公开(公告)号：US08392995B2

公开(公告)日：2013-03-05

申请号：US11033182

申请日：2005-01-11

Applicant: Matthew Murray Williamson ,  Andrew Patrick Norman ,  Jonathan Griffin

Inventor： Matthew Murray Williamson ,  Andrew Patrick Norman ,  Jonathan Griffin

IPC: G06F11/00

CPC classification number: H04L63/1433 ,  H04L41/28 ,  H04L43/00 ,  H04L63/145

Abstract: A method of operating a computing entity in a network having a log mapping computing entity network addresses to vulnerabilities, the method comprising the steps of: using the entity's network address, searching the log to establish what vulnerabilities the entity has; and if the log indicates the entity has a vulnerability, sending data identifying a user of the entity to an administrator of the network.

Abstract translation: 一种在具有日志映射计算实体网络的网络中操作计算实体的方法，其针对漏洞，所述方法包括以下步骤：使用所述实体的网络地址，搜索所述日志以确定所述实体具有哪些漏洞; 并且如果日志指示实体存在漏洞，则将识别实体的用户的数据发送到网络的管理员。

公开(公告)号：US08230497B2

公开(公告)日：2012-07-24

申请号：US10287125

申请日：2002-11-04

Applicant: Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

Inventor： Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

IPC: G06F12/14 ,  G06F21/00

CPC classification number: H04L63/1433

Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

Abstract translation: 公开了一种在计算机系统上识别软件漏洞的方法，其中计算机系统具有存储在其上的软件，并且通过计算机网络连接到管理系统。 该方法包括以下步骤：向软件应用询问程序，询问程序能够利用已知的软件漏洞（如果存在于应用询问程序的软件中）; 在询问程序利用软件漏洞的情况下，操作询问程序以生成一组管理信息，从中可以导出计算机系统的识别; 并将管理信息发送到管理系统。

公开(公告)号：US07796515B2

公开(公告)日：2010-09-14

申请号：US10833057

申请日：2004-04-28

Applicant: Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson ,  Aled Justin Edwards

Inventor： Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson ,  Aled Justin Edwards

IPC: H04J1/16 ,  H04L12/28 ,  G06F11/00

CPC classification number: H04L63/0227 ,  H04L63/145

Abstract: A method of operating a first host within a network of a plurality of hosts. Over the course of a first time interval, requests received at the first host from a second host to send data to destination hosts are monitored. Identities of destination hosts monitored during the first time interval are compared with destination host identities in a record. Then, either data relating to requests which identify a destination host not in the record are stored in a storage buffer. Or the passage of data from the second host to the destination host within the network is limited over the course of the first time interval, so that during the first time interval the second host is unable to send data to more than a predetermined number of hosts not in the record.

Abstract translation: 一种在多个主机的网络内操作第一主机的方法。 在第一时间间隔的过程中，监视从第二主机在第一主机处接收的发送数据到目的主机的请求。 将在第一时间间隔期间监视的目标主机的标识与记录中的目标主机标识进行比较。 然后，与识别不在记录中的目的地主机的请求相关的数据被存储在存储缓冲器中。 或者在第一时间间隔内，从第二主机到第二主机到目的主机的通过是受限制的，使得在第一时间间隔期间，第二主机不能将数据发送到超过预定数量的主机 不在记录中。

公开(公告)号：US07373665B2

公开(公告)日：2008-05-13

申请号：US10697645

申请日：2003-10-31

Applicant: Matthew Murray Williamson ,  Jonathan Griffin ,  Andrew Patrick Norman

Inventor： Matthew Murray Williamson ,  Jonathan Griffin ,  Andrew Patrick Norman

IPC: G06F15/18 ,  G06F15/16

CPC classification number: H04L63/0227 ,  H04L63/145

Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.

Abstract translation: 根据预定策略已经发送数据的目的地主机的记录来监视在主机网络内从第一主机发送数据的请求。 目的主机身份不是记录被存储在缓冲区中。 监视缓冲区大小以确定来自第一主机的请求是否依赖于其中的病毒活动。

公开(公告)号：US20080104233A1

公开(公告)日：2008-05-01

申请号：US11872534

申请日：2007-10-15

Applicant: Richard Smith ,  Jonathan Griffin ,  Andrew Norman ,  Richard Brown

Inventor： Richard Smith ,  Jonathan Griffin ,  Andrew Norman ,  Richard Brown

IPC: G06F15/173 ,  G06F15/16

CPC classification number: H04L63/1408 ,  H04L43/00 ,  H04L43/0817

Abstract: A networked computing platform implements an opportunistic data communication method. The computing platform creates, at the instigation of at least one application executing on the platform, data packets for transmission over a network. The packets are created using a hierarchy of programs (‘stack’) implementing a corresponding hierarchical suite of network protocols each associated with a corresponding protocol data unit (PDU) that comprises protocol-control information for that protocol. The opportunistic communication method involves the platform waiting for creation of a packet to be instigated and thereupon setting a parameter in protocol-control information of the packet to a value indicative of a characteristic of the computing platform, this characteristic being one unconnected with functioning of the network protocols. A network monitoring method and a network administration method are also disclosed.

Abstract translation: 联网计算平台实现机会数据通信方式。 计算平台在平台上执行的至少一个应用程序的启发下创建用于通过网络传输的数据分组。 使用程序层级（“栈”）来创建分组，该层次结构实现相应的分层网络协议层，每个网络协议与包括用于该协议的协议控制信息的相应协议数据单元（PDU）相关联。 机会性通信方法涉及平台等待创建要发起的分组，并且随后将分组的协议控制信息中的参数设置为指示计算平台的特性的值，该特性是与 网络协议 还公开了网络监控方法和网络管理方法。

公开(公告)号：US07353539B2

公开(公告)日：2008-04-01

申请号：US10345701

申请日：2003-01-16

Applicant: John Melvin Brawn ,  Andrew Patrick Norman ,  Chris Ralph Dalton ,  Jonathan Griffin

Inventor： John Melvin Brawn ,  Andrew Patrick Norman ,  Chris Ralph Dalton ,  Jonathan Griffin

IPC: G06F12/14 ,  G06F11/30 ,  H04L9/32 ,  G06F15/173

CPC classification number: H04L63/1433

Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.

Abstract translation: 在计算机网络中识别计算机系统中的软件漏洞的方法包括从连接到网络的管理系统控制的多级扫描过程。 管理系统运行根扫描器，其向具有预定地址范围内的网络地址的远程系统应用询问程序。 当检测到软件漏洞时，询问程序使相应的远程系统扫描拓扑结构的本地系统，远程系统本身将本地系统应用第二询问程序以使用相关的缓冲有效载荷来检测和减轻该漏洞。 当本地扫描过程正在进行时，根扫描仪可以应用于其他预定义地址范围内的远程系统。

公开(公告)号：US06986042B2

公开(公告)日：2006-01-10

申请号：US10110950

申请日：2001-08-17

Applicant: Jonathan Griffin

Inventor： Jonathan Griffin

IPC: H04L12/24 ,  H04L12/26

CPC classification number: G06F21/53

Abstract: When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2). If the tests are failed, then the first platform (S1) can either be rebooted or returned to the state of the testing platform (S2).

Abstract translation: 当软件加载到操作系统内核中并且如果操作系统不能事先确定操作系统是否将处于适当的可信状态时，操作系统将访问与操作系统相同的存储器空间。 通过使用每个系统处理单元（S 1，S 2）具有可信设备的高可用性集群，可以获得更多信任和更灵活的信任方式，同时保持集群的高可用性属性。 软件可以被加载到计算系统的至少两个计算平台（S1）中的一个上。 另一个平台（S 2）在承载新软件的平台（S 1）上执行完整性测试，以检查平台（S1）是否仍处于受信任状态。 如果测试通过，则使用新软件将测试结果签名并发送到平台（S1），并将新软件复制到另一个计算平台上（S 2）。 如果测试失败，则可以将第一个平台（S1）重新启动或返回到测试平台的状态（S 2）。

公开(公告)号：US20050265351A1

公开(公告)日：2005-12-01

申请号：US11141760

申请日：2005-05-27

Applicant: Richard Smith ,  Jonathan Griffin

Inventor： Richard Smith ,  Jonathan Griffin

IPC: H04L12/24 ,  H04L12/28 ,  H04L12/46 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L63/08 ,  H04L63/1433 ,  H04L63/145

Abstract: A method of managing access by a transient computing entity to a computing network via a virtual private network (‘VPN’) gateway, the method comprising the steps of: authenticating, at the VPN gateway, the identity of the transient entity and establishing a VPN connection between the gateway and the transient entity; restricting access of the transient entity to the network; performing a scanning operation on the transient entity to establish whether the transient entity has a known vulnerability; upon completion of the scanning operation, enabling access by the transient entity to at least a part of the network which, prior to performance of the scan, was restricted.

Abstract translation: 一种管理瞬时计算实体经由虚拟专用网（“VPN”）网关对计算网络的访问的方法，该方法包括以下步骤：在VPN网关处认证瞬时实体的身份并建立VPN 网关与瞬态实体之间的连接; 限制瞬态实体对网络的访问; 对瞬态实体执行扫描操作以确定瞬时实体是否具有已知的脆弱性; 在扫描操作完成时，允许瞬态实体访问网络的至少一部分，其在执行扫描之前被限制。

公开(公告)号：US20050172019A1

公开(公告)日：2005-08-04

申请号：US11033182

申请日：2005-01-11

Applicant: Matthew Williamson ,  Andrew Norman ,  Jonathan Griffin

Inventor： Matthew Williamson ,  Andrew Norman ,  Jonathan Griffin

IPC: G06F1/00 ,  G06F15/173 ,  H04L12/24 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L63/1433 ,  H04L41/28 ,  H04L43/00 ,  H04L63/145

Abstract: A method of operating a computing entity in a network having a log mapping computing entity network addresses to vulnerabilities, the method comprising the steps of: using the entity's network address, searching the log to establish what vulnerabilities the entity has; and if the log indicates the entity has a vulnerability, sending data identifying a user of the entity to an administrator of the network.

Abstract translation: 一种在具有日志映射计算实体网络的网络中操作计算实体的方法，其针对漏洞，所述方法包括以下步骤：使用所述实体的网络地址，搜索所述日志以确定所述实体具有哪些漏洞; 并且如果日志指示实体存在漏洞，则将识别实体的用户的数据发送到网络的管理员。

公开(公告)号：US08505096B2

公开(公告)日：2013-08-06

申请号：US11192469

申请日：2005-07-29

Applicant: Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson

Inventor： Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson

IPC: H04L29/06

CPC classification number: H04W24/00 ,  H04L43/00 ,  H04L43/0894 ,  H04L63/1408 ,  H04W28/08

Abstract: One embodiment of an apparatus for monitoring from a first location in a computer network traffic emanating from a source at a second location in the network, the apparatus comprising means at the first location for detecting traffic emanating from the source and means for monitoring the number, per unit time, of distinct destinations of the traffic that lie outside a first set specifying familiar destinations of the traffic. This monitoring process can trigger various responses such as the isolation of the source from the network. Other systems and methods are also provided.

Abstract translation: 一种用于从计算机网络中的第一位置监测来自网络中的第二位置处的源的装置的装置的一个实施例，所述装置包括用于检测从源发出的流量的装置和用于监视该数量的装置， 每单位时间，位于第一组之外的指定熟悉的交通目的地的交通的不同目的地。 该监视过程可以触发各种响应，例如从网络隔离源。 还提供了其他系统和方法。