Patents by Inventor Theo Dimitrakos
Theo Dimitrakos has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11537723Abstract: A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system.Type: GrantFiled: January 26, 2017Date of Patent: December 27, 2022Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Patent number: 11347876Abstract: A computer implemented method of access control for a restricted resource of a resource provider in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; defining a cryptocurrency for indicating authorization to access the resource, the cryptocurrency being formed of tradeable units of value associated with records in the blockchain and wherein transfer of the cryptocurrency between records in the blockchain is validated by the miners; receiving a request from an authenticated resource consumer for authorization to access the resource; and submitting a blockchain transaction to the miner components to transfer a quantity of cryptocurrency to a consumer record in the blockchain, the transaction including an identification ofType: GrantFiled: July 20, 2016Date of Patent: May 31, 2022Assignee: British Telecommunications Public Limited CompanyInventors: Gery Ducatel, Theo Dimitrakos, Joshua Daniel
-
Patent number: 10990690Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the eType: GrantFiled: January 26, 2017Date of Patent: April 27, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Patent number: 10956614Abstract: A computer implemented method of a resource provider for access control for a restricted resource in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components including a provider record associated with the resource provider, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; receiving a request from a resource consumer for access to the resource; communicating, to the resource consumer, an indication of a quantity of a cryptocurrency required for access to the resource; and in response to a determination that the required quantity of cryptocurrency is transferred to the provider record in the blockchain, the transfer being caused by a blockchain transaction including an identification of the role and the transaction being validated by a miner component, granting the consumer accType: GrantFiled: July 20, 2016Date of Patent: March 23, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Joshua Daniel, Gery Ducatel, Theo Dimitrakos
-
Patent number: 10897359Abstract: A method for securely accessing a hardware storage device connected to a computer system, the hardware storage device having a unique hardware identifier and the computer system including a processor, the method comprising: an agent software component receiving the identifier of the storage device to authenticate the storage device, wherein the agent executes in an unrestricted mode of operation of the processor such that the agent is a trusted software component; in response to the authentication, the agent accessing a secure data key for encrypting and decrypting data on the storage device, wherein the data key is accessible only to trusted agents executing in the unrestricted mode of the processor such that software executing in a user mode of the processor stores and retrieves data on the storage device only via the agent.Type: GrantFiled: November 13, 2014Date of Patent: January 19, 2021Assignee: BRITISH TELECOMMUNICATIONS public limited companyInventors: Fadi El-Moussa, Theo Dimitrakos, Georgios Vafiadis
-
Patent number: 10891383Abstract: A computer implemented method for validating use of a computing resource by a requester software component including: validating a characteristic of the requester; generating a first transaction defining criteria for consumption of the resource by the requester, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester to consume the resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.Type: GrantFiled: February 10, 2016Date of Patent: January 12, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Joshua Daniel, Theo Dimitrakos, Gery Ducatel
-
Patent number: 10853750Abstract: A computer implemented method to provide allocation of one or more computing resources for a consumer computing component, each resource having a resource type and being provided by one or more resource providers, and the consumer having associated a quantity of tradeable value constraining an extent of resource consumption.Type: GrantFiled: July 20, 2016Date of Patent: December 1, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Joshua Daniel, Gery Ducatel, Theo Dimitrakos
-
Patent number: 10771483Abstract: A computer implemented method to identify an attacked computing device in a system of network-connected computing devices providing a plurality of computing services, the method including receiving a first data structure including data modeling relationships between vulnerabilities of computing services in a first proper subset of the plurality of computing services and exploitation of such vulnerabilities to identify one or more series of exploits involved in a network attack; receiving a second data structure including data modeling the computing devices in the system including the network connections of each computing device; and comparing the first and second data structures to identify the attacked computing device as an intermediate device in communications between at least two computer services in any of the one or more series of exploits.Type: GrantFiled: December 28, 2017Date of Patent: September 8, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Patent number: 10754680Abstract: A computer implemented method of instantiating an encrypted disk image for a virtualized computer system includes providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine; and providing a basic input output system (BIOS) for the second hypervisor, the BIOS being configured to decrypt and load the encrypted disk image to instantiate the virtualized computer system as a second virtual machine in the second hypervisor, and wherein the software component is further configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encrypted disk image for the second virtual machine executing in the first hypervisor.Type: GrantFiled: January 23, 2017Date of Patent: August 25, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Publication number: 20200257814Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the eType: ApplicationFiled: January 26, 2017Publication date: August 13, 2020Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Theo DIMITRAKOS
-
Patent number: 10719346Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine for instantiating a disk image of the virtualized computer system as a second virtual machine, and the software component being configured to install a software agent in the second virtual machine, the software agent being adapted to: a) encrypt the instantiated disk image; b) encrypt data written, by the second virtual machine, to the instantiated disk image at a runtime of the second virtual machine; and c) decrypt data read, by the second virtual machine, from the instantiated disk image at a runtime of the second virtual machine, wherein the software component is configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encryType: GrantFiled: January 26, 2017Date of Patent: July 21, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Patent number: 10505721Abstract: A method of securing a virtual data volume storing data in a first virtualized computing environment including: deriving a cryptographic key for encrypting the data, the key being derived from first and second parameters; and encrypting the data, wherein the first parameter is generated for association with the virtualized data volume, and the second parameter is generated based on at least one characteristic of a second virtualized computing environment.Type: GrantFiled: September 22, 2015Date of Patent: December 10, 2019Assignee: British Telecommunications Public Limited CompanyInventors: Theo Dimitrakos, Ali Sajjad
-
Publication number: 20190050247Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine for instantiating a disk image of the virtualized computer system as a second virtual machine, and the software component being configured to install a software agent in the second virtual machine, the software agent being adapted to: a) encrypt the instantiated disk image; b) encrypt data written, by the second virtual machine, to the instantiated disk image at a runtime of the second virtual machine; and c) decrypt data read, by the second virtual machine, from the instantiated disk image at a runtime of the second virtual machine, wherein the software component is configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encryType: ApplicationFiled: January 26, 2017Publication date: February 14, 2019Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Theo DIMITRAKOS
-
Publication number: 20190034218Abstract: A computer implemented method of instantiating an encrypted disk image for a virtualized computer system includes providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine; and providing a basic input output system (BIOS) for the second hypervisor, the BIOS being configured to decrypt and load the encrypted disk image to instantiate the virtualized computer system as a second virtual machine in the second hypervisor, and wherein the software component is further configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encrypted disk image for the second virtual machine executing in the first hypervisor.Type: ApplicationFiled: January 23, 2017Publication date: January 31, 2019Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Theo DIMITRAKOS
-
Publication number: 20190034645Abstract: A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system.Type: ApplicationFiled: January 26, 2017Publication date: January 31, 2019Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Theo DIMITRAKOS
-
Publication number: 20180225469Abstract: A computer implemented method of a resource provider for access control for a restricted resource in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components including a provider record associated with the resource provider, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; receiving a request from a resource consumer for access to the resource; communicating, to the resource consumer, an indication of a quantity of a cryptocurrency required for access to the resource; and in response to a determination that the required quantity of cryptocurrency is transferred to the provider record in the blockchain, the transfer being caused by a blockchain transaction including an identification of the role and the transaction being validated by a miner component, granting the consumer accType: ApplicationFiled: July 20, 2016Publication date: August 9, 2018Applicant: British Telecommunications Public Limited CompanyInventors: Joshua DANIEL, Gery DUCATEL, Theo DIMITRAKOS
-
Publication number: 20180225466Abstract: A computer implemented method of access control for a restricted resource of a resource provider in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; defining a cryptocurrency for indicating authorization to access the resource, the cryptocurrency being formed of tradable units of value associated with records in the blockchain and wherein transfer of the cryptocurrency between records in the blockchain is validated by the miners; receiving a request from an authenticated resource consumer for authorization to access the resource; and submitting a blockchain transaction to the miner components to transfer a quantity of cryptocurrency to a consumer record in the blockchain, the transaction including an identification of tType: ApplicationFiled: July 20, 2016Publication date: August 9, 2018Applicant: British Telecommunications Public Limited CompanyInventors: Gery DUCATEL, Theo DIMITRAKOS, Joshua DANIEL
-
Publication number: 20180225611Abstract: A computer implemented method to provide allocation of one or more computing resources for a consumer computing component, each resource having a resource type and being provided by one or more resource providers, and the consumer having associated a quantity of tradeable value constraining an extent of resource consumption.Type: ApplicationFiled: July 20, 2016Publication date: August 9, 2018Applicant: British Telecommunications Public Limited CompanyInventors: Joshua DANIEL, Gery DUCATEL, Theo DIMITRAKOS
-
Patent number: 10044698Abstract: A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule fType: GrantFiled: March 17, 2015Date of Patent: August 7, 2018Assignee: British Telecommunications Public Limited CompanyInventors: Gery Michel Ducatel, Theo Dimitrakos
-
Patent number: 10044761Abstract: An authentication apparatus to authenticate a user requesting access to a restricted resource in a computer system comprising: an interface adapted to receive an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user; a receiver adapted to receive a user selected authentication scheme from a set of authentication schemes for the current user context; a comparator adapted to compare the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; an access controller adapted to permit access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.Type: GrantFiled: March 17, 2015Date of Patent: August 7, 2018Assignee: British Telecommunications Public Limited CompanyInventors: Gery Michel Ducatel, Theo Dimitrakos