Apparatus and method for protecting a computer system against computer viruses and unauthorized access

US 20020166067A1
Filed: 05/02/2001
Published: 11/07/2002
Est. Priority Date: 05/02/2001
Status: Active Grant

First Claim

Patent Images

1. An apparatus for protecting a first computer system from an intrusion such as a computer virus or an unauthorized access, said apparatus comprising:

a second computer system coupled to said first computer system, said second computer system capable of detecting said intrusion before said intrusion reaches said first computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed an apparatus and method for protecting a first computer system against an intrusion such as a computer virus or an unauthorized access. The apparatus comprises a second computer system that is coupled to the first computer system in a manner that permits the second computer system to receive all computer communications that are directed to the first computer system. The second computer system detects an intrusion before the intrusion reaches the first computer system. The second computer system deletes the intrusion by deleting the operating system and all other data on the second computer system. After the compromised operating system and data have been erased, a clean version of the operating system and data is supplied to the second computer system from a restoration controller within the second computer system, or from the first computer system, or from a backup copy of the clean version of the data.

Citations

47 Claims

1. An apparatus for protecting a first computer system from an intrusion such as a computer virus or an unauthorized access, said apparatus comprising:
- a second computer system coupled to said first computer system, said second computer system capable of detecting said intrusion before said intrusion reaches said first computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30)
- - 2. The apparatus as set forth in claim 1 wherein said second computer system is capable of deleting said intrusion after said second computer system detects said intrusion.
  - 3. The apparatus as set forth in claim 2 wherein said second computer system is capable of deleting said intrusion by erasing data within said second computer system.
  - 4. The apparatus as set forth in claim 3 wherein said data erased by said second computer system comprises one of:
    - a computer virus software program, an operating system of said second computer system, and at least one computer software program within said second computer system.
  - 5. The apparatus as set forth in claim 3 wherein after said second computer system has deleted said intrusion by erasing data within said second computer system, said second computer system is capable of receiving a clean version of data that existed in said second computer system before said intrusion occurred.
  - 6. The apparatus as set forth in claim 5 wherein said second computer system comprises a restoration controller capable of supplying to said second computer system said clean version of said data after said second computer system has deleted said intrusion by erasing data within said second computer system.
  - 7. The apparatus as set forth in claim 5 wherein said second computer system is capable of receiving said clean version of said data from one of:
    - (1) said first computer system, and (2) an external backup copy of said clean version of said data.
  - 8. The apparatus as set forth in claim 1 wherein said second computer system comprises a peripheral switch that is capable of switching control of at least one computer peripheral from said second computer system to said first computer system and from said first computer system to said second computer system.
  - 9. The apparatus as set forth in claim 8 further comprising a hardware control switch coupled to said first computer system, said hardware control switch capable of causing said peripheral switch of said second computer system to switch control of said at least one computer peripheral from said second computer system to said first computer system.
  - 10. The apparatus as set forth in claim 1 wherein said second computer system comprises:
    - an embedded personal computer;
      
      a data transfer switch coupled to said embedded personal computer and to said first computer system, wherein said data transfer switch is capable of transferring data from said first computer system to said embedded personal computer when said data transfer switch is set in read only mode; and
      
      wherein said data transfer switch is capable of transferring data from said from said embedded personal computer to said first computer system and from said first computer system to said embedded personal computer when said data transfer switch is set in read and write mode.
  - 11. The apparatus as set forth in claim 10 wherein said data transfer switch is exclusively controlled by said first computer system.
  - 12. The apparatus as set forth in claim 1 wherein said second computer system is capable of receiving all external computer communications that are directed to said first computer system.
  - 14. The virus trap computer system as set forth in claim 13 wherein said virus trap computer system is capable of deleting said intrusion by erasing data within said virus trap computer system.
  - 15. The virus trap computer system as set forth in claim 14 wherein said data erased by said virus trap computer system comprises one of:
    - a computer virus software program, an operating system of said virus trap computer system, and at least one computer software program within said virus trap computer system.
  - 16. The virus trap computer system as set forth in claim 14 wherein after said virus trap computer system has deleted said intrusion by erasing data within said virus trap computer system, said virus trap computer system is capable of receiving a clean version of data that existed in said virus trap computer system before said intrusion occurred.
  - 17. The virus trap computer system as set forth in claim 16 wherein said virus trap computer system comprises a restoration controller capable of supplying to said virus trap computer system said clean version of said data after said virus trap computer system has deleted said intrusion by erasing data within said virus trap computer system.
  - 18. The virus trap computer system as set forth in claim 16 wherein said virus trap computer system is capable of receiving said clean version of said data from one of:
    - (1) said host computer system, and (2) an external backup copy of said clean version of said data.
  - 19. The virus trap computer system as set forth in claim 13 wherein said virus trap computer system comprises a peripheral switch that is capable of switching control of at least one computer peripheral from said virus trap computer system to said host computer system and from said host computer system to said virus trap computer system.
  - 20. The virus trap computer system as set forth in claim 19 further comprising a hardware control switch coupled to said host computer system, said hardware control switch capable of causing said peripheral switch of said virus trap computer system to switch control of said at least one computer peripheral from said virus trap computer system to said host computer system.
  - 21. The virus trap computer system as set forth in claim 13 comprising:
    - a data transfer switch coupled to said embedded personal computer and coupled to said host computer system;
      
      wherein said data transfer switch is capable of transferring data from said host computer system to said embedded personal computer when said data transfer switch is set in read only mode; and
      
      wherein said data transfer switch is capable of transferring data from said from said embedded personal computer to said host computer system and from said host computer system to said embedded personal computer when said data transfer switch is set in read and write mode.
  - 22. The virus trap computer system as set forth in claim 21 wherein said data transfer switch is exclusively controlled by said host computer system.
  - 23. The virus trap computer system as set forth in claim 13 further comprising:
    - a mass storage device coupled to said embedded personal computer;
      
      a restoration controller coupled to said embedded personal computer and to said mass storage device, said restoration controller capable of (1) causing all data on said embedded personal computer and said mass storage device to be erased, and (2) after said data has been erased, supplying a clean version of said erased data to said embedded personal computer and to said mass storage device.
  - 24. The virus trap computer system as set forth in claim 23 further comprising:
    - a mass storage integrity controller coupled to said embedded personal computer and to said mass storage device, said mass storage integrity controller capable of detecting an intrusion on said mass storage device, and capable of requesting said embedded personal computer to cause said restoration controller to cause all data on said mass storage device to be erased.
  - 25. The virus trap computer system as set forth in claim 13 further comprising:
    - a password controller coupled to said embedded personal computer and coupled to a network interface, said password controller capable of (1) receiving a computer communication from said network interface, and (2) identifying a password in said computer communication, and (3) in response to receiving a valid password, allowing said computer communication access to said embedded personal computer.
  - 26. The virus trap computer system as set forth in claim 25 wherein said password controller is coupled to said host computer system, and wherein said host computer system, in response to receiving a valid password from said password controller, is capable of allowing said computer communication access to said host computer system through said embedded personal computer and through said data transfer switch.
  - 28. The virus trap computer system as set forth in claim 27 further comprising a password controller coupled to said embedded personal computer and coupled to a network interface, said password controller capable of (1) receiving a computer communication from said network interface, and (2) identifying a password in said computer communication, and (3) in response to receiving a valid password, allowing said computer communication access to one of:
    - said embedded personal computer and said host computer system.
  - 29. The virus trap computer system as set forth in claim 27 wherein said embedded personal computer, said restoration controller, and said mass storage integrity controller are implemented on one integrated circuit chip.
  - 30. The virus trap computer system as set forth in claim 28 wherein said embedded personal computer, said restoration controller, said mass storage integrity controller, and said password controller are implemented on one integrated circuit chip.

13. A virus trap computer system for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said virus trap computer system comprising:
- an embedded personal computer coupled to said host computer system, said embedded personal computer capable of receiving all external computer communications that are directed to said host computer system, and capable of detecting said intrusion before said intrusion reaches said host computer system.

27. A virus trap computer system for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said virus trap computer system comprising:
- an embedded personal computer coupled to said host computer system, said embedded personal computer capable of receiving all external computer communications that are directed to said host computer system, and capable of detecting an intrusion before said intrusion reaches said host computer system;
  
  a mass storage device coupled to said embedded personal computer;
  
  a restoration controller coupled to said embedded personal computer and coupled to said mass storage device, said restoration controller capable of deleting said intrusion by erasing data within said embedded personal computer and within said mass storage device, said restoration controller capable of supplying a clean version of said erased data to said embedded personal computer and to said mass storage device; and
  
  a mass storage integrity controller coupled to said embedded personal computer and to said mass storage device, said mass storage integrity controller capable of detecting an intrusion on said mass storage device.

31. A method for protecting a first computer system from an intrusion such as a computer virus or an unauthorized access, said method comprising the steps of:
- coupling a second computer system to said first computer system, and detecting said intrusion in said second computer system before said intrusion reaches said first computer system.
- View Dependent Claims (32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 32. The method as set forth in claim 31 further comprising the step of:
    - deleting said intrusion by erasing data within said second computer system.
  - 33. The method as set forth in claim 32 wherein said data erased by said second computer system comprises one of:
    - a computer virus software program, an operating system of said second computer system, and at least one computer software program within said second computer system.
  - 34. The method as set forth in claim 32 further comprising the step of:
    - after said intrusion has been deleted by erasing data within said second computer system, receiving in said second computer system a clean version of data that existed in said second computer system before said intrusion occurred.
  - 35. The method as set forth in claim 34 wherein said clean version of data is provided by one of:
    - (1) a restoration controller in said second computer system, and (2) said first computer system, and (3) an external backup copy of said clean version of said data.
  - 36. The method as set forth in claim 31 further comprising the step of:
    - receiving in said second computer system all external computer communications that are directed to said first computer system.
  - 38. The method as set forth in claim 37 further comprising the step of:
    - deleting said intrusion by erasing data within said virus trap computer system.
  - 39. The method as set forth in claim 38 wherein said data erased by said virus trap computer system comprises one of:
    - a computer virus software program, an operating system of said virus trap computer system, and at least one computer software program within said virus trap computer system.
  - 40. The method as set forth in claim 38 further comprising the step of:
    - after said intrusion has been deleted by erasing data within said virus trap computer system, receiving in said virus trap computer system a clean version of data that existed in said virus trap computer system before said intrusion occurred.
  - 41. The method as set forth in claim 40 wherein said clean version of data is provided by one of:
    - (1) a restoration controller in said virus trap computer system, and (2) said host computer system, and (3) an external backup copy of said clean version of said data.
  - 42. The method as set forth in claim 37 further comprising the steps of:
    - switching control of at least one computer peripheral from said virus trap computer system to said host computer system and from said host computer system to said virus trap computer system with a peripheral switch in said virus trap computer system; and
      
      using a hardware control switch coupled to said host computer system to cause said peripheral switch of said virus trap computer to switch control of said at least one computer peripheral from said virus trap computer system to said host computer system.
  - 43. The method as set forth in claim 37 further comprising the steps of:
    - coupling a data transfer switch to said embedded personal computer and to said host computer system;
      
      transferring data from said host computer system to said embedded personal computer when said data transfer switch is set in read only mode;
      
      transferring data from said embedded personal computer to said host computer system and from said host computer system to said embedded personal computer when said data transfer switch is in read and write mode; and
      
      exclusively controlling said data transfer switch with said host computer system.
  - 44. The method as set forth in claim 37 further comprising the steps of:
    - coupling a mass storage device to said embedded personal computer;
      
      coupling a restoration controller to said embedded personal computer and to said mass storage device;
      
      in response to a signal from said restoration controller, causing all data on said embedded personal computer and on said mass storage device to be erased; and
      
      after said data has been erased, supplying a clean version of said erased data to said embedded personal computer and to said mass storage device.
  - 45. The method as set forth in claim 44 further comprising the steps of:
    - coupling a mass storage integrity controller to said embedded personal computer and to said mass storage device;
      
      detecting an intrusion in said mass storage device with said mass storage integrity controller; and
      
      requesting said embedded personal computer to cause said restoration controller to cause all data on said mass storage device to be erased.
  - 46. The method as set forth in claim 37 further comprising the steps of:
    - coupling a password controller to said embedded personal computer and to a network interface;
      
      receiving a computer communication in said password controller from said network interface;
      
      identifying a password in said computer communication; and
      
      in response to receiving a valid password, allowing said computer communication access to said embedded personal computer.
  - 47. The method as set forth in claim 46 further comprising the steps of coupling said password controller to said host computer system;
    - and in response to receiving a valid password in said password controller, allowing said computer communication access to said host computer system through said embedded personal computer and through said data transfer switch.

37. A method for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said method comprising the steps of:
- coupling a virus trap computer system to said host computer system, said virus trap computer system comprising an embedded personal computer coupled to said host computer;
  
  receiving in said embedded personal computer all external computer communications that are directed to said host computer system; and
  
  detecting said intrusion in said embedded personal computer before said intrusion reaches said host computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JSM Technologies LLC
Original Assignee
Clyde R. Calcote, James B. Pritchard
Inventors
Pritchard, James B., Calcote, Clyde R.

Granted Patent

US 6,931,552 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Apparatus and method for protecting a computer system against computer viruses and unauthorized access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for protecting a computer system against computer viruses and unauthorized access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links