System and method for providing trustworthy network security concern communication in an active security management environment
First Claim
1. A system for providing trustworthy network security concern communication in an active security management environment, comprising:
- a client system storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system, further comprising;
a client security application generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
a communications session established between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
the server system storing a digital certificate comprising a validated client identifier for the client system on the server system, further comprising;
a server security application processing the certogram on the server system, including a validation module validating the certogram using the validated client identifier stored in the client digital certificate, the server security application evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
one or more action sets maintained on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
the actor system storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
the modular network event management framework system storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system, further comprising;
a generation module generating a second certogram, including retrieving the action set associated with the network security concern which occurred and enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
the actor system further comprising an active security application processing the certogram, including a validation module validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for providing trustworthy network security concern communication in an active security management environment are described. A digital certificate including a validated server identifier for a server system is stored on a client system. A digital certificate including a validated client identifier for the client system is stored on the server system. A communications session between the client system and the server system is established. The communications session includes a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate. A certogram is generated upon the occurrence of a network security concern on the client system. The certogram encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram. The certogram is processed on the server system. The certogram is validated using the validated client identifier stored in the client digital certificate. The network security concern notification and the suggested action enclosed within the validated certogram are evaluated.
226 Citations
25 Claims
-
1. A system for providing trustworthy network security concern communication in an active security management environment, comprising:
-
a client system storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system, further comprising;
a client security application generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
a communications session established between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
the server system storing a digital certificate comprising a validated client identifier for the client system on the server system, further comprising;
a server security application processing the certogram on the server system, including a validation module validating the certogram using the validated client identifier stored in the client digital certificate, the server security application evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
one or more action sets maintained on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
the actor system storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
the modular network event management framework system storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system, further comprising;
a generation module generating a second certogram, including retrieving the action set associated with the network security concern which occurred and enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
the actor system further comprising an active security application processing the certogram, including a validation module validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
the client system storing the client digital certificate;
the server system storing the server digital certificate; and
each of the client system and the server system authenticating the communications session using the client digital certificate and the server digital certificate stored on each of the client system and the server system.
-
-
3. A system according to claim 2, further comprising:
-
the server system further comprising a comparison module comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate; and
the client system further comprising a comparison module comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate.
-
-
4. A system according to claim 1, further comprising:
-
a certificate revocation list maintained on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
the server system determining the validity of the client digital certificate by accessing the certificate revocation list.
-
-
6. A system according to claim 1, further comprising:
for each of the server system and the client system, the digital certificate obtained from a certificate authority server via a communications channel operating outside of the active security management environment.
-
7. A system according to claim 1, further comprising:
a certificate authority server hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.
-
8. A system according to claim 1, wherein for each of the server system and the client system, the validated server identifier and the validated client identifier are both generated from at least one of a network address, a port address, media access controller address, a processor serial number, and randomly generated data.
-
9. A system according to claim 1, wherein the digital certificate is an X.509-compliant digital certificate.
-
5. A system according to claim 5, further comprising:
-
an action set stored into a database interfaced with the modular network event management framework system;
at least one network security concern associated with the client system;
at least one action embedded into an action set; and
a mapping table in the database storing the association for the at least one network security concern and the embedding of the at least one action.
-
-
10. A method for providing trustworthy network security concern communication in an active security management environment comprising:
-
storing a digital certificate comprising a validated server identifier for a server system on a client system, wherein the server system is a modular network event management framework system;
storing a digital certificate comprising a validated client identifier for the client system on the server system;
establishing a communications session between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
processing the certogram on the server system, including validating the certogram using the validated client identifier stored in the client digital certificate and evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
maintaining one or more action sets on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system;
generating a second certogram, comprising;
retrieving the action set associated with the network security concern which occurred; and
enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
processing the certogram, including validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
storing the client digital certificate on the client system;
storing the server digital certificate on the server system; and
authenticating the communications session using the client digital certificate and the server digital certificate stored on each of the client system and the server system.
-
-
12. A method according to claim 11, further comprising:
-
comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate on the server system; and
comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate on the client system.
-
-
13. A method according to claim 10, further comprising:
-
maintaining a certificate revocation list on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
determining the validity of the client digital certificate by accessing the certificate revocation list.
-
-
14. A method according to claim 10, further comprising:
-
storing an action set into a database interfaced with the modular network event management framework system;
associating at least one network security concern with the client system;
embedding at least one action into an action set; and
storing the association for the at least one network security concern and the embedding of the at least one action into a mapping table in the database.
-
-
15. A method according to claim 10, further comprising:
for each of the server system and the client system, obtaining the digital certificate from a certificate authority server via a communications channel operating outside of the active security management environment.
-
16. A method according to claim 10, further comprising:
hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.
-
17. A method according to claim 10, wherein for each of the server system and the client system, the validated server identifier and the validated client identifier are both generated from at least one of a network address, a port address, media access controller address, a processor serial number, and randomly generated data.
-
18. A method according to claim 10, wherein the digital certificate is an X.509-compliant digital certificate.
-
19. A computer-readable storage medium holding code for providing trustworthy network security concern communication in an active security management environment, comprising:
-
storing a digital certificate comprising a validated server identifier for a server system on a client system wherein the server system is a modular network event management framework system;
storing a digital certificate comprising a validated client identifier for the client system on the server system;
establishing a communications session between the client system and the server system comprising a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate;
generating a certogram upon the occurrence of a network security concern within the active security management environment which encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram;
processing the certogram on the server system including validating the certogram using the validated client identifier stored in the client digital certificate and evaluating the network security concern notification and the suggested action enclosed within the validated certogram;
maintaining one or more action sets on the modular network event management framework system, at least one of which associates one of the network security concerns with at least one suggested action to be performed by an actor system;
storing a digital certificate comprising a validated actor identifier for an actor system on the modular network event management framework system;
storing a digital certificate comprising a validated modular network event management framework system identifier for the modular network event management framework system on the actor system;
generating a second certogram, comprising;
retrieving the action set associated with the network security concern which occurred; and
enclosing a notification of the network security concern occurrence and the at least one suggested action in the action set within the second certogram; and
processing the certogram, including validating the certogram using the validated modular network event management framework system identifier stored in the modular network event management framework system digital certificate and evaluating the network security concern notification and the suggested action enclosed within the second validated certogram. - View Dependent Claims (20, 21, 22, 23, 24, 25)
storing the client digital certificate on the client system;
storing the server digital certificate on the server system; and
authenticating the communications session using the client digital certificate and the server digital certificate stored on each of the client system and the server system.
-
-
21. A storage medium according to claim 20, further comprising:
-
comparing the trusted root entity signature stored in the server digital certificate on the server system to the trusted root entity signature stored in the client digital certificate on the server system; and
comparing the trusted root entity signature stored in the client digital certificate on the client system to the trusted root entity signature stored in the server digital certificate on the client system.
-
-
22. A storage medium according to claim 19, further comprising:
-
maintaining a certificate revocation list on a certificate authority server, the certificate revocation list comprising a list of digital certificates which are no longer valid; and
determining the validity of the client digital certificate by accessing the certificate revocation list.
-
-
23. A storage medium according to claim 19, further comprising:
-
storing an action set into a database interfaced with the modular network event management framework system;
associating at least one network security concern with the client system;
embedding at least one action into an action set; and
storing the association for the at least one network security concern and the embedding of the at least one action into a mapping table in the database.
-
-
24. A storage medium according to claim 19, further comprising:
for each of the server system and the client system, obtaining the digital certificate from a certificate authority server via a communications channel operating,outside of the active security management environment.
-
25. A storage medium according to claim 19, further comprising:
hierarchically structuring the digital certificates for the server system and the client system by generating each of the digital certificates from a root digital certificate maintained on a certificate authority server.
Specification