Security information repository system and method thereof

US 8,055,682 B1
Filed: 06/30/2006
Issued: 11/08/2011
Est. Priority Date: 06/30/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

storing a plurality of types of security information in a corresponding plurality of information storage units, wherein the plurality of types of security information comprises port information, application information, Trojan/malware information, and virus/worm information, each one of the plurality of information storage units is designated for a different one of the plurality of types of security information and each one of the plurality of types of security information is stored separately in one of the plurality of information storage units designated for that type of security information;

storing a plurality of configuration files respectively associated with the plurality of information storage units, each configuration file including update parameters of the associated information storage unit;

periodically automatically updating each of the information storage units based on the update parameters of the configuration file associated with each information storage unit;

receiving at least one input search term from a user;

searching each of the information storage units based on the at least one input search term;

returning search results of each of the information storage units;

in response to searching each of the information storage units based on the at least one input search term, storing the at least one input search term in a portion of a search information storage unit that is designated for storing search terms of searches previously performed on the information storage units;

periodically automatically performing external searches based on update parameters stored in a configuration file associated with the search information storage unit using the stored at least one input search term; and

storing resultant security information from the external searches in a search results information storage unit.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for maintaining a self-updating security information repository. A plurality of types of security information are stored in a corresponding plurality of information storage units, such as database tables. A plurality of configuration files respectively associated with the information storage units are stored, and each configuration file includes update parameters of the associated information storage unit. Each information storage unit is periodically automatically updated based on its update parameters. The information storage units can be searched to return security information of different types in one search.

26 Citations

View as Search Results

18 Claims

1. A method comprising:
- storing a plurality of types of security information in a corresponding plurality of information storage units, wherein the plurality of types of security information comprises port information, application information, Trojan/malware information, and virus/worm information, each one of the plurality of information storage units is designated for a different one of the plurality of types of security information and each one of the plurality of types of security information is stored separately in one of the plurality of information storage units designated for that type of security information;
  
  storing a plurality of configuration files respectively associated with the plurality of information storage units, each configuration file including update parameters of the associated information storage unit;
  
  periodically automatically updating each of the information storage units based on the update parameters of the configuration file associated with each information storage unit;
  
  receiving at least one input search term from a user;
  
  searching each of the information storage units based on the at least one input search term;
  
  returning search results of each of the information storage units;
  
  in response to searching each of the information storage units based on the at least one input search term, storing the at least one input search term in a portion of a search information storage unit that is designated for storing search terms of searches previously performed on the information storage units;
  
  periodically automatically performing external searches based on update parameters stored in a configuration file associated with the search information storage unit using the stored at least one input search term; and
  
  storing resultant security information from the external searches in a search results information storage unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the information storage units comprise one of database tables, databases, database records, and computer files.
  - 3. The method of claim 1, wherein the step of periodically automatically updating each of the information storage units comprises:
    - periodically automatically updating each of the information storage units independently of the other information storage units.
  - 4. The method of claim 1, wherein the update parameters comprise at least one of an update period which specifies an amount of time between automatic updates, a source list which specifies at least one security information source, and a search term list which specifies at least one search term.
  - 5. The method of claim 4, wherein, for each of the information storage units, the step of periodically automatically updating comprises:
    - determining whether the update period for the information storage unit has passed since a previous update;
      
      when the update period for the information storage unit has passed since a previous update, automatically searching the at least one security information source specified in the source list for security information using the at least one search term specified in the search term list;
      
      comparing security information resulting from the searching step with the security information stored in the information storage unit; and
      
      storing security information not already stored in the information storage unit in the information storage unit.
  - 6. The method of claim 5, wherein the step of comparing security information comprises:
    - storing the security information resulting from the searching step in a temporary storage;
      
      standardizing the security information stored in the temporary storage to a predetermined format; and
      
      determining whether the standardized security information is already stored in the information storage unit.
  - 7. The method of claim 6, wherein the step of storing security information not already in the information storage unit in the information storage unit comprises:
    - deleting security information resulting from the searching step that is already stored in the information storage unit from the temporary storage; and
      
      transferring security information resulting from the searching step remaining in the temporary storage after the deleting step to the information storage unit.
  - 8. The method of claim 1, wherein the update parameters stored in the configuration file associated with the search information storage unit comprise at least one of an update period which specifies an amount of time between external searches and a source list which specifies security information sources to be searched in the external sources.
  - 9. The method of claim 1, wherein the step of storing resultant security information comprises:
    - determining whether the resultant security information is already stored in any of the information storage units; and
      
      storing resultant security information that is not already stored in any of the information storage units in the search results information storage unit.

10. A storage computer readable medium having a database stored thereon, the database comprising:
- a plurality of information storage units for storing, separately, in different information units different types of security information, wherein the plurality of types of security information comprises port information, application information, Trojan/malware information, and virus/worm information and each information storage unit is designated for a different type of security information;
  
  a plurality of configuration files each associated with one of the plurality of information storage units, each configuration file including update parameters relating to an automatic update procedure of the associated information storage unita search information storage unit for storing input search terms of searches performed on the plurality of information storage units in a portion of the search information storage unit that is designated for storing search terms of previously performed searches, in response to searches being performed on the plurality of information storage units;
  
  a search configuration file associated with the search information storage unit and including update parameters defining an automatic update procedure of the search information storage unit; and
  
  a search results information storage unit for storing results of external searches performed during the automatic update procedure of the search information storage unit using the input search terms stored in the search information storage unit.
- View Dependent Claims (11, 12, 13)
- - 11. The storage computer readable medium of claim 10 wherein the information storage units comprise one of database tables and database records.
  - 12. The storage computer readable medium of claim 10, wherein the update parameters comprise at least one of:
    - an update period which specifies an amount of time between automatic updates of the associated information storage unit;
      
      a source list which specifies at least one source to be searched during an automatic update of the associated information storage unit; and
      
      a search term list which specifies at least one search term to be used to search the at least one source during an automatic update.
  - 13. The storage computer readable medium of claim 10, wherein the database further comprises:
    - an analyst information storage unit for storing security information manually input by users.

14. A system comprising:
- means for storing a database comprising a plurality of information storage units for storing separately, in different ones of the information storage units different types of security information, wherein the different types of security information comprises port information, application information, Trojan/malware information, and virus/worm information and each information storage unit is designated for a different type of security information, and a plurality of configuration files each associated with one of the plurality of information storage units, each configuration file including update parameters of the associated information storage unit;
  
  means for periodically automatically updating each of the information storage units based on the update parameters of the configuration file associated with each information storage unit;
  
  means for receiving at least one input search term from a user, wherein the database further comprises a search information storage unit for storing the at least one input search term in a portion of the search information storage unit that is designated for storing search terms of searches previously performed on the information storage units, in response to a search of the information storage units based on the at least one input search term, and a search configuration file associated with the search information storage unit and including update parameters of the search information storage unit;
  
  means for searching each of the information storage units based on the at least one input search term;
  
  means for returning search results of each of the information storage units; and
  
  means for periodically automatically performing external searches based on the update parameters of the search information storage unit using the at least one input search term stored in the search information storage unit.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the information storage units comprise one of database tables and database records.
  - 16. The system of claim 14, wherein the update parameters comprise at least one of an update period which specifies between automatic updates, a source list which specifies at least one security information source, and a search term list which specifies at least one search term.
  - 17. The system of claim 16, wherein the means for periodically automatically updating comprises:
    - means for determining whether the update period of an information storage unit has passed since a previous update;
      
      means for automatically searching each security information source specified in the source list for security information using the search terms specified in the search term list;
      
      means for comparing resultant security information from each security information source with the security information stored in the information storage unit; and
      
      means for adding security information not already stored in the information storage unit to the information storage unit.
  - 18. The system of claim 14, wherein the database further comprises:
    - a search result information storage unit for storing resultant security information from the external searches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bampton Technologies, LLC (Intellectual Ventures LLC)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Gross, David R., Boxmeyer, James
Primary Examiner(s)
TIMBLIN, ROBERT M

Application Number

US11/478,890
Time in Patent Office

1,957 Days
Field of Search

707802-804, 707/706, 707/740, 707/952
US Class Current

707/802
CPC Class Codes

G06F 16/235   Update request formulation

G06F 16/2372   Updates performed during of...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2151   Time stamp

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

Security information repository system and method thereof

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security information repository system and method thereof

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links