公开(公告)号：US11568050B2

公开(公告)日：2023-01-31

申请号：US16754392

申请日：2017-10-30

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Daniel Ellam ,  Jonathan Griffin ,  Adrian Baldwin

IPC: G06F21/56 ,  G06F21/53 ,  G06F21/62 ,  G06N20/00 ,  G06F21/60

Abstract: There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

公开(公告)号：US20220100900A1

公开(公告)日：2022-03-31

申请号：US17414587

申请日：2019-06-14

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Adrian John Baldwin ,  Daniel Ellam ,  Nelson L. Chang ,  Jonathan Griffin

IPC: G06F21/62 ,  G06F21/60

Abstract: In examples, there is provided a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item, applying a rule to a first tuple to pseudonymise a first data item to provide a transformed data item, and/or generate a contextual supplement to the first data item, generating a mapping between the transformed data item and the first data item, whereby to provide a link between the transformed data item and the first data item to enable subsequent resolution of the first data item using the transformed data item, and forwarding the transformed data item and the data identifier related to the first data item to an analytics engine situated logically outside of the trusted environment.

公开(公告)号：US11308187B2

公开(公告)日：2022-04-19

申请号：US16473332

申请日：2017-04-11

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Gurchetan Grewal ,  Daniel Ellam ,  Joshua S. Schiffman ,  James M. Mann

IPC: G06F21/31 ,  G06F21/45

Abstract: Examples associated with user authentication are described. One example system includes a set of authentication modules. A data store stores data describing disruption ratings of members of the set of authentication modules. A user confidence module maintains a confidence rating that a current user of a device is an authenticated user of the device. The confidence module controls execution of the authentication modules based on the confidence rating and on the disruption ratings of the authentication modules. The user confidence module controls execution of relatively less disruptive authentication modules when the user confidence module is confident that the current user of the device is the authenticated user of the device. The user confidence module maintains the confidence rating based on feedback received from authentication modules.

公开(公告)号：US11200314B2

公开(公告)日：2021-12-14

申请号：US16087712

申请日：2016-12-15

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Daniel Ellam ,  Adrian Baldwin ,  Remy Husson

IPC: G06F7/04 ,  G06F21/56 ,  G06F21/12 ,  G06F21/55 ,  G06F7/16

Abstract: Examples associated with ransomware attack monitoring are described. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated when a number of sequences of file accesses that match the predefined pattern exceeds a first threshold. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system when the number of sequences of file accesses that match the predefined pattern exceeds a second threshold. The reaction module then identifies processes associated with a suspected ransomware attack based on the logging performed by the investigation module, and resumes legitimate processes.

公开(公告)号：US20200050784A1

公开(公告)日：2020-02-13

申请号：US16485805

申请日：2017-04-27

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Daniel Ellam ,  Gurchetan Grewal

IPC: G06F21/62 ,  G06F21/60 ,  H04L29/06 ,  G06F21/57

Abstract: In an example, a method includes determining an operating environment of a device based on sensor data from a sensor of the device that senses surroundings of the device. Access to a resource may be controlled based on the operating environment and a status of a security feature of the device.

公开(公告)号：US20220398321A1

公开(公告)日：2022-12-15

申请号：US17755012

申请日：2019-11-22

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Adrian John Baldwin ,  Stuart Lees ,  Jonathan Griffin ,  Daniel Ellam

IPC: G06F21/57 ,  G06F21/56

Abstract: In some examples, a method for data management, the method comprises booting a trusted diskless operating system image via a device firmware component, accessing a non-volatile storage of the device using the trusted diskless operating system image; and retrieving user data from the non-volatile storage of the device, and/or writing user data received from a remote location to the non-volatile storage of the device.

公开(公告)号：US20220393869A1

公开(公告)日：2022-12-08

申请号：US17755011

申请日：2019-11-22

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Adrian John Baldwin ,  Stuart Lees ,  Jonathan Griffin ,  Daniel Ellam

IPC: H04L9/08 ,  H04L9/40

Abstract: In some example, a method for accessing a cryptographic recovery key of an encryption system of a device comprises mapping a device identity received at a key management system to a recovery key stored in the key management system, specifying at least one device-related operation to which the recovery key is linked, generating an encrypted message for the device, the encrypted message comprising the recovery key, and transmitting the encrypted message and a signed message to the device.

公开(公告)号：US20220382636A1

公开(公告)日：2022-12-01

申请号：US17755013

申请日：2019-11-22

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Adrian John Baldwin ,  Stuart Lees ,  Jonathan Griffin ,  Daniel Ellam

IPC: G06F11/14 ,  G06F11/07

Abstract: In some examples, a method for performing an out-of-band security inspection of a device comprises generating a snapshot of the state of the device, storing data representing the snapshot to a non-volatile storage of the device, and storing a hash of the snapshot in a device BIOS, transitioning the power state of the device, triggering boot of a trusted diskless operating system image, providing the data representing the snapshot and the hash of the snapshot to the trusted diskless operating system image, and executing a script selected on the basis of a trigger event and the hash of the snapshot to analyse at least a portion of the non-volatile storage of the device.

公开(公告)号：US20210279311A1

公开(公告)日：2021-09-09

申请号：US16473332

申请日：2017-04-11

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Gurchetan Grewal ,  Daniel Ellam ,  Joshua S. Schiffman ,  James M. Mann

IPC: G06F21/31 ,  G06F21/45

Abstract: Examples associated with user authentication are described. One example system includes a set of authentication modules. A data store stores data describing disruption ratings of members of the set of authentication modules. A user confidence module maintains a confidence rating that a current user of a device is an authenticated user of the device. The confidence module controls execution of the authentication modules based on the confidence rating and on the disruption ratings of the authentication modules. The user confidence module controls execution of relatively less disruptive authentication modules when the user confidence module is confident that the current user of the device is the authenticated user of the device. The user confidence module maintains the confidence rating based on feedback received from authentication modules.

公开(公告)号：US11586730B2

公开(公告)日：2023-02-21

申请号：US17457434

申请日：2021-12-03

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Daniel Ellam ,  Adrian Baldwin ,  Remy Husson

IPC: G06F21/56 ,  G06F21/12 ,  G06F21/55

Abstract: Examples associated with ransomware attack monitoring are described herein. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated based on a sequence of file accesses that match the predefined pattern. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system based on the logging performed by the investigation module, and resumes legitimate processes.