Hacking-resistant computer design
First Claim
1. A computer system comprising:
- a first partition and a second partition;
the first partition comprising;
a first CPU,a first memory module comprising;
at least one memory address range for program code, wherein the program code comprises computer-executable code, and wherein the memory address range for program code is hardware-protected from alteration by a hardware switch;
at least one memory address range for first partition data; and
at least one memory address range for data read from the second partition; and
wherein the first CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code; and
the second partition comprising;
a second CPU,a second memory module, andat least one communication module configured to couple to a network; and
wherein the first CPU is configured to access the second memory module;
wherein the first CPU is configured to read data from the second partition into only the at least one memory address range for data read from the second partition; and
wherein the second CPU is restricted from accessing the first CPU or the first memory module.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
31 Citations
36 Claims
-
1. A computer system comprising:
-
a first partition and a second partition; the first partition comprising; a first CPU, a first memory module comprising; at least one memory address range for program code, wherein the program code comprises computer-executable code, and wherein the memory address range for program code is hardware-protected from alteration by a hardware switch; at least one memory address range for first partition data; and at least one memory address range for data read from the second partition; and wherein the first CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code; and the second partition comprising; a second CPU, a second memory module, and at least one communication module configured to couple to a network; and wherein the first CPU is configured to access the second memory module; wherein the first CPU is configured to read data from the second partition into only the at least one memory address range for data read from the second partition; and wherein the second CPU is restricted from accessing the first CPU or the first memory module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer system comprising:
-
a first partition comprising; a first CPU; and a first memory module comprising; a first memory address range, wherein the first memory address range comprises program code, wherein the program code comprises computer-executable code, and wherein the program code is hardware-protected from alteration by a hardware switch; and a second memory address range; wherein the first CPU is hardware-configured to execute only the computer-executable code in the first memory address range; and a second partition comprising; a second CPU; a second memory module; and at least one communication module configured to couple to a network; and wherein the first CPU is configured to access the second memory module; wherein the first CPU is configured to read data from the second partition into only the second memory address range; and wherein the second CPU is restricted from accessing the first CPU or the first memory module. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification