Computer security system
DC CAFCFirst Claim
1. A computer security system for use in a network environment comprising at least a group of user computers arranged to communicate over a network, the system comprising:
- a warning message exchange system operable to allow communications from the group of user computers of warning messages relating to a piece or set of suspect data identified by one or more of the group of user computers as a possible security threat;
an identity generator operable to generate an identifier of the piece or set of suspect data;
a message counting system operable to maintain a count for every particular piece or set of suspect data based on a number of warning messages communicated over the network relating to each of the piece or set of suspect data; and
a network security system operable to act in respect of any particular piece or set of suspect data when the count maintained therefor is substantially equal to or greater than at least one threshold value, wherein the threshold value is greater than one.
1 Assignment
Litigations
1 Petition
Accused Products
Abstract
A computer security system for use in a network environment comprising at least a plurality of user computers arranged to communicate over a network, the system comprising a warning message exchange system operable to allow the communication from the user computers of warning messages relating to suspect data identified as a possible security threat; a message counting system operable to maintain a count for every particular piece or set of suspect data based on the number of warning messages communicated relating thereto; and network security means operable to act against any particular piece or set of suspect data for which the count maintained therefor exceeds at least one threshold value.
37 Citations
37 Claims
-
1. A computer security system for use in a network environment comprising at least a group of user computers arranged to communicate over a network, the system comprising:
-
a warning message exchange system operable to allow communications from the group of user computers of warning messages relating to a piece or set of suspect data identified by one or more of the group of user computers as a possible security threat; an identity generator operable to generate an identifier of the piece or set of suspect data; a message counting system operable to maintain a count for every particular piece or set of suspect data based on a number of warning messages communicated over the network relating to each of the piece or set of suspect data; and a network security system operable to act in respect of any particular piece or set of suspect data when the count maintained therefor is substantially equal to or greater than at least one threshold value, wherein the threshold value is greater than one. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18)
-
-
17. A computer security system for use in a network environment comprising at least a group of user computers arranged to communicate over a network, the system comprising:
-
a warning message exchange system operable to allow communications from the group of user computers of warning messages relating to a piece or set of suspect data identified by one or more of the group of user computers as a possible security threat; an identity generator operable to generate an identifier of the piece or set of suspect data; a message counting system operable to maintain a count for every particular piece or set of suspect data based on a number of warning messages communicated relating to each of the piece or set of suspect data; and a network security system operable to act in respect of any particular piece or set of suspect data when the count maintained therefor is substantially equal to or greater than at least one threshold value; wherein the message counting system is further arranged to store one or more weighting coefficients relating to one or more particular user computers of the group, and to increment the count maintained for the particular piece or set of suspect data by an amount based upon the weighting coefficient when the warning message is received from the one or more particular user computers of the group relating to the particular piece or set of suspect data.
-
-
19. A method of providing computer security in a network environment comprising at least a group of user computers arranged to communicate over a network, the method comprising:
-
communicating, from one or more user computers of the group, warning messages relating to a piece or set of suspect data identified by one or more of the group of user computers as a possible security threat; generating an identifier of the piece or set of suspect data; maintaining a count for every piece or set of suspect data based on a number of warning messages communicated over the network relating thereto; and acting in respect of any particular piece or set of suspect data when the count maintained therefor is substantially equal to or greater than at least one threshold value, wherein each threshold value is greater than one. - View Dependent Claims (34, 35, 36, 37)
-
-
20. A method to be performed by a server connected a network, wherein the server is configured to serve a group of user computers also connected to the network, the method comprising:
-
receiving an individual warning message from a user computer of the group regarding a suspect data, wherein the suspect data is identified by the user computer as a possible security threat by the user computer; verifying whether the suspect data is a security threat; and broadcasting a group warning message to all user computers of the group regarding the suspect data when the suspect data is identified as being a security threat. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method to be performed by a server connected a network, wherein the server is configured to serve a group of user computers also connected to the network, the method comprising:
-
receiving an individual warning message from a user computer of the group regarding a suspect data, wherein the suspect data is identified by the user computer as a possible security threat by the user computer; verifying whether the suspect data is a security threat; and broadcasting a group warning message to all user computers of the group regarding the suspect data when the suspect data is identified as being a security threat; wherein the group warning message includes an action indicator, and wherein the action indicator indicates to the user computers of an action to take by the user computers when the suspect data is encountered; wherein the method further comprises; maintaining a count of individual warning messages received from the user computers of the group regarding the suspect data; determining whether the count of the individual warning messages regarding the suspect data reaches above a preset threshold for the action indicator; broadcasting the group message with the action indicator only when the count of the individual warning messages regarding the suspect data reaches above the preset threshold for the action indicator, wherein the preset threshold for the action indicator is greater than one; maintaining a weight factor for a user using the group of user computers; and adjusting the count of the individual warning messages regarding the suspect data based on the weight factor of the user using the user computer when the individual warning message is received from the user computer. - View Dependent Claims (26)
-
-
27. A method to be performed by a user computer of a group of user computers connected a network, the method comprising:
-
identifying if a suspect data is encountered, wherein the suspect data is data identified by one or more of the group of user computers as being a possible security threat; maintaining an encounter count of the suspect data encountered by the group of user computers; and broadcasting a peer group warning message to all other user computers of the group regarding the suspect data, wherein the peer group warning message includes the encounter count. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A method to be performed by a user computer of a group of user computers connected a network, the method comprising:
-
identifying if a suspect data is encountered, wherein the suspect data is data identified by one or more of the group of user computers as being a possible security threat; maintaining an encounter count of the suspect data encountered by the group of user computers; broadcasting a peer group warning message to all other user computers of the group regarding the suspect data, wherein the peer group warning message includes the encounter count, and the suspect data is identified by a user using the user computer; maintaining a weight factor for the user using the user computer; and adjusting the encounter count of the suspect data based on the weight factor of the user using the user computer. - View Dependent Claims (33)
-
Specification