What technology area does this patent fall under?

Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue May 08 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Enterprise intrusion detection and remediation

US9967270B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9967270-B2
Application number	US-201715419012-A
Country	US
Kind code	B2
Filing date	Jan 30, 2017
Priority date	Oct 31, 2014
Publication date	May 8, 2018
Grant date	May 8, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Events are securely packaged and transmitted from peripherals of terminals and from secure input/out modules (SIOMs) of terminals. The events are collected and mined in real time for security risk patterns and dynamic remedial actions are pushed back down to the terminals, peripherals, and SIOMs.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion, wherein the peripheral comprises a card reader; wherein the pattern comprises a failure of the secure session between the terminal and the card reader. 2. The method of claim 1 , wherein the pattern is configurable. 3. The method of claim 1 , wherein the pattern comprises detection of a duplicate secure peripheral identifier. 4. The method of claim 1 , wherein the pattern comprises detection of a secure peripheral identifier that is not in an inventory of peripherals on the SIOM. 5. The method of claim 1 , wherein the pattern comprises detection of duplicate SIOM identifiers. 6. The method of claim 1 , wherein the pattern comprises detection of a revoked or decommissioned peripheral or the SIOM. 7. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion; wherein the pattern comprises receipt of an out-of-order secure session message from the peripheral by the SIOM. 8. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion; wherein the pattern comprises receipt of an out-of-order secure session message from the SIOM by the peripheral. 9. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion; wherein the pattern comprises a failure to pair with the peripheral by the SIOM. 10. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion; wherein the pattern comprises receipt of the secure session message for the secure session that is no longer active by the SIOM. 11. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynamic and real-time processing by the peripheral in response to the security intrusion; wherein the pattern comprises a mismatch between a SIOM pairing request issued by a provisioning server and provisioning events on the SIOM. 12. A method, comprising: receiving, by a hardware server, a security intrusion event securely communicated from a peripheral of a terminal over a network, wherein receiving further includes obtaining the security intrusion event from the peripheral of the terminal, the security intrusion event pushed up to a secure input/output module (SIOM) that is acting as a secure interface for communications to and from the peripheral during a secure session between the peripheral and the SIOM, and wherein the SIOM is independent of the operating system; accessing, by the hardware server, heuristics and identifying a pattern for the security intrusion event relevant to a security intrusion within the peripheral; and triggering, by the hardware server, an action based on the pattern and securely pushing the action to the peripheral for dynami

Assignees

Ncr Corp

Inventors

Classifications

G06F21/50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
G06F21/554
involving event detection and direct action · CPC title
G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
H04L63/14
for detecting or protecting against malicious traffic · CPC title

Patent family

Related publications grouped by family.

View patent family 54359884

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9967270B2 cover?: Events are securely packaged and transmitted from peripherals of terminals and from secure input/out modules (SIOMs) of terminals. The events are collected and mined in real time for security risk patterns and dynamic remedial actions are pushed back down to the terminals, peripherals, and SIOMs.
Who is the assignee on this patent?: Ncr Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue May 08 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).