Computer system protection

US 20040139334A1
Filed: 07/11/2003
Published: 07/15/2004
Est. Priority Date: 01/13/2001
Status: Active Grant

First Claim

Patent Images

1. Computer system protection including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes means (64, 68, 208) for encrypting potentially harmful data to render it harmless and means (80) for decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer system protection to protect against harmful data from an external computer network (60) (e.g. the Internet) involves supplying incoming data (62) to a software checker (64) as the data enters a computer system (not shown). The checker (64) routes any suspect data (66) to an encryptor (68) which encrypts it to render it unusable and harmless. Encrypted data passes to a computer (72) in an internal network (74) and having a desktop quarantine area or sandbox (76) for suspect data. The computer (72) runs main desktop applications (78) receiving encrypted data (70) for storage and transfer, but not for use in any meaningful way because it is encrypted. Equally well applications (78) cannot be interfered with by encrypted data (70) because encryption makes this impossible. On entry into the sandbox (76), the encrypted data (70) is decrypted to usable form; it then becomes accessible by software (204) suitable for use in the sandbox (76) subject to sandbox constraints.

87 Citations

View as Search Results

23 Claims

1. Computer system protection including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes means (64, 68, 208) for encrypting potentially harmful data to render it harmless and means (80) for decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76).
- View Dependent Claims (2, 3, 4, 5)
- - 2. Computer system protection according to claim 1 characterised in that the sandbox application (76) is arranged to employ a desktop application (82) which does not communicate with applications (78) associated with a main desktop (200) of a computer system (72) to which the protection is applied.
  - 3. Computer system protection according to claim 1 or 2 characterised in that it includes means (208) for enabling a user to retrieve data from the sandbox application (76) in encrypted form for relaying to expert inspection.
  - 4. Computer system protection according to claim 1, 2 or 3 characterised in that it includes means (210) for checking decrypted data released from the sandbox desktop (76) for potentially harmful content.
  - 5. Computer system protection according to claim 1, 2 or 3 characterised in that it is mounted upon a computer (72) linked via a firewall (108) to an external network (60).

6. A protected computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that it also includes a firewall (108) protecting a checker (116) from an external network (60) to which it is linked, the checker (116) includes means (64, 68) for encrypting potentially harmful data to render it harmless and the system (72) has means (80) for decrypting encrypted data for processing by means of the sandbox application (76).
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. A protected computer system according to claim 6 including software (208) for encrypting potentially harmful data which a user may wish to process using applications (78) associated with a main desktop (200) of the system (72) instead of a sandbox application (76).
  - 8. A protected computer system according to claim 6 characterised in that the sandbox application (76) is arranged to employ a desktop application (82) which does not communicate with applications (78) associated with a main desktop (200) of a computer system (72) to which the protection is applied.
  - 9. A protected computer system according to claim 8 characterised in that it includes software (208) for enabling a user to retrieve data from the sandbox application (76) in encrypted form for relaying to expert inspection.
  - 10. A protected computer system according to claim 6, 7, 8 or 9 characterised in that it includes software (210) for checking decrypted data released from the sandbox desktop (76) for potentially harmful content.
  - 11. A protected computer system according to claim 6, 7, 8 or 9 characterised in that it is linked via a firewall (108) to an external network (60).

12. A method of protecting a computer system against harmful data, the system (72) including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the method incorporates the steps of:
- a) encrypting potentially harmful data to render it harmless, and b) decrypting encrypted data for processing by means of an application (82) constrained by the sandbox application (76).
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method of protecting a computer system according to claim 12 characterised in that the sandbox incorporates a desktop application (82) which does not communicate with applications (78) associated with a main desktop (200) of a computer system (72) protected by the method.
  - 14. A method of protecting a computer system according to claim 12 or 13 characterised in that it includes the step of retrieving data from the sandbox application (76) in encrypted form for relaying to expert inspection.
  - 15. A method of protecting a computer system according to claim 12, 13 or 14 characterised in that it includes checking decrypted data released from the sandbox desktop (76) for potentially harmful content.
  - 16. A method of protecting a computer system according to claim 12, 13 or 14 characterised in that the computer system (72) is linked via a firewall (108) to an external network (60).

17. A method of protecting a computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the method includes:
- a) using a firewall (108) to protect a checker (116) from an external network (60) to which the system (72) is linked, b) using the checker (116) to encrypt potentially harmful data to render it harmless, and c) decrypting encrypted data for processing by the sandbox application (76).

18. Computer software for protecting a computer system against harmful data, the system (72) including a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the computer software is arranged to:
- a) encrypt potentially harmful data to render it harmless, and b) decrypt encrypted data for processing while being constrained by the sandbox application (76).
- View Dependent Claims (19, 20, 21, 22)
- - 19. Computer software according to claim 18 characterised in that it incorporates within the sandbox a desktop application (82) arranged not to communicate with applications (78) associated with a main desktop (200) of a computer system (72) which it protects.
  - 20. Computer software according to claim 18 characterised in that it is arranged to retrieve data from the sandbox application (76) in encrypted form for relaying to expert inspection.
  - 21. Computer software according to claim 18 characterised in that it is arranged to check decrypted data released from the sandbox desktop (76) for potentially harmful content.
  - 22. Computer software according to claim 18 characterised in that the computer system (72) is linked via a firewall (108) to an external network (60).

23. Computer software for protecting a computer system having a sandbox application (76) for receiving potentially harmful data and defining a sandbox desktop, characterised in that the computer software is arranged to:
- a) implement a firewall (108) protecting a checker (116) from an external network (60) to which the system (72) is linked, b) implement encryption by the checker (116) to encrypt potentially harmful data to render it harmless, and c) decrypt encrypted data for processing by the sandbox application (76).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qinetiq Limited (QinetiQ Group PLC)
Original Assignee
Qinetiq Limited (QinetiQ Group PLC)
Inventors
Wiseman, Simon Robert

Granted Patent

US 7,398,400 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/188
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/562   Static detection

Computer system protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links