US 12,301,592 B2
Method and system for blockchain-based cyber security management
Shouhuai Xu, Helotes, TX (US); Songlin He, Newark, NJ (US); Eric Ficke, San Antonio, TX (US); Mir Mehedi Ahsan Pritom, San Antonio, TX (US); Huashan Chen, San Antonio, TX (US); Qiang Tang, Cliffside Park, NJ (US); Qian Chen, San Antonio, TX (US); Marcus Pendleton, Rome, NY (US); and Laurent Njilla, Rome, NY (US)
Filed by Board of Regents, The University of Texas System, Austin, TX (US); Government of the United States, as represented by the Secretary of the Air Force, Wright-Patterson AFB, OH (US); and New Jersey Institute of Technology, Newark, NJ (US)
Filed on Apr. 29, 2022, as Appl. No. 17/733,580.
Claims priority of provisional application 63/182,497, filed on Apr. 30, 2021.
Prior Publication US 2023/0042816 A1, Feb. 9, 2023
Int. Cl. H04L 9/40 (2022.01); G06Q 20/38 (2012.01)
CPC H04L 63/1416 (2013.01) [G06Q 20/389 (2013.01); H04L 63/1441 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a computing device; and
a Cyber Security Management (CSM) service executable in the computing device, wherein the CSM service causes the computing device to at least:
obtain cyber intelligence input data, via a consortium blockchain channel, shared from a cyber defender computing device that is a participant of the consortium blockchain channel, wherein the cyber defender computing device manages network security of a network, wherein the cyber intelligence input data identifies a cyber attacker or a victim of a cyber attack on the network, wherein the consortium blockchain channel provides a blockchain ledger for on-chain data storage and a state database for on-chain data storage;
execute one or more CSM functions with the cyber intelligence input data received from the cyber defender computing device via the consortium blockchain channel;
store, via the one or more CSM functions, cyber data collected by the one or more CSM functions to a local off-chain database maintained by the computing device, wherein the cyber data includes discovery of an identification of a potential cyber attacker or potential victim of the cyber attack on the network;
share the discovery of the identification of the potential cyber attacker or the potential victim of the cyber attack on the network as new input cyber intelligence data on the consortium blockchain channel by storing the new input cyber intelligence data in the state database of each participant in the consortium blockchain channel after completion of a consensus protocol with other participants in the consortium blockchain channel, wherein the blockchain ledger of the consortium blockchain channel is updated to include an invocation history of the one or more CSM functions that discovered the identification of the potential cyber attacker or the potential victim of the cyber attack on the network; and
output an alert to the cyber defender computing device with the potential cyber attacker or the potential victim of the cyber attack on the network managed by the cyber defender computing device.