Patents by Inventor Jonathan Griffin

Jonathan Griffin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9143524
    Abstract: A method of restricting transmission of data packets from a host entity in a network, including: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working to which packets may be transmitted; upon transmission of a packet to a host whose identity is not contained in a record in the working set, adding a record containing the host's identity to the working set and attributing a time to live to the record; deleting each record from the working set whose time to live has expired.
    Type: Grant
    Filed: July 26, 2006
    Date of Patent: September 22, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jonathan Griffin, Andrew Patrick Norman, Richard James Smith
  • Patent number: 8505096
    Abstract: One embodiment of an apparatus for monitoring from a first location in a computer network traffic emanating from a source at a second location in the network, the apparatus comprising means at the first location for detecting traffic emanating from the source and means for monitoring the number, per unit time, of distinct destinations of the traffic that lie outside a first set specifying familiar destinations of the traffic. This monitoring process can trigger various responses such as the isolation of the source from the network. Other systems and methods are also provided.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: August 6, 2013
    Inventors: Jonathan Griffin, Andrew Patrick Norman, Matthew Murray Williamson
  • Patent number: 8392995
    Abstract: A method of operating a computing entity in a network having a log mapping computing entity network addresses to vulnerabilities, the method comprising the steps of: using the entity's network address, searching the log to establish what vulnerabilities the entity has; and if the log indicates the entity has a vulnerability, sending data identifying a user of the entity to an administrator of the network.
    Type: Grant
    Filed: January 11, 2005
    Date of Patent: March 5, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Matthew Murray Williamson, Andrew Patrick Norman, Jonathan Griffin
  • Patent number: 8230497
    Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.
    Type: Grant
    Filed: November 4, 2002
    Date of Patent: July 24, 2012
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Andrew Patrick Norman, John Melvin Brawn, John P Scrimsher, Jonathan Griffin
  • Publication number: 20110173675
    Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working set and to which packets may be transmitted; deleting packets whose transmission has been restricted.
    Type: Application
    Filed: July 26, 2006
    Publication date: July 14, 2011
    Inventors: Jonathan Griffin, Andrew Norman, Richard Smith
  • Patent number: 7865876
    Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.
    Type: Grant
    Filed: June 18, 2002
    Date of Patent: January 4, 2011
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jonathan Griffin, Christopher I. Dalton, Michael Child, Liqun Chen, Andrew Patrick Norman
  • Patent number: 7796515
    Abstract: A method of operating a first host within a network of a plurality of hosts. Over the course of a first time interval, requests received at the first host from a second host to send data to destination hosts are monitored. Identities of destination hosts monitored during the first time interval are compared with destination host identities in a record. Then, either data relating to requests which identify a destination host not in the record are stored in a storage buffer. Or the passage of data from the second host to the destination host within the network is limited over the course of the first time interval, so that during the first time interval the second host is unable to send data to more than a predetermined number of hosts not in the record.
    Type: Grant
    Filed: April 28, 2004
    Date of Patent: September 14, 2010
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jonathan Griffin, Andrew Patrick Norman, Matthew Murray Williamson, Aled Justin Edwards
  • Patent number: 7437758
    Abstract: Propagation of viruses in a network having a plurality of hosts is restricted. Network activity of a first host of the plurality is monitored, and a first record established which is at least indicative of identities of hosts within the network contacted by a first host. Contact of the first host to other hosts within the network is limited over the course of a first time interval, so that during the first time interval the first host is unable to contact more than a predetermined number of hosts not in the first record. The method further includes an additional selection process for determining hosts of the plurality the first host is allowed to contact.
    Type: Grant
    Filed: October 31, 2003
    Date of Patent: October 14, 2008
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Matthew Murray Williamson, Andrew Patrick Norman, Jonathan Griffin
  • Patent number: 7373665
    Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.
    Type: Grant
    Filed: October 31, 2003
    Date of Patent: May 13, 2008
    Assignee: Hewlett-Packard Developement Company, L.P.
    Inventors: Matthew Murray Williamson, Jonathan Griffin, Andrew Patrick Norman
  • Publication number: 20080104233
    Abstract: A networked computing platform implements an opportunistic data communication method. The computing platform creates, at the instigation of at least one application executing on the platform, data packets for transmission over a network. The packets are created using a hierarchy of programs (‘stack’) implementing a corresponding hierarchical suite of network protocols each associated with a corresponding protocol data unit (PDU) that comprises protocol-control information for that protocol. The opportunistic communication method involves the platform waiting for creation of a packet to be instigated and thereupon setting a parameter in protocol-control information of the packet to a value indicative of a characteristic of the computing platform, this characteristic being one unconnected with functioning of the network protocols. A network monitoring method and a network administration method are also disclosed.
    Type: Application
    Filed: October 15, 2007
    Publication date: May 1, 2008
    Applicant: Hewlett-Packard Development Company, L.P.
    Inventors: Richard Smith, Jonathan Griffin, Andrew Norman, Richard Brown
  • Patent number: 7353539
    Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.
    Type: Grant
    Filed: January 16, 2003
    Date of Patent: April 1, 2008
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: John Melvin Brawn, Andrew Patrick Norman, Chris Ralph Dalton, Jonathan Griffin
  • Publication number: 20070083914
    Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working set and to which packets may be transmitted; deleting packets whose transmission has been restricted.
    Type: Application
    Filed: July 26, 2006
    Publication date: April 12, 2007
    Inventors: Jonathan Griffin, Andrew Norman, Richard Smith
  • Publication number: 20070083913
    Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working to which packets may be transmitted; upon transmission of a packet to a host whose identity is not contained in a record in the working set, adding a record containing the host's identity to the working set and attributing a time to live to the record; deleting each record from the working set whose time to live has expired.
    Type: Application
    Filed: July 26, 2006
    Publication date: April 12, 2007
    Inventors: Jonathan Griffin, Andrew Norman, Richard Smith
  • Patent number: 7159210
    Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.
    Type: Grant
    Filed: June 18, 2002
    Date of Patent: January 2, 2007
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jonathan Griffin, Christopher I. Dalton
  • Patent number: 7076655
    Abstract: A host computing platform 20 provides one or more computing environments 24 and includes a trusted device 213 arranged to form an integrity metric individual to each computing environment 24. The integrity metric is provided to a user 10 in response to an integrity challenge, signed for authentication using a signature key 213 held by the trusted device. In one embodiment the trusted device 213 selects a signature key unique to the computing environment 24, or in a second embodiment the trusted device forms the signed integrity metric including an identity label, in each case such that the user 10 can verify that the signed integrity metric corresponds to the expected computing environment 24.
    Type: Grant
    Filed: June 18, 2002
    Date of Patent: July 11, 2006
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jonathan Griffin, Liqun Chen
  • Publication number: 20060023637
    Abstract: One embodiment of an apparatus for monitoring from a first location in a computer network traffic emanating from a source at a second location in the network, the apparatus comprising means at the first location for detecting traffic emanating from the source and means for monitoring the number, per unit time, of distinct destinations of the traffic that lie outside a first set specifying familiar destinations of the traffic. This monitoring process can trigger various responses such as the isolation of the source from the network. Other systems and methods are also provided.
    Type: Application
    Filed: July 29, 2005
    Publication date: February 2, 2006
    Inventors: Jonathan Griffin, Andrew Norman, Matthew Williamson
  • Patent number: 6986042
    Abstract: When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2).
    Type: Grant
    Filed: August 17, 2001
    Date of Patent: January 10, 2006
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Jonathan Griffin
  • Publication number: 20050289245
    Abstract: A method of restricting data communication to a network, the network comprising a plurality of data processors and a network communication element arranged to receive data communications originating outside the network, the method comprising monitoring data communications originating from outside the network and received at the network communication element and identifying the intended recipient data processor within the network of the received data communications; and determining if the identified intended recipient data processor has a corresponding entry on a record of network data processors and if not, adding a corresponding entry to the first record of network data processors and adding a corresponding entry to a second record of network data processors.
    Type: Application
    Filed: June 3, 2005
    Publication date: December 29, 2005
    Inventors: Jonathan Griffin, Andrew Norman, Matthew Williamson
  • Publication number: 20050265351
    Abstract: A method of managing access by a transient computing entity to a computing network via a virtual private network (‘VPN’) gateway, the method comprising the steps of: authenticating, at the VPN gateway, the identity of the transient entity and establishing a VPN connection between the gateway and the transient entity; restricting access of the transient entity to the network; performing a scanning operation on the transient entity to establish whether the transient entity has a known vulnerability; upon completion of the scanning operation, enabling access by the transient entity to at least a part of the network which, prior to performance of the scan, was restricted.
    Type: Application
    Filed: May 27, 2005
    Publication date: December 1, 2005
    Inventors: Richard Smith, Jonathan Griffin
  • Publication number: 20050243730
    Abstract: A method of administering a network comprises the steps of: detecting the occurrence of a triggering event alerting an administrator to the presence of a user entity on the network, the triggering event being selected from the group consisting of: (i) allocation of a network address to the user entity; (ii) alteration of the user entity's network address; (iii) an action by the user entity causing resolution between a network address and an identifier; (iv) association of the user entity's network address and an identifier. Upon detecting such an event, the user entity having the network address is scanned for vulnerabilities by sending at least one outward packet to it, for example seeking to establish a connection on a particular port, and the response, if any, is then used to determine whether is vulnerable to known malicious code.
    Type: Application
    Filed: April 28, 2005
    Publication date: November 3, 2005
    Inventors: Matthew Williamson, Stefek Zaba, Christopher Dalton, Jonathan Griffin