Browse Prior Art Database

Logging Security Events on a Wireless Device

IP.com Disclosure Number: IPCOM000131202D
Publication Date: 2005-Nov-09
Document File: 1 page(s) / 25K

Publishing Venue

The IP.com Prior Art Database

Abstract

For a Common Criteria evaluation that is sufficient to meet a Protection Profile defined by the U.S. Government, there is a need to add the ability to log security events on the device. The PP only gives some general guidelines on what is required. This invention fleshes it out in more detail. The first thing we do is assign a security level to all types of security events on the device. This could be on a LOW, MEDIUM, HIGH scale. So, for example an incorrect password entry would be a LOW security event versus 3 incorrect password attempts in a row would be a MEDIUM security event and finally 10 incorrect password attempts would be a HIGH security event. This scale could be hard-coded into the device but optionally could be changed by the IT Admin. Now the log would be accessible on the device, but would require a password to access it. This password could be different from the device password to prevent the device owner from reading it. Also, IT Policy would set an email address to send security related events to a specific email address Whenever an event (over a certain threshold) occurred, the event would be sent via email. Finally, the server admin tool could be configured to automatically view all of the security events that come in via email. If any events having a security level above a certain threshold (ie. all HIGH events) or was in a certain class of security events (say failed password attempts) then the server Admin could act immediately. For example, if the server admin tool got a security event saying the password was entered incorrectly 9 times (so perhaps the attacker stopped before wiping the device), then it could send a Kill packet to the device and force a wipe to take place.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 82% of the total text.

MOBILE SECURITY LOGGING

Logging Security Events on a Wireless Device

Disclosed Anonymously

For a Common Criteria evaluation that is sufficient to meet a Protection Profile defined by the U.S. Government, there is a need to add the ability to log security events on the device. The PP only gives some general guidelines on what is required. This invention fleshes it out in more detail.

The first thing we do is assign a security level to all types of security events on the device. This could be on a LOW, MEDIUM, HIGH scale. So, for example an incorrect password entry would be a LOW security event versus 3 incorrect password attempts in a row would be a MEDIUM security event and finally 10 incorrect password attempts would be a HIGH security event.  This scale could be hard-coded into the device but optionally could be changed by the IT Admin.

Now the log would be accessible on the device, but would require a password to access it.  This password could be different from the device password to prevent the device owner from reading it.

Also, IT Policy would set an email address to send security related events to a specific email address  Whenever an event (over a certain threshold) occurred, the event would be sent via email.

Finally, the server admin tool could be configured to automatically view all of the security events that come in via email.  If any events having a security level above a certain threshold (ie. all HIGH events) or was in a certain class of security events...