Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2008-06-10
2008-06-10
Zand, Kambiz (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
C705S051000, C705S052000, C705S053000, C705S054000, C713S189000, C713S190000, C713S191000, C717S168000, C717S169000, C717S170000
Reexamination Certificate
active
07386883
ABSTRACT:
A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat. The received TMV may be mutated to a format for processing of the countermeasure.
REFERENCES:
patent: 1450736 (1923-04-01), Smith
patent: 5940135 (1999-08-01), Petrovic et al.
patent: 6049289 (2000-04-01), Waggamon et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 7073198 (2006-07-01), Flowers et al.
patent: 2001/0027389 (2001-10-01), Beverina et al.
patent: 2002/0026591 (2002-02-01), Hartley et al.
patent: 2002/0078382 (2002-06-01), Sheikh et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2002/0166063 (2002-11-01), Lachman, III et al.
patent: 2002/0178383 (2002-11-01), Hrabik et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0004689 (2003-01-01), Gupta et al.
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0084549 (2003-05-01), Friedrichs et al.
patent: 2003/0172292 (2003-09-01), Judge
patent: 2004/0006704 (2004-01-01), Dahlstrom et al.
patent: 2316005 (2002-02-01), None
patent: WO 98/06020 (1998-02-01), None
patent: WO 00/70456 (2000-11-01), None
About the VulnXML Project, The Open Web Application Security Project, http://www.owasp.org/vulnxml/, 2001-2002, 2 pp.
Carnegie Mellon Software Engineering Institute,CERT®/CC: Computer Security Incident Response Team FAQ, http://www.cert.org/csirts/csirt—faq.html, 2002-2003, 9 pp.
Citadel Hercules Automated Vulnerability Remediation Product Brochure, Citadel Security Software Inc., 2003.
CVE Common Vulnerabilities and Exposure(CVE)—Mitre Develops Valuable Resource for Sharing Vulnerability Information, http://www.mitre.org
ews/digest/archives/2000/vulnerability—info.html, 2000, 3 pp.
Enabling Enterprise Security with CVE, http://ww.mitre.org
ews/digest/archives/2001/enterprise—security.html, 2001, 5 pp.
Ghosh et al.,Inoculating Software for Survivability, Communications of the ACM, vol. 42, No. 7, Jul. 1999, pp. 38-44.
GSA Federal Technology Service,Federal Computer Incident Response Center PADC(Patch Authentication and Dissemination Capability, Smarter Solutions, Publication No. E-COTEO-03-0002.
12Biscom,Network Security, http://www.b2biscom.it/cms/Generic.jsp?IdPage=458, 2003, 1 p.
IBM,Internet Data Center Value-Add Feature: Certifiable High-Speed RAM Web Servers, Research Disclosure, #454147, Feb. 2002, p. 313.
IBM,Remote-Controlled Write-Lock in Hard Disk(HD)Controllers, Research Disclosure, #446114, Jun. 2001, p. 1001.
ICAT Metabase Documentation, http://icat.nist.gov/icat—documentation.htm, 5pp.
ICAT Metabase: A CVE Based Vulnerability Database, http://icat.nist.gov/icat.cfm, 2000-2002, 2 pp.
Martin,Managing Vulnerabilities in Your Networked Systems Using an Industry Standards Effort, NDIA Federal Database Colloquium & Exposition, Oct. 25, 2001, 2 pp., Abstract at http://www.mitre.org/work/tech—papers/tech—papers—01/martin—1vulner/index.html.
Mitre, Press Release,Mitre Announces New Standard for Computer Vulnerability Assessment, http://www.mitre.org
ews/releases/02/oval12—10—02.html, 2002, 2 pp.
Myerson,Identifying Enterprise Network Vulnerabilities, International Journal of Network Management, vol. 12, 2002, pp. 135-144.
Oasis Members Collaborate to Address Security Vulnerabilities for Web Services and Web Applications, http://www.oasis-open.org
ews/oasis—news—04—14—03a.php, Apr. 14, 2003.
OWASP,Introducing the OWASP Top Ten—Top Vulnerabilities in Web Applications, The Open Web Application Security Project, http://www.owasp.org/, 2001-2002, 2 pp.
Sans Institute,About the Sans Institute, http://www.sans.org/aboutsans.php, 2002-2003, 4 pp.
Tasker et al.,CVE Continues to Grow, The Edge, Feb. 2001, http://www.mitre.org
ews/the—edge/february—01/tasker.html, 2 pp.
VulnXML Proof of Concept Vision Document, Version 1, The Open Web Application Security Project, 2002, 7 pp.
Bardsley Jeffrey S.
Brock Ashley A.
Davis, III Charles K.
Kim Nathaniel W.
McKenna John J.
Dillon & Yudell LLP
International Business Machines - Corporation
Tolentino Roderick
Zand Kambiz
LandOfFree
Systems, methods and computer program products for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems, methods and computer program products for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems, methods and computer program products for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2801348