Data event logging in computing platform
First Claim
Patent Images
1. A computer entity comprising:
- a computer platform comprising a data processor and at least one memory device; and
a trusted component, said trusted component comprising a data processor and at least one memory device;
wherein said data processor and said memory of said trusted component are physically and logically distinct from said data processor and memory of said computer platform; and
a software agent operating on said computer platform, for monitoring at least one event occurring on said computer platform, and reporting said event to said trusted component.
2 Assignments
0 Petitions
Accused Products
Abstract
There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.
-
Citations
21 Claims
-
1. A computer entity comprising:
-
a computer platform comprising a data processor and at least one memory device; and a trusted component, said trusted component comprising a data processor and at least one memory device; wherein said data processor and said memory of said trusted component are physically and logically distinct from said data processor and memory of said computer platform; and a software agent operating on said computer platform, for monitoring at least one event occurring on said computer platform, and reporting said event to said trusted component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer entity comprising:
-
a computer platform having a first data processor and a first memory device; and a trusted monitoring component comprising a second data processor and a second memory device, wherein said trusted monitoring component stores an agent program resident in said second memory area, said agent program arranged to be copied to said first memory area for performing functions on behalf of said trusted component, under control of said first data processor.
-
-
10. A method of monitoring a computer platform comprising a first data processing means and a first memory means, said method comprising:
-
generating an interactive display for selecting at least one entity comprising said computer platform; generating a display of events which can be monitored; generating a display of entities of said computer platform; selecting at least one said entity; selecting at least one said event; and monitoring a said entity for a said event.
-
-
11. A computer entity comprising:
-
a computer platform comprising a first data processor and a first memory device; a trusted monitoring component comprising a second data processor and a second memory device; a first computer program resident in said first memory area and operating said first data processor, said first computer program reporting back events concerning operation of said computer platform to said trusted monitoring component; and a second computer program said second computer program resident in said second memory area of said trusted component, said second program operating to monitor an integrity of said first program. - View Dependent Claims (12, 13)
-
-
14. A method of monitoring a computer platform comprising a first data processor and a first memory means, said method comprising:
-
reading event data describing events occurring on at least one logical or physical entity comprising said computer platform; and securing said event data in a second data processing means having an associated second memory area, said second data processing means, said second memory area being physically and logically distinct from said first data processing means and said first memory area, such that said secure event data cannot be altered without such alteration being apparent. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method of monitoring a computer platform comprising a first data processing means and first memory means, said method comprising:
-
storing a monitoring program in a second memory area, said second memory area being physically and logically distinct from said first memory area; transferring said monitoring program from said second memory area to said first memory area; monitoring at least one entity of said computer platform from within said computer platform; and reporting an event data from said monitoring program to said second data processor.
-
-
21. A method of monitoring a computer platform comprising a first data processing and a first memory means, said method comprising:
-
monitoring at least one entity comprising said computer platform from within said computer platform; generating an event data describing a plurality of events occurring on said computer platform; reporting said event data to a second data processing means having an associated second memory means; and processing said event data into a secure format.
-
Specification