Risk information output device, information output system, risk information output method, and recording medium
US-2024414180-A1 · Dec 12, 2024 · US
System and method for bridging cyber-security threat intelligence into a protected system using secure media
US2017353484A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017353484-A1 |
| Application number | US-201715469934-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 27, 2017 |
| Priority date | Jun 3, 2016 |
| Publication date | Dec 7, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes detecting a storage device. The method also includes performing a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in. The method further includes storing data associated with one or more cyber-security threats on the storage device. The method may also include detecting the storage device a second time and retrieving audit data on the storage device, where the audit data identifies which of the one or more protected nodes accessed the data on the storage device. The method may further include performing a check-out process so that the storage device is recognizable by the nodes outside of the protected system and not recognizable by the one or more protected nodes within the protected system while the storage device is checked-out.
First claim
Opening claim text (preview).
What is claimed is: 1 . An apparatus comprising: at least one interface configured to be coupled to a storage device; and at least one processing device configured to: detect the storage device; perform a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in; and store data associated with one or more cyber-security threats on the storage device. 2 . The apparatus of claim 1 , wherein, during the check-in process, the at least one processing device is configured to: modify the storage device so that, while the storage device is checked-in, additional data cannot be stored on the storage device by the nodes outside of the protected system without first reformatting the storage device. 3 . The apparatus of claim 1 , wherein the at least one processing device is further configured to: detect the storage device a second time; retrieve audit data on the storage device, the audit data identifying which of the one or more protected nodes accessed the data associated with the one or more cyber-security threats on the storage device; and perform a check-out process so that the storage device is recognizable by the nodes outside of the protected system and not recognizable by the one or more protected nodes within the protected system while the storage device is checked-out. 4 . The apparatus of claim 3 , wherein the at least one processing device is further configured to track: when the data associated with the one or more cyber-security threats became available; when the data associated with the one or more cyber-security threats was copied onto the storage device; which of the one or more protected nodes accessed the data associated with the one or more cyber-security threats on the storage device; and which user copied the data associated with the one or more cyber-security threats to the one or more protected nodes. 5 . The apparatus of claim 1 , wherein the at least one processing device is further configured to download the data associated with the one or more cyber-security threats from at least one external source. 6 . The apparatus of claim 5 , wherein the at least one processing device is further configured to: check at least one hash of at least one file containing the data associated with the one or more cyber-security threats to determine whether the at least one file is valid; scan the at least one file to detect any malware; and digitally sign the at least one file after determining that the at least one file is valid and contains no malware. 7 . The apparatus of claim 5 , wherein the at least one processing device is further configured to initiate a notification to at least one user that the data associated with the one or more cyber-security threats is available after downloading the data. 8 . The apparatus of claim 7 , wherein the at least one processing device is configured to initiate the notification by storing a notification message on the storage device, the notification message configured to cause the one or more protected nodes to transmit the notification. 9 . A method comprising: detecting a storage device; performing a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in; and storing data associated with one or more cyber-security threats on the storage device. 10 . The method of claim 9 , wherein the check-in process comprises: modifying the storage device so that, while the storage device is checked-in, additional data cannot be stored on the storage device by the nodes outside of the protected system without first reformatting the storage device. 11 . The method of claim 9 , further comprising: detecting the storage device a second time; retrieving audit data on the storage device, the audit data identifying which of the one or more protected nodes accessed the data associated with the one or more cyber-security threats on the storage device; and performing a check-out process so that the storage device is recognizable by the nodes outside of the protected system and not recognizable by the one or more protected nodes within the protected system while the storage device is checked-out. 12 . The method of claim 11 , further comprising tracking: when the data associated with the one or more cyber-security threats became available; when the data associated with the one or more cyber-security threats was copied onto the storage device; which of the one or more protected nodes accessed the data associated with the one or more cyber-security threats on the storage device; and which user copied the data associated with the one or more cyber-security threats to the one or more protected nodes. 13 . The method of claim 9 , further comprising: downloading the data associated with the one or more cyber-security threats from at least one external source. 14 . The method of claim 13 , further comprising: checking at least one hash of at least one file containing the data associated with the one or more cyber-security threats to determine whether the at least one file is valid; scanning the at least one file to detect any malware; and digitally signing the at least one file after determining that the at least one file is valid and contains no malware. 15 . The method of claim 13 , further comprising: initiating a notification to at least one user that the data associated with the one or more cyber-security threats is available after downloading the data. 16 . A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to: detect a storage device; perform a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in; and store data associated with one or more cyber-security threats on the storage device. 17 . The non-transitory computer readable medium of claim 16 , wherein the instructions that when executed cause the at least one processing device to perform the check-in process comprise: instructions that when executed cause the at least one processing device to modify the storage device so that, while the storage device is checked-in, additional data cannot be stored on the storage device by the nodes outside of the protected system without first reformatting the storage device. 18 . The non-transitory computer readable medium of claim 16 , further containing instructions that when executed cause the at least one processing device to: detect the storage device a second time; retrieve audit data on the storage device, the audit data identifying which of the one or more protected nodes accessed the data associated with the one or more cyber-security threats on the storage device; and perform a check-out process so that the storage device is recognizable by the nodes outside of the protected system and not recognizable by the one or more protected nodes within the protected system while the storage device is checked-out. 19 . The non-transitory computer readable medium of claim 18 , further containing instructions that when executed cause the at least
Assignees
Inventors
Classifications
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
received data contents, e.g. message integrity · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017353484A1 cover?
- A method includes detecting a storage device. The method also includes performing a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in. The method further includes storing data associated with one or more cyber-security threats on…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).