Architecture Technology Corporation Patent applications |
Patent application number | Title | Published |
20150149764 | METHOD FOR NETWORK COMMUNICATION PAST ENCRYPTION DEVICES - This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information. | 05-28-2015 |
20150146603 | ADAPTIVE MULTICAST NETWORK COMMUNICATIONS - This disclosure is directed to techniques for communicating in an adaptive multicast network. In general, the disclosure is directed to communicating in an adaptive multicast network. This may be done by archiving, at a rendezvous point, multicast subscription information for terminal nodes in the adaptive multicast network, wherein the multicast subscription information comprises a dynamic list of receiver terminal nodes located within the adaptive multicast network that subscribe to particular multicast streams from one or more terminal nodes in the adaptive multicast network. A router receives a multicast stream from a sender terminal node. The router receives the multicast subscription information for the multicast stream sent by the sender terminal node from the rendezvous point. The router forwards the multicast stream to all receiver terminal nodes in the dynamic list of receiver terminal nodes indicated as subscribing to the multicast stream sent by the sender terminal node. | 05-28-2015 |
20150046405 | FIGHT-THROUGH NODES WITH DISPOSABLE VIRTUAL MACHINES AND ROLLBACK OF PERSISTENT STATE - A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database. | 02-12-2015 |
20140310810 | FIGHT-THROUGH NODES FOR SURVIVABLE COMPUTER NETWORK - A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, a hypervisor executing on each one of the processing units, and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines. | 10-16-2014 |
20140108414 | SCALABLE DISTRIBUTED PROCESSING OF RDF DATA - In general, techniques are described for an RDF (Resource Description Framework) database system which can scale to huge size for realistic data sets of practical interest. In some examples, a database system includes a Resource Description Framework (RDF) database that stores a plurality of data chunks to one or more storage drives, wherein each of the plurality of data chunks includes a plurality of triples of the RDF database. The database system also includes a working memory, a query interface that receives a query for the RDF database, a SPARQL engine that identifies a subset of the data chunks relevant to the query, and an index interface that includes one or more bulk loaders that load the subset of the data chunks to the working memory. The SPARQL engine executes the query only against triples included within the loaded subset of the data chunks to obtain a query result. | 04-17-2014 |
20130325889 | LOCAL STORAGE OF INFORMATION PEDIGREES - This disclosure describes techniques for dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a document may include local pedigree fragments and optionally one or more pointers to remote pedigree fragments not locally stored in the document. A pedigree fragment, generally, is a data structure that specifies a direct relationship between a first resource, e.g., a primary resource, and a second resource from which an asserted fact of the first resource is derived. Because a pedigree fragment specifies such direct relationships, a set of pedigree fragments may be used to assemble the complete pedigree of resource. | 12-05-2013 |
20130174256 | NETWORK DEFENSE SYSTEM AND FRAMEWORK FOR DETECTING AND GEOLOCATING BOTNET CYBER ATTACKS - A network defense system is described that provides network sensor infrastructure and a framework for managing and executing advanced cyber security algorithms specialized for detecting highly-distributed, stealth network attacks. In one example, a system includes a data collection and storage subsystem that provides a central repository to store network traffic data received from sensors positioned within geographically separate networks. Cyber defense algorithms analyze the network traffic data and detect centrally-controlled malware that is configured to perform distributed network attacks (“botnet attacks”) from devices within the geographically separate networks. A visualization and decision-making subsystem generates a user interface that presents an electronic map of geographic locations of source devices and target devices of the botnet attacks. The data collection and storage subsystem stores a manifest of parameters for the network traffic data to be analyzed by each of the cyber defense algorithms. | 07-04-2013 |
20130067574 | FIGHT-THROUGH NODES FOR SURVIVABLE COMPUTER NETWORK - A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, and a hypervisor executing on each one of the processing units; and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines. | 03-14-2013 |
20120311207 | MEDIATING COMMUNCIATION OF A UNIVERAL SERIAL BUS DEVICE - An apparatus for mediating communication between a universal serial bus (USB) device and a host computing device is described. In an example, the apparatus includes a USB host interface configured to be connected to a downstream USB device, and a USB device interface configured to be connected to an upstream host computing device. The apparatus also includes a mediation module positioned between the USB host interface and the USB device interface and configured to determine whether the USB device is authorized to communicate with the host computing device. | 12-06-2012 |
20120284794 | PEER INTEGRITY CHECKING SYSTEM - A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other. | 11-08-2012 |
20120239938 | LOCAL STORAGE OF INFORMATION PEDIGREES - This disclosure describes techniques for dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a document may include local pedigree fragments and optionally one or more pointers to remote pedigree fragments not locally stored in the document. A pedigree fragment, generally, is a data structure that specifies a direct relationship between a first resource, e.g., a primary resource, and a second resource from which an asserted fact of the first resource is derived. Because a pedigree fragment specifies such direct relationships, a set of pedigree fragments may be used to assemble the complete pedigree of resource. | 09-20-2012 |
20120221633 | REMOTE COLLECTION OF COMPUTER FORENSIC EVIDENCE - The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device. | 08-30-2012 |
20120209983 | CONFIGURABLE FORENSIC INVESTIGATIVE TOOL - This disclosure provides example techniques to invoke one or more forensic tools, with a forensic investigative tool. The forensic investigative tool provides a common framework that allows investigators to invoke their own trusted forensic tools or third-party generated forensic tools. The forensic investigative tool described herein seamlessly and transparently invokes the forensic tools in accordance with an investigative profile created by the investigator. | 08-16-2012 |
20120110093 | SERVICE ORIENTED ARCHITECTURE VERSION AND DEPENDENCY CONTROL - This disclosure is directed to techniques for providing version control functionality for web services of one or more service oriented architecture (SOA) systems. According to these techniques, a version control service (VCS) may receive an indication of a version update for a first web service. In response to the received request, the VCS determines whether the version update, if executed within the SOA system, will cause a change in operation of a second web service. If the version update will cause a change, VCS provides an indication of the determined change to a user. | 05-03-2012 |
20120109905 | IDENTIFYING AND REPRESENTING CHANGES BETWEEN EXTENSIBLE MARKUP LANGUAGE (XML) FILES - This disclosure is directed to techniques for providing comparing first and second XML files to one another. According to these techniques, a computing device (e.g., a version control service executing on the computing device), may be configured generate at least two edit transcripts that each include one or more operational changes that may be applied to data elements of the first XML file to arrive at data elements of the second XML file (or vice versa). The computing device may select at least one optimal edit transcript based on which of the number of operational changes of the at least two edit transcripts. | 05-03-2012 |
20100299430 | AUTOMATED ACQUISITION OF VOLATILE FORENSIC EVIDENCE FROM NETWORK DEVICES - Examples disclosed herein are directed to techniques for automatically retrieving and processing forensic data from network devices connected to a communications network without requiring device-specific knowledge or training. A mobile forensic device includes and extensible forensic analysis tool that allows on-scene forensic investigators to quickly and automatically acquire data from network devices without device-specific knowledge. The extensible forensic analysis tool is designed for use on handheld mobile computers, enabling on-scene investigators to quickly and easily acquire forensic data from network devices in the field without losing volatile data or shutting down the network. | 11-25-2010 |
20100235919 | ATTACK CORRELATION USING MARKED INFORMATION - Techniques are described for providing security to a protected network. Techniques are described for thwarting attempted network attacks using marked information. The attack correlation system provides marked information to computing devices that probe for sensitive information, and monitors subsequent communications for use of the marked information. In one example, the attack correlation system reroutes communications containing the marked information to a dedicated vulnerable device that logs the communications to monitor the attackers' methods. The attack correlation system may also include functionality to exchange information regarding attempted attacks with other attack correlation systems to gain broader knowledge of attacks throughout one or more networks. | 09-16-2010 |
20090217373 | ACTIVE VERIFICATION OF BOOT FIRMWARE - Techniques are described for generating and actively verifying a boot code associated with a peripheral device of a computer system to prevent potential security threats the boot code may introduce into the computer system. The techniques for generating boot code entail generating the boot code from a high-level programming language using a verification application program interface (API). The API aids in generating a certificate, which is associated with the boot code in that the certificate describes operation of the boot code. After generating the boot code and associated certificate, the two are loaded onto a memory module of the peripheral device. Once the peripheral device is connected to the computer system, the computer system may retrieve the boot code and certificate. The computer system utilizes techniques to actively verify the boot code by performing a security check on the boot code in accordance with the associated certificate. Finally, the computer system executes the boot code based on a result of the security check. | 08-27-2009 |
20090208910 | AUTOMATED EXECUTION AND EVALUATION OF NETWORK-BASED TRAINING EXERCISES - This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information. | 08-20-2009 |
20090150998 | REMOTE COLLECTION OF COMPUTER FORENSIC EVIDENCE - The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device. | 06-11-2009 |