BASIC ARCHITECTURE FOR SECURE INTERNET COMPUTERS

US 20110231926A1
Filed: 01/28/2011
Published: 09/22/2011
Est. Priority Date: 01/29/2010
Status: Active Grant

First Claim

Patent Images

1. A personal computer, comprising:

a microchip includinga microprocessor, the microprocessor includinga master control unit that is configured using hardware and firmware, andat least two processing units;

the master control unit of the microprocessor being further configured to allow a user of the personal computer to control the processing units of the microprocessor;

an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip;

said protected portion of the microchip being configured for at least a first connection to at least a first network of computers and includingat least said master control unit of the microprocessor andat least one of the processing units of the microprocessor,said unprotected portion of the microchip being configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall;

said inner hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the personal computer is connected to the network including the Internet; and

said inner hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the personal computer is connected to the network including the Internet.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method or apparatus for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit having connection to the Internet, and one or more of the private units have a connection to one or more secure non-Internet-connected private networks for personal and/or local administration. The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch and/or both buses, each with a single on/off switch. The hardware-based access barriers can be positioned successively between an outer private unit, an intermediate more private unit, an inner most private unit, and the public unit, and each private unit can be configured for a separate connection to a separate network of computers that excludes the Internet.

Citations

27 Claims

1. A personal computer, comprising:
- a microchip includinga microprocessor, the microprocessor includinga master control unit that is configured using hardware and firmware, andat least two processing units;
  
  the master control unit of the microprocessor being further configured to allow a user of the personal computer to control the processing units of the microprocessor;
  
  an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip;
  
  said protected portion of the microchip being configured for at least a first connection to at least a first network of computers and includingat least said master control unit of the microprocessor andat least one of the processing units of the microprocessor,said unprotected portion of the microchip being configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall;
  
  said inner hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the personal computer is connected to the network including the Internet; and
  
  said inner hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the personal computer is connected to the network including the Internet.
- View Dependent Claims (4, 7, 10, 13, 16, 19, 22)
- - 4. The computer of claim 1, wherein said first network excludes the Internet.
  - 7. The computer of claim 4, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion.
  - 10. The computer of claim 7, wherein the protected portion and the unprotected portion also are connected by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 13. The computer of claim 10, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 16. The computer of claim 4, wherein an innermost part of the protected portion is connected to an intermediate part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion;
    - the intermediate part of the protected portion is connected to an outermost part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and also by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip; and
      
      the outermost part of the protected portion is connected to the unprotected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip, and also by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 19. The computer of claim 16, wherein at least the intermediate and outermost parts of the protected portion is each configured for a separate connection to a separate network of computers that excludes the Internet.
  - 22. The computer of claim 19, wherein the computer is fully protected by a Faraday Cage from an external electromagnetic pulse.

2. A computer, comprising:
- a master controlling device that is configured using hardware and firmware,at least two microprocessors; and
  
  the master controlling device of the computer being further configured to allow a user of the computer to control the microprocessors;
  
  an inner hardware-based access barrier or firewall that is located between a protected portion of the computer and an unprotected portion of the computer;
  
  said protected portion of the computer being configured for at least a first connection to at least a first network of computers and includingat least said master controlling device andat least one of the microprocessors,said unprotected portion of the computer being configured for a second connection to a second network of computers including the Internet and including one or more of the microprocessors, said one or more unprotected microprocessors being separate from and located outside of said inner hardware-based access barrier or firewall;
  
  said hardware-based access barrier or firewall denying access to said protected portion of the computer by a network including the Internet when the computer is connected to the network including the Internet; and
  
  said hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the microprocessors included in the unprotected portion of the computer for an operation with said another computer in the network including the Internet when the computer is connected to the network including the Internet.
- View Dependent Claims (5, 8, 11, 14, 17, 20, 23)
- - 5. The computer of claim 2, wherein said first network excludes the Internet.
  - 8. The computer of claim 5, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion.
  - 11. The computer of claim 8, wherein the protected portion and the unprotected portion also are connected by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 14. The computer of claim 11, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 17. The computer of claim 5, wherein an innermost part of the protected portion is connected to an intermediate part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion;
    - the intermediate part of the protected portion is connected to an outermost part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and also by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip; and
      
      the outermost part of the protected portion is connected to the unprotected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip, and also by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 20. The computer of claim 17, wherein at least the intermediate and outermost parts of the protected portion is each configured for a separate connection to a separate network of computers that excludes the Internet.
  - 23. The computer of claim 20, wherein the computer is fully protected by a Faraday Cage from an external electromagnetic pulse.

3. A microchip, comprising:
- a microprocessor, the microprocessor includinga master control unit that is configured using hardware and firmware, andat least two processing units;
  
  the master control unit of the microprocessor being further configured to allow a user of the microchip to control the processing units of the microprocessor;
  
  an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip;
  
  said protected portion of the microchip configured for at least a first connection to at least a first network of computers and includingat least said master control unit of the microprocessor andat least one of the processing units of the microprocessor,said unprotected portion of the microchip configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall;
  
  said hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the computer is connected to the network including the Internet; and
  
  said hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the microchip is connected to the network including the Internet.
- View Dependent Claims (6, 9, 12, 15, 18, 21, 24)
- - 6. The microchip of claim 3, wherein said first network excludes the Internet.
  - 9. The microchip of claim 6, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion.
  - 12. The microchip of claim 9, wherein the protected portion and the unprotected portion also are connected by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 15. The microchip of claim 12, wherein the protected portion and the unprotected portion are connected by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 18. The microchip of claim 6, wherein an innermost part of the protected portion is connected to an intermediate part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion;
    - the intermediate part of the protected portion is connected to an outermost part of the protected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and also by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip; and
      
      the outermost part of the protected portion is connected to the unprotected portion by an out-only bus or channel that transmits data or code that is output from the protected portion to be input to the unprotected portion, and by an in-only bus or channel that includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip, and also by an out-only bus or channel that also includes a hardware input on/off switch or equivalent bus signal interruption mechanism or an equivalently functioning circuit on a microchip or nanochip.
  - 21. The microchip of claim 18, wherein at least the intermediate and outermost parts of the protected portion is each configured for a separate connection to a separate network of computers that excludes the Internet.
  - 24. The computer of claim 21, wherein the computer is fully protected by a Faraday Cage from an external electromagnetic pulse.

25. A method of protecting a personal computer having a microchip including a microprocessor, the microprocessor including a master control unit that is configured using hardware and firmware and includes at least two processing units;
- an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip, the protected portion including at least said master control unit of the microprocessor and at least one of the processing units of the microprocessor, and the unprotected portion including one or more unprotected processing units that are separate from and located outside of said inner hardware-based access barrier or firewall, comprising;
  
  allowing a user of the personal computer to control the processing units of the microprocessor;
  
  connecting said protected portion of the microchip through at least a first connection to at least a first network of computers;
  
  connecting said unprotected portion of the microchip through a second connection to a second network of computers including the Internet;
  
  denying access by the hardware-based access barrier or firewall to said protected portion of the microchip by the second network when the personal computer is connected to the second network; and
  
  permitting access by another computer in the second network to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the second network when the personal computer is connected to the second network.

26. A method of protecting a computer having a master controlling device that is configured using hardware and firmware;
- at least two microprocessors;
  
  a protected portion of the computer;
  
  an unprotected portion of the computer; and
  
  an inner hardware-based access barrier or firewall that is located between the protected portion of the computer and the unprotected portion of the computer, the protected portion including at least said master controlling device and at least one of the microprocessors, and the unprotected portion including at least one of the microprocessors, said at least one microprocessor of the unprotected portion being separate from and located outside of said inner hardware-based access barrier or firewall, comprising;
  
  allowing a user of the computer to control the microprocessors;
  
  connecting said protected portion of the computer through at least a first connection to at least a first network of computers;
  
  connecting said unprotected portion of the computer through a second connection to a second network of computers including the Internet;
  
  denying access by the hardware-based access barrier or firewall to said protected portion of the computer by the second network when the personal computer is connected to the second network; and
  
  permitting access by another computer in the second network to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the second network when the personal computer is connected to the second network.

27. A method of protecting a computer having a master controlling device that is configured using hardware and firmware;
- at least two microprocessors;
  
  a protected portion of the computer;
  
  an unprotected portion of the computer; and
  
  an inner hardware-based access barrier or firewall that is located between the protected portion of the computer and the unprotected portion of the computer, the protected portion including at least said master controlling device and at least one of the microprocessors, and the unprotected portion including at least one of the microprocessors, said at least one microprocessor of the unprotected portion being separate from and located outside of said inner hardware-based access barrier or firewall, comprising;
  
  connecting said protected portion of the computer through at least a first connection to at least a first network of computers;
  
  connecting said unprotected portion of the computer through a second connection to a second network of computers including the Internet;
  
  controlling the computer from the protected portion through the first network; and
  
  performing operations in the unprotected portion using the second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Frampton E. Ellis
Original Assignee
Frampton E. Ellis
Inventors
Ellis, Frampton E.

Granted Patent

US 8,171,537 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06F 21/71   to assure secure computing ...

G06F 21/85   interconnection devices, e....

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0209   Architectural arrangements,...

BASIC ARCHITECTURE FOR SECURE INTERNET COMPUTERS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

BASIC ARCHITECTURE FOR SECURE INTERNET COMPUTERS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links