Alert message control of security mechanisms in data processing systems
First Claim
Patent Images
1. A method, comprising:
- establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat;
authenticating the alert message;
evaluating local response configuration parameters previously set for the computer by a user; and
executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
wherein;
the alert message comprises a content filter specifying a temporary countermeasure;
if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and
the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters by the user.
9 Assignments
0 Petitions
Accused Products
Abstract
An authenticated secure network communication link is established between an alert message generating computer 2 and a destination data processing system 6. The alert message sent specifies a risk threat level and a suggested countermeasure amongst other data. The destination computer 6 automatically responds to the alert message as controlled by its local response configuration parameters to trigger security actions of one or more security mechanisms, such as malware scanners, firewall scanners, security policy managers and the like.
-
Citations
18 Claims
-
1. A method, comprising:
-
establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat; authenticating the alert message; evaluating local response configuration parameters previously set for the computer by a user; and executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
wherein;the alert message comprises a content filter specifying a temporary countermeasure; if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters by the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a processor; and a memory, wherein the apparatus is configured for; establishing a secure link between the apparatus and a server, which communicated an alert message indicative of a security threat; authenticating the alert message; evaluating local response configuration parameters previously set for the apparatus by a user; and executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
wherein;the alert message comprises a content filter specifying a temporary countermeasure; if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product including a non-transitory computer medium for performing operations, comprising:
-
establishing a secure link between a computer and a server, which communicated an alert message indicative of a security threat; authenticating the alert message; evaluating local response configuration parameters previously set for the computer by a user; and executing a countermeasure action for the security threat based on the local response configuration parameters that outline which actions are to be taken based on a risk level indicator provided in the alert message;
wherein;the alert message comprises a content filter specifying a temporary countermeasure; if the risk level is high, the temporary countermeasure is to be automatically taken until a permanent countermeasure is subsequently taken to resolve the security threat; and the temporary countermeasure is automatically taken only if permitted by the local response configuration parameters. - View Dependent Claims (16, 17, 18)
-
Specification