| Method and apparatus for computer network security -> Monitor Keywords |
|
|
 Method and apparatus for computer network securityUSPTO Application #: 20080047019Title: Method and apparatus for computer network security Abstract: Techniques are provided for computer network security. The techniques include obtaining operational data for at least a first networked application; obtaining enterprise data for at least a second networked application; correlating the operational data with the enterprise data to obtain correlated data; and using the correlated data to improve security of the computer network. (end of abstract)
Agent: Ryan, Mason & Lewis, LLP - Fairfield, CT, US Inventors: John Reumann, Dinesh C. Verma USPTO Applicaton #: 20080047019 - Class: 726 26 (USPTO) The Patent Description & Claims data below is from USPTO Patent Application 20080047019. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF THE INVENTION [0001]The present invention generally relates to information technology, and, more particularly, to a method and apparatus for computer network security. BACKGROUND OF THE INVENTION [0002]In current enterprises and systems, each user has many user-names and passwords. Single sign-on systems are currently developed and deployed which require the user to know only a single user-ID and password to access the enterprise systems. However, since several sites may require such a password protection, it is cumbersome for the user to type the same password at multiple sites. [0003]The current state of the art for enabling users to access the network typically requires the use of an access-point for the user laptop to connect to the enterprise network. The access point could be the wireless access point if the user is accessing a local 802.1x network of the user, a virtual private network (VPN) gateway if the user is dialing into the VPN server of an enterprise, the first router on the path of a physical network connecting the user to the enterprise network etc. Typically, the access-point would have a mechanism to authenticate the user device to the network, for example 802.1x access would require a Wired Equivalent Privacy (WEP) password, or a Lightweight Extensible Authentication Protocol (LEAP) user-ID and password. VPN gateway access would require a user-issued certificate or user-ID and password information, wired access may require Remote Authentication Dial-In User Service (RADIUS) authentication with a user-ID and password or other credentials. The user-ID and password is the key to associating an identity with the user. Currently, the credentials used in the wireless access point authentication cannot be shared with other applications running in the enterprise. [0004]Current solutions for asset notification usually do not send notification before disconnecting a user. Also, such solutions generally have out of date information, or use mechanisms that are not accessible when the machine is disconnected. [0005]It would thus be desirable to overcome the limitations in previous approaches. SUMMARY OF THE INVENTION [0006]Principles of the present invention provide techniques for computer network security. An exemplary method (which can be computer-implemented) for computer network security, according to one aspect of the invention, can include steps of obtaining operational data for at least one networked application; obtaining enterprise data for at least one networked application; correlating the operational data with the enterprise data to obtain correlated data; and using the correlated data to improve security of the computer network. [0007]One or more embodiments of the invention can be implemented in the form of a computer product including a computer usable medium with computer usable program code for performing the method steps indicated. Furthermore, one or more embodiments of the invention can be implemented in the form of an apparatus including a memory and at least one processor that is coupled to the memory and operative to perform exemplary method steps. [0008]One or more embodiments of the invention may provide one or more beneficial technical effects, such as, for example, providing an approach which obviates the need for a user to remember an explicit password and user-ID, but still allows a user to access distributed applications of a network that implements existing security authentication mechanisms. Also, one or more embodiments of the invention may provide the beneficial effect of notifying owners of assets in an enterprise which are disconnected from the enterprise network due to security or other policy violations via non-network mechanisms so that the owners are aware of the assets being disconnected. [0009]These and other objects, features and advantages of the present invention will become apparent from the following detailed description of illustrative embodiments thereof, which is to be read in connection with the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS [0010]FIG. 1 is a flow diagram illustrating a method for improving security in a computer network, according to one embodiment of the invention; [0011]FIG. 2 is a block diagram illustrating a method for improving security in a computer network, according to one embodiment of the invention; [0012]FIG. 3 is a block diagram illustrating a method for improving security in a computer network, according to one embodiment of the invention; and [0013]FIG. 4 is a system diagram of an exemplary computer system on which one or more embodiments of the present invention can be implemented. DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS [0014]Computer networks typically contain several types of data; exemplary embodiments of the invention deal with two types of data, namely, "operational data" and "enterprise data." Operational data may be defined as data that is generated during the normal course of operation of a computer network. Operational data may also be defined as data that is generated by systems and applications during the normal course of their operation. Examples of operational data include logs generated by network access devices, logs generated by network applications, fields such as identity of remote connections maintained during the operation of network protocols, and the like. Enterprise data may be defined as data that is maintained for user-accounting, billing, record-keeping and other administrative aspects of an enterprise. Enterprise data may also be defined as information that is available within an enterprise and/or user which provides records about aspects of a user which are independent of the operation and/or normal usage of the system. Enterprise data includes, for example, information such as the employee directory of an organization, a database of computers owned by an employee, a record of customers and their postal addresses, and the like. In existing computer security applications, operational data and enterprise data are treated as independent entities. In one or more embodiments of the invention, techniques are provided for correlating the information available in operational data and that of enterprise data to build new security mechanisms. Security mechanisms that leverage both enterprise and operational data may advantageously enable many security methods which are hard to achieve using existing systems. [0015]FIG. 1 shows a flow diagram illustrating a method for improving security in a computer network, according to one embodiment of the invention. Step 102 includes obtaining operational data for at least a first networked application. Step 104 includes obtaining enterprise data for at least a second networked application. The first and second networked applications can be the same or different. Step 110 includes correlating the operational data with the enterprise data to obtain correlated data. Step 112 includes using the correlated data to improve security of the computer network. Optionally, the method illustrated in FIG. 1 can also include step 106, converting operational data into an operational data canonical form, and step 108, converting enterprise data into an enterprise data canonical form. [0016]In one embodiment of the invention, the method for improving security in a computer network includes correlating operational data (for example logs from networked systems and applications), and enterprise data (for example enterprise directory, user account records, etc.) within an enterprise to maintain a continuous mapping from network identifiers (for example certificates, Internet Protocol (IP) addresses, etc.) to the owning individual (user name, corporation name). This mapping is then leveraged to build one or more of the applications. [0017]This embodiment of the invention employs a system that correlates two types of data: operational data and enterprise data. By way of example and not limitation, instances of operational data include logs that are generated by several systems, for example dynamic host configuration protocol (DHCP) server logs, domain name system (DNS) server logs, web-server logs, as well as pieces of information that are required to be known to any application in order for it to complete its communication, for example IP addresses, uniform resource locators (URLs) being accessed, and domain names of sites one is connecting to. Examples of enterprise data include organization charts and/or enterprise directories in corporations, billing records, and user account databases. [0018]In one embodiment, the operational and enterprise data are correlated within a single administrative domain by way of a system herein referred to as the Security Information Server (SIS). The Security Information Server obtains the different types of operational data (for example logs, DNS records, etc.) from all the different appropriate devices within the network. The Security Information Server converts each type of operational data into an operational data canonical form. Canonical form may be defined as a standard or common representation of data. Canonical form may also be defined as an application-independent representation of data in the case, for example, where such data is itself in multiple application-specific formats. [0019]Similarly, the Security Information Server obtains the different types of enterprise data from the various applications within the network and converts each type of enterprise data to an enterprise data canonical form. The Security Information Server then correlates the enterprise data with the operational data that is within the network. The SIS now has the ability to take a specific piece of operational data (for example an IP address or URL), and is able to provide the enterprise level data (for example user name, or user address) about the entity which has that IP address or URL. These capabilities of the SIS, which can be provided by way of a web-service or other remote invocation, can be used to identify in real-time the entity with which a machine has an ongoing communication. Continue reading... Full patent description for Method and apparatus for computer network security Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method and apparatus for computer network security patent application. Patent Applications in related categories: 20080244751 - Binding a digital license to a portable device or the like in a digital rights management (drm) system and checking out/checking in the digital license to/from the portable device or the like - To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The ... 20080244750 - Method and apparatus regarding attachments to e-mails - A computer processor is programmed by computer software so that the computer processor scans text of a first e-mail for any one of a set of matching words and if any one of the set of matching words is found in the text of the first e-mail, the computer processor ... ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method and apparatus for computer network security or other areas of interest. ### Previous Patent Application: Method to provide a secure virtual machine launcher Next Patent Application: Personalized interactive communication method and system Industry Class: ### FreshPatents.com Support Thank you for viewing the Method and apparatus for computer network security patent info. IP-related news and info Results in 1.22137 seconds Other interesting Feshpatents.com categories: Computers: Graphics , I/O , Processors , Dyn. Storage , Static Storage , Printers |
||
