×

Enterprise security assessment sharing for consumers using globally distributed infrastructure

  • US 8,910,268 B2
  • Filed: 08/14/2008
  • Issued: 12/09/2014
  • Est. Priority Date: 01/08/2008
  • Status: Active Grant
First Claim
Patent Images

1. An enterprise security assessment sharing (“

  • ESAS”

    ) architecture arranged to support an Secure Content Management (“

    SCM”

    ) service to a user at a local client, comprising;

    a plurality of points of presence (“

    POPs”

    ), each POP in the plurality including at least a forward proxy server for forwarding traffic from the user to resource servers that are accessible over an Internet connection;

    a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers, and further providing identity management to authenticate and authorize the user for the SCM service;

    a security assessment channel configured to transport security assessments within a POP or among the POPs, wherein each of the security assessments comprises a plurality of fields, at least one of which is a fidelity field that is arranged to express a degree of confidence a security endpoint has in the security assessment and at least one of which is a time-to-live field; and

    one or more security endpoints, each of the security endpoints having a capability to publish and receive security assessments respectively into and from the security assessment channel, a security assessment being usable for describing a security incident pertaining to the user or an IT device associated with the user, the security assessment including a semantic abstraction of security-related information that is available to a security endpoint,wherein each of the security endpoints is configured for receiving security assessments published by other security endpoints and each of the security endpoints is further configured for generating a new security assessment, in response to a security assessment received from another security endpoint, using information that is locally-available to the security endpoint performing the generating in addition to the received security assessments published by other security endpoints.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×