Intrusion-free computer architecture for information and data security

US 20060206921A1
Filed: 03/13/2006
Published: 09/14/2006
Est. Priority Date: 03/12/2005
Status: Abandoned Application

First Claim

Patent Images

1. A bus controller comprising:

a. a first interface, said first interface configured to communicate with a first computer bus, said first computer bus residing on a first computer, a network interface interconnected with said first computer bus, said network interface configured to transfer data between a network and said first computer bus;

b. a second interface, said second interface configured to communicate with a second computer bus, said second computer bus residing on a second computer; and

c. a third interface, said third interface configured to communicate with;

i. a temporary storage;

ii. said first interface; and

iii. said second interface;

wherein said bus controller is configured to selectively control data flow using a data flow verification process between at least one of the following;

a. said first interface and said third interface; and

b. said second interface and said third interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer architecture is disclosed where the system includes a first computer bus, network interface, bus controller and temporary storage. A first computer can receive data from a network and store data in its memory or temporary storage. To have safe data, the architecture demands using the bus controller to selectively control data flow and verify data. The bus controller includes a first interface, second interface and third interface. These interfaces aid the process of data flow and verification. If data is verified, a computer operator may use the bus controller to select and transmit verified data to the main (second) computer. Additionally, data flow may be reversible. Trusted data may be exported from any storage component associated with the second computer through the bus controller to any storage component associated with the first computer. From the latter, data may be exported to the network through the network interface.

16 Citations

View as Search Results

20 Claims

1. A bus controller comprising:
- a. a first interface, said first interface configured to communicate with a first computer bus, said first computer bus residing on a first computer, a network interface interconnected with said first computer bus, said network interface configured to transfer data between a network and said first computer bus;
  
  b. a second interface, said second interface configured to communicate with a second computer bus, said second computer bus residing on a second computer; and
  
  c. a third interface, said third interface configured to communicate with;
  
  i. a temporary storage;
  
  ii. said first interface; and
  
  iii. said second interface;
  
  wherein said bus controller is configured to selectively control data flow using a data flow verification process between at least one of the following;
  
  a. said first interface and said third interface; and
  
  b. said second interface and said third interface.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A bus controller according to claim 1, wherein said data flow verification process is automatic.
  - 3. A bus controller according to claim 1, wherein said data flow verification process involves certifying said data for passage.
  - 4. A bus controller according to claim 1, wherein said data flow verification process involves an action by an operator.
  - 5. A bus controller according to claim 1, wherein said data flow verification process determines at least one of the following:
    - a. whether said data that is stored on said temporary storage is stored as a result of a malicious action;
      
      b. whether said data is part of a malicious program; and
      
      c. whether said data that is passed will violate a security condition.

6. A method for protecting data residing on a second computer from malicious actions originating from a network, comprising:
- a. selectively controlling data flow between a first computer bus and a second computer bus, said first computer bus interconnected with said network through a network interface;
  
  b. storing said data on a temporary storage, said temporary storage connected to said first computer bus and said second computer bus through a bus controller; and
  
  c. transmitting said data between said first computer and said second computer if said data is verified for passage.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method according to claim 6, wherein said verifying is automatic.
  - 8. A method according to claim 6, wherein said verifying involves certifying said data for passage.
  - 9. A method according to claim 6, wherein said verifying involves an action by an operator.
  - 10. A method according to claim 6, wherein said verifying includes determining at least one of the following:
    - a. whether said data that is stored on said temporary storage device is stored as a result of a malicious action;
      
      b. whether said data is part of a malicious program; and
      
      c. whether said data that is passed will violate a security condition.

11. A system comprising:
- a. a first computer bus, said first computer bus residing on a first computer;
  
  b. a network interface interconnected with said first computer bus and a network;
  
  c. a bus controller interconnected with;
  
  i. said first computer bus; and
  
  ii. a second computer bus, said second computer bus residing on a second computer; and
  
  d. a temporary storage selectively interconnected, through said bus controller, to said first computer bus;
  
  wherein said bus controller selectively controls data flow between said first computer bus and said second computer bus.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A system according to claim 11, further including a switch, said switch interconnected with said first computer bus and said second computer bus, wherein said switch is configured for:
    - a. interconnecting with said bus controller; and
      
      b. selectively connecting said bus controller to at least one of the following;
      
      i. said first computer bus; and
      
      ii. said second computer bus.
  - 13. A system according to claim 11, wherein selectively controlling said data flow is automatic.
  - 14. A system according to claim 11, wherein selectively controlling said data flow involves an action by an operator.
  - 15. A system according to claim 11, wherein selectively controlling said data flow by way of a third interface allows the transferring of said data:
    - a. from a first interface connected to said first computer bus to a second interface connected to said second computer bus after said data has been verified; and
      
      b. from said second interface connected to said second computer bus to said first interface connected to said first computer bus a after said data has been verified.
  - 16. A system according to claim 15, wherein said first interface and said second interface connected to said second computer bus are co-resident on said bus controller.
  - 17. A system according to claim 11, wherein selectively controlling said data flow involves determining at least one of the following:
    - a. whether said data flow is a result of a malicious action;
      
      b. whether said data flow is part of a malicious program; and
      
      c. whether said data flow will violate a security condition.
  - 18. A system according to claim 15, wherein said first interface is involved in communicating with said network.
  - 19. A system according to claim 15, wherein said second interface is involved in processing said data that is safe.
  - 20. A system according to claim 15, wherein said third interface is involved in at least one of the following:
    - a. receiving said data from said first interface;
      
      b. verifying said data received from said first interface is safe;
      
      c. storing said data received from said first interface in said temporary storage; and
      
      d. verifying said data received from said temporary storage is safe.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Mason Intellectual Properties, Inc.
Original Assignee
George Mason Intellectual Properties, Inc.
Inventors
Wang, Shuangbao

Application Number

US11/373,135
Publication Number

US 20060206921A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 21/85 interconnection devices, e....

Intrusion-free computer architecture for information and data security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion-free computer architecture for information and data security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links