Alert message control of security mechanisms in data processing systems

US 8,042,178 B1
Filed: 03/13/2003
Issued: 10/18/2011
Est. Priority Date: 03/13/2003
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied on a tangible computer readable medium for controlling computers to control at least one security mechanism of a data processing apparatus, said computer program product comprising:

link establishing code operable to establish an authenticated secure network communication link between said data processing apparatus and a remote alert message generating computer;

alert message generating code operable to generate an alert message with said remote alert message generating computer;

alert message transferring code operable to transfer said alert message from said remote alert message generating computer to said data processing apparatus via said authenticated secure network communication link; and

triggering code operable to automatically trigger at least one security action by said at least one security mechanism of said data processing apparatus in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus wherein said alert message includes configuration data permitting a temporary countermeasure to be established and said at least one security action includes automatically implementing said temporary countermeasure.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticated secure network communication link is established between an alert message generating computer 2 and a destination data processing system 6. The alert message sent specifies a risk threat level and a suggested countermeasure amongst other data. The destination computer 6 automatically responds to the alert message as controlled by its local response configuration parameters to trigger security actions of one or more security mechanisms, such as malware scanners, firewall scanners, security policy managers and the like.

68 Citations

View as Search Results

30 Claims

1. A computer program product embodied on a tangible computer readable medium for controlling computers to control at least one security mechanism of a data processing apparatus, said computer program product comprising:
- link establishing code operable to establish an authenticated secure network communication link between said data processing apparatus and a remote alert message generating computer;
  
  alert message generating code operable to generate an alert message with said remote alert message generating computer;
  
  alert message transferring code operable to transfer said alert message from said remote alert message generating computer to said data processing apparatus via said authenticated secure network communication link; and
  
  triggering code operable to automatically trigger at least one security action by said at least one security mechanism of said data processing apparatus in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus wherein said alert message includes configuration data permitting a temporary countermeasure to be established and said at least one security action includes automatically implementing said temporary countermeasure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer program product as claimed in claim 1 wherein said authenticated secure network communication link is an internet link.
  - 3. A computer program product as claimed in claim 2, wherein said authenticated secure network communication link is a http protocol communication link.
  - 4. A computer program product as claimed in claim 1, wherein said authenticated secure network communication link is authenticated by exchanging data using public and private key encryption.
  - 5. A computer program product as claimed in claim 1, wherein said at least one security mechanism includes one or more of:
    - a network malware scanner;
      
      an email scanner;
      
      a network internet firewall;
      
      a network security policy manager;
      
      a desktop internet firewall; and
      
      a desktop malware scanner.
  - 6. A computer program product as claimed in claim 1, wherein said alert message includes one or more of:
    - a risk assessment level indicator;
      
      a date of issue of said alert message;
      
      a time of issue of said alert message;
      
      a name identifying a threat addressed by said alert message;
      
      a pointer to an Internet location where additional information concerning said alert message may be found;
      
      a transport type associated with said alert message; and
      
      configuration data permitting a temporary countermeasure to be established.
  - 7. A computer program product as claimed in claim 1, wherein said alert message includes a risk level indicator and said programmable response configuration parameters specifies different security actions to be automatically triggered in response to different risk level indicator values.
  - 8. A computer program product as claimed in claim 1, wherein said at least one security action includes generating a notification message to a user specified by said programmable response configuration parameters.
  - 9. A computer program product as claimed in claim 1, wherein said alert message transferring code is operable to perform a plurality of alert message transfers to a plurality of destination data processing apparatuses specified in a destination list held by said remote alert message generating computer.

10. A computer program product embodied on a tangible computer readable medium for controlling a computer to control at least one security mechanism of a remote data processing apparatus, said computer program product comprising:
- link establishing code operable to establish an authenticated secure network communication link between said remote data processing apparatus and an alert message generating computer;
  
  alert message generating code operable to generate an alert message with said alert message generating computer, said alert message specifying at least one security action by said at least one security mechanism of said remote data processing apparatus to be automatically triggered in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus; and
  
  alert message transferring code operable to transfer said alert message from said alert message generating computer to said remote data processing apparatus via said authenticated secure network communication link.

11. A method of controlling at least one security mechanism of a data processing apparatus, said method comprising the steps of:
- establishing an authenticated secure network communication link between said data processing apparatus and a remote alert message generating computer;
  
  generating an alert message with said remote alert message generating computer;
  
  transferring said alert message from said remote alert message generating computer to said data processing apparatus via said authenticated secure network communication link; and
  
  automatically triggering at least one security action by said at least one security mechanism of said data processing apparatus in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus wherein said alert message includes configuration data permitting a temporary countermeasure to be established and said at least one security action includes automatically implementing said temporary countermeasure.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. A method as claimed in claim 11, wherein said authenticated secure network communication link is an internet link.
  - 13. A method as claimed in claim 12, wherein said authenticated secure network communication link is a http protocol communication link.
  - 14. A method as claimed in claim 11, wherein said authenticated secure network communication link is authenticated by exchanging data using public and private key encryption.
  - 15. A method as claimed in claim 11, wherein said at least one security mechanism includes one or more of:
    - a network malware scanner;
      
      an email scanner;
      
      a network internet firewall;
      
      a network security policy manager;
      
      a desktop internet firewall; and
      
      a desktop malware scanner.
  - 16. A method as claimed in claim 11, wherein said alert message includes one or more of:
    - a risk assessment level indicator;
      
      a date of issue of said alert message;
      
      a time of issue of said alert message;
      
      a name identifying a threat addressed by said alert message;
      
      a pointer to an internet location where additional information concerning said alert message may be found;
      
      a transport type associated with said alert message; and
      
      configuration data permitting a temporary countermeasure to be established.
  - 17. A method as claimed in claim 11, wherein said alert message includes a risk level indicator and said programmable response configuration parameters specifies different security actions to be automatically triggered in response to different risk level indicator values.
  - 18. A method as claimed in claim 11, wherein said at least one security action includes generating a notification message to a user specified by said programmable response configuration parameters.
  - 19. A method as claimed in claim 11, wherein said step of transferring is part of a plurality of alert message transfers performed by said remote alert message generating computer to a plurality of destination data processing apparatuses specified in a destination list held by said remote alert message generating computer.

20. A method controlling at least one security mechanism of a remote data processing apparatus, said method comprising the steps of:
- establishing an authenticated secure network communication link between said remote data processing apparatus and an alert message generating computer;
  
  generating an alert message with said alert message generating computer, said alert message specifying at least one security action by said at least one security mechanism of said remote data processing apparatus to be automatically triggered in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus; and
  
  transferring said alert message from said alert message generating computer to said remote data processing apparatus via said authenticated secure network communication link.

21. Apparatus for controlling at least one security mechanism of a data processing apparatus, said apparatus comprising:
- link establishing logic operable to establish an authenticated secure network communication link between said data processing apparatus and a remote alert message generating computer;
  
  alert message generating logic operable to generate an alert message with said remote alert message generating computer;
  
  alert message transferring logic operable to transfer said alert message from said remote alert message generating computer to said data processing apparatus via said authenticated secure network communication link; and
  
  triggering logic operable to automatically trigger at least one security action by said at least one security mechanism of said data processing apparatus in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus wherein said alert message includes configuration data permitting a temporary countermeasure to be established and said at least one security action includes automatically implementing said temporary countermeasure.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. Apparatus as claimed in claim 21, wherein said authenticated secure network communication link is an internet link.
  - 23. Apparatus as claimed in claim 22, wherein said authenticated secure network communication link is a http protocol communication link.
  - 24. Apparatus as claimed in claim 21, wherein said authenticated secure network communication link is authenticated by exchanging data using public and private key encryption.
  - 25. Apparatus as claimed in claim 21, wherein said at least one security mechanism includes one or more of:
    - a network malware scanner;
      
      an email scanner;
      
      a network internet firewall;
      
      a network security policy manager;
      
      a desktop internet firewall; and
      
      a desktop malware scanner.
  - 26. Apparatus as claimed in claim 21, wherein said alert message includes one or more of:
    - a risk assessment level indicator;
      
      a date of issue of said alert message;
      
      a time of issue of said alert message;
      
      a name identifying a threat addressed by said alert message;
      
      a pointer to an internet location where additional information concerning said alert message may be found;
      
      a transport type associated with said alert message; and
      
      configuration data permitting a temporary countermeasure to be established.
  - 27. Apparatus as claimed in claim 21, wherein said alert message includes a risk level indicator and said programmable response configuration parameters specifies different security actions to be automatically triggered in response to different risk level indicator values.
  - 28. Apparatus as claimed in claim 21, wherein said at least one security action includes generating a notification message to a user specified by said programmable response configuration parameters.
  - 29. Apparatus as claimed in claim 21, wherein said alert message transferring logic is operable to perform a plurality of alert message transfers to a plurality of destination data processing apparatuses specified in a destination list held by said remote alert message generating computer.

30. Apparatus for controlling at least one security mechanism of a remote data processing apparatus, said apparatus comprising:
- link establishing logic operable to establish an authenticated secure network communication link between said remote data processing apparatus and an alert message generating computer;
  
  alert message generating logic operable to generate an alert message with said alert message generating computer, said alert message specifying at least one security action by said at least one security mechanism of said remote data processing apparatus to be automatically triggered in response to said alert message as configured by user programmable response configuration parameters of said data processing apparatus; and
  
  alert message transferring logic operable to transfer said alert message from said alert message generating computer to said remote data processing apparatus via said authenticated secure network communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Clark, Jack Robert Arron, Baines, Nicholas Edward, Fisher, Lee Adam
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US10/386,530
Time in Patent Office

3,141 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

H04L 63/1416   Event detection, e.g. attac...

Alert message control of security mechanisms in data processing systems

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Alert message control of security mechanisms in data processing systems

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links