Abstract: A method for categorising a state of operation of a software application in execution in a virtualised computing environment, the application having associated a set of software components being operable to access data associated with the application, the method comprising the steps of: receiving a set of software application state definitions, each state definition including a definition of an application characteristic having associated criteria based on one or more formal parameters; identifying a set of hypothetical states for the application from the set of state definitions based on the data, wherein the data is used to formulate a set of one or more actual parameters corresponding to formal parameters for criteria associated with one or more of the states in the set of hypothetical states; for each of the states in the set of hypothetical states, in response to a determination that criteria associated with a current state is fully evaluable in the negative, removing the current state from the set of hy

Abstract: An apparatus for enforcing a compliance requirement for a software application in execution in a virtualised computing environment, the apparatus comprising: an identifier component operable to identify a resource instantiated for execution of the application; a retriever component operable to retrieve a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resource and having associated a compliance criterion based on a formal parameter, the compliance criterion defining a set of compliant resource states; a first selector component operable to select a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning the resource; an evaluator component operable to evaluate the compliance criterion using the actual parameter; an application modifier component operable to, in response to a determination that the resource is outside the set of compliant resource states,

Abstract: A software compliance assessment apparatus for determining a level of compliance of a software application in execution in a virtualised computing environment, the apparatus comprising: an identifier component operable to identify resources instantiated for execution of the application; a retriever component operable to retrieve a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resources, and the compliance characteristic having associated a compliance criterion based on a formal parameter; a selector component operable to select a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning at least one of the resources; an evaluator component operable to evaluate the compliance criterion using the actual parameter; and a detector component operable to detect a change to one or more of the resources, wherein the identifier component, selector component and ev

Abstract: A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.

Abstract: A processing device (10) includes a receiver for receiving a data file and an associated data file policy and for receiving an application and an associated application policy, storage means for storing the received policies, a policy evaluation module (131) for evaluating policies and a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131). The device (10) is operable, in response to receiving a request for the application to open the data file, to cause the policy evaluation module (131) to evaluate the data file policy associated with the data file together with the application policy associated with the application and to cause the application to open the data file or not in dependence upon the evaluation.

Abstract: An authentication process controls access from a client terminal 2 to a remote server 3 via an unsecure network, by transmitting a challenge 63 from the server to the client in the form of a matrix barcode into which is embedded a sequence of images embedded in it selected (step 61) from a predetermined set of images stored on the server. The user responds to the challenge (e.g by sorting the images into groups, or order, according to a rule which is a shared secret (step 64) and generates a response in the form of a code (step 67) generated dynamically by convolving the user response 64 with a random PIN string (65) extracted from the matrix barcode, and data intrinsic to the user terminal, using a predetermined dynamically generated encryption algorithm for transmission to the server (step 68) for verification (69).

Abstract: A Policy Enforcement Point (PEP) enforcement module (100) comprises: a monitor (110), (120, 130, 140) for monitoring the output of a policy controlled module or PEP (200) operating within a distributed computer system and a correction performer module (150). The PEP (200) is associated with one or more policies (400) which are applied to the PEP. Each policy specifies a trigger event or events and an action or actions to be performed as a result of the trigger event occurring as well as expected output from the PEP (200) when it performs a specified action or actions. The monitor monitors output produced by the PEP (200) as a result of operating in compliance with a policy, and it compares the monitored output with one or more specified expected outputs specified in the policy.

Abstract: Methods and apparatus for controlling the operation of a distributed application using message interception techniques are disclosed. The message interception software is independent of the software components making up the distributed application. The message interception software processes messages by carrying out a series of actions set out in an interceptor chain configuration policy, that policy being selected on the basis of the contents of the intercepted message. The interceptor chain configuration policy is divided into a separate enforcement configuration policy which dictates what actions should be carried out on a message and in what order, and an interceptor reference policy which indicates references to interceptors which are suitable for carrying out the actions specified in the enforcement configuration policy.

Abstract: A computer system (100) is arranged to run at east one user-oriented operating system (153) (e.g. Windows, LINUX, etc.) on which a plurality of user-oriented applications (152) (e.g. Word processor, web browser, spreadsheet application, etc.) may run, the computer system being further arranged to run a secondary program supporting environment (154), (155) (e.g. computer BIOS, Hypervisor, basic LINUX operating system micro-kernel, etc.). The computer system (100) is arranged to run the secondary program supporting environment (154), when the main user-oriented operating system is not miming in either or both of the following situations: prior to loading the main operating system at boot-up time of the system or when a user wishes to log back into his/her operating system after having previously logged out or having been logged out automatically and/or during a sleep mode of the computer system.

Abstract: A Policy Enforcement Point (PEP) enforcement module (100) comprises: a monitor (110), (120, 130, 140) for monitoring the output of a policy controlled module or PEP (200) operating within a distributed computer system and a correction performer module (150). The PEP (200) is associated with one or more policies (400) which are applied to the PEP. Each policy specifies a trigger event or events and an action or actions to be performed as a result of the trigger event occurring as well as expected output from the PEP (200) when it performs a specified action or actions. The monitor monitors output produced by the PEP (200) as a result of operating in compliance with a policy, and it compares the monitored output with one or more specified expected outputs specified in the policy.

Abstract: This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols.

Abstract: A computer network is disclosed in which a group of computers co-operate to perform a distributed application. In order to ensure that only members of that group of computers are able to carry out certain operations, messages sent in the performance of the distributed application are checked by the recipient for the presence of a group membership token. The inclusion of a group membership token is controlled by one or more group membership handlers which intercept messages from local components and only include a group membership token with the message if they list the sending local component as being entitled to include the group membership token in the message. Furthermore, by operating the group membership token on a separate machine, or preferably a separate virtual machine from the local component, security is further improved. In the most preferred embodiments, the group token handler and/or the local component are hosted on virtual machines which provide virtualised cryptographic functionality.

Abstract: A distributed computer system is disclosed in which computers co-operate with one another by sending messages over a network such as the Internet in order to perform a distributed application. In order to improve the security of such system, each web service involved in the distributed application runs in a separate virtual machine. Furthermore, the virtual machines on a web server dedicated to respective web service instances utilise the same policy enforcement point—running in another virtual machine on the web-server—in order to handle messages for or from the web server. To increase security still further, each virtual machine provides virtual cryptoprocessor functionality which is used in the processing of messages sent in the performance of the distributed application.

Abstract: A broadcasting server connectable to a plurality of user devices and connectable to or comprising a key distribution centre, the broadcasting server comprising a processor and a memory, the broadcasting server configured to generate a plurality of key parts which together form an encryption key and/or the memory of the broadcasting server includes a plurality of key parts which together form an encryption key, the broadcasting sever is configured to: send a first key part to a first user device of said plurality of user devices, the first key part being one of the plurality of key parts, send a second key part to a second user device of said plurality of user devices, the first key part being one of the plurality of key parts, and encrypt data for broadcast with the encryption key and to broadcast the encrypted data to said plurality of user devices.

Abstract: A distributed computer system is disclosed in which computers co-operate with one another by sending messages over a network such as the Internet in order to perform a distributed application. In order to improve the security of such system, each web service involved in the distributed application runs in a separate virtual machine. Furthermore, the virtual machines on a web server dedicated to respective web service instances utilise the same policy enforcement point—running in another virtual machine on the web-server—in order to handle messages for or from the web server. To increase security still further, each virtual machine provides virtual cryptoprocessor functionality which is used in the processing of messages sent in the performance of the distributed application.

Abstract: A computer network is disclosed in which a group of computers co-operate to perform a distributed application. In order to ensure that only members of that group of computers are able to carry out certain operations, messages sent in the performance of the distributed application are checked by the recipient for the presence of a group membership token. The inclusion of a group membership token is controlled by one or more group membership handlers which intercept messages from local components and only include a group membership token with the message if they list the sending local component as being entitled to include the group membership token in the message. Furthermore, by operating the group membership token on a separate machine, or preferably a separate virtual machine from the local component, security is further improved. In the most preferred embodiments, the group token handler and/or the local component are hosted on virtual machines which provide virtualised cryptographic functionality.

Abstract: Methods and apparatus for controlling the operation of a distributed application using message interception techniques are disclosed. The message interception software is independent of the software components making up the distributed application. The message interception software processes messages by carrying out a series of actions set out in an interceptor chain configuration policy, that policy being selected on the basis of the contents of the intercepted message. The interceptor chain configuration policy is divided into a separate enforcement configuration policy which dictates what actions should be carried out on a message and in what order, and an interceptor reference policy which indicates references to interceptors which are suitable for carrying out the actions specified in the enforcement configuration policy.

Abstract: This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols.