System, method and software for supplying activation information to a subsystem

US 7,516,490 B2
Filed: 03/29/2001
Issued: 04/07/2009
Est. Priority Date: 03/30/2000
Status: Active Grant

First Claim

Patent Images

1. A security system comprising:

an activation token identifying system characteristics and specifying a threat level and at least one preset activation measure, wherein a system characteristic is one of the group of a hardware system, a service, a configuration of a service, a service execution platform, and a service version;

a first system comprising a processor, the first system configured to at least review security and vulnerability information from information publishers and to provide the activation token based on the security and vulnerability information; and

a second system configured to receive the activation token from a source external to the second system, the second system further configured to determine whether the activation token is relevant by checking if actual characteristics at the second system correspond to the system characteristics identified by the activation token, the second system further configured to transform the activation token into at least one activation measure if the activation token is considered relevant by the second system, the activation measure configured to modify services executing at the second system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a form of reacting on security or vulnerability information relevant for a system comprising computer software and/or hardware or electronics, wherein a service provider with a first subsystem (1) is providing activation tokens to be received by a customer with a second subsystem (2). The activation tokens including activation information and naming of system characteristics in machine readable and filterable manner. The second subsystem (2) comprises receiving means (11) for controlling the receiving of the activation tokens, checking means (12) for automatically determining whether the activation information is relevant for the second subsystem (2) by checking whether the second subsystem has characteristics corresponding to the naming of an activation token, and transforming means (13) for transforming relevant activation information into at least one activation measure for the second subsystem (2). The activation measures will reduce the vulnerability of the second subsystem.

60 Citations

View as Search Results

18 Claims

1. A security system comprising:
- an activation token identifying system characteristics and specifying a threat level and at least one preset activation measure, wherein a system characteristic is one of the group of a hardware system, a service, a configuration of a service, a service execution platform, and a service version;
  
  a first system comprising a processor, the first system configured to at least review security and vulnerability information from information publishers and to provide the activation token based on the security and vulnerability information; and
  
  a second system configured to receive the activation token from a source external to the second system, the second system further configured to determine whether the activation token is relevant by checking if actual characteristics at the second system correspond to the system characteristics identified by the activation token, the second system further configured to transform the activation token into at least one activation measure if the activation token is considered relevant by the second system, the activation measure configured to modify services executing at the second system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising a cryptographic means configured to verify at the second system that the first system is a trusted service.
  - 3. The system of claim 1, further comprising a reporting means configured to report to a system administrator of the second system activation measures taken by the second system.
  - 4. The system of claim 1, wherein the first system is further configured to automatically filter the security and vulnerability information relevant to the system characteristics identified by the activation token.
  - 5. The system of claim 1, further comprising a list of a plurality of trusted service providers from whom activation tokens are accepted by the second system.
  - 6. The system of claim 1, wherein the at least one preset activation measure is shutting down a service affected by the specified threat level.
  - 7. The system of claim 1, wherein the at least one preset activation measure is reconfiguring the functionality of a service affected by the specified threat level.
  - 8. The system of claim 1, wherein the at least one preset activation measure is installing a patch for a service affected by the specified threat level.
  - 9. The system of claim 1, wherein the at least one preset activation measure is alerting a system administrator.

10. A security system comprising:
- an activation token identifying system characteristics and specifying a threat level and at least one preset activation measure, wherein a system characteristic is one of the group of a hardware system, a service, a configuration of a service, a service execution platform, and a service version;
  
  a first system comprising a processor, the first system configured to at least review security and vulnerability information from information publishers and to provide the activation token based on the security and vulnerability information, wherein the information publishers are external to the first system; and
  
  a second system configured to determine whether the activation token is relevant by checking if actual characteristics at the second system correspond to the system characteristics identified by the activation token, the second system further configured to transform the activation token into at least one activation measure if the activation token is considered relevant by the second system, the activation measure configured to modify services executing at the second system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, further comprising a cryptographic means configured to verify at the second system that the first system is a trusted service.
  - 12. The system of claim 10, further comprising a reporting means configured to report to a system administrator of the second system activation measures taken by the second system.
  - 13. The system of claim 10, wherein the first system is further configured to automatically filter the security and vulnerability information relevant to the system characteristics identified by the activation token.
  - 14. The system of claim 10, further comprising a list of a plurality of trusted service providers from whom activation tokens are accepted by the second system.
  - 15. The system of claim 10, wherein the at least one preset activation measure is shutting down a service affected by the specified threat level.
  - 16. The system of claim 10, wherein the at least one preset activation measure is reconfiguring the functionality of a service affected by the specified threat level.
  - 17. The system of claim 10, wherein the at least one preset activation measure is installing a patch for a service affected by the specified threat level.
  - 18. The system of claim 10, wherein the at least one preset activation measure is alerting a system administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Riordan, James F., Alessandri, Dominique
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US09/821,584
Publication Number

US 20020112179A1
Time in Patent Office

2,931 Days
Field of Search

713/200, 713/173, 705/66, 717/171, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/88   Detecting or preventing the...

G06Q 20/3672   initialising or reloading t...

H04L 63/1441   Countermeasures against mal...

System, method and software for supplying activation information to a subsystem

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and software for supplying activation information to a subsystem

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links