What technology area does this patent fall under?

Primary CPC classification H04L63/0457. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Apr 09 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Risk-based encryption of communication on a computer system node

US10257172B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10257172-B2
Application number	US-201615355254-A
Country	US
Kind code	B2
Filing date	Nov 18, 2016
Priority date	Nov 18, 2016
Publication date	Apr 9, 2019
Grant date	Apr 9, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A streams manager assesses the security risk of streams communication and when possible turns off encryption of intranode communication between operators of a streaming application on a computer node to increase performance of the computer node. The streams manager includes a stream security module (SSM) with a monitor that monitors risk in the system and changes encryption between operators on a node depending on the risk. The stream security module may use security data and node profile data collected by the monitor or the system to determine the risk. The stream security module may provide recommendations to a customer for the customer to override changes in encryption.

First claim

Opening claim text (preview).

The invention claimed is: 1. An apparatus comprising: at least one processor; a memory coupled to the at least one processor; a streams manager residing in the memory and executed by the at least one processor that manages a plurality of streaming applications on a plurality of computer nodes, wherein the plurality of streaming applications comprise a plurality of operators that communicate streaming data between the plurality of operators; and a stream security module residing in the memory and executed by the at least one processor, wherein the stream security module monitors changes to the plurality of nodes to determine a security risk of communication between the plurality of operators and dynamically changes encryption of communication of streaming data between two operators of the plurality of operators of the streaming applications on a single node based on the security risk of communication between the two operators. 2. The apparatus of claim 1 wherein the stream security module establishes a security baseline for streaming communication on the plurality of nodes. 3. The apparatus of claim 1 wherein the stream security module applies node profile data and security data to a determined change in the plurality of nodes to determine the security risk. 4. The apparatus of claim 3 wherein the node profile data comprises virtualization technology, block devices, and user permissions. 5. The apparatus of claim 3 wherein the security data comprises logged in users of each node, currently open devices, process tree hierarchy, applied capabilities, data rates and operating system version. 6. The apparatus of claim 1 wherein the stream security module provides a recommendation to a customer and allows the customer to override encryption of a data communication stream. 7. The apparatus of claim 1 wherein the streams security module encrypts intranode data stream when a usage anomaly of an operator is detected. 8. The apparatus of claim 7 wherein the streams security module sends an alert to a system administrator when a usage anomaly of an operator is detected. 9. The apparatus of claim 1 wherein the streams security module further monitors the nodes for decreased risks changes a communication link that provides internode communication that has been encrypted to be unencrypted. 10. A computer-implemented method executed by at least one processor for managing a streaming application, the method comprising: managing a plurality of streaming applications on a plurality of computer nodes, wherein the plurality of streaming applications comprise a plurality of operators that communicate streaming data between the plurality of operators; monitoring changes to the plurality of nodes to determine a security risk of communication on the plurality of nodes; and dynamically changing encryption of communication of streaming data between two operators on a single node of the plurality of nodes based on the security risk of communication between the two operators. 11. The method of claim 10 further comprising establishing a security baseline for streaming communication on the plurality of nodes. 12. The method of claim 10 further comprising applying node profile data and security data to a determined change in the plurality of nodes to determine the security risk. 13. The method of claim 12 wherein the node profile data comprises virtualization technology, block devices, and user permissions. 14. The method of claim 12 wherein the security data comprises logged in users of each node, currently open devices, process tree hierarchy, applied capabilities, data rates and operating system version. 15. The method of claim 10 further comprising providing a recommendation to a customer and allowing the customer to override encryption of a data communication stream. 16. The method of claim 10 further comprising encrypting an intranode data stream when a usage anomaly of an operator is detected. 17. The method of claim 16 further comprising sending an alert to a system administrator when a usage anomaly of an operator is detected. 18. The method of claim 10 further comprising monitoring the nodes for decreased risks and changing a communication link that provides internode communication that has been encrypted to use unencrypted communication. 19. A computer-implemented method executed by at least one processor for managing a streaming application, the method comprising: managing a plurality of streaming applications on a plurality of computer nodes, wherein the plurality of streaming applications comprise a plurality of operators that communicate streaming data between the plurality of operators; establishing a security baseline for streaming communication on the plurality of nodes; applying node profile data and security data to a determined change in the plurality of nodes to determine the security risk; monitoring changes to the plurality of nodes to determine a security risk of communication on the plurality of nodes; providing a recommendation based on the security risk to a customer and allowing the customer to override encryption of a data communication stream; dynamically changing encryption of communication of streaming data between two operators on a single node of the plurality of nodes based on a security risk of communication between the two operators and based on a customer override from the customer; and monitoring the nodes for decreased risks and changing a communication link that provides internode communication that has been encrypted to use unencrypted communication. 20. The method of claim 19 further comprising sending an alert to a system administrator when a usage anomaly of an operator is detected.

Assignees

Inventors

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/1433
Vulnerability analysis · CPC title
H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title
H04L63/0457Primary
wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption (cryptographic mechanisms or cryptographic arrangements for stream encryption H04L9/065) · CPC title

Patent family

Related publications grouped by family.

View patent family 62148006

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10257172B2 cover?: A streams manager assesses the security risk of streams communication and when possible turns off encryption of intranode communication between operators of a streaming application on a computer node to increase performance of the computer node. The streams manager includes a stream security module (SSM) with a monitor that monitors risk in the system and changes encryption between operators on…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/0457. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Apr 09 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).