AU2016101012A4 - Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology - Google Patents
Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology Download PDFInfo
- Publication number
- AU2016101012A4 AU2016101012A4 AU2016101012A AU2016101012A AU2016101012A4 AU 2016101012 A4 AU2016101012 A4 AU 2016101012A4 AU 2016101012 A AU2016101012 A AU 2016101012A AU 2016101012 A AU2016101012 A AU 2016101012A AU 2016101012 A4 AU2016101012 A4 AU 2016101012A4
- Authority
- AU
- Australia
- Prior art keywords
- augmented
- reapp
- enabled
- data
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The present invention relates to computer data management and to provide a computer analytic system and methodology, such that a host computer operates in a virtual environment encapsulated within the said analytic system and methodology. ------------------------------------ -- - - - - - - - -- --- --- - ----------- 1 -------------- 5C ----------- ------------------------------------- .. .. .. .. .. .. .. .. .. .. . .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. . --------------------------- -------------------------------- OS now 0 5ndO
Description
Field of Invention
The present invention relates to computer data management and in particular to computer data analysis systems and methodology improving the operating of computers used for both private and business purposes; however, the invention is not restricted to this particular field of use.
COPYRIGHT NOTICE
This document is subject to copyright. The reproduction of this document in Patent Office records and communications is permitted; however, all other copyright rights are reserved.
Problems of the Prior Art A disadvantage with the present art is that computer data management remains vulnerable despite the integration of security software measures. Said vulnerability diminishes the computers analytic capability, by allowing corrupted data to influence the computer program. Analytic capability is not enhanced by current solutions for computer security which consist of add-on combinations of software and hardware to the computer environment and which may impede this function. This is a limiting factor and a problem to be overcome in the field of computer analytic capability.
Addition to the state-of-the-art computer security system and methodology as per description in CERTIFIED INNOVATION PATENT Application number AU 2008100700 B4 does not address the issue of computer analytic capability. A computer is vulnerable by the fact that it communicates with other computers most often using predominantly the TCP/IP protocol that was written in the operating system without security in mind since all communications were trusted (initially, there was a mere handful of users); however, there are now over one billion internet users and the TCP/IP protocol is no safer. The vulnerability of TCP/IP is that the communication packet can be viewed and changed by a third party. Many security applications have focused on the communication of the TCP/IP packet to the computer. A firewall traditionally has been a rule-based filter placed between the internet and the point of entry of a computer or private network. This enables regulation of all incoming and outgoing packets through examination and determination of whether the packets are accepted or dropped (discarded). This is termed packet filtering. Because of the number of rules that are involved in the examination of each packet, there are often firewall rules which conflict. Firewalls therefore do not enhance computer analytic capability.
To resolve such conflicts, rules are prioritised and the rule with the highest priority will determine if the packet is accepted or otherwise. Further, firewall rules are only capable of performing simple decisions and lack fine-grained control. Further, the firewall rules take no account of the contents of the packet.
Other forms of computer security include intrusion detection systems (IDS) or the ambitiously-named intrusion prevention systems (IPS). Intrusion detection is the monitoring of a network for given real time warnings of intrusion detection and prevention. However, the diversification of intrusion patterns is making it increasingly difficult to detect and defeat intrusions. This system also does not enhance computer analytic capability.
The above methodologies address access to the computer but not the fundamentals of computer data analytic capability itself. Consequently, computer security has provided protection through single firewall which connects a corporate network to the internet at a single point1; the fact remains this system does not enhance computer analytic capability.
Recent developments have also focused on the human elements (wetware) as a means of prevention, such as: 1. “identity management” which concentrates on authentication systems such as biometrics; and 1 Broderick, J. Stuart (2005) Firewalls - Are they enough protection for current networks? Information Security Technical Report: Elsevier Ltd. 10: 204 - 212 2. Computer security policies and practices that are “effective” by educating and training users in virus prevention.
The fact remains these system do not enhance computer analytic capability.
Most commonly, security risk arises, not from a firewall “hole/hack, nor from a breach in security policy, but from a software bug which can be a potential security exploit. Such an exploit can exist in any part of the communication chain between the connected computers.
Implementation of various protections such as: 1) “Denial-of-Service via Driver Revocation [where] once a weakness is found in a particular driver or device, that driver will have its signature revoked by Microsoft, which means that it will cease to function”2, and 2) “content protection [which] requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything [such as] unusual voltage fluctuations, maybe some jitter on BUS signals, a unusual return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set” which results in “powering down, [or] to various types of crash, to nothing at all, all triggered by exactly the same external event.”3 do not provide improved computer analytic capability.
The impact of existing OS protection systems including but not limited to commercial OS, resulted in “considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost.” 4, consequently impeding computer analytic capability. 2 Gutmann, Peter (2006) A Cost Analysis of Windows Vista Content Protection http://www. cs. auckland. ac. nz/~pgut001/pubs/vista_cost. txt Last updated 27 December 2006 3 Gutmann, Peter (2006) A Cost Analysis of Windows Vista Content Protection http://www. cs. auckland. ac. nz/~pgut001/pubs/vista_cost. txt Last updated 27 December 2006 4 Ibid 16
All these methodologies have tried to secure the network and act as the gatekeeper to the computer with huge overheads in computing resources and with little success.
Previously known computer protection systems, such as software firewalls, have implementation limitations, wherein the lowest common security setting for hardware and/or the software base on the following configuration criteria: 1. implementation environment as set by the manufacturer and the network environment requirements; 2. "default-deny" firewall rule-set, which is dictated by policy settings; 3. packet filtering which inspects data "packets" according to the packet filter’s rules;
Applications that may be harmful to a network, such as Kazaa, have used a protocol which has an exploit in the form of random port allocation. Consequently, malicious code can enter a computer through on a non-standard port and potentially execute malicious obfuscated code in RAM.
There have been recent developments in firewall technology that is termed “application layer” firewalling; however, these developments are based on the OSI model of TCP/IP where the seventh layer of the OSI model is the application layer. 9
These developments overlook the problem that not all protocols respect the OSI model, and utilise other network layers to bypass firewalling.
The theory behind the implementation of the above is based on the premise that by adding either a soft or hard firewall to the computer network can manipulate access to the required resources and deny everything else. This takes the form of monitoring port numbers and endpoints based on a user’s access privileges using authentication means. This fails in areas such as malicious code gaining access though spoofing IP addresses and/or using proxies to hide its endpoint origin. Thus, the control of traffic to the user’s computer from specific zones of trust is compromised.
All examples described above do not contribute to improved computer analytic capability.
The invention herein described seeks to overcome the problems as described above.
Object of the invention
It is an object of the present invention to provide a computer analytic system and methodology, such that the host computer operates in a virtual environment encapsulated within the said analytic system and methodology.
According to the invention, there is provided a computer analytic system and methodology including the steps of: (a) Augmented REAPP software is executed on a target computer, wherein said target computer includes any programmable device that has pre-existing software installed, including a pre-existing OS; (b) a device connected to said target computer, such as an associated drive, a disk, a storage device, a network device, field device or the like; (c) said Augmented REAPP software selects an OS to function as said Augmented REAPP OS wherein said Augmented REAPP OS is different to said pre-existing OS; (d) the boot sequence of said target computer is modified such that said Augmented REAPP OS boots in preference to said preexisting OS; (e) said Augmented REAPP OS is executed as a host OS on said target computer; and said Augmented REAPP software enables one or more of the following to operate as a virtual client within a virtual machine: i. said preexisting OS; ii. said preexisting software. (f) said Augmented REAPP software enables the analysis of data including but
not restricted to REAPP collected and generated data on said Augmented REAPP OS.
According to one aspect of the invention, there is provided a computer implemented analytic system, including: (a) Augmented REAPP software, wherein said Augmented REAPP software includes an Augmented REAPP operating system (OS); (b) a target computer for executing said Augmented REAPP software, wherein said target computer includes any programmable device; and (c) a means for hosting a virtual machine on said target computer wherein: i. said target computer has pre-existing software installed, including a preexisting OS; ii. said Augmented REAPP OS is: a. different to said preexisting OS; and b. configured to boot in preference to said preexisting OS; c. executed as a host OS on said target computer; and iii. said Augmented REAPP software enables one or more of the following to operate as a virtual client within a virtual machine: a. said preexisting OS; b. said preexisting software. iv. said Augmented REAPP software enables on said host system to provide the capability to support the analysis of data including but not restricted to REAPP collected and generated data. v. said Augmented REAPP software enables on said field devices to provide the capability to support the analysis of data including but not restricted to REAPP collected and generated data.
The present invention with its wide array of practical embodiments and applications will be better understood with reference to the following description and the accompanying drawings.
Brief Description of the Drawings A preferred embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which
Figure 1 illustrates in a schematic diagram a typical methodology of data analysis added to, or operating in conjunction with, a computer.
Figure 2 illustrates in a schematic diagram a first preferred embodiment of the Augmented REAPP enabled computer data analysis system and methodology means as installed as bootable Augmented REAPP enabled data analysis software utilising existing computer apparatus.
Figure 3 illustrates in a flow chart showing the major steps for enabling the Augmented REAPP enabled computer data management means utilising existing computer apparatus.
Figure 4 illustrates in a schematic diagram the Augmented REAPP analysis system performing ongoing examination of data presented to Augmented REAPP enabled computer or device.
Figure 5 illustrates: (i) a sample spectral graph of Augmented REAPP collected and generated data compliance check using Augmented REAPP Fourier transform (AFT hereon) where the incidence of each frequency (y axis) is plotted against the frequency spectrum (x axis) such that a resultant representative data trace (wave form) resides within the parameters (high and low alarm limits) that are established by known data AFT analyses. (ii) a sample Laplace transform showing quantized increments derived of the AFT spectral graph.
Figure 6 illustrates a sample spectral graph of Augmented REAPP collected and generated data compliance check using AFT of two AFT wave forms, one being the reference source, whilst the other wave form is the Augmented REAPP collected and generated data.
Figure 7 illustrates a sample spectral graph of an Augmented REAPP collected and generated data compliance check using AFT generated wave forms of Augmented REAPP collected and generated data where the rate of change of the wave form (dv/dt capabilities) enables the detection of data anomalies. The said compliance check also analyzes Augmented REAPP collected and generated data via pattern matching of the said waveforms. Furthermore said compliance check is performed on Augmented REAPP generated quantized data derived from said waveforms, through utilization of Laplace transform application to said waveforms.
Figure 8 illustrates in a schematic diagram a further preferred embodiment in one arrangement of the Augmented REAPP enabled computer data analysis.
Figure 9 illustrates in a flow chart in one arrangement of a preferred embodiment the steps in the initial startup process of Augmented REAPP computer data analysis means.
Figure 10 illustrates in a flow chart in one arrangement of a preferred embodiment the steps in the Endorsement Phase of processes involved in the Augmented REAPP computer data analysis means.
Figure 11 illustrates in a flow chart in one arrangement of a preferred embodiment the steps involved during the Engagement of Augmented REAPP collected Information phase.
Detailed Description
Preferred embodiments of the present invention are now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the invention. It may be evident, however, that the invention may be practiced without these specific details.
In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing the invention.
Definitions
The term REAPP is an acronym for: • Recognition • Endorsement • Authorisation /Acknowledgement • Permission • Protection.
Dictionary of defined terms
Table 1 is a dictionary of terms defined according to the invention.
Terms defined in Table 1 are denoted with the use of capitalisation throughout the document. If a term is not capitalised then its plain meaning is to be construed, unless otherwise specified.
Table 1. Dictionary of defined terms
Summary of the Invention
The inventive device, method and system provide an improved computer analysis system for but not restricted to "nominated". Information from one or more external environments can be graded on a scale of insecure to secure. Consequently, using the inventive Augmented REAPP analytical system and methodology, a computer can be used to collect information, generate information and view Augmented REAPP analyzed information with an insecure setting and then reset to view and communicate securely with trusted sites.
In one embodiment, the Augmented REAPP system enables a structured compliance check of targeted data. A data file is created as a result of Augmented REAPP enabled computations on incoming data. This resultant data file is then compared for compliance to known data file(s) or library(ies) within the Augmented REAPP enabled system so that a level of trust can be allocated to the incoming data. If the data is categorised as "trusted", further access to the data by the user is enabled. Augmented REAPP enabled analysis involves multiple level verifications as an ongoing, continuing interrogation process of the computer environs. When the Augmented REAPP enabled computer analysis system detects a potential threat or unusual alteration within the computing environment then the computer is shut down or demoted to a lower security status, depending on governing requirements, which are set and finalised on installation.
The invention is not restricted to the use in the area of computer analysis alone but can also be applied to the area of verification of any electronic data. The Augmented REAPP enabled reference data can be manually updated on portable devices as well as online via networked communications.
The preferred embodiments involve an arrangement of steps. However, it should be noted that this invention is not limited to a single embodiment or arrangement of steps.
COMMON COMPUTER SECURITY SYSTEMS
Referring to Figure 1, a computer, referred to here as a host computer consists of Host Components 20, the Host OS 21, accompanying Host software 22 which runs on the Host OS 21, the Host Computer Hardware 23 and the Data 24 that sits on the host computer. Known computer security systems typically, as shown in Figure 1, have security software 10 added to, or operating in conjunction with, a host computer. This adjunct security software typically monitors security by comparing the host computer’s operation 22 against a library 13 containing rules and protocols 12. It is through the host computer OS 21 and its environment that the host computer communicates to the external environment, be it via a GUI 32, external communications 33 such as the internet, or via an external security library 31 used by the security software.
Selection of the Intrusion Detection/Prevention System (IDS/IPS) OS 11 is critical to effective security screening. Most PCs do not have antiviral software that runs on a OS 11 different to the screened computer’s OS 21. This is mainly due to majority of security software 22 residing within the host computer that it is trying to protect, and shares, the same operating system 21.
Such known security measures are inherently unable to protect the computer since protection will only operate once the computer has booted. Consequently, there recently has been increasing instances security breaches using “rootkits”. A rootkit subverts control of a common computer OS 21 by obscuring its installation and evades detection of most PC security systems (which are usually software 22 installations). Consequently, such software 22 installations are unable to examine a boot disk’s boot sector or slack space.5 Consequently, a rootkit contains programs used by computer hackers which are concealed due to it not being possible to examine the boot sector and/or the slack space of the hard drive pre booting of the computer (or possibly at any other time when Slack Space is involved) which is too late for a good security examination. 5Slack space or file slack is the area between the end of a file and the end of the last cluster or sector used by that file. Slack space is dependent on the format of storage device.
Furthermore, the said methodologies have hindered rather than enhanced the analytical capability of the said computer, through at least increased overhead requirements.
Augmented REAPP- ENABLED COMPUTER ANALYSIS
An Augmented REAPP enabled computer analysis system is a computer analysis system and methodology that is self-interrogating and concomitantly capable of autonomous status and function protection in that, under threat, theft, manipulation, the Augmented REAPP authentication requirements cannot be overridden, so therefore analysis can proceed in a trusted environ. If an internal computer component or device is replaced, without first authorization the device via the Augmented REAPP authorisation process (as described below), then the Augmented REAPP enabled operating system provides an automatic exclusion of the new device and deems the analysis environ as not trusted.
Consequently, device transplantation is not possible without authentication of the authentication requirements and a re-retrofit of the new requirements. No information can be retrieved or destroyed from the re-retrofitted device, except by the authentication via the Augmented REAPP enabled authentication process. Augmented REAPP-enablement can be scaled to suit the applicable environment.
The Augmented REAPP enabled product, system and methodology are described below as different embodiments in the context of the environment to which the Augmented REAPP enabled analysis is to be used.
An Augmented REAPP enabled computer can be de-militarized and remilitarized, to give the computer a specified risk/safety status. This safety status is enabled through a combination of processes of threshold assessment of internal computer devices and incoming data subjection to a reaping process by the Augmented REAPP enabled security processes.
This threshold assessment is continuous and the threshold is dynamic such that the security level of the Augmented REAPP enabled analysis engine can change and adapt as data and devices are assessed. Subsequently, as circumstances change the Augmented REAPP enabled analytic capability adapts to the new environ.
A FIRST PREFERRED EMBODIMENT A first preferred embodiment of the Augmented REAPP enabled analytical, system and methodology is described below with reference to Figure 2.
Installation of Augmented REAPP enabled analysis computer means
The Augmented REAPP enabled analysis computer means is preferably installed as bootable Augmented REAPP enabled analysis software 14 utilising existing computer hardware 23 (termed "target computer"). Consequently Augmented REAPP enabled analysis software 14 can be installed as a) a primary installation by either: i. the original equipment manufacturer (OEM) or ii. as a retrofit to existing computer infrastructure; or b) an add-on application to existing Host Computer 20 infrastructure. A target computer includes any programmable device that has pre-existing software installed, including a pre-existing operating system (OS).
Operation of the Augmented REAPP-enabled analysis methodology and system
The Augmented REAPP enabled computer analysis methodology and system is a virtual OS which operates in the Augmented REAPP enabled OS. The boot modification enables the loading of the Augmented REAPP OS as the host OS, and the original preexisting OS is loaded as a client OS in the form of a virtual OS 15
The method of installing a Augmented REAPP enabled computer analysis methodology and system involves: a) Installation of a bootable Augmented REAPP enabled computer analysis system onto a target computer; b) Modification of the boot sequence of the said target computer such that the Augmented REAPP enabled OS boots in preference to the target computer's OS termed the preexisting OS; c) Execution of the Augmented REAPP enabled OS as a Host OS on said target computer; and d) Execution of the target computer's OS operates as a virtual client OS a virtual machine where the Augmented REAPP enabled OS operates as a Host OS running the virtual machine; such that said targeted computer's software is intact for examination in a forensically intact form. The term computer is used to include all devices that have an operating system such as a mobile phone, an automatic teller machine, autopilots, weaponry, communication devices, etcetera. Devices attached to a computer include storage devices such as disks, networked drives, flash drives, field devices, etcetera.
An Augmented REAPP enabled OS 15 loads the pre-existing OS 21 as a client virtual machine, thereby enabling the Augmented REAPP Host OS 15 to Control of execution of one or more of the following: (a) said pre-existing OS 21; (b) said pre-existing software.
This control step enables censoring, interception and quarantining all hardware calls and other communications made to/by the client original HOST OS 21. The Augmented REAPP enabled analysis methodology and system enables the improving of the targeted computer's operating system and associated software so that the targeted computer is functionally indistinguishable from the target computer's original state of operations. However, the target computers OS and software is improved by the Augmented REAPP enabled analytical system such that it is sealed from directly communicating to other devices or destroying data it contains in any form including data on storage devices, in RAM, ROM or elsewhere. Consequently, the Augmented REAPP enabled analysis methodology and system reviews, examines, self-interrogates and delegates analytical operations, computations and communications whilst maintaining control over the target computer's operations, computations and communications.
Installation of Augmented REAPP enabled media provides a bootable Augmented REAPP enabled OS 15. This Augmented REAPP OS 15 will boot from a suspect host computer 20 to enable examination of the target computing environment by Augmented REAPP enabled analysis software 14 without forensically altering the original target computing environment, which therefore will remain forensically intact and examinable as a client virtual machine. This client virtual machine runs within the protection provided by the combination of Augmented REAPP OS 15 running the Augmented REAPP enabled analysis methodology and system software 14.
The original preexisting OS on the host computer 20 will be operational as a client operating system hosted by the Augmented REAPP Host OS.
The Augmented REAPP enabled bootable OS 15 will be different to the detected Host OS 21 of the target computer 20, which is regarded as a potentially contaminated OS 21. This difference maximises the independence of the Augmented REAPP enabled OS 15 and reduces the cross contamination potential between the original pre-existing OS 21 and the Augmented REAPP enabled analysis methodology and system software 14 housing the pre-existing OS as a client.
One embodiment of Augmented REAPP enabled analysis methodology and system can use an adapted Berkley Systems Distribution of UNIX (BSD), such as Open BSD due to its high security levels and near absence of security holes found in the last decade. However, if the original preexisting OS 21 uses Open BSD then an adapted version of Linux kernel (currently 4,6.2) will be used for the Augmented REAPP enabled analysis methodology and system 15
Other OS are also available for use by an Augmented REAPP- enabled analysis methodology and system in specific circumstances.
Specific drivers for known or generic hardware devices will be supplied with the Augmented REAPP enabled software 14. This methodology will provide a functional working environment for the selected Augmented REAPP- enabled analysis methodology and system 15.
The Augmented REAPP- enabled analysis methodology and system 15 hardware/software selection is dependent on the operating processes detected in the target computer 20
Different features of the Augmented REAPP enabled analysis methodology and system will now be discussed.
Augmented REAPP enabled interrogation capability
Referring to Figure 2, the Augmented REAPP- enabled analysis methodology and system 14 includes the capacity to analyze data from, but not restricted to, Augmented REAPP collected and generated data source. The analysis of the data is performed by the following steps: 1: incoming data is received from, but not restricted to, Augmented REAPP enabled data-collecting devices which include, but not restricted to, software and hardware. 2: the receipted data is quarantined by the Augmented REAPP- enabled analysis software and hardware 3: the quarantined data is compared against trusted Augmented REAPP data contained within the said Augmented REAPP- enabled analysis software and hardware 4: the compared data is modified by Augmented REAPP- enabled analysis software and hardware 5: the said modified data is transmitted to Augmented REAPP- enabled analysis software and hardware 6: The said transmitted data is quarantined by the Augmented REAPP- enabled analysis software and hardware. 7: the said quarantined data is compared against trusted Augmented REAPP data contained within the said Augmented REAPP- enabled analysis software and hardware and depending on the outcome of the comparison with the Augmented REAPP library, the said compared data will be: a) Accepted; b) Securely stored; c) Disarmed; or d) Destroyed.
The Augmented REAPP library
Augmented REAPP enabled examination provides for a data recognition and verification capability. Augmented REAPP analysis system and methodology compares features of the targeted computing environment against an Augmented REAPP library 40 (see Figure 2) The Augmented REAPP library includes data files or libraries relating to known or trusted software, drivers, operating systems and implemented application responses. This Augmented REAPP library 40 is used to determine compliance with Augmented REAPP enabled Fourier transform responses of both data files and executable programs.
The Augmented REAPP enabled censor
At the completion of the Augmented REAPP-collected data recognition and verification step, said compared data will (broadly) be accepted or rejected. The Augmented REAPP enabled censor, which also has notification and feedback capability, controls communication: (a) internally between devices, as well as; (b) to and from the host computer environment 15 to the external environment 30
The Augmented REAPP enabled censor (which resides within the Augmented REAPP-enabled analysis software and hardware 14) provides a means to: (a) modify data including but not restricted to, Augmented REAPP collected data (b) compare the said modified data (c) accept or reject the said compared data (d) shut down any transmission of data or device that is functioning abnormally; or (e) disable unverified process(es), where there is change in a process value compared with a corresponding file in the Augmented REAPP library.
The Augmented REAPP enabled analysis methodology
In a preferred embodiment the Augmented REAPP analysis methodology provides a method for data analysis within a computer or computer system. However, it will be appreciated by those skilled within the art of data analysis that the proposed use of Fourier transforms to subject the targeted computing environment to a known computing forensic analysis, may include variations to the steps outlined.
Referring to Figure 3 for the steps and Figure 2 for the integers, the Augmented REAPP-enabled methodology is discussed.
The sequences may vary in different arrangements, and the following sequences are provided as exemplary arrangements of the preferred embodiment: 1. Augmented REAPP enabled media, such as CD, DVD, RAM disc etcetera, is inserted into a suitable reader of a target device such as a computer mobile phone, automatic teller machine; 20 2. in the current example, the target computer 20 is powered up; 3. the target computer 20 is booted from the Augmented REAPP enabled media; 4. the Augmented REAPP enabled OS 15 operates as the host operating system; 5. the Augmented REAPP enabled analysis methodology software 14, operating within the Augmented REAPP enabled OS 15, examines the host computer 20 6. the host computer OS 21, host software 22 and host data 24 are now operating as a virtual machine within the Augmented REAPP enabled analysis methodology within the Augmented REAPP OS 15 7. A command is sent to the Augmented REAPP enabled OS 15 and original pre-existing host OS 21 seeking a positive "all ports closed" response. There may be allowance for retries and timeouts. If the required response is received, registration of installed programs/applications takes place.
In another arrangement, the transition from a potentially contaminated computer environment 20 to a secure computing environment can be achieved by following the steps outlined below: 1. Insert Augmented REAPP enabled analysis methodology software 14 with optional independent Augmented REAPP enabled analysis methodology device into a suitable reader e.g. USB for reading Flash ROM (dongle) and/or a DVD/CD reader with a DVD/CD.
The independent Augmented REAPP enabled analysis methodology device is encoded, requiring security authorisation associated with the Augmented REAPP enabled bootable media.
An example of an independent Augmented REAPP enabled analysis methodology device is a Augmented REAPP enabled Dongle. Whether or not the independent analysis device is installed depends on the level of host computer analysis required. 2. Power on the target suspect computer 20 3. The host computer is set to boot from the Augmented REAPP enabled media. This step ensures that the target computer boots from Augmented REAPP enabled portable media, if present, in preference to booting off the target computer's hard drive. In the absence of Augmented REAPP enabled portable media the computer will boot off the target computer's OS. Exemplary boot sequences are as follows: a. Power Cycle Power down: Referring to Figure 2, if the target computer's OS 21 starts to boot using any operating system other than the Augmented REAPP enabled OS 15, the target computer is immediately powered off and shut down; however, the Augmented REAPP enabled OS continues to function.
In one arrangement, powering down the computer involves the sub step of linking the Augmented REAPP enabled Dongle with an external power board or power supply that has a direct, a Bluetooth or other means to communicate with the Augmented REAPP enabled analysis methodology system. This communication is used as a gate which allows the power to continue to supply to the computer if the Augmented REAPP enabled OS 15 is booted and the Augmented REAPP enabled analysis methodology system is activated. The Augmented REAPP enabled analysis methodology system indicates to the power source that the power drawn by the computer is involving the activation of the Augmented REAPP enabled analysis methodology software 14. If there is power drawn but the Augmented REAPP enabled analysis methodology OS 15 is not booted or the Augmented REAPP enabled analysis Software 14 is not executed, then the power supply is shut off. (b) Power Cycle Power up: If the boot sequence was not initially booting from a Augmented REAPP enabled OS 15, after powering down and being restarted, the computer is rebooted. On reboot, the target computer's BIOS, or equivalent, depending on the computing environment, is flashed to reset the boot sequence so that it: i. searches for a Augmented REAPP enabled OS 15 and boots from specific portable media (in a sequence nominated), and then ii. searches for an OS and boots from a primary hard drive. If it boots from a non- Augmented REAPP enabled OS 21, there is a warning (including in the form of a message, sound and/or series of LEDs lighting or flashing) to indicate that the computer is booting from a potentially unsafe environment. The computer is either powered down or selected to boot in an unsafe environment. 4. The Augmented REAPP enabled OS 15 is booted. This is indicated by, for example, showing a series of light emitting diodes (LEDs) flashing on the Augmented REAPP enabled dongle. 5. Selection of the Augmented REAPP analysis OS 15. The Augmented REAPP enabled OS 15 is booted with an OS that is different to the primary drive's OS 21. The target computer's primary drive is examined by the Augmented REAPP enabled OS which is booted in RAM. The Augmented REAPP enabled OS then selects an OS that is not identical to the OS on the target computer Augmented REAPP enabled analysis software is activated. This is to ensure a greater level of analytical capability. a. If the Augmented REAPP enabled OS 15 and the target computer's primary hard drive OS 15 are the same, then the Augmented REAPP enabled OS 15 will reboot with a different Augmented REAPP enabled OS 15 the Augmented REAPP enabled analysis software is activated b. If the Augmented REAPP enabled OS 15 and the target computer's primary hard drive OS are different then the Augmented REAPP enabled OS 15 is booted and the following takes place: i. booting coincides with the target computer "closing all ports". It is mandatory at this stage for all ports, other than the ports communicating with the Augmented REAPP enabled bootable media, to be closed. ii. The target computer's OS 21 will be incapacitated. The Augmented REAPP enabled analysis system will examine all hardware 23, software 22and data 24. None of the target computer's OS 21, software 22, drivers or firmware are operable at this stage. The Augmented REAPP enabled analysis software continues to function 6. Detection, examination and registration of all installed software 22 and data 24 is confirmed and continually rechecked by the Augmented REAPP enabled analysis software and hardware. The confirmation of registered software 22 and data 24 is obtained by polling the targeted computer's 20 environment, in order to ensure that no additional hardware 23 or media becomes available which contains new software 22 and/or data 24. 7. Augmented REAPP enabled analysis software 14 is updated from a Augmented REAPP enabled server or media.
The Augmented REAPP enabled OS 15, after examination of the target computer's hardware 23, will execute the minimal number of Augmented REAPP enabled drivers required to operate this hardware 23 and to communicate with a Augmented REAPP enabled analysis server or accompanying media (hard drives, disks, flash drives etc). This communication will use a secure protocol 16 to perform an analysis of the target computer 20 and to receive Augmented REAPP enabled analysis updates 34. This step is enabled by the following sub steps: a. the Augmented REAPP enabled OS 15 receives the latest updates, from the Augmented REAPP enabled library 34 or accompanying media, specific to and appropriate for the target computer's operating environment; and b. the first stage of the analysis of the target computer's security and risk assessment is performed using the processing of an independent Augmented REAPP enabled analysis server 34 which can be located in a distributed form to bypass any form of central attack or "man-in-the-middle attack" and permit ongoing analysis of data, including but not restricted to collected and generated data.
The above analysis will include examination of the target computer's software 22 for compliance with registered programs in a Augmented REAPP library 40 of known, trusted programs. If a positive match is received, then notification is given to the Augmented REAPP enabled OS 15 that the said software 22 is accepted as known. If no match is made then a notification is given: i. to run one instance of the program as follows: A. run the examined program in an secure encapsulated mode within a Augmented REAPP enabled virtual machine (VM); B. run the target computer's OS 21 and specific software in secure encapsulated mode within a Augmented REAPP enabled virtual machine (VM)
An Augmented REAPP enabled virtual machine is enabled to run the target computer OS 21 with specific software 22 as separate Augmented REAPP enabled VM instances; or ii. not to run the examined program in any environment (including in a VM and/or in situ). 8. The target computer's analysis environment is moved to a REAPP secured VM as a client hosted by Augmented REAPP enabled analysis software 14. The Augmented REAPP enabled analysis software 14 moves the target computer's unexecuted OS 21, accompanying drivers, software 22 and said data analysis secured environment 23 from the target computer's physical environment (a hard/flash drive, disk(s) etc) to a virtual Augmented REAPP analysis OS environment.
This step is commonly referred to as a physical to virtual (P2V) step which entails a virtual machine creation in the Augmented REAPP enabled OS's virtual host environment. The P2V step copies all the files from the target computer's OS, applications and data. A Augmented REAPP enabled P2V migration tool may also migrate the target computer's files to a distributed Augmented REAPP enabled server over the network if required or desired. 9. Reboot with Augmented REAPP hosting target computer as a client
The Augmented REAPP enabled OS 15 will then reboot as a primary OS 15 with the target computer's OS 21 booted simultaneously in an encapsulated virtual machine. 10. Re-examination of host computer Once the target computer's OS 21 is enabled (in the said Augmented REAPP enabled OS's secured virtual host environment), then both the Augmented REAPP enabled OS 15 and the target computer's OS 21 are able to be run simultaneously on the same computer the target computer). 11. Augmented REAPP enabled analysis software is activated
Initially the Augmented REAPP enabled OS 15 will examine the following the target computer's elements including: a. the target computers OS 21; the target computers interactions with the target computers physical device hardware 23, b. the target computer's firmware, c. all target computer software 22, and d. any opening or closing of ports which will be virtually active but not bridged across to the Augmented REAPP enabled OS 15. Consequently, the target computer's OS 21 will not be able to allow any ports to be functional at this stage. 12. Host computer enabled as operable as a REAPP secured VM client Once the target computer's OS 21 has been successfully examined and has been cleared as a clean and secure operating environment, then the target computer's OS 21 can perform its functions in a REAPP secured virtual machine (VM) environment without being confined to a closed environment. Consequently, the port enablement can be modulated from the Augmented REAPP enabled secured OS 15 and Augmented REAPP enabled security software 14 such that any request for port opening can be cleared via the function of that Augmented REAPP enabled security software 14 before opening of the computer the Augmented REAPP enabled analysis software continues to function 13. The Augmented REAPP enabled OS 15 will continue to be the primary OS whilst the target computer's OS 21 environment will be running simultaneously. The Augmented REAPP -enabled OS 15 will continually examine the target computer's operating environment for security wherein the Augmented REAPP enabled analysis software continues to function. These operations will be discussed in detail below. 14. This Augmented REAPP enabled OS 15 can examine the target computer's operations by continually polling the VM environment containing the target computer 20. This examination includes assessment of the VM hardware 23, software 22, firmware and instructions in RAM. The arrangement of sub-steps involved in this examination includes : a.-analysis of status integrity of hardware, including but not restricted to VM hardware, field device, and the like. b. interrogation by Augmented REAPP enabled analysis system of all active programs,; c. detection of abnormal event(s), where the Augmented REAPP enabled analysis software 14 will issue notification of error to the user of the Augmented REAPP enabled computer and freeze the target computer's OS 21 and software 22 for examination and clearance if possible; d. acknowledgement of the detected abnormal event, Augmented REAPP enabled analysis software 14, if unable to determine the cause of the abnormal event, will forward an image of the frozen virtual machine to the Augmented REAPP enabled server 34; e. responses by the Augmented REAPP enabled Server 34, containing either a negative response, a timeout, or if no positive response received, will enable the Augmented REAPP enabled analysis software 14 to issue an instruction to only restart the VM containing the Target Computer's OS 21 with a "shut all" ports command; and f. notification of the user of the findings. If the user chooses to ignore warnings, the Augmented REAPP enabled analysis software 14 will freeze the VM containing the host computer operations. The user can also choose to shut down the system and undertake manual remediation. 14. The computer can be powered off or on with the Augmented REAPP enabled OS booting as the primary OS followed by the target computer's OS booting second and always being checked by the Augmented REAPP enabled primary OS. This Augmented REAPP enabled OS can be copied onto the target computer's hard drive if considered desirable.
ENGAGEMENT OF INCOMING INFORMATION
The Augmented REAPP analysis technology is a new or improved means for: a. analyzing electronic data including but not restricted to collected and generated data including but not restricted to Meta data., b. Analyzing hardware status and so improving the environment in which such data is to be viewed or used.
An Augmented REAPP enabled analysis operating environment generates, collects and modifies all incoming data. The generation, collection and modification of incoming data incorporates the use of Augmented Fourier transform analyses.
Information passed to an Augmented REAPP enabled analysis device (such as a personal computer, mobile phone, automatic teller machine or other means for viewing and accessing data) must be presented in a manner that conforms to Augmented REAPP enabled standards, as follows: 1. Data must have conformity that includes the following: a) Information should be registered; and/or b) Conform to a mode that is acceptable to an operating system which utilises Augmented REAPP enabled analysis software and hardware that conforms to a Augmented REAPP enabled standard. 2. Information should be stopped at the ports while the Augmented REAPP enabled dongle and associated firmware perform an initial check on the credentials of the presenting information, including but not restricted to collected and generated data. 3. Upon comparison of the presenting information as acceptable data by the Augmented REAPP enabled analysis system and associated firmware, the Augmented REAPP enabled analysis system sends an information request and receives a response from the Augmented REAPP enabled LD (and from other devices in other arrangements), which in turn sends an information request and receives a response from the Augmented REAPP enabled DM and then the Augmented REAPP enabled CPU, which switches on with confirmation of the acceptable data.
FOURIER TRANSFORM METHODOLOGY
Referring to Figure 4, the Augmented REAPP operating system enables ongoing examination of data including but not restricted to presented to an Augmented REAPP enabled computer or device, including a personal computer, a mobile phone, or other means for reading and using electronic data, including a closed loop system for drug scripts or bank transactions.
Utilising the method of Augmented Fourier transform (AFT) analysis in Augmented REAPP enabled analysis software, in the Augmented REAPP enabled operating system enables: (a) the examination of large volumes of data (including whole MPG files), performing calculations on compressed and/or normal data and data volumes; and (b) multiple checks to be performed on the same data serially and/or in parallel. A Augmented REAPP enabled analysis software utilising AFT analysis can catalogue data and/or files including program files for conformity to known and or trusted data libraries. Each file has its own unique AFT signature. Therefore, the examination of code is relative to known code signatures. By "code", the inventors mean any file, data or binary information that can be observed as a whole or as a rolling signature of a specified number of bits, relative to a known code signature.
In the Augmented REAPP enabled computer, an input data set is presented in a time domain (binary data stream) which has data analysis performed with respect to time. In the case of incoming data, the data is: (a) cached for a specified period of time such as one second intervals; or (b) analysed "on the wire" which currently code can be analysed for acceptable code signature with at least a gigabyte per second input which is standard for most network cards; followed by (c) transformed into specified epochs of the data, which is converted into a frequency domain using a AFT transformation. A time domain reveals how the data input changes with time, whilst a frequency domain reveals the strength of the signal in each given frequency epoch over a range of frequencies which provides a unique signature of the data. The vantage of a frequency domain is that it can include a phase shift to recombine the frequency epoch over a range of frequencies. The advantage of a frequency domain is that it can include a phase shift to recombine the frequency epochs to reform the original time domain. Therefore, the original data input can be recreated at any time to reproduce the data input for forensic and/ or analyses. (d) Generates Quantized data through the addition of Laplace modelling computation (e) Compares said quantized data to known data source within the Augmented REAPP Library (f) Manages the said quantized data incremental deviations and rejects or accepts analyzed data against known threshold levels.
DATA REGISTRATION AND ACCEPTANCE
Figure 4 shows the mechanisms for performing information registration and conforming to acceptable information criteria. These are enabled by performing data analyses, such as Augmented Fourier analysis, including applied Laplace Transform modelling computation which is then compared to trusted data. This data can be modulated through feed forward and feedback loops by raising or lowering the data acceptance thresholds.
An Augmented Fourier-transform, is made from the binary data that is potentially enabled to be executed within a computer. Such data is modified by applied Laplace Transform modelling computation. Quantized data derived from the Laplace Transform modelling computation utilization is considered to be acceptable when the Augmented Fourier transform lies within a specified range of safe parameters as defined from the Augmented Fourier transforms obtained from known data such as disk images (e.g. ISD images from computer storage devices) and binary data executed in computer memory where the data image is obtained through use of virtual machines (VMware and like products) to freeze and read the RAM Fourier transform.
The Augmented Fourier-transform analyses data, which includes but not restricted to collected and generated data: (a) as it enters the computer; and /or (b) that has entered the computer and is stored in a quarantined region.
The data is sampled to generate an Augmented Fourier transform of the relative frequency components which are compared with signals representative of incident frequency of trusted data samples. The degree of similarity between the frequency of the image and memory elements based on the input data and the frequency of the same elements based on the trusted data sourced by a data base of known trusted Augmented Fourier transforms from known trusted data sources. The comparison of the Augmented Fourier transforms is calculated for the extent of the similarity with a threshold value. When the calculation is larger than or equal to the threshold values, the correlation of the input data and the enrolled data have a common origin and is therefore trusted. Conversely, when the calculation is less than the threshold value, the correlation of the Augmented Fourier transforms is different to the extent of being of an untrusted nature. Therefore, the data is rejected as determined via the Augmented Fourier transform analyses.
Incorporates Laplace Transform modelling computation
Generates quantized data as a value set.
The quantized data is sampled.
In one embodiment the comparison of the similarity of magnitude of sampled quantized data to signals representative of trusted data is calculated for the extent of deviation to a threshold value.
In another embodiment the comparison of the similarity between the pattern of sampled quantized data set to pattern of signals representative of trusted data set is calculated for the extent of deviation to trusted data set pattern.
When the calculation is larger than or equal to the threshold values, the correlation of the input data and the enrolled data have a common origin and is therefore trusted. Conversely, when the calculation is less than the threshold value, the correlation of the Augmented Fourier transforms are different to the extent of being of an untrusted nature. Therefore, the data is rejected as determined via the Augmented Fourier transform analyses.
The methods of comparison for Augmented Fourier transform data include; but are not restricted to: (a) Frequency/spectrum pattern matching (b) Dynamics and or rate of change of the frequency spectrum; and (c) Magnitude of the frequency spectrum limits (d) magnitude of sampled quantized data (e) pattern of sampled quantized data set
Augmented Fourier Transform Analysis using a staged interrogation
The method of AFT can be used iteratively and repeatedly within the Augmented REAPP enabled OS.
Stage 1:
The first stage of AFT takes place by interrogation of the input data stream including but not restricted to collected and generated data that flows from the unsecured source.
The Augmented REAPP- enabled operating system, as discussed earlier, either dams the input data stream as cached data set, or performs the analysis "on the wire". This cached data set is effectively creating a "quarantine" area that receives all data prior to transfer of this data into the operating environment of the Augmented REAPP- enabled OS. Thus, the "quarantine" area is a non-operational secured holding area within the Augmented REAPP enabled computer. This cached data may be secured in 1 second epochs or in other specified epochs of data.
Stage 2:
In sequential flow terms, the data enters the Augmented REAPP enabled computer through an open data port, after it has its' data source verified via integration of standards check, compliant with the Augmented REAPP enabled system standards library.
The incoming, but not restricted to, collected and generated data stream is then receipted into an isolated area that is to be found within a storage device that will be both electrically and functionally contained and exist in separation (either physically or functionally by, e.g. partitioning segments of the storage device in a different format to that of the original (legacy) format and original pre-existing operating system) from the rest of the Augmented REAPP enabled operating system. Such reformatting can take place using LINUX'S parted dynamic repartitioning utilities. Accessing data from the isolated areas can take place by using cross platform tools such as SAMBA with access controlled by user logon scripts or shell scripts that are conditionally enabled.
Stage 3:
The Augmented REAPP enabled analysis software utilizing a AFT, will when appropriate for example reaching capacity, sensing End of File EOF) where no more data can be read from a data source such as a file or stream perform the following: (a) close the input open port; (b) processes the receipted data; (c) perform a AFT on the receipted data; (d) interrogate this AFT file against the Augmented REAPP enabled library of known AFTs of known and trusted data; (e) generate a compliance check against parameters of known, secure and trusted source of the same data sets attributes; and (f) parse the data into the Augmented REAPP enabled OS if the tolerance of the data meets the Augmented REAPP enabled analysis settings.
Conversely if the wave form or parts thereof are similar to a known malicious code, the Augmented REAPP enabled analysis software will determine its compliance level. Once the compliance level is determined, the device will either allow further passage of the receipted data, or isolate, process or nullify the code that is suspect.
Further the comparison of the similarity of magnitude of sampled quantized data to signals representative of trusted data will determine its compliance level.
Further the comparison of the similarity between the pattern of sampled quantized data set to pattern of signals representative of trusted data set will determine its compliance level.
The volume of data receipted is critical for the integrity of the AFT file. The addition of data adds to the complexity of the resultant waveform. Hence the waveform derived from this data can only enhance the level of analysis integrity that can be achieved from a Augmented REAPP-enabled OS.
The Augmented REAPP enabled OS is enhanced and not compromised by the addition of more data, which is unique to this invention. Further should potential incoming corrupt data be made minimal due to the corrupted code being broken into specified byte sizes (for example, K) placed into the data stream, then reconstituted), in order to by-pass this important feature, then this intentional, malicious, minimal data, will still be arrested by the lower parameter limit of the wave form, set up by AFT analysis.
Conversely, if processing overheads need to be minimized embedded devices or low risk applications) randomized spectrum "slicing" (slicing reduces the frequencies that need testing) can be used with very high levels analysis integrity.
An embodiment of the Augmented REAPP enabled OS will have the output of the cache data storage device being directly coupled to a Light Bridge.
Example of Augmented REAPP enabled analysis software using Augmented Fourier analysis
The spectral graphs, as shown in figures 5 to 7, demonstrate three examples of the compliance checking method that can be performed in the AFT domain. However, this checking method is not limited to these areas. In each described interrogation method, the enabled device capable of AFT analysis will be able to close an Augmented REAPP enabled PORT once it has detected an anomaly in the incoming data stream. The detection of the anomaly, by the ongoing AFT analysis process will contribute to de-activation of the Light Bridge, a process which itself, in turn, will instigate isolation of the incoming data, alert the user, then nullify the suspect receipted data.
Example 1
The first example of the Augmented REAPP enabled analysis software using AFT analysis is shown by Figure 5. This graphical representation shows a frequency spectrum (x axis) by the incidence of each frequency (y axis). The resultant representative data trace (a wave form) resides within the parameters (high and low alarm limits) that are established by known data AFT spectral analyses. By observing if the spectrum's magnitude has deviated from set limits at any frequency, the Augmented REAPP enabled analysis system can determine whether the data is potentially malicious or safe. This method is suitable where a lower risk application of a Augmented REAPP enabled OS is required. The limit check method is relevant to detecting data stream aberrations resulting from intentional, malicious alteration of a data stream. An example is steganography where potentially malicious coded information is hidden in a picture or a video file.
Example 2
The second example of the Augmented REAPP enabled analysis software using AFT analysis also utilizes pattern matching. Specifically, pattern matching is utilized on the "whole of wave form" by range checking values at multiple discrete frequencies. As discussed earlier, the increased volume of incoming data results in enhanced data, set for analysis, using AFT. The more numerous the discrete frequencies become, the higher the integration level that can be achieved using AFT. Reducing the amount of frequencies may result in faster processing times. This is useful in lower risk applications or environments, for example Meta data analysis.
Figure 6 shows the two AFT wave forms, one being the reference source that has been previously examined and found to be safe, whilst the other wave form is the receipted data. The incoming, but not restricted to collected data source is presented in the same manner as the reference source, and is compared for similarity. One method of checking for similarity is the sampling of the receipted data at discrete frequencies, subtracting the reference wave form from the receipted data wave form and determining its conformity by the resultant value (or error) within statistical probabilistic functions such that the variants is of an acceptable level. In effect, high and low limit wave forms are created.
Figure 6 is a spectrum frequency (x axis) vs. the incidence of occurrence of said frequency (y axis).
This graphical representation shows that the receipted data matches closely the data from a known source within the boundaries of upper and lower limits of confidence.
Example 3.
Referring to figure 7, a third example of the Augmented REAPP enabled analysis software is shown. This example shows that the AFT analysis involves, a. but is not limited to analyzing the wave forms rate of change with a range of frequencies. A Augmented REAPP enabled OS with dv/dt capabilities enables the benefit of detecting anomalies earlier in the AFT waveform than that achieved with pattern matching. Anomalies such as small or recurring programs in the receipted data may affect the magnitude of the same frequency. b. the derivation of incremental quantized differential value set via utilization of Laplace transform modeling computations.
As can be seen in Figure 7, the AFT analysis in an Augmented REAPP enabled OS will add an increased effectiveness of analytical integrity.
Augmented REAPP enabled analysis software implementation
The implementation of Augmented REAPP enabled analysis software, capable of using AFT analysis is enabled for implementation in any computing device. A computer system equipped with Augmented REAPP enabled software is one, such that each installed device will have a degree of functional redundancy with respect to analytical computation. Each device is potentially able to be setup independently to detect anomalies (including but not limited to, data receipted, program anomaly or device malfunction) with regard to the level of risk and actions to initiate, such as control or isolate a device, initiate a user response, etcetera.
Augmented REAPP enabled library growth
Augmented REAPP enabled analysis relies on a dynamic confidential library which records responses to interrogation of data, in all its forms. As applications and systems are developed, the Augmented REAPP enabled library must be updated, continually scrutinized and guarded. The method of updating the Augmented REAPP enabled library will capture the emerging technologies using the Augmented REAPP enabled methodology.
The data that the Augmented REAPP enabled library contains is in at least three forms: 1. Unsecured or known data sources which includes but not restricted to generated or collected data which includes OS's, applications, drivers, field devices and the like which are stamped for reference; 2. Data, including software and the accompanying updates received from known source, usually from but not restricted to REAPP collected and generated data, as well as from the manufacturer. This data is rated as trusted otherwise it is rejected. 3. Data which is trusted, but not restricted, to Augmented REAPP collected and generated data. This is determined by performing analyses on the data. For example, when the data is in the form of a program, it has run to determine its functionality along with any risks associated with its operation. A record of this functionality is kept for reference. If the risk of the program is higher than an established risk threshold determined by the Augmented REAPP enabled environ, the program or suitable part of the program, such as a subroutine is rerun but with a determined Augmented REAPP enabled modification applied to lower the determined risk threshold. The response to the modified program is also recorded within the Augmented REAPP enabled library.
The combined entity is then analysed through an Augmented Fourier transform algorithm, for which the response is recorded.
There are now at least three reference images of an OS, program and/or data. These are then stored and comprise the Augmented REAPP enabled library. As may be inferred a malicious attack may try to replicate the Augmented REAPP enabled modification applied and hence use the "cuckold" methodology of hiding via alteration.
The success of a potential attack will depend on the timely alteration of the Augmented REAPP enabled modification applied. The Augmented REAPP enabled analysis system, in this embodiment, will have a "random" modification generator within the system so the success of a "cuckold" attack is minimized.
The Augmented REAPP enabled analysis system uses a methodology of capturing an image of the Augmented REAPP enabled LIBRARY with any Augmented REAPP enabled modifications applied. This Augmented REAPP enabled LIBRARY dynamically captures the Augmented REAPP enabled modifications via the Augmented REAPP enabled bootable drive and/or the full Augmented REAPP enabled operating system. Updating statistically infers that a dynamic link is not required to the internet, with its incumbent vulnerabilities hence analysis is maximized. The level of Augmented REAPP enabled modifications applied can be varied to suit the risk level and analysis level requirement of the application. For example, a "standalone PC" with no internet connection may tolerate no modification but still be subject to a Augmented Fourier analysis examination provided by a Augmented REAPP enabled OS. In contrast, a financial or military application may require complex encryption algorithms again with an Augmented Fourier analysis.
The Augmented REAPP enabled analysis software utilizes an AFT, which can be analyzed for conformity against the Augmented REAPP enabled library. The library is the main repository where the reference sources, to enable examination of code for conformity, are stored, retrieved and updated. The Augmented REAPP enabled library may be physically dispersed and only apparent when called upon. The reference sources may reside as distributed data in storage, in many devices, amongst other files, be called upon randomly. One example of such distributed data networks is data distributed over many nodes using the bit torent protocol. Updating the library to include new software or current threats will be an essential part of the Augmented REAPP enabled OS. Also updating the REAPP enable library to include the most current REAPP collected and generated data.
GRADUATED COMPLIANCE CHECK
Such a review of conformity of code is achieved using a graduated compliance check against trusted and known parameter data set(s). The parameters that are checked include, but are not restricted to, waveform pattern matching which monitors on a statistical basis the acceptable deviation of aberrations of waveform. This includes waveform derivative functions such as rate of change, where upper and lower limits are placed upon the waveform, and said rate of change of the waveform.
One form of graduated compliance measures include data flows at sequential time epochs such as 1 second intervals, therefore, the data caching does not slow computer performance significantly. Other forms of graduated compliance include tolerance of frequency transform epochs which contain signatures of known malicious code. A further conformity review measures the differential values of quantized incremental data derived from utilization of Laplace Transform modeling computation.
LIGHT BRIDGE
This LIGHT BRIDGE device consists of a LED Fibre optic Transmitter/ Receiver Array. Figure 8 provides an overview as one arrangement of the interrogation of a LIGHT BRIDGE between devices. It should be noted that the Augmented REAPP enabled LIGHT BRIDGE shown in Figure 8 is in addition to the Augmented REAPP enabled functionality, but a not a mandatory inclusion.
This LIGHT BRIDGE allows for the possibility of disablement of code to be enabled by devices, situated functionally either side of the LIGHT BRIDGE. This provision of code disablement, as a function of a Augmented REAPP enabled OS, enables a corrupt data stream to be isolated. This contributes to the advantage of complete severance of corrupt data flow to take place.
The inventors liken this severance process to that of decapitation or reaping of the Gorgon's head. The Gorgon, represents the creature of ancient Greek mythology that froze everyone in its path by the power of its hypnotic stare. The inventors have equated the power of this mythical creature, to that of an incoming virus which freezes all programs in its path. This severance process is the quintessential empowerment that heightens the ability of a Augmented REAPP enabled OS to isolate and deal with incoming viruses.
Data transmission to a computer typically takes the form of transmission of electrons as data bits sent individually over a single wire in the form of serial or parallel transmission to the computer BUS. The BUS transfers data between computer components inside a computer and typically is controlled by device driver software. A device driver provides the means for software to interact with hardware devices, usually using subroutines that communicate by performing calls and return statements in the form of information feed-forward and feed-back routines. For example, a program may invoke a subroutine to communicate with a device driver. This subroutine effectively instructs the device driver to issue one or more commands to the device hardware, which in turn, the hardware device then sends data back to the driver, which invokes one or more subroutines in the program. The interaction between a device driver and the BUS allows the BUS to connect with one or more hardware devices.
The conversion of binary information from electron transmission into photon transmission as it leaves the BUS takes place in one arrangement. This provides the opportunity for information to be prepared or primed as it is passed through parallel gates to enable parallel transmission of the data. As this data is passed through each gate it is verified against the unprimed data to obtain a proof of its authenticity. This comparison of data is compared by the pulsing of light emitting diodes/laser pulses in a sequencing code which enables the comparison of the light transmitted primed data to the electron transmitted pre-BUS unprimed data. The data is then qualified as part of the verification process such that it is confirmed to be reflecting the original data and not contaminated by additional data. This reflection of original data is confirmed through having a response to a request communicated to the data pre data conversion into photon transmission. This communication does not involve any controller of a driver. In the event that the data is not qualified, then a denial of service will take place.
Multiple parallel wires are used to transmit data bits simultaneously, which is much faster than Serial transmission as bytes of information can be sent rather than one bit at a time. This method is used internally within the computer, for example the internal buses, and sometimes externally for such things as printers, however this method of transmission is only available over short distances as the signal will 15 degrade and become unreadable, as there is more interference between many wires than between one.
Augmented REAPP enabled operating system analysis
The incorporation of the embodiment of a Augmented REAPP enabled operating system into a computer system as described in the prior art, allows for the utilization of Augmented REAPP enabled methodology to enable the host computer system which uses current hardware and software to manifest a higher level of analysis integrity, through improved data discrimination, interrogation and verification.
Startup Protection Phase
Computer powering up and device bootstrapping
Bootstrapping is the process of starting up a computer, for which a mechanism where the internal devices are prepared before engagement with any information. Most commonly, bootstrapping refers to a logical execution process where a simple system activates another more complicated system that serves the same purpose. Typically, bootstrapping is needed to execute hardware devices, which in turn execute operating system kernel software that is responsible for executing other software programs.
Figure 9 illustrates in a flow chart of a preferred embodiment in one arrangement of the present invention showing the steps involved in Augmented REAPP enabled computer analysis initial startup process. The Augmented REAPP enabled operating system bootstrapping involves a set of instructions that reside in each device's programmable memory such that each devices boots in a specific order to begin the initialization of the computer's operating system. This initialization process involves the checking of each device's readiness, which is undertaken through the following steps as shown in Figure 9:
Power Up
Referring to Figure 9, the Startup Phase involves the startup of the Augmented REAPP enabled CPU which leads to the following events: 1. Processes for startup, which includes: a) switching on; b) instruction to devices; followed by c) signals completion of start up
When the computer power is switched on, electricity passes from the computer's power supply unit to the Augmented REAPP enabled CPU followed by associated computer housed devices. In one arrangement of the invention the Augmented REAPP enabled LAN Driver (LD) is not powered on at this stage and consequently all the ports are closed.
This step differs from the operation of powering on conventional computers, which powers on the Augmented REAPP enabled LD simultaneously with powering up the Augmented REAPP enabled CPU and the Augmented REAPP enabled LD keeps all ports open.
Specifically, when the Augmented REAPP enabled CPU is powered on there is an interrogation of the ports to ensure that they are closed. This Startup Phase involves the sub steps of starting with all ports closed. If the Augmented REAPP enabled Ports Closed request response is negative that is, the ports are open, then the computer will restart immediately or when instructed otherwise. The Ports Closed request can be positive by having one or more ports open, which will instruct the Augmented REAPP enabled CPU to shut down as this is not within the threshold of a secure startup environment.
This threshold startup environment can be altered in specific circumstances to one or more specified "safe" ports to be open on startup if the security threshold is akin to a non-secure computer or demilitarized computer. 12. Conversely, if the Ports Closed is positive -that is, the ports are all closed -then the next Augmented REAPP enabled DM Open Port(s) sub-step will proceed. Additionally the Augmented REAPP enabled analysis software is initialized.
If the Augmented REAPP enabled DM Open Port(s) response is negative then the Augmented REAPP enabled CPU will communicate with the Augmented REAPP enabled LD to have the Augmented REAPP enabled LD Activated. This interrogation involves sending a communication to Augmented REAPP enabled LD (and other devices with later communications) and receiving a response. This is enabled by parsing information from the Augmented REAPP enabled CPU across to the Augmented REAPP enabled LD through, in this arrangement, sockets (and/or program "hooks") on the Augmented REAPP enabled LD software enabled by software or firmware. This initial communication will involve the Augmented REAPP enabled LD parsing a response back to the Augmented REAPP enabled CPU which informs the Augmented REAPP enabled CPU that the Augmented REAPP enabled LD activated.
This, in turn, allows specified DM Open Port(s). Once the Augmented REAPP enabled CPU has specified Augmented REAPP enabled DM Open Port(s) there is a communication sent to specified devices to querying whether the devices are powered on by seeking a response to Devices Switched On. This Devices Switched On sub-step can sequentially, continually and/or simultaneously interrogate each and/or all devices.
Upon receiving a response from a device that the devices switched on is negative then the Augmented REAPP enabled CPU will instruct the device to active via the Activate Device sub-step. Initiation of process via instruction to devices to Activate Devices is enabled to place individually, sequentially or collectively. Once the Activate Devices status of specified or all devices is positive then the Augmented REAPP enabled CPU can perform Device Recognition. This enables the Augmented REAPP enabled CPU to interrogate one or more devices as to their standing.
If the Augmented REAPP enabled CPU recognition of the device does not match the recognition status parameters embedded in the Augmented REAPP enabled CPU, then the Recognise Device will be negative which will inform the Augmented REAPP enabled CPU to Restart. Restart sub-step will perform a power recycled immediately or will shut down the computer, which will not be restarted until another event takes place such as human intervention.
If the Augmented REAPP enabled CPU recognition of the device does match the recognition status parameters embedded in the Augmented REAPP enabled CPU, then the Recognise Device will be positive which will inform the Augmented REAPP enabled CPU to acknowledge whether all specified devices are recognized through the All Devices Recognised sub-step.
If the Augmented REAPP enabled CPU recognition of the All Devices Recognised sub-step does not match the recognition status parameters embedded in the Augmented REAPP enabled CPU, then the All Devices Recognised sub-step will be negative which will inform the Augmented REAPP enabled CPU to Restart. As discussed above, this Restart sub-step will perform a power recycled immediately or will shut down the computer, until human intervention takes place.
Conversely, if the All Devices Recognised sub-step conforms to the recognition status parameters embedded in the Augmented REAPP enabled CPU, then the All Devices Recognised sub-step will be positive which will enable the one or more devices to be acknowledged via the Acknowledge Devices sub-step. This enables the Augmented REAPP enabled CPU to be receptive to the function and status of each and all devices. The Augmented REAPP-enabled CPU instructs devices to be switched on such that there is an ordered progression of device recognition and acknowledgement. If the device is powered on and recognised then the device will remain on so long as the device remains recognised. This device recognition can be an ongoing polling of devices by the Augmented REAPP enabled CPU. Conversely, if the device is powered on but not recognised by the Augmented REAPP enabled CPU, then the device will be powered down. This ensures that the powered device is a recognised device.
Recognition Phase
Recognition Phase Recheck: 1. The sequence starts with Ports Closed to ensure that the proper port closure has been initiated; 2. Each device via the Device Recognition sends a feedback response to the Augmented REAPP enabled CPU on each device's functional status individually, sequentially and in serial commutation or collectively in parallel communication; and 3. The Augmented REAPP enabled LD recognition recheck is next in sequence via the Recognise Device sub-step, which is initiated by the Augmented REAPP enabled DM which checks the ports closure status by the Augmented REAPP enabled LD sending an information request and receiving a response in a Local Host loop (commonly using port 80 on 127. 0. 0. 1) to test a host or other device is reachable across the IP network. An information request works by sending a "request" and listening for "response" reply using interval timing and response rate. Note that no information leaves the computer or enters the computer at this stage.
On confirmation of the device recognition and acknowledgement, and Augmented REAPP enabled analysis, the device is enabled to run through the Endorsement Phase.
Endorsement Phase
Referring to Figure 10 the Endorsement Phase is performed by incorporating the following component with the accompanying functions:
Function of Augmented REAPP enabled Device Manager 1. Takes instruction from the Augmented REAPP enabled CPU; 2. Checks integrity of Augmented REAPP enabled Dongle and its firmware status; 3. Is receptive to function of the status of all devices; and 4. Instructs the Augmented REAPP enabled LAN driver by initiating a halter restart sequence.
Halter is used to mean guide and/or instruct and train.
Function of Augmented REAPP enabled Virus Detector 1. Check status of all devices prior to shut down 2. Assists the Augmented REAPP enabled CPU in: a) Start up; and b) Running with data in a virus and malware free environment.
The Augmented REAPP enabled CPU runs an Endorsement Process and performs acknowledgement of the component devices through performing the steps below: 1. A Directive Function to activate the Augmented REAPP enabled Virus Detector (VD) and Augmented REAPP enabled Device Manager This Directive Function is enabled by interrogating the Augmented REAPP enabled VD software and/or hardware and the Augmented REAPP enabled DM as to their status. Specifically a request and response sequence to these devices is performed. This sequence is a gate where the Augmented REAPP enabled VD Augmented REAPP enabled DM signal the Augmented REAPP enabled CPU Ready Status is either positive or negative.
If the response is not received (a negative response) then the Augmented REAPP enabled CPU Initiates a Check of Augmented REAPP enabled VD and Augmented REAPP enabled DM. Conversely, if the response is positive, then the Augmented REAPP enabled CPU interrogates the port status of each device via the Augmented REAPP enabled CPU Verification of Device Port Status substep; 2. A Receptive function, which acknowledges the start up completion of the Augmented REAPP enabled VD and Augmented REAPP enabled DM. This Receptive function is enabled by the Augmented REAPP enabled VD and Augmented REAPP enabled DM signal passed back the Augmented REAPP enabled CPU informing of the positive activation of these devices.
If there is no signal received, there is no acknowledgement of the device and the
Augmented REAPP enabled CPU check returns to the previous Endorsement Phase; followed by 3. The Augmented REAPP enabled CPU Verification of Devices Port Status substep takes place through the Augmented REAPP enabled LAN Driver Check Port Status as to the status of the ports communicating with the external environment presence or absence of a Augmented REAPP enabled Dongle which is connected via an external port. If the Augmented REAPP enabled LAN Driver Check Port Status request and response is negative then the Augmented REAPP enabled DM Initiates Augmented REAPP enabled LAN Driver Port Check.
If the recheck does not confirm a positive response then the request will return to a previous sub-step of whether the Augmented REAPP enabled VD Augmented REAPP enabled DM Signal the Augmented REAPP enabled CPU Ready Status is either positive or negative.
If the Augmented REAPP enabled LAN Driver Check Port Status request and response is positive then the following sub-step is enabled: Augmented REAPP enabled LD Port Status Enabled to Communicate to Augmented REAPP enabled Dongle. The Augmented REAPP enabled Dongle performs the task of authenticating that the computer may operate because a mandatory step in the endorsement and acknowledgement sequence is present; 4. Dongle Confirms Port Status to LD as a verification of port status. If there is no response then the previous sub-step of Augmented REAPP enabled DM Initiates the Augmented REAPP enabled analysis and Augmented REAPP enabled LAN Driver Port Check will be performed. If the response is positive, then the Augmented REAPP enabled LD shuts the Augmented REAPP enabled Dongle's Port and communicates status to Augmented REAPP enabled Device Manager.
Endorsement Phase Recheck: 5.
Augmented REAPP enabled Dongle, collects and generates Augmented REAPP enabled data, confirms safety of the port closure by confirming that there is no "echo response" across the network from the Augmented REAPP enabled LD "request" via the Augmented REAPP enabled LD Shuts Augmented REAPP enabled Dongle's Port and Communicates Status to Augmented REAPP enabled Device Manager.
Recognition Phase additional recheck: 1. Despite the positive response from Augmented REAPP enabled Dongle, the Augmented REAPP enabled LD performs an additional partial check on Augmented REAPP enabled Dongle's status via the Reiteration Step. This reiteration loop, generates Augmented REAPP enabled data, and takes place via a polling mechanism or via period (time) or frequency (specified number of times) parameters. Therefore the Receptive function is re-run followed by the Directive function which shuts down all the ports again and signals the Augmented REAPP enabled DM which via the sub-step of Augmented REAPP enabled Device Manager Acknowledgement of Port Closure. This step, including Augmented REAPP enabled analysis can also be performed as an intervening step at any stage as an Acknowledgement Phase recheck where Augmented REAPP enabled DM acknowledges Port closure after allowing port opening to let data transmit or if an unauthorized event has taken place.
Recognition Phase further recheck: 2. The Augmented REAPP enabled CPU begins a check on Augmented REAPP enabled VD such that there is knowledge of function sequence. This takes place via a Augmented REAPP enabled CPU Recognition Virus Device sub-step. Knowledge of function can consist of a substitution of a sequence of automatically-generated instructions for the original function call, such as Augmented REAPP enabled analysis, and the Augmented REAPP enabled CPU has an intimate knowledge of the function of the Augmented REAPP enabled VD and can integrate it appropriately for functional optimization. In computing this is often called "intrinsics" or "intrinsic function".
Augmented REAPP enabled VD Endorsement Phase: 3. The Augmented REAPP enabled VD is endorsed if the CPU Recognition Virus Device sub step is successful.
Augmented REAPP enabled VD Acknowledgement Phase: 4. All devices must acknowledge same signal from the Augmented REAPP enabled VD as shown in the Nominated Device Recognition VD sub-step.
Augmented REAPP enabled VD Permission Phase: 1. Permission is granted once all devices have acknowledged the same signal from the Augmented REAPP enabled VD as verified via a positive response from the Nominated Device Recognition VD sub-step.
Augmented REAPP enabled DM Endorsement Phase: 1. Augmented REAPP enabled CPU Performs a Augmented REAPP enabled analysis , and Augmented REAPP enabled Device Manager Check Device(s) Status on each device individually and collectively. a. The Augmented REAPP enabled DM is endorsed if the Augmented REAPP enabled DM recognition is successful via sub-step Augmented REAPP enabled DM's Response Equivalent to Augmented REAPP enabled CPU Information responding with a positive response.
Conversely, if the response is negative, there will be a Re-run of the Endorsement Sequence. b. This Augmented REAPP enabled CPU Performs a Augmented REAPP enabled Device Manager Check Device(s) Status on each device individually, sequentially or collectively for all devices as shown in sub-steps, including Augmented REAPP enabled analysis.
One arrangement of this particular embodiment includes the Augmented REAPP enabled CPU checks Device Port Status in the following order: 2. The Augmented REAPP enabled CPU continually polls the Augmented REAPP enabled DM via sub-step Augmented REAPP enabled CPU Performs a Augmented REAPP enabled Device Manager Check Device(s) Status to ensure that that each devices' status is up to date. This is a check which is on ongoing to ensure that the integrity of the system: a. The Augmented REAPP enabled CPU checks on the Augmented REAPP enabled DM's knowledge of Augmented REAPP enabled Dongle and its firmware status and function (sub step not shown); b. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled DM's response same as Augmented REAPP enabled CPU knowledge of Augmented REAPP enabled DM and its firmware status and function via sub-step Augmented REAPP enabled DM's Response Equivalent to Augmented REAPP enabled CPU Information and c. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled LD understanding of proper location and registration of data from its own source via Augmented REAPP enabled LD's Response Equivalent to Augmented REAPP enabled CPU Information including: i. Augmented REAPP enabled analysis ii. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled LD has proper knowledge of its own function, for example if the Augmented REAPP enabled LD can recognise: 1. registered data from known source; 2. properly presented data from unknown source; and 3. retain a connection with the Augmented REAPP enabled DM. 4. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled BUS has proper knowledge of its own position in the sequence of events via Augmented REAPP enabled BUS'S Response Equivalent to Augmented REAPP enabled CPU Information sub-step. For example the Augmented REAPP enabled CPU checks the Augmented REAPP enabled BUS function to confirm if the Augmented REAPP enabled BUS can: a. act as a conduit of instruction from the Augmented REAPP enabled CPU to the Augmented REAPP enabled VD and in turn to the Augmented REAPP enabled DM; and b. performs Augmented REAPP enabled analysis check c. confirms completion of such an instruction. 5. The Augmented REAPP enabled CPU checks if the memory has proper knowledge of its own position in the sequence of events via the sub-step of Augmented REAPP enabled Memory's Response Equivalent To Augmented REAPP enabled CPU Information, such that the function of memory includes: a. conduit of Augmented REAPP enabled CPU instruction to a Augmented REAPP enabled virus detector; and b. rests while Augmented REAPP enabled BUS completes the circuit 6. The Augmented REAPP enabled CPU checks if any [nominated device] has proper knowledge of its own position in the sequence of events via the sub-step of [nominated device]'s response equivalent to Augmented REAPP enabled CPU information. This can be reiterated indefinitely. 7. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled DM has: a. proper knowledge of its position the sequence of events; and b. the status of the Augmented REAPP enabled DM's function, which includes the Augmented REAPP enabled DM performing the following tasks: i. the Augmented REAPP enabled DM is present at all computer functions; and ii. will initiate and halter (guide and/or instruct and train) the restart of computer iii. perform Augmented REAPP enabled analysis check 8. The Augmented REAPP enabled CPU checks if the Augmented REAPP enabled VD has: a. proper knowledge of its position the sequence of events; and b. the status of the Augmented REAPP enabled DM's function, which includes the Augmented REAPP enabled VD performing the following tasks: i. check status of all devices prior to closing down of computer ii. assist the Augmented REAPP enabled CPU in: a) start; b) running; and c) closing computer. iii. perform Augmented REAPP enabled analysis check
Once the Augmented REAPP enabled CPU has checked all devices and with regard to their status and function and confirmed that the devices are performing as instructed, and then the external device will confirm the performance of the Augmented REAPP enabled CPU.
Engagement of incoming information
The inventive system involves the means for an improved method and system for computer data analysis, interrogating information that is passed to a Augmented REAPP enabled adapted system. This information must be presented in a manner that conforms to Augmented REAPP enabled standards according to the following steps: 1. Data must have conformity that includes the following: a) Information and/or its recognizable identifier should be registered; and/or b) Conforming to a mode that is acceptable to a computer of a Augmented REAPP enabled standard. 2. Information should be stopped at the ports while the Augmented REAPP enabled Dongle and associated firmware perform a Augmented REAPP enabled analysis check on the credentials of the presenting information. 3. Upon confirmation of the collected information by the Augmented REAPP enabled Dongle and associated firmware, the Augmented REAPP enabled Dongle subsequently sends an information request and receives a response from devices that the response can be generated from, subsequently the Augmented REAPP enabled LD (and other devices which can generate responses), which in turn sends an information request and receives a response from the Augmented REAPP enabled DM, then the Augmented REAPP enabled CPU which switches on with confirmation of the acceptable data. A Augmented REAPP enabled analysis check is then executed, and constitutes feedforward regulation.
The Augmented REAPP enabled CPU instructs the Augmented REAPP enabled DM which in turn instructs the Augmented REAPP enabled LD to proceed with the opening of ports and permission granting for collected information to be allowed into the computer, passed the ports.
Referring to Figure 11, the present invention involves the engagement of collected information by performing the following steps: 1. The Augmented REAPP enabled LD initially: a) opens ports to interrogate the information, but does not pass the information packets across to program sockets. Therefore, the ports are effectively only partially open;and b) checks the incoming packets; 2. The Augmented REAPP enabled Dongle and associated firmware performs A Augmented REAPP enabled analysis check, and the verification of but not restricted to, collected information; 3. The Augmented REAPP enabled LD subsequently performs further verification possibly of the following data: a) password verification b) data registration; and then performs the following events: i. Shuts port; and ii. Relays the results back to the Augmented REAPP enabled CPU. c) A Augmented REAPP enabled analysis check is then executed 4. The Augmented REAPP enabled CPU subsequently checks the Augmented REAPP enabled LD's knowledge of password; 5. The Augmented REAPP enabled LD must then respond whether incoming information is qualified (Recognition phase); 6. For which the Augmented REAPP enabled CPU executes a further Augmented REAPP enabled analysis check of Augmented REAPP enabled LD's knowledge of incoming but not restricted to collected information (Endorsement phase); and then 7. The Augmented REAPP enabled CPU authorises entry of properly qualified information (Authorization phase). 8. The Augmented REAPP enabled LD does not permit entry of the data until: a) the Augmented REAPP enabled memory and the Augmented REAPP enabled BUS are activated; b) the incoming data is encapsulated and masked; and c) the Augmented REAPP enabled memory and Augmented REAPP enabled BUS are in place; then d) the Augmented REAPP enabled LD opens the ports
The incoming but not restricted to, collected information only gets inside the ports and then is contained between the Augmented REAPP enabled BUS and Augmented REAPP enabled memory in the form of photon pulsed binary information. This is a phase of light masking which provides masked information to be passed to the Augmented REAPP enabled CPU. 1. The Augmented REAPP enabled LD then performs a Augmented REAPP enabled analysis checks for authorization of incoming but not restricted to collected and qualified information 2. The Augmented REAPP enabled LD then "primes" or "tags" the incoming but not restricted to collected and qualified information, should it turn out to be aberrant in the future; 3. The Augmented REAPP enabled LD informs the Augmented REAPP enabled CPU directly of the means used to tag the information. This means could be variable depending on which piece of information is coming in. 4. Once the Augmented REAPP enabled LD informs the Augmented REAPP enabled CPU of the incoming information clearance, the Augmented REAPP enabled CPU directs the Augmented REAPP enabled memory and Augmented REAPP enabled BUS to accompany the information to a position of advantage for the computer; 5. The Augmented REAPP enabled LD then performs a Augmented REAPP enabled analysis check of the tagged, qualified and disarmed incoming information and then 6. Informs the Augmented REAPP enabled CPU of the means used to tag the qualified information. This means in one embodiment is variable depending on which piece of information is coming in. 7. The Augmented REAPP enabled CPU then performs the following: a) a Augmented REAPP enabled analysis check on recognition on immobilised information; and b) signals to all devices that the information is immobilised; and 8. The Augmented REAPP enabled VD and Augmented REAPP enabled DM acknowledge the signal confirmation of the immobilised information.
Engaging the disarmed information
This immobilisation method may have to be universally recognizable and interchangeable. From the moment the Incoming and but not restricted to collected Qualified Tagged (immobilized) Information (IQTI) is passed to the Augmented REAPP-ENABLED CPU it remains immobilized, until it has passed a Augmented REAPP enabled analysis check at other levels. 9. The Augmented REAPP enabled MEM and the Augmented REAPP enabled BUS can also provide a further means of a Augmented REAPP enabled analysis check is which is imposed on the incoming but not restricted to collected Qualified Tagged (immobilized) Information; 10. The Augmented REAPP enabled CPU sends a signal to user and requests approval to transmit the incoming but not restricted to collected Qualified Tagged (immobilized) Information; 11. All devices signal approval; 12. The Augmented REAPP enabled MEM and Augmented REAPP enabled BUS drop constraints; 13. The Augmented REAPP enabled CPU performs a Augmented REAPP enabled analysis check that incoming but not restricted to collected Qualified Tagged (immobilized) Information understands that the user is in control; 14. The Augmented REAPP enabled CPU instructs devices to be at rest and alerts higher devices that individual scrutiny of incoming but not restricted to collected Qualified Tagged (immobilized) Information will take place;
15. The Augmented REAPP enabled BUS a. attaches to incoming but not restricted to collected Qualified Tagged (immobilized) Information; b. takes incoming but not restricted to collected Qualified Tagged (immobilized) Information past the Augmented REAPP enabled CPU and then past the Augmented REAPP enabled DM; and c. alerts the Augmented REAPP enabled DM three times regarding the incoming but not restricted to collected Qualified Tagged (immobilized) Information status; 16. The Augmented REAPP enabled DM performs a Augmented REAPP enabled analysis check of the Augmented REAPP enabled BUS' knowledge of the incoming but not restricted to collected Qualified Tagged (immobilized) Information; 17. The Augmented REAPP enabled BUS then: a. describes the incoming but not restricted to collected Qualified Tagged (immobilized) Information; and b. requests user input; 18. The Augmented REAPP enabled DM approves entry of incoming but not restricted to collected Qualified Tagged (immobilized) Information; 19. The Augmented REAPP enabled VD performs a Augmented REAPP enabled analysis check of the Augmented REAPP enabled BUS' knowledge on incoming but not restricted to collected Qualified Tagged (immobilized) Information; 20. The Augmented REAPP enabled BUS then: a. describes the incoming but not restricted to collected Qualified Tagged (immobilized) Information; and b. requests user input; 21. The Augmented REAPP enabled DM performs a Augmented REAPP enabled analysis checks the Augmented REAPP enabled BUS' knowledge of the incoming but not restricted to collected Qualified Tagged (immobilized) Information being subject to user demand; 22. The Augmented REAPP enabled DM then: a. performs a Augmented REAPP enabled analysis checks that incoming but not restricted to collected Qualified Tagged (immobilized) Information is unarmed; and b. permits further processing 23. The Augmented REAPP enabled BUS guards the incoming but not restricted to collected Qualified Tagged (immobilized) Information; 24. The Augmented REAPP enabled DM signals that the masking, tagging of incoming but not restricted to collected Qualified Tagged (immobilized) Information is complete; 25. The Augmented REAPP enabled CPU reads the impressions; 26. The Augmented REAPP enabled BUS transfers the incoming but not restricted to collected Qualified Tagged (immobilized) Information when the Augmented REAPP enabled Dongle is present; 27. The Augmented REAPP enabled BUS continues to perform multiple iterations of Augmented REAPP enabled analysis checks of the incoming but not restricted to collected Qualified Tagged (immobilized) Information and the Augmented REAPP enabled BUS only needs reconstituted copy of the incoming but not restricted to collected Qualified Tagged (immobilized) Information; 15 28. The Augmented REAPP enabled VD signals completion of Augmented REAPP enabled analysis checking the incoming but not restricted to collected Qualified Tagged (immobilized) Information; and 29. The Augmented REAPP enabled CPU signals back,
Shutdown External Device
An external device in this embodiment is a parallel device whose sole function is to perform a Augmented REAPP enabled analysis check of function and status of Augmented REAPP enabled CPU. Consequently, the Augmented REAPP enabled CPU is enabled to perform a Augmented REAPP enabled analysis check on itself, through input of the external device. 8. The Augmented REAPP enabled CPU performs a Augmented REAPP enabled analysis check if the external device has: a. proper knowledge of the Augmented REAPP enabled CPU; and b. the status of the Augmented REAPP enabled CPUs function, which includes the Augmented REAPP enabled CPU performing the following tasks: i. to switch on with switch on of computer and, after start up of computer, to a) initiate device sequence; and b) request passwords from user 9. The authorized user initiates a Augmented REAPP enabled analysis check if all devices concur with password entered. 10. On authentication of the password by each and all devices, the Augmented REAPP enabled CPU opens computer and opening signals the completion of Start Up with a communication Information request and response; 11. The following principal devices: Augmented REAPP enabled VD, Augmented REAPP enabled DM, PP-enabled LD, and Augmented REAPP enabled Dongle perform a Augmented REAPP enabled analysis check, and if passed, provide "ready" signal as the Augmented REAPP enabled CPU: a. Switches on respectively the Augmented REAPP enabled VD and Augmented REAPP enabled DM's "Ready status" flag of: i. State, and ii. Function 12. The External Device ( Augmented REAPP enabled DONGLE) opens the network at a specific place within the network common to all 13. The Augmented REAPP enabled CPU performs the following tasks: a. focuses attention onto specific part of network b. perform a Augmented REAPP enabled analysis check, and if passed, c: instructs all devices to rest; and 14. The Augmented REAPP enabled CPU opens access to the hard disk and computer memory.
Role of the Augmented REAPP enabled CPU
The Augmented REAPP enabled CPU instructs all devices to be switched off by the following steps: 1. sending a signal to commence closure of all devices; and 2. performs a Augmented REAPP enabled analysis check of the Augmented REAPP enabled DMs knowledge of all devices' function in the proper sequence of closure.
This ordered progression of device disablement is achieved by the following steps: a. The Augmented REAPP enabled CPU has instructed the Augmented REAPP enabled DM to perform a Augmented REAPP enabled analysis check and to initiate the closure process; b. The Augmented REAPP enabled DM instructs the Augmented REAPP enabled LD to perform a Augmented REAPP enabled analysis check and signify that the ports are shutdown; c. The Augmented REAPP enabled LD signals the Augmented REAPP enabled Dongle and awaits reply; d. The Augmented REAPP enabled Dongle signals the Augmented REAPP enabled LAN driver confirming closure of ports;
e. The Augmented REAPP enabled DM signals closure/shut down completion to the Augmented REAPP enabled CPU; f. The Augmented REAPP enabled CPU performs a Augmented REAPP enabled analysis check of the Augmented REAPP enabled VD competency confirming that the Augmented REAPP enabled VD status is reflected by the previous Augmented REAPP enabled VD status contained in the Augmented REAPP enabled CPU; g. The Augmented REAPP enabled VD performs a Augmented REAPP enabled analysis check of the status of competency in all devices as free of corruption; h. Augmented REAPP enabled CPU performs a Augmented REAPP enabled analysis check to all devices that they are free of all corruption; and i. All devices must demonstrate they are free of corruption; j. The Augmented REAPP enabled CPU performs a Augmented REAPP enabled analysis check that the following: i. Augmented REAPP enabled VD is still functioning properly ii. Augmented REAPP enabled V. D knowledge of shut down sequence is similar to its own. k. The Augmented REAPP enabled CPU instructs user to generate password for next computer usage; l. All devices synchronize to that password and sound/signal acknowledgement of completion of that process; m. Commands closure pings/tones; n. Augmented REAPP enabled VD performs a Augmented REAPP enabled analysis check that the password: i. has been stored by all devices pings/tones shutdown
ii. declares shutdown completion with information request and response to the Augmented REAPP enabled CPU o. All devices signal closure; p. The Augmented REAPP enabled DM Information request and responses closure tone; q. The Augmented REAPP enabled VD resets its status to start;
r. The Augmented REAPP enabled LD Gives same closure signal as Augmented REAPP enabled CPU
s. The Augmented REAPP enabled Dongle Gives same closure signal as Augmented REAPP enabled CPU t. The memory Shuts down hard disk; and u. The computer function stops.
The External Device resets the flags and locks up memory and perform a Augmented REAPP enabled analysis check of the availability of the hard disk on memory by trying to access it 3 times while it is locked. The system is a smart (artificial intelligence oriented) in that all devices perform a Augmented REAPP enabled analysis check on each other throughout start up running and closure. Ports are always shut as opposed to open as in conventional computers.
These arrangements provide the possibility for an improved level of integrity of computer analysis.
As will be further appreciated by those persons skilled in the art, the present inventive method and system affords distinct industrial and commercial computation advantages not previously available to vendors relating to the delivery of analytic services to subscribers. The benefit may include but not restricted to optimizing the utilization of data including but not restricted to META data analysis, data analysis derived from but not restricted to commercial or industrial usage, data analysis from field devices, and the like. In this aspect, the present invention provides novel methods of conducting an array of business functions for the purpose of exploiting the business of the inventive subject matter.
Although the invention has been described with reference to the exemplary and specific embodiments thereof, it will be appreciated by those skilled in the art that the invention will be may be embodied in many other forms without departing from the scope of the invention.
Furthermore, to the extent that the term "includes" issued herein the detailed description or the claims, as such term is intended to be inclusive in a manner similar to the term "comprising", "having", and its grammatical variations, in the inclusive sense and not as "consisting only of' when employed as a transitional word in a claim.
Claims (5)
- Claims1. A computer-implemented data analysis method including the steps of: (a) Augmented REAPP software is executed on a target computer, wherein said target computer includes any programmable device that has preexisting software installed, including a pre-existing OS; (b) a device connected to said target computer, such as an associated drive, a disk, a storage device, a network device, a field device or the like; (c) said Augmented REAPP software selects an OS to function as said Augmented REAPP OS wherein said Augmented REAPP OS is different to said pre-existing OS; (d) the boot sequence of said target computer is modified such that said Augmented REAPP OS boots in preference to said pre-existing OS; (e) said Augmented REAPP OS is executed as a host OS on said target computer; and (e) said Augmented REAPP software enables one or more of the following to operate as a virtual client within a virtual machine: i. said pre-existing OS; ii. said pre-existing software. (f) analysis of data including but not restricted to generated and collected data on said Augmented REAPP OS
- 2. A computer-implemented system including: a. Augmented REAPP software, wherein said Augmented REAPP software includes an Augmented REAPP operating system (OS); b. a target computer for executing said Augmented REAPP software, wherein said target computer includes any programmable device; and c. a means for hosting a virtual machine on said target computer wherein: i. Said target computer has preexisting software installed, including a preexisting OS; ii. Said Augmented REAPP OS is: A. different to preexisting OS; B. configured to boot in preference to said preexisting OS C. executed as a host OS on said target computer; and iii. said Augmented REAPP software enables one or more of the following to operate as a virtual client within a virtual machine: A. said pre-existing OS; B. said pre-existing software d. Augmented REAPP software, wherein said Augmented REAPP software includes but not restricted to Augmented REAPP operating system (OS) e. Augmented REAPP hardware, including but not restricted to a field device wherein said Augmented REAPP software (d), includes but not restricted to pre-installed said Augmented REAPP OS.
- 3. A computer implemented data analysis system according to Claim 2, wherein said Augmented REAPP software is enabled to implement data analysis of one or more of the following: (a) said pre-installed Augmented REAPP OS; (b) said pre- installed Augmented REAPP software.
- 4. A computer-implemented data analysis system according to either claim 2 or 3 wherein said Augmented REAPP software is enabled to implement data analysis of one or more of the following: (a) data, wherein said data includes one or more communications: i. within said virtual client; ii. to and from said virtual client; iii. any combination of (i) and (ii) above; (b) . one or more operations of said virtual client within said virtual machine, wherein said operations include: i. computations; ii. processes; iii. any combination of (i) and (ii) above. (c ) data , whereby said data includes but not restricted to: i. collected data from Augmented REAPP field device ii. generated data from Augmented REAPP field device iii. any combination of (i) and (ii) above. (d ) one or more operations of said Augmented REAPP field device wherein said operations include: i. computations; ii. processes; iii. any combination of (i) and (ii) above.
- 5. A computer-implemented data analysis system according to any one of Claims 2 to 4, (a) , said Augmented REAPP OS is examined against one or more operating systems within said Augmented REAPP software; wherein said Augmented REAPP software selects an OS, to function as said Augmented REAPP OS: (b) an Augmented REAPP OS that is different to said pre-existing OS is selected to function as Augmented REAPP OS such that said pre-existing software is prevented from being executed directly by said Augmented REAPP OS.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2016101012A AU2016101012A4 (en) | 2016-07-06 | 2016-07-06 | Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2016101012A AU2016101012A4 (en) | 2016-07-06 | 2016-07-06 | Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2016101012A4 true AU2016101012A4 (en) | 2016-08-04 |
Family
ID=56551077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2016101012A Ceased AU2016101012A4 (en) | 2016-07-06 | 2016-07-06 | Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2016101012A4 (en) |
-
2016
- 2016-07-06 AU AU2016101012A patent/AU2016101012A4/en not_active Ceased
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2008100698A4 (en) | REAPP fourier transform computer security methodology | |
| US11055411B2 (en) | System and method for protection against ransomware attacks | |
| US10666686B1 (en) | Virtualized exploit detection system | |
| EP3430557B1 (en) | System and method for reverse command shell detection | |
| US9954872B2 (en) | System and method for identifying unauthorized activities on a computer system using a data structure model | |
| US7437766B2 (en) | Method and apparatus providing deception and/or altered operation in an information system operating system | |
| US8474032B2 (en) | Firewall+ storage apparatus, method and system | |
| US7296274B2 (en) | Method and apparatus providing deception and/or altered execution of logic in an information system | |
| US20180006999A1 (en) | Computer security architecture and related computing method | |
| KR20180019070A (en) | Protecting your computer-powered system with networked devices | |
| Firoozjaei et al. | An evaluation framework for industrial control system cyber incidents | |
| Laureano et al. | Protecting host-based intrusion detectors through virtual machines | |
| JP2009521020A (en) | A practical platform for high-risk applications | |
| CA2789243A1 (en) | Systems and methods for the detection of malware | |
| EP4229532B1 (en) | Behavior detection and verification | |
| Deng et al. | Lexical analysis for the webshell attacks | |
| Ullah | Detecting lateral movement attacks through SMB using bro | |
| AU2016101012A4 (en) | Secured analysis system and methodology using the Augmented REAPP computer analysis system and methodology | |
| US20230019015A1 (en) | Method and system for detecting and preventing application privilege escalation attacks | |
| US10972469B2 (en) | Protecting critical data and application execution from brute force attacks | |
| KR20100067383A (en) | Server security system and server security method | |
| Venkatraman | Autonomic context-dependent architecture for malware detection | |
| CN113259939B (en) | Terminal credibility authentication method and system based on electronic signature | |
| Panagiotakopoulos | Assessing open and closed EDRs | |
| US20240126869A1 (en) | Human interface device firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK21 | Patent ceased section 101c(b)/section 143a(c)/reg. 9a.4 - examination under section 101b had not been carried out within the period prescribed |