Methods and apparatus for secure, stealthy and reliable transmission of alert messages from a security alerting system
First Claim
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource, comprising the steps of:
- obtaining said alert message from said Security Alerting System;
encrypting said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner;
storing said encrypted alert message in a buffer, wherein said buffer is local to said host and has a fixed size; and
transmitting said encrypted alert message from said buffer over a communication channel to said server.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for secure transmission of alert messages over a message locking channel. An alert message is transmitted from a Security Alerting System indicating a potential compromise of a protected resource by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer; and transmitting the buffer to the server. The alert message is authenticated by digitally signing the alert message or applying a message authentication code and is possibly encrypted using a secret key known by a server, wherein the secret key evolves in a forward-secure manner. The authenticated alert message can be maintained in the buffer after the transmitting step. The buffer optionally has a fixed-size and alert messages can be stored in a round-robin manner, for example, from a random position. The buffer can be encrypted prior to transmission to the server.
-
Citations
52 Claims
-
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource, comprising the steps of:
-
obtaining said alert message from said Security Alerting System; encrypting said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner; storing said encrypted alert message in a buffer, wherein said buffer is local to said host and has a fixed size; and transmitting said encrypted alert message from said buffer over a communication channel to said server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 50)
-
-
16. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource, comprising the steps of:
-
obtaining said alert message; encrypting said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner; storing said encrypted alert message in a buffer, wherein said encrypted alert message is maintained in said buffer after a transmitting step, wherein said buffer is local to said host and has a fixed size; and transmitting said encrypted alert message from said buffer over a communication channel to said server. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A host system for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource, comprising:
-
a bufferer to;
(i) obtain said alert message from an alerter that generates said alert message when one or more predefined alert rules are violated;
(ii) encrypt said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner; and
(iii) store said encrypted alert message in a buffer, wherein said buffer is local to said host system and has a fixed size; anda transmitter to transmit said encrypted alert message from said buffer over a communication channel to said server, wherein said server comprises a receiver for receiving said buffer from said transmitter and a decrypter for processing said buffer. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 51)
-
-
42. A host apparatus for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource, the apparatus comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; obtain said alert message from said Security Alerting System; encrypt said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner; store said encrypted alert message in a buffer, wherein said buffer is local to said host apparatus and has a fixed size; and transmit said encrypted alert message from said buffer over a communication channel to said server. - View Dependent Claims (43, 44, 45, 46, 47, 48, 52)
-
-
49. An article of manufacture comprising a non-transitory machine-readable recordable storage medium for storing one or more software programs to transmit by a host an alert message from a Security Alerting System indicating a potential compromise of a protected resource, wherein the one or more software programs when executed by one or more processing devices implement the following steps:
-
obtaining said alert message from said Security Alerting System; encrypting said alert message using a single function that implements an authenticated encryption scheme that employs a secret key known by a server, wherein said secret key evolves in a forward-secure manner; storing said encrypted alert message in a buffer, wherein said buffer is local to said host and has a fixed size; and transmitting said encrypted alert message from said buffer over a communication channel to said server.
-
Specification