Computer system protection
First Claim
1. Computer system protection including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes means (64, 68, 208) for encrypting potentially harmful data to render it harmless and means (80) for decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76).
1 Assignment
0 Petitions
Accused Products
Abstract
Computer system protection to protect against harmful data from an external computer network (60) (e.g. the Internet) involves supplying incoming data (62) to a software checker (64) as the data enters a computer system (not shown). The checker (64) routes any suspect data (66) to an encryptor (68) which encrypts it to render it unusable and harmless. Encrypted data passes to a computer (72) in an internal network (74) and having a desktop quarantine area or sandbox (76) for suspect data. The computer (72) runs main desktop applications (78) receiving encrypted data (70) for storage and transfer, but not for use in any meaningful way because it is encrypted. Equally well applications (78) cannot be interfered with by encrypted data (70) because encryption makes this impossible. On entry into the sandbox (76), the encrypted data (70) is decrypted to usable form; it then becomes accessible by software (204) suitable for use in the sandbox (76) subject to sandbox constraints.
87 Citations
23 Claims
- 1. Computer system protection including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes means (64, 68, 208) for encrypting potentially harmful data to render it harmless and means (80) for decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76).
- 6. A protected computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes a firewall (108) protecting a checker (116) from an external network (60) to which it is linked, the checker (116) includes means (64, 68) for encrypting potentially harmful data to render it harmless and the system (72) has means (80) for decrypting encrypted data for processing by means of the sandbox application (76).
-
12. A method of protecting a computer system against harmful data, the system (72) including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the method incorporates the steps of:
-
a) encrypting potentially harmful data to render it harmless, and b) decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76). - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of protecting a computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the method includes:
-
a) using a firewall (108) to protect a checker (116) from an external network (60) to which the system (72) is linked, b) using the checker (116) to encrypt potentially harmful data to render it harmless, and c) decrypting encrypted data for processing by the sandbox application (76).
-
-
18. Computer software for protecting a computer system against harmful data, the system (72) including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the computer software is arranged to:
-
a) encrypt potentially harmful data to render it harmless, and b) decrypt encrypted data for processing while being constrained by the sandbox application (76). - View Dependent Claims (19, 20, 21, 22)
-
-
23. Computer software for protecting a computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the computer software is arranged to:
-
a) implement a firewall (108) protecting a checker (116) from an external network (60) to which the system (72) is linked, b) implement encryption by the checker (116) to encrypt potentially harmful data to render it harmless, and c) decrypt encrypted data for processing by the sandbox application (76).
-
Specification