Techniques for sharing network security event information
US9680846B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 6, 2015 |
| Grant date | Jun 13, 2017 |
| Priority date | — |
| Expiry date | Aug 6, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/10
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
This disclosure provides an architecture for sharing information between network security administrators. Events converted to a normalized data format (CCF) are stored in a manner that can be queried by a third party (e.g., an administrator of another, trusted network). Optionally made available as a service, stored event records can be sanitized for third party queries (e.g., by clients of a service maintaining such a repository). In one embodiment, each contributing network encrypts or signs its (sanitized) records using a symmetric key architecture, the key being unique to the contributing network. This key is used (e.g., by the repository) to index a set of permissions or conditions of the contributing network in servicing any query, e.g., by matching a stored hash of the event record or by decrypting the record. The information sharing service can optionally be provided by a hosted information security service or on a peer-to-peer basis.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.