What technology area does this patent fall under?

Primary CPC classification H04L63/02. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Sep 17 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods, systems, and computer readable media for utilizing a security service engine to assess security vulnerabilites on a security gateway element

US2020296136A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2020296136-A1
Application number	US-201916354121-A
Country	US
Kind code	A1
Filing date	Mar 14, 2019
Priority date	Mar 14, 2019
Publication date	Sep 17, 2020
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for utilizing a security service engine (SSE) to assess security vulnerabilities on a security gateway element (SGE) includes establishing a security configuration for a SGE corresponding to a provisioned security service policy definition and configuring a plurality of SGE security service managers hosted by a SSE on the SGE based on policies included in the security service policy definition. The method further includes executing, by the SSE, each of the plurality of SGE security service managers as a software based service in real time to enforce the policies of the security service policy definition on the SGE and remediating the security configuration of the SGE if one or more of the plurality of SGE security service managers detects a security vulnerability corresponding to the operation of the SGE.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method comprising: establishing a security configuration for a security gateway element (SGE) corresponding to a provisioned security service policy definition; configuring a plurality of SGE security service managers hosted by a service security engine (SSE) on the SGE based on policies included in the security service policy definition; executing, by the SSE, each of the plurality of SGE security service managers as a software based service in real time to enforce the policies of the security service policy definition on the SGE; and remediating the security configuration of the SGE if one or more of the plurality of SGE security service managers detects a security vulnerability corresponding to the operation of the SGE. 2 . The method of claim 1 wherein the SGE includes a session border controller (SBC), a firewall, a Web service gateway, or a virtual private network (VPN) server. 3 . The method of claim 1 wherein one of the plurality of SGE security service managers includes a SGE component security manager that is configured facilitate a security service that assesses security vulnerabilities of the SGE based on hardware component information and software component information obtained from the SGE. 4 . The method of claim 1 wherein one of the plurality of SGE security service managers includes a network security status manager that is configured to facilitate a security service that assesses security vulnerabilities of management ports and service ports of the SGE. 5 . The method of claim 1 wherein one of the plurality of SGE security service managers includes a SGE security configuration manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on a current security configuration of the SGE. 6 . The method of claim 1 wherein one of the plurality of SGE security service managers includes a network traffic security analysis manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on an analysis of incoming and outgoing network traffic traversing via the SGE. 7 . The method of claim 1 wherein one of the plurality of SGE security service managers includes an analytics security service manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE through systematic analysis of data and statistics collected from the SGE under operation. 8 . A system comprising: a session gateway element (SGE) comprising at least one processor and memory; and a security service engine (SSE) stored in the memory and when executed by the at least one processor is configured to establish a security configuration for the SGE corresponding to a provisioned security service policy definition, to configure a plurality of SGE security service managers hosted by the SSE based on policies included in the security service policy definition, to execute each of the plurality of SGE security service managers as a software based service in real time to enforce the policies of the security service policy definition on the SGE, and to remediate the security configuration of the SGE if one or more of the plurality of SGE security service managers detects a security vulnerability corresponding to the operation of the SGE. 9 . The system of claim 8 wherein the SGE includes a session border controller (SBC), a firewall, a Web service gateway, or a virtual private network (VPN) server. 10 . The system of claim 8 wherein one of the plurality of SGE security service managers includes a SGE component security manager that is configured facilitate a security service that assesses security vulnerabilities of the SGE based on hardware component information and software component information obtained from the SGE. 11 . The system of claim 8 wherein one of the plurality of SGE security service managers includes a network security status manager that is configured to facilitate a security service that assesses security vulnerabilities of management ports and service ports of the SGE. 12 . The system of claim 8 wherein one of the plurality of SGE security service managers includes a SGE security configuration manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on a current security configuration of the SGE. 13 . The system of claim 8 wherein one of the plurality of SGE security service managers includes a network traffic security analysis manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on an analysis of incoming and outgoing network traffic traversing via the SGE. 14 . The system of claim 8 wherein one of the plurality of SGE security service managers includes an analytics security service manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE through systematic analysis of data and statistics collected from the SGE under operation. 15 . A non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer controls the computer to perform steps comprising: establishing a security configuration for a security gateway element (SGE) corresponding to a provisioned security service policy definition; configuring a plurality of SGE security service managers hosted by a service security engine (SSE) on the SGE based on policies included in the security service policy definition; executing, by the SSE, each of the plurality of SGE security service managers as a software based service in real time to enforce the policies of the security service policy definition on the SGE; and remediating the security configuration of the SGE if one or more of the plurality of SGE security service managers detects a security vulnerability corresponding to the operation of the SGE. 16 . The non-transitory computer readable medium of claim 15 wherein one of the plurality of SGE security service managers includes a SGE component security manager that is configured facilitate a security service that assesses security vulnerabilities of the SGE based on hardware component information and software component information obtained from the SGE. 17 . The non-transitory computer readable medium of claim 15 wherein one of the plurality of SGE security service managers includes a network security status manager that is configured to facilitate a security service that assesses security vulnerabilities of management ports and service ports of the SGE. 18 . The non-transitory computer readable medium of claim 15 wherein one of the plurality of SGE security service managers includes a SGE security configuration manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on a current security configuration of the SGE. 19 . The non-transitory computer readable medium of claim 15 wherein one of the plurality of SGE security service managers includes a network traffic security analysis manager that is configured to facilitate a security service that assesses security vulnerabilities of the SGE based on an analysis of incoming and outgoing network traffic traversing via the SGE. 20 . The non-transitory computer readable medium of claim 15 wherein one of the plurality of SGE security service managers includes an analytics security service manager that is configured to fac

Assignees

Oracle Int Corp

Inventors

Classifications

H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/1433
Vulnerability analysis · CPC title
H04L63/0209
Architectural arrangements, e.g. perimeter networks or demilitarized zones · CPC title
H04L41/5032
Generating service level reports · CPC title
H04L12/4641
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title

Patent family

Related publications grouped by family.

View patent family 70058530

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2020296136A1 cover?: A method for utilizing a security service engine (SSE) to assess security vulnerabilities on a security gateway element (SGE) includes establishing a security configuration for a SGE corresponding to a provisioned security service policy definition and configuring a plurality of SGE security service managers hosted by a SSE on the SGE based on policies included in the security service policy de…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/02. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Sep 17 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).