accordance with the type of said fault occurred in said one computer, and for transmitting a message to at least one other computer on said internal network indicating the occurrence of said fault and the type of said fault occurred in said one computer in accordance with the destination information obtained from said memory, andsaid other computer including an information transmission unit for receiving the message transmitted from said one computer on said internal network.
- View Dependent Claims (21, 23)
- - 21. A security system according to claim 20, wherein said internal status monitor unit includes:
    - means for determining that a number of processes being executed in said one computer is abnormal when a user from a plurality of predetermined users is executing not less than a predetermined number of processes in said one computer;
      
      means for determining that a volume of traffic from said external network of said one computer when a number of data packets received per unit of time from said external network is not less than a predetermined value, and determining the volume of traffic from said other computer on said internal network is abnormal when the number of data packets received per unit of time from said other computer is not less than said predetermined value; and
      
      means for determining that one of a plurality of predetermined files of said one computer is accessed abnormally when said one file is accessed by a user other than said predetermined users or when said one file is accessed using a program other than a predetermined program; and
      
      wherein said access control unit includes;
      
      means for limiting initiation of a process in said one computer by said one user when said internal status monitor unit determines that the number of processes being executed in said one computer is abnormal;
      
      means for limiting access to said one computer by said external network or by said other computer on said internal network when said internal status monitor unit determines that the volume of traffic from said external network or said other computer on said internal network is abnormal; and
      
      means for limiting access to said one file when said internal status monitor unit determines that said one file of said one computer is accessed abnormally.
  - 23. A security system according to claim 20, wherein said message received from said other computer over said network is determined for legitimacy with reference to the destination information contained in said memory, by decrypting an electronic signature indicating a source written in said message.

24. A network security method for a network implemented by one computer from a plurality of computers connected to said network, comprising the steps of:
- a) monitoring an internal status of said one computer to detect an occurrence of a fault and a type of said fault occurred in said one computer;
  
  b) executing access control processing to protect resources of said one computer in accordance with the type of said fault occurred in said one computer; and
  
  c) obtaining destination information from a memory in accordance with the type of said fault occurred in said one computer, and transmitting through said network a message to at least one other computer from said plurality of said computers on said network indicating the occurrence of a fault and the type of said fault occurred in said one computer in accordance with the destination information obtained from said memory.
- View Dependent Claims (25, 26, 27, 28)
- - 25. A network security method according to claim 24, further comprising the step of:
    - d) controlling access to resources of said other computer on said network and protecting said resources in accordance with the type of said fault occurred in said one computer indicated by said message transmitted from said one computer over said network.
  - 26. A network security method according to claim 24, wherein a firewall is connected between said plurality of computers and an external network, and said memory in said one computer further includes information representing said firewall as a destination corresponding to a predetermined type of a fault in said one computer, further comprising the steps of:
    - e) in said one computer, when the occurrence of said fault of said predetermined type is detected in said one computer in said step (a), obtaining the information representing said firewall as the destination from said memory in accordance with the fault detected and transmitting through said network a message indicating the occurrence of a fault and the type of said fault occurred in said one computer to said firewall over said network; and
      
      f) in said firewall, performing access control processing for said plurality of computers in response to the message transmitted in said step (e).
  - 27. A network security method according to claim 24, further comprising the steps of:
    - receiving a message transmitted from said other computer on said network indicating an occurrence of a fault and a type of said fault occurred in said other computer; and
      
      executing access control processing for protecting the resources of said one computer in accordance with the type of said fault occurred in said other computer indicated by said message received from said other computer over said network.
  - 28. A network security method according to claim 27, wherein said message received from said other computer over said network is determined for legitimacy with reference to the destination information contained in said memory, by decrypting an electronic signature indicating a source written in said message.

29. A network security method implemented by one computer connected to at least one external network from a plurality of computers connected to an internal network, comprising the steps of:
- a) monitoring an internal status of said one computer and detecting an occurrence of a fault and a type of said fault occurred in said one computer;
  
  b) executing access control processing for protecting resources of said one computer in accordance with the type of said fault occurred in said one computer; and
  
  c) obtaining destination information from a memory in accordance with the type of said fault occurred in said one computer, and transmitting through said internal network a message indicating the occurrence of a fault and the type of said fault occurred in said one computer to at least one other computer from said plurality of said computers on said internal network in accordance with the destination information obtained from said memory.
- View Dependent Claims (30, 31)
- - 30. A network security method according to claim 29, further comprising the steps of:
    - d) receiving said message transmitted from said other computer through said internal network indicating the occurrence of a fault and the type of said fault occurred in said other computer; and
      
      e) executing access control processing for protecting the resources of said one computer in accordance with the type of said fault occurred in said other computer indicated by said message received from said other computer over said internal network.
  - 31. A network security method according to claim 29, wherein said message received from said other computer over said network is determined for legitimacy with reference to the destination information contained in said memory, by decrypting an electronic signature indicating a source written in said message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Kayashima, Makoto, Terada, Masato
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/796,566
Time in Patent Office

880 Days
Field of Search

395/187.01, 395/186, 395/200.59, 395/183.14, 395/184.01, 395/185.1, 395/185.01
US Class Current

726/23
CPC Class Codes

G06F 11/3017   where the computing system ...

G06F 11/302   where the computing system ...

G06F 11/3055   Monitoring arrangements for...

G06F 21/554   involving event detection a...

H04L 41/0686   Additional information in t...

H04L 41/28   Restricting access to netwo...

H04L 43/0817   by checking functioning

H04L 63/1408   by monitoring network traff...

H04L 69/40   for recovering from a failu...

H04L 9/40   Network security protocols

Security system and method for computers connected to network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

205 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method for computers connected to network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links