Hacking-resistant computer design
First Claim
1. A computer system comprising:
- a first partition and a second partition;
the first partition comprising;
a first CPU; and
a first memory module comprising;
at least one memory address range for program code, wherein the program code comprises computer-executable code, and wherein the at least one memory address range for program code is configured by hardware circuitry; and
at least one memory address range for other data, wherein the other data comprises data read from the second partition;
wherein the first CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code; and
the second partition comprising;
a second CPU;
a second memory module; and
at least one communication module configured to couple to a network;
wherein the first CPU is configured to access the second memory module and read data from the second partition into only the at least one memory address range for other data; and
wherein the second CPU is restricted from accessing the first memory module.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
-
Citations
28 Claims
-
1. A computer system comprising:
-
a first partition and a second partition; the first partition comprising; a first CPU; and a first memory module comprising; at least one memory address range for program code, wherein the program code comprises computer-executable code, and wherein the at least one memory address range for program code is configured by hardware circuitry; and at least one memory address range for other data, wherein the other data comprises data read from the second partition; wherein the first CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code; and the second partition comprising; a second CPU; a second memory module; and at least one communication module configured to couple to a network; wherein the first CPU is configured to access the second memory module and read data from the second partition into only the at least one memory address range for other data; and wherein the second CPU is restricted from accessing the first memory module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system comprising:
-
a first virtual partition and a second virtual partition; the first virtual partition comprising; a first CPU; and a first memory module comprising; at least one memory address range for program code, wherein the program code comprises computer-executable code; and at least one memory address range for other data, wherein the other data comprises data read from the second virtual partition; wherein the first CPU is configured to execute only the computer-executable code in the memory address range for program code; and the second virtual partition comprising; a second CPU; a second memory module; and at least one communication module configured to couple to a network; wherein the first CPU is configured to access by a virtual partition configuration the second memory module and read data from the second virtual partition into only the at least one memory address range for other data; and wherein the second CPU is restricted by a virtual partition configuration from accessing the first memory module. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A computing device, comprising:
-
a first connection to a first computer; a second connection to a second computer; wherein the computing device is configured to receive a pull command from the first computer and to execute the pull command to read data from the second computer through the computing device and write the data read from the second computer to at least one memory module of the first computer in a memory address range for data read from the second computer; wherein the computing device is configured to receive a push command from the first computer and to execute the push command to send data from the first computer to the second computer through the computing device; and wherein the computing device is configured to not permit a push command from the second computer to the first computer or a pull command from the second computer to the first computer; wherein the computing device is configured to not permit the second computer to access the at least one memory module of the first computer through the first connection and the second connection. - View Dependent Claims (23)
-
-
24. A computer system comprising:
-
at least one CPU, at least one I/O module connecting to at least one other computer, and at least one memory module, comprising; at least one memory address range for program code, configured by hardware circuitry, wherein the program code comprises computer-executable code; at least one memory address range for other data, wherein the other data comprises data read from the at least one other computer; wherein the at least one CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code; wherein data read from the at least one other computer can be written only into the at least one memory address range for other data; wherein the at least one memory module cannot be accessed by the at least one other computer. - View Dependent Claims (25, 26, 27, 28)
-
Specification