WO2000075782A1 - Systeme de securite - Google Patents

Systeme de securite Download PDF

Info

Publication number
WO2000075782A1
WO2000075782A1 PCT/GB2000/002082 GB0002082W WO0075782A1 WO 2000075782 A1 WO2000075782 A1 WO 2000075782A1 GB 0002082 W GB0002082 W GB 0002082W WO 0075782 A1 WO0075782 A1 WO 0075782A1
Authority
WO
WIPO (PCT)
Prior art keywords
changes
configuration information
security
monitoring station
information
Prior art date
Application number
PCT/GB2000/002082
Other languages
English (en)
Inventor
Nicholas Peter Carter
Original Assignee
Nicholas Peter Carter
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nicholas Peter Carter filed Critical Nicholas Peter Carter
Priority to AU49413/00A priority Critical patent/AU4941300A/en
Publication of WO2000075782A1 publication Critical patent/WO2000075782A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Definitions

  • the present invention generally relates to a security system for monitoring the change of configuration of equipment indicating the possibility of a security breach.
  • the present invention also relates to an equipment auditing system.
  • a first aspect of the present invention provides a method of monitoring apparatus by keeping a record of the configuration information for the apparatus remote from the apparatus .
  • Configuration information for a number of apparatuses can be stored.
  • the configuration information for the apparatus is monitored in order to determine any changes .
  • changes occur in the configuration of the apparatus these are transmitted to remote monitoring equipment.
  • the configuration information for the apparatus can provide a "signature" unique for the hardware and the use to which the apparatus is put.
  • the configuration information can give a "signature" for the software configuration of the apparatus.
  • the configuration information can include details on the user and details on the location of the apparatus .
  • the technique can be applied by only transmitting changes within the configuration information which are pertinent to security.
  • the designation of certain information parameters as pertinent to security will be dependent upon the apparatus and the use to which it is put.
  • the configuration information for the apparatus is automatically determined and transmitted to the remote monitoring equipment at some initial stage.
  • the remote monitoring equipment can store a database of configuration parameters for a number of apparatuses.
  • the remote monitoring equipment is able to keep an up to date database of configuration information for a number of apparatuses. This therefore provides an efficient automated auditing system.
  • an embodiment of the present invention provides a security aspect by requiring the user to register by submitting manually entered configuration information for the apparatus. This can be compared with the automatically transmitted configuration information in order to identify a discrepancy.
  • This feature of the present invention provides insurance companies for example, with a means for confirming that the insured party has correctly specified the insured equipment and thus avoids insurance fraud.
  • the configuration information for the apparatus can include a large number of parameters and is dependent upon the apparatus.
  • the configuration information can include information on the hardware components of the apparatus, and information on the use of the apparatus by a user. This latter information can provide information on a pattern of use of the apparatus by the user.
  • breach of security e.g. theft of a computer, because an unauthorised user will use the apparatus in quite a different way from an authorised user.
  • the configuration information can include information on the software loaded on the computer.
  • the present invention is intended to operate covertly.
  • the determination of changes in configuration information and the transmission of the changes are not apparent to a user to avoid the possibility of an unauthorised user overriding the transmission of the changes which warn of a security breach.
  • Apparatus which includes means of communication is able to directly communicate with the remote monitoring equipment in order to transmit the changes in configuration information.
  • Examples of such apparatus are mobile phones, and other computer equipment equipped with a modem or network card for connection to a local area network.
  • the apparatus includes means to output the changes in association with information or instructions which are intended for input to another apparatus.
  • the changes are output together with instructions to cause them to be transmitted as a package attached to information or instructions output from the apparatus.
  • This package thus acts as a virus or trojan in a computer system.
  • the package When an apparatus receives the package, if it has transmission means, the package is activated and transmits the changes. If the apparatus does not have a transmission means, the package is simply passed on as an output attached to information. In this way the package is propagated between computers until it is transmitted successfully to the remote monitoring equipment.
  • an automatic audit system in which apparatus configuration information is transmitted from a plurality of apparatuses to an auditor station. Changes in the configuration information for the apparatus are monitored by the apparatus and these changes are transmitted to the auditor station. In this way the auditor station keeps an accurate record of the configuration information for the apparatuses.
  • Figure 1 is schematic diagram of a generalised embodiment of the present invention
  • Figure 2 is a flow diagram illustrating the operation of the embodiment of Figure 1;
  • Figure 3 is a schematic diagram of a computer in accordance with a first embodiment to the present invention.
  • Figure 4 is a flow diagram illustrating a first method of installing the program to implement the embodiment of Figure 3
  • Figure 5 is a flow diagram of another method of installing the program to implement the embodiment of Figure 3 ;
  • Figure 6 is a flow diagram illustrating the operation of the embodiment illustrated in Figure 3;
  • FIG. 7 is a flow diagram illustrating in more detail the transmission step S46 of Figure 6;
  • Figure 8 is a schematic diagram of a network embodiment of the present invention
  • Figure 9 is a flow diagram of the method of installing the software in the network embodiment of Figure 8 ;
  • Figure 10 is a flow diagram of the steps carried out in the implementation of the embodiment of Figure 8.
  • a number of pieces of equipment la, lb, lc and Id are connected to a communications network 2 and thereby to remote monitoring equipment 3.
  • the communications network 2 can comprise any means of communication to remote monitoring equipment e.g. a telecommunications network requiring direct dialling by each piece of equipment la, lb, lc and Id to the remote monitoring equipment 3, the internet requiring each of the pieces of equipment la, lb, lc and Id to have an internet connection, or a wireless network such as a cellular network for mobile telephones.
  • Each of the pieces of equipment la, lb, lc and Id have unique configuration parameters which are dependent upon any one of a number of parameters such as hardware, software and the use to which the equipment is put by the user.
  • step SI the user of the equipment la, lb, lc or Id registers with the party operating the remote monitoring equipment 3 and submits configuration information which has been entered manually. For example, the user is required to provide details of the hardware and software provided at the equipment together with personal details.
  • step S2 the user then loads the security program onto the user's equipment and in step S3 the security program determines the configuration information and the equipment and transmits it to the remote monitoring equipment 3.
  • the submitted configuration information is compared with the transmitted configuration information to determine if there are any discrepancies in step S5. If there is a discrepancy, in step S10 the party operating the remote monitoring equipment 3 will contact the user to try to clarify why this discrepancy has arisen.
  • the remote monitoring equipment 3 can be operated by an insurer and an insured party can be required to install the security program as well as submit information on the equipment that they wish to insure. Any discrepancy between information submitted and information automatically detected may indicate an attempt at insurance fraud.
  • the remote monitoring equipment 3 stores configuration information for each of the pieces of equipment la, lb, lc and Id thus enabling the auditing of the equipment.
  • the system illustrated in Figure 1 comprises a company computer network i.e. the communications network 2 comprises a local area network.
  • the security program Having obtained the initial configuration information from each of the pieces of equipment la, lb, lc and Id, the security program then proceeds to monitor the equipment in step S6 and in step S7 it detects whether there are any changes. When changes occur, in step S8 the equipment transmits the changes to the remote monitoring equipment 3. In this way the remote monitoring equipment 3 is kept up to date with all configuration changes and thus maintains an up to date audit.
  • step S9 the party operating the remote monitoring equipment 3 can consider whether the changes are significant i.e. pertinent to security. For example, the mere fact that new software has been loaded need not be an indication of a security breach. However, change of a user name, change of user personal details, or change of connection parameters may point towards a security breach and could thus lead the party operating the remote monitoring equipment 3 to contact the user in step S10.
  • step S9 If the changes are not considered significant in step S9, the process returns to step S6 whereby the security program continues to monitor the equipment.
  • FIG 3 schematically illustrates a computer for use in this embodiment of the present invention.
  • the computer comprises a conventional computer bus 10 linking conventional components of the computer together i.e. pointing device (mouse) 11, the keyboard 12, the display 13, the processor 14, the modem 15, the volatile memory 16, and the disk storage medium 17.
  • the processor implements process steps stored as computer program modules in the disk storage medium 17.
  • the volatile memory 16 is provided as a working memory for use by the processor 14.
  • the modem 15 is provided to enable transmission of configuration information to a remote monitoring station (not shown).
  • This embodiment of the present invention illustrates the data structure used by the Microsoft Windows 95TM operating system.
  • the Windows 95 operating system uses a data structure termed the system registry which stores configuration information required by or used by the hardware of the computer and by the software implemented on the computer.
  • the structure of the system registry in the Windows 95 operating system is well documented in text books and will be familiar to a skilled person in the art. However, a brief overview will now be given.
  • the system registry comprises a data structure presented to a user of the operating system as though it was a file structure. However, the entries in the registry are not stored as a file structure.
  • the only files which are stored permanently in the disk storage medium 17 are the system.dat and the user.dat files.
  • the system.dat file contains configuration information for the hardware and software which is not specific to the users.
  • the user.dat file contains configuration information which is specific to the or each user of the computer.
  • the permanently stored system.dat and user.dat files are copied to temporary files user.daO and system. daO. These are used as the working copies of the files whilst the computer is running.
  • the registry data structure is provided to the user as can be seen in Figure 3.
  • the registry is presented as a data structure having keys. The six keys of the registry are: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCA_MACHINE
  • Each of the keys has a number of subkeys each of which have subkeys etc. In this way the keys are arranged as a data structure.
  • the HKEY_CLASSES_ROOT key contains object linking and embedding (OLE) information and information about the relationships that exist among file classes.
  • the HKEY_CURRENT_USER key contains a user profile of the user who is currently logged on. This information includes environment variables set by the current user and the user's personal program groups (desk top settings, network connections, printers, and application preferences).
  • the HKEY_LOCAL_MACHINE key contains information about the local work station currently in use, including startup control data and hardware and operating system data.
  • the hardware information includes data about the local work stations desktops, the systems memory, and device drivers used by the system.
  • the HKEY_LOCAL_MACHINE key is formed from the data in the user.daO file on the disk of the disk storage medium 17.
  • the subkey classes under the subkey software of the key HKEY_LOCAL_MACHINE key is used to form the entries in the HKEY_CLASSES_ROOT key.
  • the HKEY USERS key is currently loaded user profiles, including the one maintained in the HKEY CURRENT_USER key.
  • the HKEYJJSERS key is formed from data stored in the temporary system file system. daO stored on the disk storage medium 17.
  • the HKEY_CURRENT_USER key is always a subkey of the HKEY_USERS key and is always a default profile.
  • the HKEY CURRENT CONFIG key is mapped from a specific configuration in the HKEY_LOCAL_MACHINE key.
  • the HKEY_DYN_DATA key stores dynamic data for the current system configuration and maintains a set of performance statistics that show how the system is running.
  • the data for this key is never stored on the disk storage medium 17 and is only ever kept in the volatile memory 16.
  • the registry can be treated as a file system and is addressable as if it were a file system.
  • the inventor of the present invention has realised that because of this it is possible not only to store information in the registry but also store program code.
  • a new subkey SECURITY has been added under the HKEY_LOCAL_MACHINE key.
  • the SECURITY subkey has itself two subkeys PROGRAM and DATA.
  • the PROGRAM subkey stores the program code for execution by the processor 14 to implement the embodiment of the present invention.
  • the DATA subkey stores a copy of the HKEY_LOCAL_MACHI E key data and the HKEY_USERS key data.
  • the program can be addressed using "MYCOMPUTER/
  • MACHINE/SOFTWARE/CLASSES/SECURITY/PROGRAM "Because the security program is stored as a subkey in the HKEY_LOCAL MACHINE key, it is stored in the system.dat file when the computer is shut down and it can thus be accessed using a disk address.
  • the file is hidden.
  • the registry is a very large and complex data structure and thus only experienced computer users would have a chance of locating the program as a key in the registry. This is of course, assuming that they are expecting to find it. Further, because it is not stored as a file, it cannot easily be deleted. For example, it is not possible simply to delete all files and reinstall Windows 95.
  • the registry files system.dat and user.dat are stored as hidden files on the hard disk and when Windows 95 is reinstalled, it looks for these files stored on the disk so that it can use a previous copy of the registry.
  • FIG. 4 is a flow diagram of a first method of installation of the program.
  • step S20 the set up process is initiated for example, by entering a floppy disk with the initialisation program installed and typing the command "setup.exe”.
  • step S21 the security program code is copied to the new subkey PROGRAM under the SOFTWARE subkey of the HKEY_LOCAL_MACHINE key.
  • step S22 a registry entry for the program to run on bootup is then added and in step S23 the computer is rebooted. During reboot the system.dat file is updated using the temporary system file ( system.daO) during the reboot operation in step S24. The computer then runs on bootup in step S25.
  • system.daO temporary system file
  • the installation program is able to directly copy the security program code into the new key in the registry.
  • Figure 5 is a flow diagram illustrating an alternative embodiment in which the set up process does not directly copy the security program code into the registry but instead installs a program which can do so.
  • step S30 the set up process is initiated and in step S31 the installation program and security program code are copied to a folder on the disk.
  • step S32 the installation program is run and in step S33 the security program code is copied to a new subkey PROGRAM under the SOFTWARE subkey of the HKEY_LOCAL_MACHINE key.
  • step S34 the registry entry for the program to run on bootup is then added and in step S35 all registry entries for the installation program and the security program code in the folder are deleted together with the folder itself.
  • the computer is then rebooted in step S36 and in step S37 the system.dat file is updated using the temporary system file ( system.daO) during the reboot operation. Following the reboot operation the security program is then implemented (step S38).
  • the security program is installed in the registry so as to run on bootup to identify changes in the configuration information for the computer.
  • step S41 the security program determines whether the DATA subkey has a data entry. If not, the data in the LOCAL__MACHINE and USERS keys are transmitted to the remote monitoring equipment in step S49. In step S50 it is then determined whether the transmission has been successful. If not, the program can periodically retry to transmit in step S51. After a predetermined number of unsuccessful retries, the program will terminate in step S53. If in step S50 the transmission had been successful, the LOCAL_MACHINE and USERS data will be copied to the new DATA subkey in step S52 and the process will then terminate in step S53.
  • steps S49 to S52 provide a means by which a remote monitoring party can automatically receive configuration information for the computer. This can be used for auditing purposes as well as for security monitoring.
  • step S41 If in step S41 there is a data entry present in the DATA subkey, in step S42 the data in the LOCAL_MACHINE and USERS keys are compared with the data in the security programs DATA subkey in the registry. In step S43 it is then determined if there is a difference. If there has been no change in configuration the security program terminates in step S43.
  • the method by which the comparisons can take place in step S42 is by a simple text string comparison.
  • the data can be identified by the key path, the name of the data (since each key can contain more than one data item) and the data content itself as: path I name
  • an optional step S44 can determine whether these changes are "critical". If they are not critical, the program may terminate in step S53.
  • the reason for the optional step S44 is to provide a means for screening out configuration changes which are not pertinent for security. In an implementation for auditing purposes, all configuration changes can be transmitted. However, for a security implementation, it may be desirable only to transmit changes which are considered to be significant. In order to set the changes which are considered to be "critical” it is simply necessary to flag keys which are pertinent to security. The following list some of the keys for which changes could be critical.
  • HKEY_USERS ⁇ default ⁇ RemoteAccess ⁇ Profile ⁇ ISPName ⁇ Terminal - (This gives the phone number)
  • HKEY_USERS Default ⁇ Software ⁇ Microsoft ⁇ WindowsMessaging Subsystem ⁇ Profiles ⁇ MSExchangeSettings ⁇ d27c21ebe56f /OOleOclf - (This gives home fax number)
  • HKEY_USERS - Any user added or especially deleted after default.
  • HKEY_CURRENT_USERS Software ⁇ Microsoft ⁇ WindowsMessaging Subsystem ⁇ Profiles ⁇ MSExchangeSettings 3. Changes in program use (i.e. new applications loaded or old ones deleted)
  • HKEY_CURRENT_USERS Software ⁇ VendorName - (i.e. Adobe, Microsoft etc.)
  • step S45 the changes or "critical" changes are encrypted for security purposes.
  • the encryption technique used can comprise any conventional encryption technique such as Blowfish.
  • step S46 the changes are covertly or secretly transmitted to the remote monitoring party.
  • step S47 it is then determined whether the transmission has been successful. If not, in step S54 retransmissions can be periodically retried. If there is still no successful transmission the security program can terminate in step S53.
  • step S48 the data in the security program data key in the registry is updated.
  • step S55 the changes are checked to determine whether there has been a security breach. Where the changes appear significant, the remote monitoring party may take the steps of contacting the computer user to determine that there has been a security breach e.g. whether the computer has been stolen. The remote monitoring party may however have been informed that the user's circumstances have changed and that configuration changes are to be expected and therefore the remote monitoring party will not take any action and will simply update the configuration information kept for the computer.
  • FIG. 7 is a flow diagram illustrating step S46 of Figure 6 in more detail.
  • step S60 it is determined during bootup whether there is a network connection or a modem present.
  • step S61 the type of connection is then determined if there is no connection, in step S62 the program terminates. If there is a network connection, in step S67 the changes are transmitted over the network.
  • step S66 the security program then deletes the connection log and removes all records of the connection and the program terminates in step S62.
  • step S63 it is determined whether there is an internet connection via an internet service provide (ISP). If so, in step S65 the changes are transmitted over the internet. If not, the changes are transmitted by directly dialling the remote monitoring equipment and making a direct connection in step S64. Whenever a modem is used, in order to ensure secrecy, the modem loud speaker is turned off using the command "ATDO". Then in step S66 the connection log is deleted and all records of the connection is removed. The program then terminates in step S62.
  • ISP internet service provide
  • connection is made via the direct dial technique in step S64, not only can the remote monitoring party receive the changes in the configuration information but also they can obtain the telephone number from which the connection was made using the caller ID facility provided by telecommunications networks. Thus, this information can be used to identify the location of the computer should this be necessary in order to trace a security breach e.g. theft of the computer.
  • the embodiment of the present invention described in reference to Figures 3 to 7 can be used on computers which have any type of communications link e.g. modem, ISDN terminal, or network card.
  • the server in the network can intercept the transmitted changes in order to filter them and maintain an audit of the software and hardware of the computers in the network.
  • Such an embodiment will now be described with reference to Figures 8 to 10.
  • Figure 8 is a schematic diagram of a computer network in which clients 21, 22 and 23 are connected over a network 20 to a server 24 and a communications link 25.
  • the security program 21b, 22b and 23b is stored in the respective registry 21a, 22a and 23a.
  • the security program 24b is stored in the server registry 24a.
  • the server 24 additionally includes an administration program 24c for carrying out administration duties as will be described hereinafter in more detail.
  • the communications link 25 provides a means of communication to a remote monitoring party 26 for monitoring changes in the configuration parameters of the computers 21, 22 and 23 of the network.
  • FIG 9 is a flow diagram illustrating the setting up of the system.
  • the security program is installed on the server.
  • the administration program is installed on the server.
  • the administration program causes the deployment of the security program to the clients.
  • the clients install and run the security program as has been described hereinabove with reference to the first embodiment.
  • the server receives the configuration information from the clients and collates this to form audit information.
  • the manager operating the server is able to automatically obtain an audit of the hardware and software provided in the network. Further, as will be described hereinafter the audit information is automatically updated when changes in the configuration information is received from the clients.
  • the manager of the network has a completely updated audit automatically provided.
  • Figure 10 is a flow diagram illustrating the operation of the embodiment.
  • step S81 when configuration changes are made at a client, in step S81 the client transmits the changes.
  • the server receives the changes and updates the audit information. This may not be necessary if the audit information has already been changed. For example, if the manager has already been asked permission for a computer to move location, e.g. change a network address, the manager may manually enter this in the audit information and thus when the changes are received, the audit information may not require updating.
  • step S83 the server is able to filter the changes in order to filter out any changes which are not pertinent to security. Such a decision may be based upon network parameters. For instance, changes which only indicate local movement of the computers may be filtered out since this merely indicates local mobility of the computers within the office and therefore this information need not be passed on to the remote monitoring party.
  • step S84 the server will then transmit any changes after filtering to the remote monitoring party.
  • the supervision by the server and the monitoring by the remote monitoring party effectively provides two levels of monitoring. This allows for decisions to be made regarding information on changes at two different levels i.e. at a local level and at a remote level . Because the server is able to access the register of the clients, the administration program is also able to check to determine whether the audit information matches the information in the registry of the clients. If there is a discrepancy, it indicates that the security program has not successfully transmitted the changes to the server. The manager of the network will then be able to investigate the reasons for this.
  • the security program if it is unable to transmit the changes within a time period of for example 24 to 48 hours, it will generate a program packet which includes the changes and a self executable program module much like a virus. This will be copied onto the first n disks loaded into the disk drive of the computer, where n is some predetermined number.
  • the packet When the disk with the program packet is inserted into another computer, the packet will determine whether the computer has a communications link available. If it does, the computer packet will launch itself and transmit the changes to the remote monitoring party using this "host" computer. The program packet will then remove all traces of itself. If the "host" computer does not have a communications link available, the program packet will replicate onto n floppy disks inserted into the computer in order to be passed onto other computers to repeat the exercise.
  • the number of "generations” of this "virus” can be limited in order to limit the spread.
  • the present invention is not limited to this.
  • the present invention is applicable to any apparatus such as mobile telephones, intelligent peripheral devices such as printers, set top boxes, cars, boats or yachts, and aeroplanes.
  • the computer program is hidden (in the registry). This provides an added level of security but the computer program could be stored more conventionally as a file in a folder.
  • the configuration information which is monitored in the present invention can comprise any configuration information which can identify a machine, such as hardware, software, and user parameters.
  • the user parameters particularly provide information on a pattern of use and thus provide very specific configuration information. When equipment is used without authority e.g. stolen, a user will typically enter many configuration parameters which will identify the user. These will be transmitted to the remote monitoring party enabling a rapid identification of the unauthorised user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système de sécurité qui conserve une trace des informations de configuration destinées à un appareil au niveau d'une station de contrôle. Les modifications d'informations de configuration destinées à l'appareil sont contrôlées par l'appareil et ces modifications sont transmises à la station de contrôle. Cette dernière peut ainsi rapidement évaluer si les modifications de configuration sont représentatives d'une brèche de sécurité et dans l'affirmative elle peut entreprendre toute action appropriée.
PCT/GB2000/002082 1999-06-02 2000-05-31 Systeme de securite WO2000075782A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU49413/00A AU4941300A (en) 1999-06-02 2000-05-31 Security system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9912817A GB2350704A (en) 1999-06-02 1999-06-02 Security system
GB9912817.5 1999-06-02

Publications (1)

Publication Number Publication Date
WO2000075782A1 true WO2000075782A1 (fr) 2000-12-14

Family

ID=10854611

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2000/002082 WO2000075782A1 (fr) 1999-06-02 2000-05-31 Systeme de securite

Country Status (3)

Country Link
AU (1) AU4941300A (fr)
GB (1) GB2350704A (fr)
WO (1) WO2000075782A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001077794A2 (fr) * 2000-04-06 2001-10-18 Granite Technologies, Inc. Systeme et methode de surveillance et de commande en temps reel d'un environnement informatique et de profile de configuration
US10721129B2 (en) 2005-03-31 2020-07-21 Tripwire, Inc. Automated change approval

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0121497D0 (en) * 2001-09-05 2001-10-24 Cryptic Software Ltd Network security
EP1338939A1 (fr) * 2002-02-22 2003-08-27 Hewlett-Packard Company Dispositif de validation d'état d'un ordinateur
DE60307432T2 (de) * 2003-05-07 2007-03-29 M-Stack Ltd. Vorrichtung und Verfahren zum Bearbeiten von gleichzeitigen UTRAN Funkressourcenkontrollprozessen, die die Sicherheitskonfiguration ändern, in einem UMTS Teilnahmegerät
CA2428300C (fr) * 2003-05-07 2008-08-05 M-Stack Limited Appareil et methode de traitement des procedures simultanees de commande des ressources radio du reseau universel d'acces radio de terre qui changent la configuration de securite dans un equipement d'utilisateur du systeme universel de telecommunications mobiles
US7212805B2 (en) 2003-05-07 2007-05-01 M-Stack Limited Apparatus and method of handling simultaneous universal terrestrial radio access network radio resource control procedures which change the security configuration in a universal mobile telecommunications system user equipment
WO2004100583A1 (fr) * 2003-05-07 2004-11-18 M-Stack Limited Appareil et procede permettant de gerer des procedures de commande de ressources radio utran
DE112007000482A5 (de) * 2005-12-31 2008-11-27 Rwth Aachen Verfahren und Vorrichtung zum Schutz einer sich ständig ändernden Datenkonfiguration

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5287505A (en) * 1988-03-17 1994-02-15 International Business Machines Corporation On-line problem management of remote data processing systems, using local problem determination procedures and a centralized database

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2233485A (en) * 1989-06-23 1991-01-09 James Moore Equipment anti-theft monitor
GB2262372B (en) * 1991-12-03 1995-03-22 Bache Hugh Robert Ian Security system for electrical and electronic equipment
GB9212165D0 (en) * 1992-06-09 1992-07-22 Hartbrook Properties Limited Property protection system
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
GB9414683D0 (en) * 1994-07-21 1994-09-07 Kang Baljit S Enhancing security of electrical appliances
GB9624981D0 (en) * 1996-11-30 1997-01-15 Watkins Richard Improvements relating to security systems
GB9700094D0 (en) * 1997-01-04 1997-02-19 Siemens Measurements Ltd Security system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5287505A (en) * 1988-03-17 1994-02-15 International Business Machines Corporation On-line problem management of remote data processing systems, using local problem determination procedures and a centralized database

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001077794A2 (fr) * 2000-04-06 2001-10-18 Granite Technologies, Inc. Systeme et methode de surveillance et de commande en temps reel d'un environnement informatique et de profile de configuration
WO2001077794A3 (fr) * 2000-04-06 2002-10-17 Granite Technologies Inc Systeme et methode de surveillance et de commande en temps reel d'un environnement informatique et de profile de configuration
US10721129B2 (en) 2005-03-31 2020-07-21 Tripwire, Inc. Automated change approval
US10785110B2 (en) 2005-03-31 2020-09-22 Tripwire, Inc. Automated change approval

Also Published As

Publication number Publication date
AU4941300A (en) 2000-12-28
GB2350704A (en) 2000-12-06
GB9912817D0 (en) 1999-08-04

Similar Documents

Publication Publication Date Title
US7308712B2 (en) Automated computer vulnerability resolution system
US7657927B2 (en) Behavior-based host-based intrusion prevention system
JP4959282B2 (ja) アプリケーション稼働制御システムおよびアプリケーション稼働制御方法
EP1479187B2 (fr) Commande de niveaux d'acces dans des telephones au moyen de certificats de role
US7532882B2 (en) Method and system for automatically configuring access control
JP4524288B2 (ja) 検疫システム
US7669237B2 (en) Enterprise-wide security system for computer devices
CN103413083B (zh) 单机安全防护系统
CN101483658B (zh) 浏览器输入内容保护的系统和方法
US20070198525A1 (en) Computer system with update-based quarantine
US20080114957A1 (en) System and method to secure a computer system by selective control of write access to a data storage medium
EP1709556A1 (fr) Systeme et procede pour mettre en oeuvre une politique de securite sur des dispositifs mobiles en utilisant des profils de securite generes dynamiquement
EP1864238A1 (fr) Agent de service persistant
WO2007061730A1 (fr) Renforcement de la validite d'un abonnement
US20070079364A1 (en) Directory-secured packages for authentication of software installation
JP2009530748A (ja) 電子装置のidを判断する方法
US7200860B2 (en) Method and system for secure network service
WO2000075782A1 (fr) Systeme de securite
US20090172778A1 (en) Rule-based security system and method
Cisco Configuring Host IDS
US20020129152A1 (en) Protecting contents of computer data files from suspected intruders by programmed file destruction
Cisco Cisco Intrusion Detection System Host Sensor Quick Start
KR101041115B1 (ko) 권한제어에 의한 웹사이트 이용방법 및 시스템과 이를 위한기록매체
Poole III The End Users Security Primer
JPH11154086A (ja) ネットワークインストール方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP