专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017194637A1 SOFTWARE CONTAINER PROFILING 审中-公开
标题翻译：软件容器分析
公开(公告)号：WO2017194637A1
公开(公告)日：2017-11-16
申请号：PCT/EP2017/061237
申请日：2017-05-10
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： DANIEL, Joshua , EL-MOUSSA, Fadi
IPC分类号： G06F21/53 , G06F9/50
摘要： A method in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method comprising: receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining one or more characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and flagging the software component in execution based on a comparison of the baseline profile and the runtime profile so as to identify an undesirable performance of the software component.
摘要翻译：在具有操作系统的计算机系统中的方法，所述操作系统在所述操作系统中可执行的软件进程之间提供隔离，从而防止在所述操作系统中执行的第一进程访问在所述第二进程中执行的第二进程的资源所述方法包括：接收用于在所述操作系统中作为隔离进程执行的软件组件; 在运行时间处接收用于定义软件组件的一个或多个特征的软件组件的基线简档，用于识别软件组件的性能; 生成在所述操作系统中执行的所述软件组件的运行时间概况，所述操作系统定义正在执行的组件的特性以及基于基线简档和运行时简档的比较来标记正在执行的软件组件，以便识别软件组件的不合需要的性能。

2. 发明申请

WO2017129657A1 DISK ENCRYPTION 审中-公开
标题翻译：磁盘加密
公开(公告)号：WO2017129657A1
公开(公告)日：2017-08-03
申请号：PCT/EP2017/051610
申请日：2017-01-26
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： EL-MOUSSA, Fadi , DIMITRAKOS, Theo
IPC分类号： G06F21/53 , G06F9/455 , G06F21/62
CPC分类号： G06F21/6218 , G06F9/45558 , G06F21/53 , G06F2009/45562 , G06F2009/45587
摘要： A computer implemented method of providing whole disk encryption for a virtualised computer system comprising: providing a hypervisor having a data store and instantiating a disk image of the virtualised computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the encrypted duplicate disk in the first VM so as to provide an encrypted disk for the first VM.
摘要翻译：一种为虚拟化计算机系统提供整盘加密的计算机实现的方法，包括：提供具有数据存储器并将该虚拟化计算机系统的磁盘映像实例化为第一虚拟机（VM）的第一虚拟机（VM）虚拟磁盘，第一虚拟机的操作系统可以从该虚拟磁盘启动; 实例化所述管理程序中的第二VM，包括在其中执行的软件组件，其中所述数据存储是可由所述第一VM和所述第二VM访问的共享数据存储，所述方法还包括：所述软件组件使用特许凭证访问所述第一VM以安装软件代理，并且将管理程序数据存储中的第一VM的虚拟磁盘复制为复制盘，其中软件代理适用于加密写入第一VM的磁盘的数据并解密从其读取的数据在第一VM的运行时间; 并且软件组件加密复制盘并卸载复制的盘并将加密的复制盘安装在第一VM中以便为第一VM提供加密盘。

3. 发明申请

WO2017021155A1 CONTROLLED RESOURCE PROVISIONING IN DISTRIBUTED COMPUTING ENVIRONMENTS 审中-公开
标题翻译：分布式计算环境中的控制资源提供
公开(公告)号：WO2017021155A1
公开(公告)日：2017-02-09
申请号：PCT/EP2016/067310
申请日：2016-07-20
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： DANIEL, Joshua , DUCATEL, Gery , DIMITRAKOS, Theo
IPC分类号： G06Q20/36 , G06F21/62
CPC分类号： G06F21/6236 , G06Q20/065
摘要： A computer implemented method to provide allocation of one or more computing resources for a consumer computing component, each resource having a resource type and being provided by one or more resource providers, and the consumer having associated a quantity of tradeable value constraining an extent of resource consumption, the method comprising: defining one or more consumption rules for each of the resource providers, each consumption rule being associated with the consumer and defining: a type of resource; and one or more tradeable values corresponding to costs for consumption of resource, each tradeable value being associated with a particular configuration of the resource, wherein the consumption rules are recorded in a blockchain data structure; defining an optimisation rule associated with the consumer and including: a reference to each of the consumption rules associated with the consumer; a definition of one or more constraints on characteristics of resources; and a consumption optimisation function, wherein the optimisation rule is recorded in the blockchain, wherein, in use, a transaction is submitted to the blockchain to trigger consumption of one or more required types of resource and responsive to the transaction the optimisation rule determines one or more resource providers for providing resources of the required resource types and, for each determined provider, the optimisation function determines, based on the consumption rules, a particular configuration and an extent of consumption of each type of resource so as to control expenditure of the consumer's tradeable value.
摘要翻译：一种用于为消费者计算组件提供一个或多个计算资源的分配的计算机实现的方法，每个资源具有资源类型并且由一个或多个资源提供者提供，并且所述消费者具有约束资源的量的可交易价值量消费，该方法包括：为每个资源提供者定义一个或多个消费规则，每个消费规则与消费者相关联并且定义：资源类型; 以及与资源消耗成本相对应的一个或多个可交易价值，每个可交易价值与所述资源的特定配置相关联，其中所述消费规则被记录在块链数据结构中; 定义与消费者相关联的优化规则，并且包括：对与消费者相关联的每个消费规则的引用; 对资源特征的一个或多个限制的定义; 以及消费优化功能，其中所述优化规则被记录在所述块链中，其中在使用中，事务被提交给所述块链以触发一个或多个所需类型的资源的消费并且响应于所述事务，所述优化规则确定一个或多个用于提供所需资源类型的资源的更多资源提供商，并且对于每个确定的提供商，优化功能基于消费规则确定每种类型的资源的特定配置和消耗程度，以便控制消费者的可交易价值。

4. 发明申请

WO2017021154A1 ACCESS CONTROL 审中-公开
标题翻译：访问控制
公开(公告)号：WO2017021154A1
公开(公告)日：2017-02-09
申请号：PCT/EP2016/067309
申请日：2016-07-20
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： DUCATEL, Gery , DIMITRAKOS, Theo , DANIEL, Joshua
IPC分类号： G06F21/10 , G06F21/62 , G06Q20/36
CPC分类号： G06F21/62 , G06F21/10 , G06Q20/065
摘要： A computer implemented method of access control for a restricted resource of a resource provider in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components, the method comprising: identifying an access control role definition for access to the resource, the role including a specification of access permissions; defining a cryptocurrency for indicating authorisation to access the resource, the cryptocurrency being formed of tradeable units of value associated with records in the blockchain and wherein transfer of the cryptocurrency between records in the blockchain is validated by the miners; receiving a request from an authenticated resource consumer for authorisation to access the resource; and submitting a blockchain transaction to the miner components to transfer a quantity of cryptocurrency to a consumer record in the blockchain, the transaction including an identification of the role, such that the consumer record identifies that the consumer is authorised to access the resource in accordance with the role definition.
摘要翻译：一种用于网络连接的计算机系统中的资源提供者的受限资源的计算机实现的方法，其中可通过所述网络访问的块链数据结构存储由网络连接的矿工软件组件验证的数字签名的记录，所述方法包括：识别访问控制角色定义用于访问资源，角色包括访问权限的规范; 定义用于指示访问资源的授权的密码学性质，所述密码学性由与所述块链中的记录相关联的价值的可交换单元形成，并且其中所述块链中的记录之间的所述密码学转移的传输由所述矿工验证; 从认证的资源消费者接收用于授权访问所述资源的请求; 并且向所述矿工组件提交块链交易以将一定数量的密码转移到所述块链中的消费者记录，所述交易包括所述角色的标识，使得所述消费者记录识别所述消费者被授权根据所述消费者访问所述资源角色定义。

5. 发明申请

WO2017001109A1 REAL TIME INDEX GENERATION 审中-公开
标题翻译：实时指数生成
公开(公告)号：WO2017001109A1
公开(公告)日：2017-01-05
申请号：PCT/EP2016/061094
申请日：2016-05-18
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： CLAPHAM, Philip , PRIDAY, Kai
IPC分类号： G06F17/30 , H04L12/26
CPC分类号： G06F17/30324 , H04L43/04 , H04L43/0894
摘要： A computer implemented method of real-time index generation of data in a data stream during data stream recording to an archive, the method comprising: receiving a byte of the data stream; and adding an entry for the byte of the data stream to a bitmap index of bytes, the bitmap index indicating, for each possible byte value, a location in the archive of each of occurrences and non-occurrences of the byte value by a sequence of bit values in the bitmap index, wherein the bitmap index includes a count of a number of occurrences for each byte value, wherein a plurality of run length encoding (RLE) schemes are applied to sub-sequences of identical bit values for each byte value in the index, each RLE scheme having a different encoding type identified by an encoding type indicator and indicating a bit value and a number of bits in a sub-sequence, wherein a pair of RLE encoded sub-sequences of indications of non-occurrence of a byte value implies a single indication of an occurrence of the byte value between the pair.
摘要翻译：一种计算机实现的方法，在数据流记录期间将数据流中的数据实时索引生成到归档，所述方法包括：接收所述数据流的字节; 并且将数据流的字节的条目添加到字节的位图索引，位图索引针对每个可能的字节值指示每个出现的存档中的位置和字节值的不存在的一个序列位图索引中的位值，其中位图索引包括每个字节值的出现次数的计数，其中多个游程长度编码（RLE）方案被应用于每个字节值的相同位值的子序列所述索引，每个RLE方案具有由编码类型指示符识别并指示子序列中的比特值和比特数的不同编码类型，其中，一对RLE编码的子序列的不发生的字节值意味着该对之间发生字节值的单一指示。

6. 发明申请

WO2016146610A1 MALICIOUS ENCRYPTED NETWORK TRAFFIC IDENTIFICATION USING FOURIER TRANSFORM 审中-公开
标题翻译：使用FOURIER变换的恶意加密网络流量识别
公开(公告)号：WO2016146610A1
公开(公告)日：2016-09-22
申请号：PCT/EP2016/055507
申请日：2016-03-15
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： AZVINE, Ben , EL-MOUSSA, Fadi , KALLOS, George
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , G06F17/141 , H04L63/0428 , H04L63/1425 , H04L63/1441
摘要： A method for identifying malicious encrypted network traffic communicated via a network between a first and second computer system, the method comprising: monitoring network traffic over the network to detect a network connection as a new network connection; identifying characteristics of the network connection to determine a protocol of the network connection; retrieving a definition of a portion of network traffic for a network connection based on the determined protocol; evaluating Fourier transform coefficient values for each of a plurality of bytes in a portion of network traffic of the new network connection based on the retrieved definition; and comparing the evaluated coefficient values with a dictionary of one or more reference sets of coefficients, each of the one or more reference sets of coefficients being associated with a portion of network traffic of a malicious encrypted network connection, so as to determine if malicious encrypted network traffic is communicated over the network connection.
摘要翻译：一种用于识别通过第一和第二计算机系统之间的网络传送的恶意加密网络流量的方法，所述方法包括：监视网络上的网络流量以检测网络连接作为新的网络连接; 识别网络连接的特征以确定网络连接的协议; 基于所确定的协议来检索网络连接的一部分网络流量的定义; 基于所检索的定义，对所述新网络连接的网络流量的一部分中的多个字节中的每一个字节估计傅里叶变换系数值; 以及将评估的系数值与一个或多个参考系数集合的词典进行比较，所述一个或多个参考系数集合中的每一个与恶意加密网络连接的网络流量的一部分相关联，以便确定是否恶意加密网络流量通过网络连接进行通信。

7. 发明申请

WO2016071390A1 METHOD AND SYSTEM FOR SECURE COMMUNICATION WITH SHARED CLOUD SERVICES 审中-公开
标题翻译：安全通信与共享云服务的方法和系统
公开(公告)号：WO2016071390A1
公开(公告)日：2016-05-12
申请号：PCT/EP2015/075688
申请日：2015-11-04
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： EL-MOUSSA, Fadi , SAJJAD, Ali
IPC分类号： G06F9/455 , G06F21/60 , H04L29/06 , H04L9/08
CPC分类号： H04L63/0272 , G06F9/45558 , G06F21/53 , G06F21/606 , G06F2009/45587 , H04L12/4641 , H04L63/0435 , H04L63/06 , H04L67/10 , H04L67/125 , H04L69/14
摘要： A method of secure communication between a virtual machine in a set of virtual machines (602, 604, 606) and a shared software service (608) over a network (600), the method comprising: establishing a network connection between the virtual machine and the software service; communicating data between the virtual machine and the software service; establishing a tunnelling VPN connection for communication of encrypted network traffic between the virtual machine and the software service, access to the VPN connection being restricted so as to securely separate communication between the virtual machine and the software service from communication occurring with other virtual machines in the set, and wherein data is communicated between the virtual machine and the software service via the VPN connection. The VPN may also be established per application within the VM and per execution thread (620, 622, 624) of the shared service.
摘要翻译：一种在一组虚拟机（602,604,606）中的虚拟机与通过网络（600）的共享软件服务（608）之间进行安全通信的方法，所述方法包括：在所述虚拟机和软件服务; 在虚拟机和软件服务之间传送数据; 建立隧道VPN连接，用于在虚拟机和软件服务之间进行加密的网络流量的通信，对被限制的VPN连接的访问，以便将虚拟机与软件服务之间的通信安全地分开与与其中的其他虚拟机发生的通信设置并且其中通过VPN连接在虚拟机和软件服务之间传送数据。也可以在VM内的每个应用和每个共享服务的执行线程（620,622,624）中建立VPN。

8. 发明申请

WO2016046222A1 SECURE VIRTUALISED DATA VOLUMES 审中-公开
标题翻译：安全的虚拟数据卷
公开(公告)号：WO2016046222A1
公开(公告)日：2016-03-31
申请号：PCT/EP2015/071773
申请日：2015-09-22
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： DIMITRAKOS, Theo , SAJJAD, Ali
IPC分类号： H04L9/08 , H04L29/06 , G06F21/62
CPC分类号： H04L9/08 , G06F21/62 , G06F21/6209 , H04L9/0866 , H04L29/06 , H04L63/0428
摘要： A method of securing a virtual data volume storing data in a first virtualised computing environment comprising: deriving a cryptographic key for encrypting the data, the key being derived from first and second parameters; and encrypting the data, wherein the first parameter is generated for association with the virtualised data volume, and the second parameter is generated based on at least one characteristic of a second virtualised computing environment.
摘要翻译：一种保护在第一虚拟化计算环境中存储数据的虚拟数据卷的方法，包括：导出用于加密所述数据的密码密钥，所述密钥从第一和第二参数导出; 并且对数据进行加密，其中生成第一参数以与虚拟化数据卷相关联，并且基于第二虚拟化计算环境的至少一个特性生成第二参数。

9. 发明申请

WO2015140530A1 DYNAMIC IDENTITY CHECKING 审中-公开
标题翻译：动态身份检查
公开(公告)号：WO2015140530A1
公开(公告)日：2015-09-24
申请号：PCT/GB2015/050768
申请日：2015-03-17
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： DUCATEL, Gery, Michel , DIMITRAKOS, Theo
IPC分类号： G06F21/31 , H04L29/06
CPC分类号： H04L63/08 , G06F21/31 , G06F21/316 , H04L63/107 , H04L63/108 , H04L2463/082
摘要： A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualised shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule further defines one or more parameters for the identified authentication facilities.
摘要翻译：一种选择器装置，用于为在虚拟化共享计算环境中执行的软件服务选择一个或多个共享认证设备，所述软件服务包括用户访问所述服务的受限资源的用户请求的接口，所述请求具有相关联的用户上下文定义用户的一个或多个特征，并且所述软件服务还具有与所述服务相关联的多个认证规则，其中每个规则与一个或多个用户上下文相关联并且识别用于所述计算环境的一个或多个共享认证设备所述选择器装置包括：发射器，响应于经由所述接口接收到的用户请求，适于根据针对所接收到的请求的用户上下文检索的认证规则来实例化一个或多个认证设施，以便生成一个或多个认证设备用户对用户进行认证的更多挑战，其中t 他的认证规则进一步定义了用于所识别的认证设施的一个或多个参数。

10. 发明申请

WO2015097428A1 IMPROVED PATTERN MATCHING MACHINE WITH MAPPING TABLE 审中-公开
标题翻译：改进的图形匹配机与映射表
公开(公告)号：WO2015097428A1
公开(公告)日：2015-07-02
申请号：PCT/GB2014/053517
申请日：2014-11-27
申请人： BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
发明人： MISTRY, James
IPC分类号： G06F17/30
CPC分类号： G06F17/30985 , G06F17/30958 , G06N5/047 , H04L63/1416
摘要： A computer implemented method for generating a pattern matching machine for identifying matches of a plurality of symbol patterns in a sequence of input symbols, the method comprising: providing a state machine of states and directed transitions between states corresponding to the plurality of patterns; applying an Aho-Corasick approach to identify one or more mappings between states in the event of a failure, of the state machine in a state and for an input symbol, to transition to a subsequent state based on the directed transitions of the state machine, characterised in that one of the symbol patterns includes a wildcard symbol, and a mapping for a state representing pattern symbols including the wildcard symbol is provided in a hash table referenced based on a key, the key being based on a unique identifier of the state and the input symbol to be received, by the pattern matching machine in use, to constitute the wildcard symbol.
摘要翻译：一种用于生成用于识别输入符号序列中的多个符号模式的匹配的模式匹配机的计算机实现方法，所述方法包括：提供与所述多个模式相对应的状态之间的状态和定向转换的状态机; 应用Aho-Corasick方法来识别处于故障状态的状态机状态和输入符号之间的状态之间的一个或多个映射，以基于状态机的定向转换转换到后续状态，其特征在于，符号图案中的一个包括通配符号，并且在基于密钥引用的散列表中提供表示包括通配符号的模式符号的状态的映射，该密钥基于状态的唯一标识符，要由接收的输入符号，由使用中的模式匹配机构构成通配符号。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式