公开(公告)号：US09838415B2

公开(公告)日：2017-12-05

申请号：US15295778

申请日：2016-10-17

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Stephen K. Brueckner ,  Kenneth J. Thurber

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/55 ,  G06F9/455

CPC classification number: H04L63/1441 ,  G06F9/45558 ,  G06F21/552 ,  G06F2009/45587 ,  H04L63/02 ,  H04L63/1416 ,  H04L63/20

Abstract: A network node includes enhanced functionality to fight through cyber-attacks. A plurality of virtual machines run at the network node. The network node receives a plurality of transaction requests and distributes a copy of each of the transaction requests to the plurality of virtual machines over a plurality of time steps. Based on the first virtual machine having executed (n) transaction requests in the plurality of transaction requests, the node detects whether any of the virtual machines has been compromised. In response to detecting the plurality of virtual machines includes a compromised virtual machine, the network node isolates the compromised virtual machine. Furthermore, after isolating the compromised virtual machine, the network node may receive a subsequent transaction request and dispatch the subsequent transaction request to the compromised virtual machine. The compromised virtual machine may execute the subsequent transaction request.

公开(公告)号：US09769131B1

公开(公告)日：2017-09-19

申请号：US15226515

申请日：2016-08-02

Applicant: Architecture Technology Corporation

Inventor： Timothy Hartley ,  Ranga Ramanujan ,  Jafar Al-Gharaibeh

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/74

CPC classification number: H04L63/18 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/067 ,  G06F21/53 ,  G06F21/74 ,  H04L43/0829 ,  H04L43/0864 ,  H04L43/0882 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/105 ,  H04L67/34 ,  H04W12/02 ,  H04W12/08

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via the network(s), the encrypted information.

公开(公告)号：US20170177314A1

公开(公告)日：2017-06-22

申请号：US15228698

申请日：2016-08-04

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Robert A. Joyce

IPC: G06F9/45 ,  G06F9/54 ,  G06F9/445 ,  G06F9/44

CPC classification number: G06F8/52 ,  G06F8/30 ,  G06F8/37 ,  G06F8/41 ,  G06F8/71 ,  G06F9/44568 ,  G06F9/54 ,  G06F21/14 ,  G06F21/57

Abstract: An example method includes generating, by a computing system, first unique configuration information, generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component, generating second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information, and generating, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system. The first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.

公开(公告)号：US20170034198A1

公开(公告)日：2017-02-02

申请号：US15295778

申请日：2016-10-17

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Stephen K. Brueckner ,  Kenneth J. Thurber

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F9/45558 ,  G06F21/552 ,  G06F2009/45587 ,  H04L63/02 ,  H04L63/1416 ,  H04L63/20

Abstract: A network node includes enhanced functionality to fight through cyber-attacks. A plurality of virtual machines run at the network node. The network node receives a plurality of transaction requests and distributes a copy of each of the transaction requests to the plurality of virtual machines over a plurality of time steps. Based on the first virtual machine having executed (n) transaction requests in the plurality of transaction requests, the node detects whether any of the virtual machines has been compromised. In response to detecting the plurality of virtual machines includes a compromised virtual machine, the network node isolates the compromised virtual machine. Furthermore, after isolating the compromised virtual machine, the network node may receive a subsequent transaction request and dispatch the subsequent transaction request to the compromised virtual machine. The compromised virtual machine may execute the subsequent transaction request.

Abstract translation: 网络节点包括增强的功能，以打击网络攻击。 多个虚拟机在网络节点运行。 网络节点接收多个事务请求，并且通过多个时间步骤将每个事务请求的副本分发给多个虚拟机。 基于在多个事务请求中执行（n）个事务请求的第一虚拟机，该节点检测虚拟机中的任一个是否已被破坏。 响应于检测到多个虚拟机包括受损的虚拟机，网络节点隔离受损的虚拟机。 此外，在隔离受损的虚拟机之后，网络节点可以接收后续的事务请求，并将后续的事务请求发送到受感染的虚拟机。 被破坏的虚拟机可以执行后续的事务请求。

公开(公告)号：US09501304B1

公开(公告)日：2016-11-22

申请号：US14741388

申请日：2015-06-16

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Robert A. Joyce

IPC: G06F17/30 ,  H04N7/16 ,  G06F9/455 ,  H04L29/08 ,  G06F21/62 ,  G06F21/60 ,  G06F1/00

CPC classification number: G06F21/606 ,  G06F8/60 ,  G06F9/45504 ,  G06F9/50 ,  H04L67/10 ,  H04L67/34

Abstract: An example method includes identifying a software package that is associated with a software application, wherein the software package includes platform-independent instructions that are configured to perform at least one computational task upon execution, and wherein the platform-independent instructions have a format that is not specific to any particular hardware platform. The method further includes selecting a computing system to perform the at least one computational task, providing, by the selected computing system, a container in which to perform the at least one computational task, obtaining, by the selected computing system, platform-dependent instructions that have been converted from the platform-independent instructions, wherein the platform-dependent instructions have a format that is specific to a hardware platform provided by the selected computing system, executing, by the selected computing system and in the container, the platform-dependent instructions to perform the at least one computational task.

Abstract translation: 示例性方法包括识别与软件应用相关联的软件包，其中所述软件包包括平台无关指令，其被配置为在执行时执行至少一个计算任务，并且其中所述平台无关指令具有格式为 不具体到任何特定的硬件平台。 所述方法还包括选择计算系统以执行所述至少一个计算任务，由所选择的计算系统提供其中执行所述至少一个计算任务的容器，由所选择的计算系统获得与平台相关的指令 已经从与平台无关的指令转换，其中依赖于平台的指令具有特定于由所选计算系统提供的硬件平台的格式，由所选择的计算系统和容器执行与平台相关的 用于执行所述至少一个计算任务的指令。

公开(公告)号：US20160057116A1

公开(公告)日：2016-02-25

申请号：US14931620

申请日：2015-11-03

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Deborah K. Charan ,  Ranga Ramanujan

IPC: H04L29/06

CPC classification number: H04L63/0471 ,  H04L63/0485 ,  H04L63/18

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

公开(公告)号：US09229936B2

公开(公告)日：2016-01-05

申请号：US13965007

申请日：2013-08-12

Applicant: Architecture Technology Corporation

Inventor： Kenneth J. Thurber ,  Robert A. Joyce ,  Julia A. Baker

IPC: G06F21/16 ,  G06F21/64 ,  G06F17/30 ,  H04L29/06

CPC classification number: G06F17/30011 ,  G06F21/64 ,  H04L29/0687 ,  H04L63/105 ,  H04L63/12

Abstract: This disclosure describes techniques for dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a document may include local pedigree fragments and optionally one or more pointers to remote pedigree fragments not locally stored in the document. A pedigree fragment, generally, is a data structure that specifies a direct relationship between a first resource, e.g., a primary resource, and a second resource from which an asserted fact of the first resource is derived. Because a pedigree fragment specifies such direct relationships, a set of pedigree fragments may be used to assemble the complete pedigree of resource.

公开(公告)号：US20150309831A1

公开(公告)日：2015-10-29

申请号：US14791089

申请日：2015-07-02

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Stephen K. Brueckner ,  Robert A. Joyce ,  Kenneth J. Thurber

IPC: G06F9/455 ,  H04L29/08 ,  G06F9/46 ,  G06F17/30 ,  G06F11/14

CPC classification number: H04L67/10 ,  G06F9/466 ,  G06F11/1438 ,  G06F11/1464 ,  G06F11/1469 ,  G06F11/1471 ,  G06F11/1474 ,  G06F11/1484 ,  G06F17/3051 ,  G06F21/55 ,  G06F21/606 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  H04L63/1441 ,  H04L63/145

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to a trigger, such as determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

Abstract translation: 服务器系统从客户端计算设备接收消息。 每个消息都对应一个事务。 服务器系统将每个相应的事务分配给相应的新鲜虚拟机。 此外，服务器系统作为处理相应事务的相应虚拟机的一部分执行与相应事务相关联的修改到共享数据库。 独立于多个虚拟机来保持共享数据库。 响应于确定相应交易的处理完成，服务器系统丢弃相应的虚拟机。 响应于诸如确定相应交易与网络攻击相关联的触发，服务器系统使用与相应交易相关联的检查点数据将与相应交易相关联的修改回滚到共享数据库。

公开(公告)号：US20150149764A1

公开(公告)日：2015-05-28

申请号：US14165192

申请日：2014-01-27

Applicant: Architecture Technology Corporation

Inventor： Deborah K. Charan ,  Taylor Bouvin ,  Ranga Ramanujan ,  Barry A. Trent

IPC: H04L29/06

CPC classification number: H04L63/0471 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L63/18

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract translation: 本公开涉及用于在不同网络中的设备之间提供通信的技术，其中通信必须首先通过加密机制，并且该设备不具有加密或解密通信的独立能力。 根据这些技术，当数据分组通过加密机制时，适配器可以确定在数据分组中保持未加密的某些字段。 然后，适配器可以以这样的方式处理这些字段，即当数据分组被第二适配器接收时，第二适配器可以读取这些字段并获得信息。

公开(公告)号：US08839426B1

公开(公告)日：2014-09-16

申请号：US14014242

申请日：2013-08-29

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Robert A. Joyce ,  Carl Manson ,  Hajime Inoue ,  Kenneth J. Thurber

IPC: H04L29/06

CPC classification number: G06F11/1469 ,  G06F9/45533 ,  G06F9/466 ,  G06F21/606 ,  H04L63/145

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

Abstract translation: 服务器系统从客户端计算设备接收消息。 每个消息都对应一个事务。 服务器系统将每个相应的事务分配给相应的新鲜虚拟机。 此外，服务器系统作为处理相应事务的相应虚拟机的一部分执行与相应事务相关联的修改到共享数据库。 独立于多个虚拟机来保持共享数据库。 响应于确定相应交易的处理完成，服务器系统丢弃相应的虚拟机。 响应于确定相应的交易与网络攻击相关联，服务器系统使用与相应交易相关联的检查点数据来将与相应交易相关联的修改回滚到共享数据库。