Computer-implemented method and system for security event transport using a message bus

US 7,926,099 B1
Filed: 12/27/2005
Issued: 04/12/2011
Est. Priority Date: 07/15/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer device for security event transport using a message bus, comprising:

a message bus comprising a transient queue provided in a local memory on the computer device and having a first plurality of channels, a durable queue provided in one or more files stored on the computer device and having a second plurality of channels, and a persistent queue provided in a database communicatively coupled to the computer device and having a third plurality of channels;

a receiver unit configured to receive a plurality of security events from a plurality of publishers communicatively coupled to the computer device;

a queue unit configured to queue the plurality of security events received from the plurality of publishers in the message bus, wherein the queue unit includes a processor further configured to;

queue a first subset of the plurality of security events within one or more of the first plurality of channels in the transient queue, wherein the processor clears the first subset of the plurality of security events from the local memory that provides the transient queue in response to determining that one or more tasks running on the message bus have terminated;

queue a second subset of the plurality of security events within one or more of the second plurality of channels in the durable queue, wherein the processor recovers the second subset of the plurality of security events from the one or more files that provide the durable queue in response to determining that the one or more tasks running on the message bus have failed; and

queue a third subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue, wherein the processor removes the third subset of the plurality of security events from the database that provides the persistent queue in response to determining that one or more predetermined events have occurred; and

a transport unit configured to transport the plurality of security events queued in the message bus to a plurality of subscribers, wherein the transport unit transports the first subset of the plurality of security events queued in the transient queue to a first subset of the plurality of subscribers, transports the second subset of the plurality of security events queued in the durable queue to a second subset of the plurality of subscribers, and transports the third subset of the plurality of security events queued in the persistent queue to a third subset of the plurality of subscribers.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

Citations

27 Claims

1. A computer device for security event transport using a message bus, comprising:
- a message bus comprising a transient queue provided in a local memory on the computer device and having a first plurality of channels, a durable queue provided in one or more files stored on the computer device and having a second plurality of channels, and a persistent queue provided in a database communicatively coupled to the computer device and having a third plurality of channels;
  
  a receiver unit configured to receive a plurality of security events from a plurality of publishers communicatively coupled to the computer device;
  
  a queue unit configured to queue the plurality of security events received from the plurality of publishers in the message bus, wherein the queue unit includes a processor further configured to;
  
  queue a first subset of the plurality of security events within one or more of the first plurality of channels in the transient queue, wherein the processor clears the first subset of the plurality of security events from the local memory that provides the transient queue in response to determining that one or more tasks running on the message bus have terminated;
  
  queue a second subset of the plurality of security events within one or more of the second plurality of channels in the durable queue, wherein the processor recovers the second subset of the plurality of security events from the one or more files that provide the durable queue in response to determining that the one or more tasks running on the message bus have failed; and
  
  queue a third subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue, wherein the processor removes the third subset of the plurality of security events from the database that provides the persistent queue in response to determining that one or more predetermined events have occurred; and
  
  a transport unit configured to transport the plurality of security events queued in the message bus to a plurality of subscribers, wherein the transport unit transports the first subset of the plurality of security events queued in the transient queue to a first subset of the plurality of subscribers, transports the second subset of the plurality of security events queued in the durable queue to a second subset of the plurality of subscribers, and transports the third subset of the plurality of security events queued in the persistent queue to a third subset of the plurality of subscribers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer device of claim 1, wherein the processor included in the queue unit is further configured to:
    - queue the first subset of the plurality of security events within one or more of the second plurality of channels in the durable queue in response to determining that the first subset of the plurality of security events have one or more predetermined indicia, wherein the second subset of the plurality of security events includes the first subset of the plurality of security events; and
      
      queue the first subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue in response to determining that the first subset of the plurality of security events have the one or more predetermined indicia, wherein the third subset of the plurality of security events includes the first subset of the plurality of security events.
  - 3. The computer device of claim 1, further comprising a meter configured to:
    - examine a state of the message bus; and
      
      dynamically determine statistical metrics for partitioning bandwidth in the message bus from the examined state of the message bus.
  - 4. The computer device of claim 3, wherein the message bus is configured to:
    - reserve a first portion of the bandwidth in the message bus to the transient queue based on the statistical metrics dynamically determined from the examined state of the message bus;
      
      reserve a second portion of the bandwidth in the message bus to the durable queue based on the statistical metrics dynamically determined from the examined state of the message bus; and
      
      reserve a third portion of the bandwidth in the message bus to the persistent queue based on the statistical metrics dynamically determined from the examined state of the message bus.
  - 5. The computer device of claim 4, wherein the message bus is configured to:
    - partition the first portion of the bandwidth reserved to the transient queue among the first plurality of channels in the transient queue based on the dynamically determined statistical metrics;
      
      partition the second portion of the bandwidth reserved to the durable queue among the second plurality of channels in the durable queue based on the dynamically determined statistical metrics; and
      
      partition the third portion of the bandwidth reserved to the persistent queue among the third plurality of channels in the persistent queue based on the dynamically determined statistical metrics.
  - 6. The computer device of claim 5, wherein the message bus partitions the first portion of the bandwidth reserved to the transient queue, the second portion of the bandwidth reserved to the durable queue, and the third portion of the bandwidth reserved to the persistent queue at one or more of a scheduled time, a periodic interval, or in response to the dynamically determined statistical metrics reaching a threshold.
  - 7. The computer device of claim 1, wherein the plurality of channels in the transient queue, the durable queue, and the persistent queue provide different communication paths between the plurality of publishers and the plurality of subscribers, and wherein the queue unit is further configured to:
    - determine communication paths between the plurality of publishers and the first subset of the plurality of subscribers, the second subset of the plurality of subscribers, and from the third subset of the plurality of subscribers; and
      
      queue the first subset of the plurality of security events in the transient queue, the second subset of the plurality of security events in the durable queue, and the third subset of the plurality of security events in the persistent queue based on the determined communication paths.
  - 8. The computer device of claim 1, wherein at least one of the first plurality of channels in the transient queue, at least one of the second plurality of channels in the durable queue, or at least one of the third plurality of channels in the persistent queue include:
    - an event sub-channel configured to carry information relating to security events queued in the at least one channel;
      
      a control sub-channel configured to carry information for controlling communication relating to the security events queued in the at least one channel with at least one of the plurality of subscribers; and
      
      a status sub-channel configured to carry information relating to a status associated with the at least one of the plurality of subscribers.
  - 9. The computer device of claim 1, wherein the transient queue has a first priority, the durable queue has a second priority, and the persistent queue has a third priority, and wherein the queue unit is further configured to:
    - queue the first subset of the plurality of security events in the transient queue in response to determining that the first subset of the plurality of security events has the first priority;
      
      queue the second subset of the plurality of security events in the durable queue in response to determining that the second subset of the plurality of security events has the second priority; and
      
      queue the third subset of the plurality of security events in the persistent queue in response to determining that the third subset of the plurality of security events has the third priority.

10. A computer-implemented method for security event transport using a message bus, comprising:
- providing a message bus on a computer device, wherein the message bus comprises a transient queue provided in a local memory on the computer device and having a first plurality of channels, a durable queue provided in one or more files stored on the computer device and having a second plurality of channels, and a persistent queue provided in a database communicatively coupled to the computer device and having a third plurality of channels;
  
  receiving, at a receiver unit communicatively coupled to the computer device, a plurality of security events from a plurality of publishers;
  
  queuing, by a queue unit, a first subset of the plurality of security events within one or more of the first plurality of channels in the transient queue, wherein the queue unit clears the first subset of the plurality of security events from the transient queue in response to determining that one or more tasks running on the message bus have terminated;
  
  queuing, by the queue unit, a second subset of the plurality of security events within one or more of the second plurality of channels in the durable queue, wherein the queue unit recovers the second subset of the plurality of security events from the one or more files that provide the durable queue in response to determining that the one or more tasks running on the message bus have failed;
  
  queuing, by the queue unit, a third subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue, wherein the queue unit removes the third subset of the plurality of security events from the database that provides the persistent queue in response to determining that one or more predetermined events have occurred; and
  
  transporting, by a transport unit, the plurality of security events queued in the message bus to a plurality of subscribers, wherein the transport unit transports the first subset of the plurality of security events queued in the transient queue to a first subset of the plurality of subscribers, transports the second subset of the plurality of security events queued in the durable queue to a second subset of the plurality of subscribers, and transports the third subset of the plurality of security events queued in the persistent queue to a third subset of the plurality of subscribers.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, further comprising:
    - queuing the first subset of the plurality of security events within one or more of the second plurality of channels in the durable queue in response to determining that the first subset of the plurality of security events have one or more predetermined indicia, wherein the second subset of the plurality of security events includes the first subset of the plurality of security events; and
      
      queuing the first subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue in response to determining that the first subset of the plurality of security events have the one or more predetermined indicia, wherein the third subset of the plurality of security events includes the first subset of the plurality of security events.
  - 12. The method of claim 10, further comprising:
    - examining a state of the message bus; and
      
      dynamically determining statistical metrics for partitioning bandwidth in the message bus from the examined state of the message bus.
  - 13. The method of claim 12, further comprising:
    - reserving a first portion of the bandwidth in the message bus to the transient queue based on the statistical metrics dynamically determined from the examined state of the message bus;
      
      reserving a second portion of the bandwidth in the message bus to the durable queue based on the statistical metrics dynamically determined from the examined state of the message bus; and
      
      reserving a third portion of the bandwidth in the message bus to the persistent queue based on the statistical metrics dynamically determined from the examined state of the message bus.
  - 14. The method of claim 13, further comprising:
    - partitioning the first portion of the bandwidth reserved to the transient queue among the first plurality of channels in the transient queue based on the dynamically determined statistical metrics;
      
      partitioning the second portion of the bandwidth reserved to the durable queue among the second plurality of channels in the durable queue based on the dynamically determined statistical metrics; and
      
      partitioning the third portion of the bandwidth reserved to the persistent queue among the third plurality of channels in the persistent queue based on the dynamically determined statistical metrics.
  - 15. The method of claim 14, wherein the message bus partitions the first portion of the bandwidth reserved to the transient queue, the second portion of the bandwidth reserved to the durable queue, and the third portion of the bandwidth reserved to the persistent queue at one or more of a scheduled time, a periodic interval, or in response to dynamically determined statistical metrics reaching a threshold.
  - 16. The method of claim 10, wherein the plurality of channels in the transient queue, the durable queue, and the persistent queue provide different communication paths between the plurality of publishers and the plurality of subscribers, and wherein the method further comprises:
    - determining communication paths between the plurality of publishers and the first subset of the plurality of subscribers, the second subset of the plurality of subscribers, and the third subset of the plurality of subscribers; and
      
      queuing the first subset of the plurality of security events in the transient queue, the second subset of the plurality of security events in the durable queue, and the third subset of the plurality of security events in the persistent queue based on the determined communication paths.
  - 17. The method of claim 10, wherein at least one of the first plurality of channels in the transient queue, at least one of the second plurality of channels in the durable queue, or at least one of the third plurality of channels in the persistent queue include:
    - an event sub-channel configured to carry information relating to security events queued in the at least one channel;
      
      a control sub-channel configured to carry information for controlling communication relating to the security events queued in the at least one channel with at least one of the plurality of subscribers; and
      
      a status sub-channel configured to carry information relating to a status associated with the at least one of the plurality of subscribers.
  - 18. The method of claim 10, wherein the transient queue has a first priority, the durable queue has a second priority, and the persistent queue has a third priority, and wherein the method further comprises:
    - queuing the first subset of the plurality of security events in the transient queue in response to the queue unit determining that the first subset of the plurality of security events has the first priority;
      
      queuing the second subset of the plurality of security events in the durable queue in response to the queue unit determining that the second subset of the plurality of security events has the second priority; and
      
      queuing the third subset of the plurality of security events in the persistent queue in response to the queue unit determining that the third subset of the plurality of security events has the third priority.

19. A non-transitory computer readable medium comprising computer-executable instructions for security event transport using a message bus, wherein executing the computer-executable instructions on a computer device causes the computer device to:
- provide a message bus on the computer device, wherein the message bus comprises a transient queue provided in a local memory on the computer device and having a first plurality of channels, a durable queue provided in one or more files stored on the computer device and having a second plurality of channels, and a persistent queue provided in a database communicatively coupled to the computer device and having a third plurality of channels;
  
  receive, at a receiver unit communicatively coupled to the computer device, a plurality of security events from a plurality of publishers;
  
  queue, by a queue unit, a first subset of the plurality of security events within one or more of the first plurality of channels in the transient queue, wherein the queue unit clears the first subset of the plurality of security events from the transient queue in response to determining that one or more tasks running on the message bus have terminated;
  
  queue, by the queue unit, a second subset of the plurality of security events within one or more of the second plurality of channels in the durable queue, wherein the queue unit recovers the second subset of the plurality of security events from the one or more files that provide the durable queue in response to determining that the one or more tasks running on the message bus have failed;
  
  queue, by the queue unit, a third subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue, wherein the queue unit removes the third subset of the plurality of security events from the database that provides the persistent queue in response to determining that one or more predetermined events have occurred; and
  
  transport, by a transport unit, the plurality of security events queued in the message bus to a plurality of subscribers, wherein the transport unit transports the first subset of the plurality of security events queued in the transient queue to a first subset of the plurality of subscribers, transports the second subset of the plurality of security events queued in the durable queue to a second subset of the plurality of subscribers, and transports the third subset of the plurality of security events queued in the persistent queue to a third subset of the plurality of subscribers.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The non-transitory computer readable medium of claim 19, wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - queue the first subset of the plurality of security events within one or more of the second plurality of channels in the durable queue in response to determining that the first subset of the plurality of security events have one or more predetermined indicia, wherein the second subset of the plurality of security events includes the first subset of the plurality of security events; and
      
      queue the first subset of the plurality of security events within one or more of the third plurality of channels in the persistent queue in response to determining that the first subset of the plurality of security events have the one or more predetermined indicia, wherein the third subset of the plurality of security events includes the first subset of the plurality of security events.
  - 21. The non-transitory computer readable medium of claim 19, wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - examine a state of the message bus; and
      
      dynamically determine statistical metrics for partitioning bandwidth in the message bus from the examined state of the message bus.
  - 22. The non-transitory computer readable medium of claim 21, wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - reserve a first portion of the bandwidth in the message bus to the transient queue based on the statistical metrics dynamically determined from the examined state of the message bus;
      
      reserve a second portion of the bandwidth in the message bus to the durable queue based on the statistical metrics dynamically determined from the examined state of the message bus; and
      
      reserve a third portion of the bandwidth in the message bus to the persistent queue based on the statistical metrics dynamically determined from the examined state of the message bus.
  - 23. The non-transitory computer readable medium of claim 22, wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - partition the first portion of the bandwidth reserved to the transient queue among the first plurality of channels in the transient queue based on the dynamically determined statistical metrics;
      
      partition the second portion of the bandwidth reserved to the durable queue among the second plurality of channels in the durable queue based on dynamically determined statistical metrics; and
      
      partition the third portion of the bandwidth reserved to the persistent queue among the third plurality of channels in the persistent queue based on dynamically determined statistical metrics.
  - 24. The non-transitory computer readable medium of claim 23, wherein executing the computer-executable instructions on the computer device further causes the computer device to partition the first portion of the bandwidth reserved to the transient queue, the second portion of the bandwidth reserved to the durable queue, and the third portion of the bandwidth reserved to the persistent queue at one or more of a scheduled time, a periodic interval, or in response to dynamically determined statistical metrics reaching a threshold.
  - 25. The non-transitory computer readable medium of claim 19, wherein the plurality of channels in the transient queue, the durable queue, and the persistent queue provide different communication paths between the plurality of publishers and the plurality of subscribers, and wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - determine communication paths between the plurality of publishers and the first subset of the plurality of subscribers, the second subset of the plurality of subscribers, and the third subset of the plurality of subscribers; and
      
      queue the first subset of the plurality of security events in the transient queue, the second subset of the plurality of security events in the durable queue, and the third subset of the plurality of security events in the persistent queue based on the determined communication paths.
  - 26. The non-transitory computer readable medium of claim 19, wherein at least one of the first plurality of channels in of the transient queue, at least one of the second plurality of channels in the durable queue, or at least one of the third plurality of channels in the persistent queue include:
    - an event sub-channel configured to carry information relating to security events queued in the at least one channel;
      
      a control sub-channel configured to carry information for controlling communication relating to the security events queued in the at least one channel with at least one of the plurality of subscribers; and
      
      a status sub-channel configured to carry information relating to a status associated with the at least one of the plurality of subscribers.
  - 27. The non-transitory computer readable medium of claim 19, wherein the transient queue has a first priority, the durable queue has a second priority, and the persistent queue has a third priority, and wherein executing the computer-executable instructions on the computer device further causes the computer device to:
    - queue the first subset of the plurality of security events in the transient queue in response to the queue unit determining that the first subset of the plurality of security events has the first priority;
      
      queue the second subset of the plurality of security events in the durable queue in response to the queue unit determining that the second subset of the plurality of security events has the second priority; and
      
      queue the third subset of the plurality of security events in the persistent queue in response to the queue unit determining that the third subset of the plurality of security events has the third priority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Yu, Tao, Liu, Peng, Ramu, Karthik, Merritt, Magdalene Ramona, Cooper, Michael Howard, Hankins, Brett, Akinnurun, Adedoyin, Mallapragada, Srinivasa Phanindra, Mathews, Walter, Boyalakuntla, Raghunath, Choudhary, Usman, Zajicek, Ofer, Weiner, William Matthew, Pellegrino, Frank Anthony, Gassner, John Paul, Malik, Shahid Saied, Adiaconitei, Vasile, Sangita, Srivani, Adusumilli, Prathap, Chakravarty, Dipto, Antony, John Melvin
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
NGUY, CHI D

Application Number

US11/317,231
Time in Patent Office

1,932 Days
Field of Search

726 22- 25, 726/13, 713187-188, 713/224, 709/207, 709/213, 709/224, 340/500, 710112-113
US Class Current

726/13
CPC Class Codes

G06F 2209/544 Remote

G06F 9/542 Event management; Broadcast...

Computer-implemented method and system for security event transport using a message bus

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Computer-implemented method and system for security event transport using a message bus

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links