Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

US 9,378,375 B2
Filed: 04/14/2014
Issued: 06/28/2016
Est. Priority Date: 07/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method for adapting a security system based on security-related data associated with a communication network, the method comprising steps of:

selecting, by a trust mediator, a risk variable generated by a sensor associated with a mobile communication device, based on location data associated with the mobile communication device,wherein the trust mediator is communicatively coupled to the mobile communication device by way of a communication network;

determining, by the trust mediator, a time interval at which to collect security-related data for the risk variable generated by the sensor, based on the location data associated with the mobile communication device;

collecting the security-related data for the risk variable periodically at the determined time interval by way of a trust mediator agent communicatively coupled to the communication network,determining a security safeguard modification based on at least one of the collected security-related data and a predetermined rule stored in a memory; and

transmitting instructions corresponding to the security safeguard modification to the trust mediator agent via the communication network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards.

89 Citations

20 Claims

1. A method for adapting a security system based on security-related data associated with a communication network, the method comprising steps of:
- selecting, by a trust mediator, a risk variable generated by a sensor associated with a mobile communication device, based on location data associated with the mobile communication device,wherein the trust mediator is communicatively coupled to the mobile communication device by way of a communication network;
  
  determining, by the trust mediator, a time interval at which to collect security-related data for the risk variable generated by the sensor, based on the location data associated with the mobile communication device;
  
  collecting the security-related data for the risk variable periodically at the determined time interval by way of a trust mediator agent communicatively coupled to the communication network,determining a security safeguard modification based on at least one of the collected security-related data and a predetermined rule stored in a memory; and
  
  transmitting instructions corresponding to the security safeguard modification to the trust mediator agent via the communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the location data associated with the mobile communication device is received from the mobile communication device by way of the communication network.
  - 3. The method of claim 1, further comprising a step of:
    - polling, by the trust mediator, the trust mediator agent for the location data associated with the mobile communication device.
  - 4. The method of claim 1, further comprising steps of:
    - receiving, by the trust mediator from the trust mediator agent via the communication network, updated location data associated with the mobile communication device; and
      
      selecting a different risk variable based on the received updated location data.
  - 5. The method of claim 1, further comprising steps of:
    - selecting a second risk variable based on the collected security-related data; and
      
      collecting second security-related data for the selected second risk variable by way of the trust mediator agent.
  - 6. The method of claim 1, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.
  - 7. The method of claim 1, further comprising steps of:
    - selecting a second risk variable based on a security goal; and
      
      collecting second security-related data for the selected second risk variable by way of the trust mediator agent.

8. A system for adapting a security system based on security-related data associated with a communication network, wherein the system comprises a trust mediator that includes:
- a processor;
  
  a memory device accessible by the processor and storing;
  
  computer code executable by the processor, anddata used by the computer code,wherein the trust mediator is communicatively coupled to a mobile communication device by way of a communication network, andwherein the computer code includes code for;
  
  selecting a risk variable generated by a sensor associated with a mobile communication device, based on location data associated with the mobile communication device,determining a time interval at which to collect security-related data for the risk variable generated by the sensor, based on the location data associated with the mobile communication device,collecting the security-related data for the risk variable periodically at the determined time interval by way of a trust mediator agent communicatively coupled to the communication network,determining a security safeguard modification based on at least one of the collected security-related data and a predetermined rule stored in a memory, andtransmitting instructions corresponding to the security safeguard modification to the trust mediator agent via the communication network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the location data associated with the mobile communication device is received from the mobile communication device by way of the communication network.
  - 10. The system of claim 8, wherein the computer code further includes code for:
    - polling the trust mediator agent for the location data associated with the mobile communication device.
  - 11. The system of claim 8, wherein the computer code further includes code for:
    - receiving, by the trust mediator from the trust mediator agent via the communication network, updated location data associated with the mobile communication device; and
      
      selecting a different risk variable based on the received updated location data.
  - 12. The system of claim 8, wherein the computer code further includes code for:
    - selecting a second risk variable based on the collected security-related data; and
      
      collecting second security-related data for the selected second risk variable by way of the trust mediator agent.
  - 13. The system of claim 8, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.
  - 14. The system of claim 8, wherein the computer code further includes code for:
    - selecting a second risk variable based on a security goal; and
      
      collecting second security-related data for the selected second risk variable by way of the trust mediator agent.

15. A non-transitory computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions that, when executed by a computer, cause the computer to:
- select, by a trust mediator, a risk variable generated by a sensor associated with a mobile communication device, based on location data associated with the mobile communication device,wherein the trust mediator is communicatively coupled to the mobile communication device by way of a communication network;
  
  determine, by the trust mediator, a time interval at which to collect security-related data for the risk variable generated by the sensor, based on the location data associated with the mobile communication device;
  
  collect the security-related data for the risk variable periodically at the determined time interval by way of a trust mediator agent communicatively coupled to the communication network,determine a security safeguard modification based on at least one of the collected security-related data and a predetermined rule stored in a memory; and
  
  transmit instructions corresponding to the security safeguard modification to the trust mediator agent via the communication network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the sequences of instructions further include instructions that, when executed by the computer, cause the computer to:
    - receive the location data associated with the mobile communication device from the mobile communication device by way of the communication network.
  - 17. The non-transitory computer-readable medium of claim 15 wherein the sequences of instructions further include instructions that, when executed by the computer, cause the computer to:
    - poll, by the trust mediator, the trust mediator agent for the location data associated with the mobile communication device.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the sequences of instructions further include instructions that, when executed by the computer, cause the computer to:
    - receive, by the trust mediator from the trust mediator agent via the communication network, updated location data associated with the mobile communication device; and
      
      select a different risk variable based on the received updated location data.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the sequences of instructions further include instructions that, when executed by the computer, cause the computer to:
    - select a second risk variable based on the collected security-related data; and
      
      collect second security-related data for the selected second risk variable by way of the trust mediator agent.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the security-related data includes at least one of threat data corresponding to at least one of the plurality of communication network modules, user expectation data, a list of currently running security safeguards, and a protection time provided by the currently running security safeguards.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, Samuel A. Jr.
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US14/252,276
Publication Number

US 20140310815A1
Time in Patent Office

806 Days
Field of Search

726/1, 726/22, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06Q 20/206   comprising security or oper...

G06Q 20/3223   Realising banking transacti...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/06   for supporting key manageme...

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/12   Detection or prevention of ...

Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others