Method and system for processing events

US 7,533,413 B2
Filed: 12/05/2003
Issued: 05/12/2009
Est. Priority Date: 12/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving an event from a first security engine;

identifying a second security engine configured to utilize information contained in the event, wherein the second security engine is unaware of the first security engine; and

communicating the information contained in the event to the second security engine via an event manager, wherein the event corresponds to identifying a password that does not comply with predetermined criteria; and

with the first security engine, the second security engine, and the event manager being included and executed in a single host computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An event, such as a security-related event, is received from a first security engine or another source. A second security engine is identified that is configured to utilize information contained in the event. The information contained in the event is then communicated to the second security engine. Additionally, other information, such as system state information, can be provided to one or more security engines.

Citations

29 Claims

1. A method comprising:
- receiving an event from a first security engine;
  
  identifying a second security engine configured to utilize information contained in the event, wherein the second security engine is unaware of the first security engine; and
  
  communicating the information contained in the event to the second security engine via an event manager, wherein the event corresponds to identifying a password that does not comply with predetermined criteria; and
  
  with the first security engine, the second security engine, and the event manager being included and executed in a single host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1 wherein the event identifies a password that does not comply with a length criteria.
  - 3. A method as recited in claim 1 wherein the event identifies an action performed by the first security engine in response to a detected vulnerability.
  - 4. A method as recited in claim 1 wherein the first security engine and the second security engine are application programs.
  - 5. A method as recited in claim 1 wherein the event identifies a password that does not include one or more required characters.
  - 6. A method as recited in claim 1 wherein the first security engine is a vulnerability analysis application program.
  - 7. A method as recited in claim 1 further comprising:
    - identifying a third security engine configured to utilize information contained in the event; and
      
      communicating the information contained in the event to the third security engine.
  - 8. A method as recited in claim 1 further comprising:
    - receiving an updated security policy;
      
      identifying at least one security engine that previously requested the security policy; and
      
      providing the updated security policy to the identified security engine.
  - 9. A method as recited in claim 1 further comprising:
    - receiving a request for data from the first security engine; and
      
      communicating the requested data to the first security engine.
  - 10. A method as recited in claim 1 further comprising storing information contained in the event in a central location accessible to a plurality of security engines.
  - 11. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 1.

12. A method comprising:
- receiving a security-related event from a first security-related application program, the security-related event being associated with a system state;
  
  identifying information contained in the security-related event;
  
  identifying a second security-related application program associated with the information contained in the security-related event, wherein the second security-related application program is unaware of the first security-related application program;
  
  communicating the information contained in the security-related event to the second security-related application program via an event manager; and
  
  with the first security-related application program, the second security-related application program, and the event manager being included and executed in a single host computer.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. A method as recited in claim 12 wherein the information includes whether a network connection is wired or wireless.
  - 14. A method as recited in claim 12 wherein the information includes whether a host computer is accessing a corporate network.
  - 15. A method as recited in claim 12 wherein the information includes whether a host computer is accessing an unknown network.
  - 16. A method as recited in claim 12 further comprising:
    - receiving system state information from a third security-related application program; and
      
      storing the system state information such that the system state information is accessible to the first security-related application program and the second security-related application program.
  - 17. A method as recited in claim 12 further comprising:
    - identifying a third security-related application program associated with the information contained in the security-related event; and
      
      communicating the information contained in the security-related event to the third security-related application program.
  - 18. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 12.

19. One or more tangible computer-readable media having stored thereon a computer program executed by one or more processors, comprising:
- a first security engine associated with a first type of security attack, the first security engine including configuration to detect a password that does not comply with predetermined criteria;
  
  a second security engine associated with a second type of security attack, wherein the second security engine is unaware of the first security engine;
  
  an event manager coupled to receive events from the first security engine and the second security engine, the event manager further to identify information contained in the events and to identify at least one security engine associated with information contained in a particular event, and further to communicate the information contained in the particular event to the at least one security engine andwith the first security engine, the second security engine, and the event manager being included and executed in a single host computer.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. One or more tangible computer-readable media as recited in claim 19 wherein the information contained in the events identifies a type of security attack.
  - 21. One or more tangible computer-readable media as recited in claim 19 wherein the information contained in each event identifies an action taken in response to a security attack.
  - 22. One or more tangible computer-readable media as recited in claim 19 wherein the information contained in the events includes system state information.
  - 23. One or more tangible computer-readable media as recited in claim 19 further comprising a third security engine coupled to the event manager and associated with a third type of security attack.
  - 24. One or more tangible computer-readable media as recited in claim 19 further comprising a storage device coupled to the event manager, the first security engine and the second security engine, the storage device to store event information.

25. One or more tangible computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to:
- receive a first security-related event from a first service, the first security-related event corresponding to a network-related aspect of a system state;
  
  identify information contained in the first security-related event;
  
  receive a second security-related event from a second service, wherein the second service is unaware of the first service;
  
  identify information contained in the second security-related event;
  
  communicate information contained in the first security-related event to the second service via an event manager;
  
  communicate information contained in the second security-related event to the first service via the event manager; and
  
  with the first service, the second service, and the event manager being included and executed in a single host computer.
- View Dependent Claims (26, 27, 28, 29)
- - 26. One or more tangible computer-readable media as recited in claim 25 wherein the first security-related event identifies a particular type of security attack.
  - 27. One or more tangible computer-readable media as recited in claim 25 wherein the one or more processors further store the information contained in the first security-related event and the information contained in the second security-related event for access by other services.
  - 28. One or more tangible computer-readable media as recited in claim 25 wherein the one or more processors further communicate information contained in the first security-related event to a third service.
  - 29. One or more tangible computer-readable media as recited in claim 25 wherein the first service is associated with a first type of security attack and the second service is associated with a second type of security attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fakes, Thomas F., Samuelsson, Anders M. E.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Kaplan; Benjamin A

Application Number

US10/729,096
Publication Number

US 20050125685A1
Time in Patent Office

1,985 Days
Field of Search

713/200, 726/24, 726/25, 726/22, 726/23
US Class Current

726/22
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/145   the attack involving the pr...

Method and system for processing events

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for processing events

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links