Method and apparatus for securing a computer
First Claim
Patent Images
1. A computer system comprising a computer hardware processor arranged to execute software so as to run at least one user-oriented operating system on which a plurality of user-oriented applications may run,the computer system being further arranged to run a secondary program supporting environment;
- wherein the computer system is arranged to run within the secondary program supporting environment an agent program or programs operable to communicate with one or more remote servers to obtain security patches associated with the user-oriented operating system and/or the user-oriented applications;
wherein the computer system is configured to apply any security patches obtained by the agent program or programs prior to the user-oriented operating system setting up a network connection on boot up of the user-oriented operating system or prior to permitting certain specified user-oriented applications running on the user-oriented operating system from using a network connection; and
wherein at least one of the security patches is applied by the agent program or programs intercepting a network access request from at least one of the user-orientated applications for a security update, the agent program or programs responding to the network access request by impersonating the response of the one or more remote servers;
wherein the at least one of the security patches includes a filter patch arranged to block incoming packets of data which satisfy a criterion specified in the patch so that any of the incoming packets of data which satisfy the criterion is blocked by the filter patch and not passed on to the at least one of the user-orientated applications; and
wherein the agent program or programs responds to the network access request by impersonating the response of the one or more remote servers in such a way as to provide the security update to the user-oriented operating system or at least one of the user-oriented applications.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system (100) is arranged to run at east one user-oriented operating system (153) (e.g. Windows, LINUX, etc.) on which a plurality of user-oriented applications (152) (e.g. Word processor, web browser, spreadsheet application, etc.) may run, the computer system being further arranged to run a secondary program supporting environment (154), (155) (e.g. computer BIOS, Hypervisor, basic LINUX operating system micro-kernel, etc.). The computer system (100) is arranged to run the secondary program supporting environment (154), when the main user-oriented operating system is not miming in either or both of the following situations: prior to loading the main operating system at boot-up time of the system or when a user wishes to log back into his/her operating system after having previously logged out or having been logged out automatically and/or during a sleep mode of the computer system. The computer system (100) is arranged to run within the secondary program supporting environment an agent program or programs (157), (158) which are operable to communicate with one or more remote servers (300) to obtain security patches associated with the user-oriented operating system and/or the user-oriented applications.
-
Citations
6 Claims
-
1. A computer system comprising a computer hardware processor arranged to execute software so as to run at least one user-oriented operating system on which a plurality of user-oriented applications may run,
the computer system being further arranged to run a secondary program supporting environment; -
wherein the computer system is arranged to run within the secondary program supporting environment an agent program or programs operable to communicate with one or more remote servers to obtain security patches associated with the user-oriented operating system and/or the user-oriented applications; wherein the computer system is configured to apply any security patches obtained by the agent program or programs prior to the user-oriented operating system setting up a network connection on boot up of the user-oriented operating system or prior to permitting certain specified user-oriented applications running on the user-oriented operating system from using a network connection; and wherein at least one of the security patches is applied by the agent program or programs intercepting a network access request from at least one of the user-orientated applications for a security update, the agent program or programs responding to the network access request by impersonating the response of the one or more remote servers; wherein the at least one of the security patches includes a filter patch arranged to block incoming packets of data which satisfy a criterion specified in the patch so that any of the incoming packets of data which satisfy the criterion is blocked by the filter patch and not passed on to the at least one of the user-orientated applications; and wherein the agent program or programs responds to the network access request by impersonating the response of the one or more remote servers in such a way as to provide the security update to the user-oriented operating system or at least one of the user-oriented applications. - View Dependent Claims (2, 3, 4)
-
-
5. A method of updating a computer system arranged to run, using a computer processor, at least one user-oriented operating system on which a plurality of user-oriented applications may run and a secondary program supporting environment, the updating method operating to keep the computer system protected from having vulnerabilities, in the user oriented operating system or in a user application running on the user oriented operating system, from being exploited by malware, the method comprising
a program or programs, running within the secondary program supporting environment, communicating with one or more remote servers to obtain at least one security filter patch, the at least one security filter patch being associated with the user-oriented operating system and/or with a user-oriented application operable to run on the user-oriented operating system; -
wherein the method further comprises the computer system applying any security filter patches obtained by the agent program or programs prior to the user-oriented operating system setting up a network connection in respect of either the user-oriented operating system as a whole or in respect of a user oriented application to which an obtained filter patch applies, or at least prior to the user-oriented operating system permitting certain specified applications such as a web browser from using a network connection; and wherein at least one of the security filter patches is applied by the agent program or programs intercepting a network access request from at least one of the user-orientated applications for a security update, the agent program or programs responding to the network access request by impersonating the response of the one or more remote servers; wherein the at least one of the security filter patches is arranged to block incoming packets of data which satisfy a criterion specified in the filter patch so that any of the incoming packets of data which satisfy the criterion is blocked by the filter patch and not passed on to the at least one of the user-orientated applications; and wherein the agent program or programs responds to the network access request by impersonating the response of the one or more remote servers in such a way as to provide the security update to the user-oriented operating system or at least one of the user-oriented applications.
-
-
6. A non-transient computer readable carrier medium carrying a computer program or programs, which upon execution of by the computer processor, performs a method of updating a computer system arranged to run, using a computer processor, at least one user-oriented operating system on which a plurality of user-oriented applications may run and a secondary program supporting environment, the updating method operating to keep the computer system protected from having vulnerabilities, in the user oriented operating system or in a user application running on the user oriented operating system, from being exploited by malware, the method comprising
a program or programs, running within the secondary program supporting environment, communicating with one or more remote servers to obtain at least one security filter patch, the at least one security filter patch being associated with the user-oriented operating system and/or with a user-oriented application operable to run on the user-oriented operating system; -
wherein the method further comprises the computer system applying any security filter patches obtained by the agent program or programs prior to the user-oriented operating system setting up a network connection in respect of either the user-oriented operating system as a whole or in respect of a user oriented application to which an obtained filter patch applies, or at least prior to the user-oriented operating system permitting certain specified applications such as a web browser from using a network connection; and wherein at least one of the security filter patches is applied by the agent program or programs intercepting a network access request from at least one of the user-orientated applications for a security update, the agent program or programs responding to the network access request by impersonating the response of the one or more remote servers; and wherein the at least one of the security filter patches is arranged to block incoming packets of data which satisfy a criterion specified in the filter patch so that any of the incoming packets of data which satisfy the criterion is blocked by the filter patch and not passed on to the at least one of the user-orientated applications; and wherein the agent program or programs responds to the network access request by impersonating the response of the one or more remote servers in such a way as to provide the security update to the user-oriented operating system or at least one of the user-oriented applications.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeBritish Telecommunications PLC (BT Group PLC)
-
Original AssigneeBritish Telecommunications PLC (BT Group PLC)
-
InventorsDimitrakos, Theo, El-Moussa, Fadi
-
Primary Examiner(s)Reza, Mohammad W
-
Application NumberUS14/356,285Publication NumberTime in Patent Office1,600 DaysField of Search726/26US Class Current1/1CPC Class CodesG06F 21/121 Restricting unauthorised ex...G06F 21/53 by executing in a restricte...G06F 21/572 Secure firmware programming...G06F 21/575 Secure bootH04L 63/02 for separating internal fro...
