Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

US 8,752,142 B2
Filed: 07/17/2009
Issued: 06/10/2014
Est. Priority Date: 07/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method for adapting a security system based on security-related data associated with a communication network, the method comprising:

collecting, by a plurality of trust mediator agents, security-related data associated with a plurality of communication network modules, the plurality of trust mediator agents being associated with the plurality of communication network modules, respectively,wherein at least one of the plurality of communication network modules is a mobile communication device operable to make a request to complete a financial transaction,wherein the security-related data is collected for one or more risk variables generated by one or more sensors, correspondingly, and selected by a trust mediator based on location data associated with the mobile communication device, andwherein the security-related data for the one or more risk variables selected by the trust mediator is collected periodically at a time interval determined by the trust mediator based on the location data associated with the mobile communication device;

transmitting, by the plurality of trust mediator agents, the security-related data to the trust mediator over the communication network;

determining, by the trust mediator, based on at least one of the security-related data transmitted by the trust mediator agents and a predetermined rule stored in a memory, modifications to one or more security safeguards; and

transmitting, by the trust mediator, instructions corresponding to the modifications to at least one of the plurality of trust mediator agents over the communication network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards.

102 Citations

View as Search Results

18 Claims

1. A method for adapting a security system based on security-related data associated with a communication network, the method comprising:
- collecting, by a plurality of trust mediator agents, security-related data associated with a plurality of communication network modules, the plurality of trust mediator agents being associated with the plurality of communication network modules, respectively,wherein at least one of the plurality of communication network modules is a mobile communication device operable to make a request to complete a financial transaction,wherein the security-related data is collected for one or more risk variables generated by one or more sensors, correspondingly, and selected by a trust mediator based on location data associated with the mobile communication device, andwherein the security-related data for the one or more risk variables selected by the trust mediator is collected periodically at a time interval determined by the trust mediator based on the location data associated with the mobile communication device;
  
  transmitting, by the plurality of trust mediator agents, the security-related data to the trust mediator over the communication network;
  
  determining, by the trust mediator, based on at least one of the security-related data transmitted by the trust mediator agents and a predetermined rule stored in a memory, modifications to one or more security safeguards; and
  
  transmitting, by the trust mediator, instructions corresponding to the modifications to at least one of the plurality of trust mediator agents over the communication network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising the step of determining, by the trust mediator, that a safeguard time provided by the one or more security safeguards meets at least one of an attack time and a user expectation.
  - 3. The method of claim 1, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.
  - 4. The method of claim 1, wherein the instructions corresponding to the modifications are based on a security safeguard modification request received from the mobile communication device over the communication network.
  - 5. The method of claim 1, wherein at least one of the collecting and transmitting security-related data is performed by the plurality of trust mediator agents based on at least one of a predetermined repetition rate and a detection of an event.
  - 6. The method of claim 5, wherein the event includes receiving, by at least one of the plurality of trust mediator agents, the request to complete the financial transaction from the mobile communication device.

7. An adaptive security system for a communication network, the system comprising:
- a plurality of communication network modules, including a mobile communication device operable to make a request to complete a financial transaction, interconnected over the communication network;
  
  a plurality of trust mediator agents coupled to the plurality of communication network modules, respectively, the trust mediator agents being configured to collect, periodically at a time interval, security-related data for one or more risk variables generated by one or more sensors, correspondingly, associated with the plurality of communication network modules; and
  
  a trust mediator coupled to a memory, and configured to;
  
  select the one or more risk variables based on location data associated with the mobile communication device,determine the time interval based on the location data associated with the mobile communication device,receive over the communication network, the security-related data from the plurality of trust mediator agents,determine, based on at least one of the security-related data transmitted by the trust mediator agents and a predetermined rule stored in the memory, modifications to one or more security safeguards, andtransmit instructions corresponding to the modifications to at least one of the plurality of trust mediator agents over the communication network.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the trust mediator is further configured to determine that a safeguard time provided by the one or more security safeguards meets at least one of an attack time and a user expectation.
  - 9. The system of claim 7, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.
  - 10. The system of claim 7, wherein the instructions corresponding to the modifications are based on a security safeguard modification request received from the mobile communication device over the communication network.
  - 11. The system of claim 7, wherein the plurality of trust mediator agents are configured to collect and transmit security-related data to the trust mediator based on at least one of a predetermined repetition rate and a detection of an event.
  - 12. The system of claim 11, wherein the event includes receiving, by at least one of the plurality of trust mediator agents, the request to complete the financial transaction from the mobile communication device.

13. A non-transitory computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which when executed by a computer system cause the computer system to perform:
- collecting, by a plurality of trust mediator agents, security-related data associated with a plurality of communication network modules, the plurality of trust mediator agents being associated with the plurality of communication network modules, respectively,wherein at least one of the plurality of communication network modules is a mobile communication device operable to make a request to complete a financial transaction,wherein the security-related data is collected for one or more risk variables generated by one or more sensors, correspondingly, and selected by a trust mediator based on location data associated with the mobile communication device, andwherein the security-related data for the one or more risk variables selected by the trust mediator is collected periodically at a time interval determined by the trust mediator based on the location data associated with the mobile communication device;
  
  transmitting, by the plurality of trust mediator agents, the security-related data to the trust mediator over the communication network;
  
  determining, by the trust mediator, based on at least one of the security-related data transmitted by the trust mediator agents and a predetermined rule stored in a memory, modifications to one or more security safeguards; and
  
  transmitting, by the trust mediator, instructions corresponding to the modifications to at least one of the plurality of trust mediator agents over the communication network.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the sequences of instructions further include instructions which when executed by the computer system cause the computer system to perform:
    - determining, by the trust mediator, that a safeguard time provided by the one or more security safeguards meets at least one of an attack time and a user expectation.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the instructions corresponding to the modifications are based on a security safeguard modification request received from the mobile communication device over the communication network.
  - 17. The non-transitory computer-readable medium of claim 13, wherein at least one of the collecting and transmitting security-related data is performed by the plurality of trust mediator agents based on at least one of a predetermined repetition rate and a detection of an event.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the event includes receiving, by at least one of the plurality of trust mediator agents, the request to complete the financial transaction from the mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, Samuel A. Jr.
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US12/504,828
Publication Number

US 20110016513A1
Time in Patent Office

1,789 Days
Field of Search

726/5, 726 22- 25, 713/188, 713/150, 713/154, 380/247, 380/270
US Class Current

726/5
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06Q 20/206   comprising security or oper...

G06Q 20/3223   Realising banking transacti...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/06   for supporting key manageme...

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/12   Detection or prevention of ...

Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

102 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links