Abstract: A computer network is disclosed in which a group of computers co-operate to perform a distributed application. In order to ensure that only members of that group of computers are able to carry out certain operations, messages sent in the performance of the distributed application are checked by the recipient for the presence of a group membership token. The inclusion of a group membership token is controlled by one or more group membership handlers which intercept messages from local components and only include a group membership token with the message if they list the sending local component as being entitled to include the group membership token in the message. Furthermore, by operating the group membership token on a separate machine, or preferably a separate virtual machine from the local component, security is further improved. In the most preferred embodiments, the group token handler and/or the local component are hosted on virtual machines which provide virtualised cryptographic functionality.

Abstract: A distributed computer system is disclosed in which computers co-operate with one another by sending messages over a network such as the Internet in order to perform a distributed application. In order to improve the security of such system, each web service involved in the distributed application runs in a separate virtual machine. Furthermore, the virtual machines on a web server dedicated to respective web service instances utilise the same policy enforcement point—running in another virtual machine on the web-server—in order to handle messages for or from the web server. To increase security still further, each virtual machine provides virtual cryptoprocessor functionality which is used in the processing of messages sent in the performance of the distributed application.

Abstract: A distributed computer system is disclosed in which computers co-operate with one another by sending messages over a network such as the Internet in order to perform a distributed application. In order to improve the security of such system, each web service involved in the distributed application runs in a separate virtual machine. Furthermore, the virtual machines on a web server dedicated to respective web service instances utilise the same policy enforcement point—running in another virtual machine on the web-server—in order to handle messages for or from the web server. To increase security still further, each virtual machine provides virtual cryptoprocessor functionality which is used in the processing of messages sent in the performance of the distributed application.

Abstract: A computer network is disclosed in which a group of computers co-operate to perform a distributed application. In order to ensure that only members of that group of computers are able to carry out certain operations, messages sent in the performance of the distributed application are checked by the recipient for the presence of a group membership token. The inclusion of a group membership token is controlled by one or more group membership handlers which intercept messages from local components and only include a group membership token with the message if they list the sending local component as being entitled to include the group membership token in the message. Furthermore, by operating the group membership token on a separate machine, or preferably a separate virtual machine from the local component, security is further improved. In the most preferred embodiments, the group token handler and/or the local component are hosted on virtual machines which provide virtualised cryptographic functionality.