Alert message control of security mechanisms in data processing systems

US 8,627,466 B2
Filed: 09/26/2011
Issued: 01/07/2014
Est. Priority Date: 03/13/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat;

authenticating the alert message;

evaluating local response configuration parameters previously set for the computer by a user; and

executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;

wherein;

the alert message comprises a content filter specifying a temporary countermeasure;

if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and

the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters by the user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticated secure network communication link is established between an alert message generating computer 2 and a destination data processing system 6. The alert message sent specifies a risk threat level and a suggested countermeasure amongst other data. The destination computer 6 automatically responds to the alert message as controlled by its local response configuration parameters to trigger security actions of one or more security mechanisms, such as malware scanners, firewall scanners, security policy managers and the like.

Citations

18 Claims

1. A method, comprising:
- establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat;
  
  authenticating the alert message;
  
  evaluating local response configuration parameters previously set for the computer by a user; and
  
  executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
  
  wherein;
  
  the alert message comprises a content filter specifying a temporary countermeasure;
  
  if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and
  
  the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a database is accessed in order to identify an Internet address for an HTTP data transfer associated with the alert message.
  - 3. The method of claim 1, wherein the temporary countermeasure action includes a selected one of a group of temporary countermeasure actions, the group consisting of:
    - a) initiating a software update;
      
      b) notifying an administrator;
      
      c) blocking certain e-mails;
      
      d) blocking Internet access for a particular port;
      
      e) quarantining a particular file; and
      
      f) executing malware scanning at the computer.
  - 4. The method of claim 1, wherein the alert message includes a selected one of a group of elements, the group consisting of:
    - a) a date of the alert message;
      
      b) a time of the alert message;
      
      c) a threat name of the security threat associated with the alert message;
      
      d) a uniform resource locator (URL) identifying a location for information regarding the security threat;
      
      e) data specifying a transport type for the security threat.
  - 5. The method of claim 1, further comprising:
    - monitoring a particular port for security threat data that originates from a particular source.
  - 6. The method of claim 1, wherein the establishing of the secure link is performed via an exchange of encrypted messages that can be signed by the computer and the server.
  - 7. The method of claim 1, wherein the secure link is authenticated by exchanging data associated with public and private key encryption.

8. An apparatus, comprising:
- a processor; and
  
  a memory, wherein the apparatus is configured for;
  
  establishing a secure link between the apparatus and a server, which communicated an alert message indicative of a security threat;
  
  authenticating the alert message;
  
  evaluating local response configuration parameters previously set for the apparatus by a user; and
  
  executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
  
  wherein;
  
  the alert message comprises a content filter specifying a temporary countermeasure;
  
  if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and
  
  the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein a database is accessed in order to identify an Internet address for an HTTP data transfer associated with the alert message.
  - 10. The apparatus of claim 8, wherein the temporary countermeasure action includes a selected one of a group of temporary countermeasure actions, the group consisting of:
    - a) initiating a software update;
      
      b) notifying an administrator;
      
      c) blocking certain e-mails;
      
      d) blocking Internet access for a particular port;
      
      e) quarantining a particular file; and
      
      f) executing malware scanning at the apparatus.
  - 11. The apparatus of claim 8, wherein the alert message includes a selected one of a group of elements, the group consisting of:
    - a) a date of the alert message;
      
      b) a time of the alert message;
      
      ic) a threat name of the security threat associated with the alert message;
      
      d) a uniform resource locator (URL) identifying a location for information regarding the security threat; and
      
      e) data specifying a transport type for the security threat.
  - 12. The apparatus of claim 8, further comprising:
    - monitoring a particular port for security threat data that originates from a particular source.
  - 13. The apparatus of claim 8, wherein the establishing of the secure link is performed via an exchange of encrypted messages that can be signed by the apparatus and the server.
  - 14. The apparatus of claim 8, wherein the secure link is authenticated by exchanging data associated with public and private key encryption.

15. A computer program product including a non-transitory computer medium for performing operations, comprising:
- establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat;
  
  authenticating the alert message;
  
  evaluating local response configuration parameters previously set for the computer by a user; and
  
  executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
  
  wherein;
  
  the alert message comprises a content filter specifying a temporary countermeasure;
  
  if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and
  
  the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters.
- View Dependent Claims (16, 17, 18)
- - 16. The computer program product of claim 15, the operations further comprising:
    - identifying an Internet address for an HTTP data transfer associated with the alert message.
  - 17. The computer program product of claim 15, the operations further comprising:
    - exchanging encrypted messages between the computer and the server.
  - 18. The computer program product of claim 15, wherein the secure link is authenticated by exchanging data associated with public and private key encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Fisher, Lee Adam, Clark, Jack Robert Arron, Baines, Nicholas Edward
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US13/245,799
Publication Number

US 20120017278A1
Time in Patent Office

834 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

H04L 63/1416   Event detection, e.g. attac...

Alert message control of security mechanisms in data processing systems

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Alert message control of security mechanisms in data processing systems

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links