Enterprise intrusion detection and remediation
First Claim
Patent Images
1. A method, comprising:
- receiving, by a hardware server, a security intrusion event securely communicated from a component of a terminal over a network, wherein the component is a peripheral of the terminal, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is an independent hardware module operating below an operating system of the terminal and acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM;
accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the component; and
triggering, by the hardware server, an action based on the pattern and securely pushing the action to the component for dynamic and real-time processing by the component in response to the security intrusion.
6 Assignments
0 Petitions
Accused Products
Abstract
Events are securely packaged and transmitted from peripherals of terminals and from secure input/out modules (SIOMs) of terminals. The events are collected and mined in real time for security risk patterns and dynamic remedial actions are pushed back down to the terminals, peripherals, and SIOMs.
-
Citations
18 Claims
-
1. A method, comprising:
-
receiving, by a hardware server, a security intrusion event securely communicated from a component of a terminal over a network, wherein the component is a peripheral of the terminal, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is an independent hardware module operating below an operating system of the terminal and acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the component; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the component for dynamic and real-time processing by the component in response to the security intrusion. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
collecting, over a secure network connection by a hardware server, security intrusion events emanating from a secure session between a secure input/output module (SIOM) and a peripheral device, the SIOM and peripheral device integrated into a terminal and the SIOM is an independent hardware module operating below an operating system of the terminal and acting as a secure interface for communications to and from the peripheral during the secure session; processing heuristics algorithms in view of the security intrusion events and identifying at least one pattern indicating a potential security threat with one or more of;
the SIOM and the peripheral device; anddynamically and in real time causing at least one action to be sent over the secure network to one or more of;
the SIOM and the peripheral device for remedial action in response to the potential security threat by the SIOM or the peripheral device processing in real time the remedial action. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a terminal device a secure input/output module (SIOM) integrated and independent from the terminal device; a peripheral device integrated into the terminal device; and an Intrusion Detection System (IDS) adapted and configured to;
i) execute on a hardware server external to the terminal device, ii) collect security intrusion events emanating from a secure session between the SIOM and the peripheral device, iii identity a pattern for a potential security threat based on the security intrusion events; and
iv) cause one or more remedial actions to be processed in real time by the SIOM and the peripheral device in response to the potential security threat, wherein the SIOM is an independent hardware module operating below an operating system of the terminal device and acting as a secure interface for communications to and from the peripheral during the secure session. - View Dependent Claims (17, 18)
-
Specification