Trusted and anonymous system and method for sharing threat data to industry assets

US 6,807,569 B1
Filed: 09/15/2000
Issued: 10/19/2004
Est. Priority Date: 09/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method for allowing sharing of information associated with threats to industry assets, comprises:

establishing a secured database comprised of threat data;

allowing predetermined entities access to said database;

augmenting the database with additional threat data received anonymously from at least one of a plurality of sources; and

notifying at least some of said predetermined entities of additional threat data received and augmented to the database, whereby said predetermined entities will know to access the database if it is desired to learn more about the threat data wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before augmenting the database.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method serves to anonymously share information about security incidents and vulnerability in corporate and national information infrastructures. The method and system provides for submitting information and categorizing the corresponding data in a secure manner in which the submitting party'"'"'s anonymity is ensured. A secure facility such as a data center is established that provides for authenticated and, where appropriate, anonymous input, ensuring availability of information associated with threats to industry assets and the available resolutions or solutions. The information may be shared securely through, for example, the World Wide Web, between authorized organizations.

164 Citations

19 Claims

1. A method for allowing sharing of information associated with threats to industry assets, comprises:
- establishing a secured database comprised of threat data;
  
  allowing predetermined entities access to said database;
  
  augmenting the database with additional threat data received anonymously from at least one of a plurality of sources; and
  
  notifying at least some of said predetermined entities of additional threat data received and augmented to the database, whereby said predetermined entities will know to access the database if it is desired to learn more about the threat data wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before augmenting the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein said threat data received anonymously is further reviewed by a process of key word search and removal, and for therefore transmitting the additional threat data for review and classification by an analyst.
  - 3. The method of claim 1 wherein said predetermined entities are subscribed participants about which information is stored, and further comprising selectively notifying said participants in accordance with the type of additional threat data received and augmented to the database.
  - 4. The method of claim 3 wherein said participants can selectively identify only specific types of threat data which has been augmented to the database about which they wish to be notified.
  - 5. The method of claim 1 wherein said predetermined entities are subscribed participants about which information is stored, and said plurality of sources comprises said participants, and vendors and government sources.
  - 6. The method of claim 1 wherein said threat data is comprised of and arranged in the database as, (a) incident data, (b) vulnerability data, (c) threat activity data, and (d) vendor data, and further comprising storing incident resolution data separately in the database.
  - 7. The method of claim 6 further comprising, for threat data received from a participant, temporarily storing said submitted threat data in a separate sanitized database, removing source-identifying information from threat data received, authenticating said threat data through an authentication mechanism, and after sanitizing and authenticating, augmenting the secured database with said submitted threat data.
  - 8. The method of claim 6 further comprising classifying the threat data in accordance with the nature of the threat data severity as:
    - (a) crisis threat data;
      
      (b) urgent threat data; and
      
      (c) awareness threat data; and
      
      notifying participants in the case of crisis or urgent threat data is received and stored in the secured database.
  - 9. The method of claim 8 wherein said notification of participants is done electronically.

10. A system for allowing sharing of information associated with threats to industry assets, comprising:
- a data center comprised of a secured database containing threat data stored thereon;
  
  a communications interface for allowing predetermined entities access to said database;
  
  a temporary database store for storing additional threat data received anonymously from at least one of a plurality of sources for allowing review and classification of said additional threat data;
  
  said secured database being connected to said temporary database store for allowing said additional threat data to be stored on the secured database once it has been reviewed and classified; and
  
  an electronic notification system for notifying at least some of said selected entities about additional threat data stored on the secured database, whereby said selected entities will know to access the secured database if the additional threat data stored thereon is of interest wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before storing the threat data in the secured database.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10 further comprising an automated system for reviewing said additional threat data received anonymously by a process of key word search and removal, and for thereafter transmitting the additional threat data for review and classification by an analyst.
  - 12. The system of claim 10 wherein said predetermined entities are subscribed participants, and further comprising a participant database comprised of participant information, including information about which type of additional threat data stored in the secured database each participant wishes to be notified about.
  - 13. The system of claim 12 wherein the communications interface allows connection to third-party anonymizer systems to allow participants to submit additional threat data anonymously.
  - 14. The system of claim 13 wherein said participant database contains authentication information about each participant to allow authentication of additional threat data received anonymously from participants.
  - 15. The system of claim 10 wherein said predetermined entities are subscribed participants, and further comprising a participant database comprised of participant information, including information about which type of additional threat data stored on the secured database each participant wishes to be notified about, and said plurality of sources comprises said participants, vendors and government sources.
  - 16. The system of claim 10 wherein said threat data is comprised of and arranged in the database as, (a) incident data, (b) vulnerability data, (c) threat activity data, and (d) vendor data, and further comprising incident resolution data separately arranged in the database.
  - 17. The system of claim 16 further comprising, for additional threat data anonymously submitted by participants, a mechanism for authenticating the additional threat data.
  - 18. The system of claim 16 wherein said additional threat data is classified as one of crisis threat data, urgent threat data, and awareness threat data, and wherein said electronic notification system is configured for notifying participants in the event crisis threat data or urgent threat data is added to the secured database as additional threat data.
  - 19. The system of claim 18 wherein said electronic notification system is configured for notifying said participants through at least one of pager, electronic mail and digital phone messaging.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos, Inc. (Leidos Holdings, Inc.)
Original Assignee
Science Applications International Corporation
Inventors
Bhimani, Anish, Weiss, Errol, Schugar, Francis W., Marlow, William
Primary Examiner(s)
EL HADY, NABIL M

Application Number

US09/662,569
Time in Patent Office

1,495 Days
Field of Search

709/217-219, 709/206, 705/8, 705/44, 705/64, 705/78, 713/200
US Class Current

709/217
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2117   User registration

G06Q 10/0635   Risk analysis of enterprise...

G06Q 20/0855   involving a third party

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/0823   using certificates cryptogr...

H04L 63/0838   using one-time-passwords

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

Trusted and anonymous system and method for sharing threat data to industry assets

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

164 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted and anonymous system and method for sharing threat data to industry assets

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links