Patents by Inventor Jonathan Griffin

Jonathan Griffin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20050172019
    Abstract: A method of operating a computing entity in a network having a log mapping computing entity network addresses to vulnerabilities, the method comprising the steps of: using the entity's network address, searching the log to establish what vulnerabilities the entity has; and if the log indicates the entity has a vulnerability, sending data identifying a user of the entity to an administrator of the network.
    Type: Application
    Filed: January 11, 2005
    Publication date: August 4, 2005
    Inventors: Matthew Williamson, Andrew Norman, Jonathan Griffin
  • Publication number: 20050132231
    Abstract: A computer program product for monitoring a user computing entity's status, the program being adapted to: evaluate one more parameters of operation of one more functional elements of the user entity; if an evaluated parameter has a value outside of a predetermined range which is indicative of normal user entity behaviour, operate the user entity to enable, in a predetermined manner, administrative access to the user entity to be gained by an administrative computing entity, thereby to permit the administrative entity to perform an administrative operation on the user entity.
    Type: Application
    Filed: December 3, 2004
    Publication date: June 16, 2005
    Inventors: Matthew Williamson, Andrew Norman, Jonathan Griffin
  • Publication number: 20040255159
    Abstract: Propagation of viruses in a network having a plurality of hosts is restricted. Network activity of a first host of the plurality is monitored, and a first record established which is at least indicative of identities of hosts within the network contacted by a first host. Contact of the first host to other hosts within the network is limited over the course of a first time interval, so that during the first time interval the first host is unable to contact more than a predetermined number of hosts not in the first record. The method further comprises an additional selection process for determining hosts of the plurality the first host is allowed to contact.
    Type: Application
    Filed: October 31, 2003
    Publication date: December 16, 2004
    Inventors: Matthew Murray Williamson, Andrew Patrick Norman, Jonathan Griffin
  • Publication number: 20040218615
    Abstract: A method of operating a first host within a network of a plurality of hosts. Over the course of a first time interval, requests received at the first host from a second host to send data to destination hosts are monitored. Identities of destination hosts monitored during the first time interval are compared with destination host identities in a record. Then, either data relating to requests which identify a destination host not in the record are stored in a storage buffer. Or the passage of data from the second host to the destination host within the network is limited over the course of the first time interval, so that during the first time interval the second host is unable to send data to more than a predetermined number of hosts not in the record.
    Type: Application
    Filed: April 28, 2004
    Publication date: November 4, 2004
    Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
    Inventors: Jonathan Griffin, Andrew Patrick Norman, Matthew Murray Williamson, Aled Justin Edwards
  • Publication number: 20040218327
    Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.
    Type: Application
    Filed: October 31, 2003
    Publication date: November 4, 2004
    Inventors: Matthew Murray Williamson, Jonathan Griffin, Andrew Patrick Norman
  • Publication number: 20040145122
    Abstract: This invention relates to a construction for fitting to a structural member in particular to a construction for routing a conduit or the like through a structural member where the integrity of the seal made by the structural member must be maintained. The construction having an annular bush (50) for fitting tightly in an aperture (43) defined in a structural member, the annular bush (50) being expandable radially when located in the aperture (43) by the action of a mandrel being passed through a longitudinal passageway defined by the bush whereby to exert a compressive force upon the region of the structural member surrounding the bush (50), wherein the bush (50) has a coupling for sealable attachment of a conduit to the bush (50).
    Type: Application
    Filed: December 3, 2003
    Publication date: July 29, 2004
    Inventors: Richard Burguete, Andrew Nixon, Martin Tudgay, David R Bennett, Jonathan Griffin, Philip A Brown
  • Publication number: 20040088565
    Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.
    Type: Application
    Filed: November 4, 2002
    Publication date: May 6, 2004
    Inventors: Andrew Patrick Norman, John Melvin Brawn, John P. Scrimsher, Jonathan Griffin
  • Publication number: 20040088581
    Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.
    Type: Application
    Filed: January 16, 2003
    Publication date: May 6, 2004
    Inventors: John Melvin Brawn, Andrew Patrick Norman, Chris Ralph Dalton, Jonathan Griffin
  • Publication number: 20020194241
    Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.
    Type: Application
    Filed: June 18, 2002
    Publication date: December 19, 2002
    Inventors: Jonathan Griffin, Christopher I. Dalton
  • Publication number: 20020194496
    Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.
    Type: Application
    Filed: June 18, 2002
    Publication date: December 19, 2002
    Inventors: Jonathan Griffin, Christopher I. Dalton, Michael Child, Liqun Chen, Andrew Patrick Norman
  • Publication number: 20020194482
    Abstract: A host computing platform 20 provides one or more computing environments 24 and includes a trusted device 213 arranged to form an integrity metric individual to each computing environment 24. The integrity metric is provided to a user 10 in response to an integrity challenge, signed for authentication using a signature key 213 held by the trusted device. In one embodiment the trusted device 213 selects a signature key unique to the computing environment 24, or in a second embodiment the trusted device forms the signed integrity metric including an identity label, in each case such that the user 10 can verify that the signed integrity metric corresponds to the expected computing environment 24.
    Type: Application
    Filed: June 18, 2002
    Publication date: December 19, 2002
    Applicant: HEWLETT-PACKARD COMPANY
    Inventors: Jonathan Griffin, Liqun Chen
  • Publication number: 20020194086
    Abstract: Apparatus and method for providing a secure environment enabling remote agents to interact with an electronic service are described. The electronic service runs in a first physically and logically protected computing environment. Each agent, acting on behalf of a respective client, runs in a separate physically and logically protected computing environment or compartment.
    Type: Application
    Filed: June 18, 2002
    Publication date: December 19, 2002
    Applicant: HEWLETT-PACKARD COMPANY
    Inventors: Siani Lynne Pearson, Jonathan Griffin
  • Publication number: 20020188763
    Abstract: When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2).
    Type: Application
    Filed: April 16, 2002
    Publication date: December 12, 2002
    Inventor: Jonathan Griffin
  • Publication number: 20020124052
    Abstract: An e-mail handling system stores e-mails 30 in separate compartments 241, 242. Highest risk e-mails are stored in individual compartments 242, while lower risk e-mails are stored together in one compartment 241 grouped according to any suitable characteristic such as the recipient or sender. An e-mail agent 27 examines each incoming e-mail according to a security policy. Stored e-mails are accessed by a combination of first and second browsers. The first browser 28 has cross compartment access to navigate the stored e-mails 30, while the second browser 29 is provided in the same compartment as a particular stored e-mail with access only to read within that compartment, 241, 242.
    Type: Application
    Filed: February 15, 2002
    Publication date: September 5, 2002
    Inventors: Richard Brown, Alex Chu, Christopher I. Dalton, Jonathan Griffin