System and method for providing trustworthy network security concern communication in an active security management environment

US 6,611,869 B1
Filed: 03/31/2000
Issued: 08/26/2003
Est. Priority Date: 10/28/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A system for providing trustworthy network security concern communication in an active security management environment, comprising:

a client system storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system, further comprising;

a client security application generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;

a communications session established between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;

the server system storing a digital certificate comprising a validated client identifier for the client system on the server system, further comprising;

a server security application processing the certogram on the server system, including a validation module validating the certogram using the validated client identifier stored in the client digital certificate, the server security application evaluating the network security concern notification and the suggested action enclosed within the validated certogram;

one or more action sets maintained on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;

the actor system storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;

the modular network event management framework system storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system, further comprising;

a generation module generating a second certogram, including retrieving the action set associated with the network security concern which occurred and enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and

the actor system further comprising an active security application processing the certogram, including a validation module validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method for providing trustworthy network security concern communication in an active security management environment are described. A digital certificate including a validated server identifier for a server system is stored on a client system. A digital certificate including a validated client identifier for the client system is stored on the server system. A communications session between the client system and the server system is established. The communications session includes a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate. A certogram is generated upon the occurrence of a network security concern on the client system. The certogram encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram. The certogram is processed on the server system. The certogram is validated using the validated client identifier stored in the client digital certificate. The network security concern notification and the suggested action enclosed within the validated certogram are evaluated.

226 Citations

25 Claims

1. A system for providing trustworthy network security concern communication in an active security management environment, comprising:
- a client system storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system, further comprising;
  
  a client security application generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
  
  a communications session established between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
  
  the server system storing a digital certificate comprising a validated client identifier for the client system on the server system, further comprising;
  
  a server security application processing the certogram on the server system, including a validation module validating the certogram using the validated client identifier stored in the client digital certificate, the server security application evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
  
  one or more action sets maintained on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
  
  the actor system storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
  
  the modular network event management framework system storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system, further comprising;
  
  a generation module generating a second certogram, including retrieving the action set associated with the network security concern which occurred and enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
  
  the actor system further comprising an active security application processing the certogram, including a validation module validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
- - 2. A system according to claim 1, wherein both the server digital certificate and the client digital certificate contain a signature by a trusted root entity, further comprising:
3. A system according to claim 2, further comprising:
- the server system further comprising a comparison module comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate; and
  
  the client system further comprising a comparison module comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate.
4. A system according to claim 1, further comprising:
- a certificate revocation list maintained on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
  
  the server system determining the validity of the client digital certificate by accessing the certificate revocation list.
6. A system according to claim 1, further comprising:
- for each of the server system and the client system, the digital certificate obtained from a certificate authority server via a communications channel operating outside of the active security management environment.
7. A system according to claim 1, further comprising:
- a certificate authority server hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.
8. A system according to claim 1, wherein for each of the server system and the client system, the validated server identifier and the validated client identifier are both generated from at least one of a network address, a port address, media access controller address, a processor serial number, and randomly generated data.
9. A system according to claim 1, wherein the digital certificate is an X.509-compliant digital certificate.

5. A system according to claim 5, further comprising:
- an action set stored into a database interfaced with the modular network event management framework system;
  
  at least one network security concern associated with the client system;
  
  at least one action embedded into an action set; and
  
  a mapping table in the database storing the association for the at least one network security concern and the embedding of the at least one action.

10. A method for providing trustworthy network security concern communication in an active security management environment comprising:
- storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system;
  
  storing a digital certificate comprising a validated client identifier for the client system on the server system;
  
  establishing a communications session between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
  
  generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
  
  processing the certogram on the server system, including validating the certogram using the validated client identifier stored in the client digital certificate and evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
  
  maintaining one or more action sets on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
  
  storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
  
  storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system;
  
  generating a second certogram, comprising;
  
  retrieving the action set associated with the network security concern which occurred; and
  
  enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
  
  processing the certogram, including validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method according to claim 10, wherein both the server digital certificate and the client digital certificate contain a signature by a trusted root entity, further comprising:
12. A method according to claim 11, further comprising:
- comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate on the server system; and
  
  comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate on the client system.
13. A method according to claim 10, further comprising:
- maintaining a certificate revocation list on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
  
  determining the validity of the client digital certificate by accessing the certificate revocation list.
14. A method according to claim 10, further comprising:
- storing an action set into a database interfaced with the modular network event management framework system;
  
  associating at least one network security concern with the client system;
  
  embedding at least one action into an action set; and
  
  storing the association for the at least one network security concern and the embedding of the at least one action into a mapping table in the database.
15. A method according to claim 10, further comprising:
- for each of the server system and the client system, obtaining the digital certificate from a certificate authority server via a communications channel operating outside of the active security management environment.
16. A method according to claim 10, further comprising:
- hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.
17. A method according to claim 10, wherein for each of the server system and the client system, the validated server identifier and the validated client identifier are both generated from at least one of a network address, a port address, media access controller address, a processor serial number, and randomly generated data.
18. A method according to claim 10, wherein the digital certificate is an X.509-compliant digital certificate.

19. A computer-readable storage medium holding code for providing trustworthy network security concern communication in an active security management environment, comprising:
- storing a digital certificate comprising a validated server identifier for a server system on a client system wherein the server system is a modular network event management framework system;
  
  storing a digital certificate comprising a validated client identifier for the client system on the server system;
  
  establishing a communications session between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
  
  generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
  
  processing the certogram on the server system including validating the certogram using the validated client identifier stored in the client digital certificate and evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
  
  maintaining one or more action sets on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
  
  storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
  
  storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system;
  
  generating a second certogram, comprising;
  
  retrieving the action set associated with the network security concern which occurred; and
  
  enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
  
  processing the certogram, including validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. A storage medium according to claim 19, wherein both the server digital certificate and the client digital certificate contain a signature by a trusted root entity, further comprising:
21. A storage medium according to claim 20, further comprising:
- comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate on the server system; and
  
  comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate on the client system.
22. A storage medium according to claim 19, further comprising:
- maintaining a certificate revocation list on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
  
  determining the validity of the client digital certificate by accessing the certificate revocation list.
23. A storage medium according to claim 19, further comprising:
- storing an action set into a database interfaced with the modular network event management framework system;
  
  associating at least one network security concern with the client system;
  
  embedding at least one action into an action set; and
  
  storing the association for the at least one network security concern and the embedding of the at least one action into a mapping table in the database.
24. A storage medium according to claim 19, further comprising:
- for each of the server system and the client system, obtaining the digital certificate from a certificate authority server via a communications channel operating,outside of the active security management environment.
25. A storage medium according to claim 19, further comprising:
- hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Network Associates, Inc.
Inventors
Villa, Andrea, Eschelbeck, Gerhard
Primary Examiner(s)
Wiley, David
Assistant Examiner(s)
NGUYEN, PHUOC H

Application Number

US09/540,821
Time in Patent Office

1,243 Days
Field of Search

709/219, 709/225, 709/203, 709/229, 709/228, 713/166, 713/168, 713/152, 713/155, 713/178, 707/9, 707/10
US Class Current

709/228
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/069   using logs of notifications...

H04L 41/22   comprising specially adapte...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Y10S 707/99939   Privileged access

System and method for providing trustworthy network security concern communication in an active security management environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

226 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing trustworthy network security concern communication in an active security management environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

226 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links