公开(公告)号：US08505096B2

公开(公告)日：2013-08-06

申请号：US11192469

申请日：2005-07-29

Applicant: Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson

Inventor： Jonathan Griffin ,  Andrew Patrick Norman ,  Matthew Murray Williamson

IPC: H04L29/06

CPC classification number: H04W24/00 ,  H04L43/00 ,  H04L43/0894 ,  H04L63/1408 ,  H04W28/08

Abstract: One embodiment of an apparatus for monitoring from a first location in a computer network traffic emanating from a source at a second location in the network, the apparatus comprising means at the first location for detecting traffic emanating from the source and means for monitoring the number, per unit time, of distinct destinations of the traffic that lie outside a first set specifying familiar destinations of the traffic. This monitoring process can trigger various responses such as the isolation of the source from the network. Other systems and methods are also provided.

Abstract translation: 一种用于从计算机网络中的第一位置监测来自网络中的第二位置处的源的装置的装置的一个实施例，所述装置包括用于检测从源发出的流量的装置和用于监视该数量的装置， 每单位时间，位于第一组之外的指定熟悉的交通目的地的交通的不同目的地。 该监视过程可以触发各种响应，例如从网络隔离源。 还提供了其他系统和方法。

公开(公告)号：US20050132231A1

公开(公告)日：2005-06-16

申请号：US11004349

申请日：2004-12-03

Applicant: Matthew Williamson ,  Andrew Norman ,  Jonathan Griffin

Inventor： Matthew Williamson ,  Andrew Norman ,  Jonathan Griffin

IPC: G06F11/34 ,  G06F21/55 ,  H04L29/06 ,  H04L9/00

CPC classification number: H04L63/0227 ,  G06F21/554 ,  H04L63/083 ,  H04L63/166

Abstract: A computer program product for monitoring a user computing entity's status, the program being adapted to: evaluate one more parameters of operation of one more functional elements of the user entity; if an evaluated parameter has a value outside of a predetermined range which is indicative of normal user entity behaviour, operate the user entity to enable, in a predetermined manner, administrative access to the user entity to be gained by an administrative computing entity, thereby to permit the administrative entity to perform an administrative operation on the user entity.

Abstract translation: 一种用于监视用户计算实体的状态的计算机程序产品，所述程序适于：评估所述用户实体的一个以上功能元素的多个操作参数; 如果评估参数具有指示正常用户实体行为的预定范围之外的值，则操作用户实体以预定方式使得能够由管理计算实体获得对用户实体的管理访问，由此 允许管理实体对用户实体进行管理操作。

公开(公告)号：US07865876B2

公开(公告)日：2011-01-04

申请号：US10175542

申请日：2002-06-18

Applicant: Jonathan Griffin ,  Christopher I. Dalton ,  Michael Child ,  Liqun Chen ,  Andrew Patrick Norman

Inventor： Jonathan Griffin ,  Christopher I. Dalton ,  Michael Child ,  Liqun Chen ,  Andrew Patrick Norman

IPC: G06F9/44 ,  G06F9/455 ,  H04L9/32

CPC classification number: G06F21/64 ,  G06F21/57 ,  G06F2211/009 ,  G06F2211/1097 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2129 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2153

Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.

Abstract translation: 计算平台20提供多个计算环境24，每个计算环境包含由虚拟机应用程序26提供的客户机操作系统25.可选地，每个计算环境24形成在分隔的主机操作系统22的隔室220中。可信设备213验证 主机操作系统22和每个客户操作系统25通过形成可由用户10询问的完整性度量以安全和可靠的方式操作。每个计算环境是隔离和安全的，并且可以被验证为独立于任何其他计算 环境。

公开(公告)号：US07076655B2

公开(公告)日：2006-07-11

申请号：US10175183

申请日：2002-06-18

Applicant: Jonathan Griffin ,  Liqun Chen

Inventor： Jonathan Griffin ,  Liqun Chen

IPC: H04L9/00 ,  G06F12/14 ,  G08B29/00

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F2221/2103 ,  G06F2221/2149

Abstract: A host computing platform 20 provides one or more computing environments 24 and includes a trusted device 213 arranged to form an integrity metric individual to each computing environment 24. The integrity metric is provided to a user 10 in response to an integrity challenge, signed for authentication using a signature key 213 held by the trusted device. In one embodiment the trusted device 213 selects a signature key unique to the computing environment 24, or in a second embodiment the trusted device forms the signed integrity metric including an identity label, in each case such that the user 10 can verify that the signed integrity metric corresponds to the expected computing environment 24.

公开(公告)号：US20050289245A1

公开(公告)日：2005-12-29

申请号：US11144461

申请日：2005-06-03

Applicant: Jonathan Griffin ,  Andrew Norman ,  Matthew Williamson

Inventor： Jonathan Griffin ,  Andrew Norman ,  Matthew Williamson

IPC: G06F15/16 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L63/0236 ,  H04L29/06 ,  H04L63/1416

Abstract: A method of restricting data communication to a network, the network comprising a plurality of data processors and a network communication element arranged to receive data communications originating outside the network, the method comprising monitoring data communications originating from outside the network and received at the network communication element and identifying the intended recipient data processor within the network of the received data communications; and determining if the identified intended recipient data processor has a corresponding entry on a record of network data processors and if not, adding a corresponding entry to the first record of network data processors and adding a corresponding entry to a second record of network data processors.

Abstract translation: 一种限制数据通信到网络的方法，所述网络包括多个数据处理器和网络通信元件，所述网络通信元件被布置为接收从网络外部发起的数据通信，所述方法包括监视从网络外部发起并在网络通信中接收的数据通信 并且识别所接收的数据通信的网络内的预期接收者数据处理器; 以及确定所识别的预期接收方数据处理器是否具有网络数据处理器的记录上的对应条目，如果不是，则将对应条目添加到网络数据处理器的第一记录，并将对应条目添加到网络数据处理器的第二记录。

公开(公告)号：US20070083914A1

公开(公告)日：2007-04-12

申请号：US11494291

申请日：2006-07-26

Applicant: Jonathan Griffin ,  Andrew Norman ,  Richard Smith

Inventor： Jonathan Griffin ,  Andrew Norman ,  Richard Smith

IPC: H04L9/32

CPC classification number: H04L63/1441 ,  G06F21/56

Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working set and to which packets may be transmitted; deleting packets whose transmission has been restricted.

Abstract translation: 一种限制来自网络中的主机实体的数据分组的传输的方法，包括：向存储在主机身份记录的工作集中的记录中包含其身份的目的地主机发送输出分组; 在重复的预定时间间隔的过程中，限制到预定数量的目的地主机，其不在工作组中识别，并且可以发送哪些分组; 删除传输限制的数据包。

公开(公告)号：US20070083913A1

公开(公告)日：2007-04-12

申请号：US11494289

申请日：2006-07-26

Applicant: Jonathan Griffin ,  Andrew Norman ,  Richard Smith

Inventor： Jonathan Griffin ,  Andrew Norman ,  Richard Smith

IPC: H04L9/32

CPC classification number: H04L63/1441 ,  G06F21/56

Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working to which packets may be transmitted; upon transmission of a packet to a host whose identity is not contained in a record in the working set, adding a record containing the host's identity to the working set and attributing a time to live to the record; deleting each record from the working set whose time to live has expired.

Abstract translation: 一种限制来自网络中的主机实体的数据分组的传输的方法，包括：向存储在主机身份记录的工作集中的记录中包含其身份的目的地主机发送输出分组; 在重复的预定时间间隔的过程中，将预定数目的目的地主机限制在可以发送分组的工作中未识别的目的地主机; 在将数据包发送到其身份不包含在工作集中的记录中的主机时，将包含主持人的身份的记录添加到工作集并且将时间归因于记录; 从工作集中删除每个记录已经过期的记录。

公开(公告)号：US07159210B2

公开(公告)日：2007-01-02

申请号：US10175553

申请日：2002-06-18

Applicant: Jonathan Griffin ,  Christopher I. Dalton

Inventor： Jonathan Griffin ,  Christopher I. Dalton

IPC: G04F9/45 ,  G04F9/48 ,  G04F12/00 ,  G04F9/455

CPC classification number: G06F9/45537

Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.

Abstract translation: 进程23直接在主机操作系统22上运行，直到进程23尝试可能影响主机操作系统22的安全性的操作（诸如加载内核模块或使用系统特权）。 然后，客机操作系统25作为虚拟机会话被提供在主机操作系统22的隔间24内，并且进程23的运行继续使用客户机操作系统。 替代地，在客户操作系统25上执行可能影响主机操作系统22的安全性的过程23的操作，从而提供更大的安全性。 客户操作系统25仅被选择性地调用，导致更高的整体效率。

公开(公告)号：US08392995B2

公开(公告)日：2013-03-05

申请号：US11033182

申请日：2005-01-11

Applicant: Matthew Murray Williamson ,  Andrew Patrick Norman ,  Jonathan Griffin

Inventor： Matthew Murray Williamson ,  Andrew Patrick Norman ,  Jonathan Griffin

IPC: G06F11/00

CPC classification number: H04L63/1433 ,  H04L41/28 ,  H04L43/00 ,  H04L63/145

Abstract: A method of operating a computing entity in a network having a log mapping computing entity network addresses to vulnerabilities, the method comprising the steps of: using the entity's network address, searching the log to establish what vulnerabilities the entity has; and if the log indicates the entity has a vulnerability, sending data identifying a user of the entity to an administrator of the network.

Abstract translation: 一种在具有日志映射计算实体网络的网络中操作计算实体的方法，其针对漏洞，所述方法包括以下步骤：使用所述实体的网络地址，搜索所述日志以确定所述实体具有哪些漏洞; 并且如果日志指示实体存在漏洞，则将识别实体的用户的数据发送到网络的管理员。

公开(公告)号：US08230497B2

公开(公告)日：2012-07-24

申请号：US10287125

申请日：2002-11-04

Applicant: Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

Inventor： Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

IPC: G06F12/14 ,  G06F21/00

CPC classification number: H04L63/1433

Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

Abstract translation: 公开了一种在计算机系统上识别软件漏洞的方法，其中计算机系统具有存储在其上的软件，并且通过计算机网络连接到管理系统。 该方法包括以下步骤：向软件应用询问程序，询问程序能够利用已知的软件漏洞（如果存在于应用询问程序的软件中）; 在询问程序利用软件漏洞的情况下，操作询问程序以生成一组管理信息，从中可以导出计算机系统的识别; 并将管理信息发送到管理系统。