BASIC ARCHITECTURE FOR SECURE INTERNET COMPUTERS
First Claim
1. A personal computer, comprising:
- a microchip includinga microprocessor, the microprocessor includinga master control unit that is configured using hardware and firmware, andat least two processing units;
the master control unit of the microprocessor being further configured to allow a user of the personal computer to control the processing units of the microprocessor;
an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip;
said protected portion of the microchip being configured for at least a first connection to at least a first network of computers and includingat least said master control unit of the microprocessor andat least one of the processing units of the microprocessor,said unprotected portion of the microchip being configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall;
said inner hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the personal computer is connected to the network including the Internet; and
said inner hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the personal computer is connected to the network including the Internet.
0 Assignments
0 Petitions
Accused Products
Abstract
A method or apparatus for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit having connection to the Internet, and one or more of the private units have a connection to one or more secure non-Internet-connected private networks for personal and/or local administration. The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch and/or both buses, each with a single on/off switch. The hardware-based access barriers can be positioned successively between an outer private unit, an intermediate more private unit, an inner most private unit, and the public unit, and each private unit can be configured for a separate connection to a separate network of computers that excludes the Internet.
-
Citations
27 Claims
-
1. A personal computer, comprising:
a microchip including a microprocessor, the microprocessor including a master control unit that is configured using hardware and firmware, and at least two processing units; the master control unit of the microprocessor being further configured to allow a user of the personal computer to control the processing units of the microprocessor; an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip; said protected portion of the microchip being configured for at least a first connection to at least a first network of computers and including at least said master control unit of the microprocessor and at least one of the processing units of the microprocessor, said unprotected portion of the microchip being configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall; said inner hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the personal computer is connected to the network including the Internet; and said inner hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the personal computer is connected to the network including the Internet. - View Dependent Claims (4, 7, 10, 13, 16, 19, 22)
-
2. A computer, comprising:
-
a master controlling device that is configured using hardware and firmware, at least two microprocessors; and the master controlling device of the computer being further configured to allow a user of the computer to control the microprocessors; an inner hardware-based access barrier or firewall that is located between a protected portion of the computer and an unprotected portion of the computer; said protected portion of the computer being configured for at least a first connection to at least a first network of computers and including at least said master controlling device and at least one of the microprocessors, said unprotected portion of the computer being configured for a second connection to a second network of computers including the Internet and including one or more of the microprocessors, said one or more unprotected microprocessors being separate from and located outside of said inner hardware-based access barrier or firewall; said hardware-based access barrier or firewall denying access to said protected portion of the computer by a network including the Internet when the computer is connected to the network including the Internet; and said hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the microprocessors included in the unprotected portion of the computer for an operation with said another computer in the network including the Internet when the computer is connected to the network including the Internet. - View Dependent Claims (5, 8, 11, 14, 17, 20, 23)
-
-
3. A microchip, comprising:
-
a microprocessor, the microprocessor including a master control unit that is configured using hardware and firmware, and at least two processing units; the master control unit of the microprocessor being further configured to allow a user of the microchip to control the processing units of the microprocessor; an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip; said protected portion of the microchip configured for at least a first connection to at least a first network of computers and including at least said master control unit of the microprocessor and at least one of the processing units of the microprocessor, said unprotected portion of the microchip configured for a second connection to a second network of computers including the Internet and including one or more of the processing units of the microprocessor, said one or more unprotected processing units being separate from and located outside of said inner hardware-based access barrier or firewall; said hardware-based access barrier or firewall denying access to said protected portion of the microchip by a network including the Internet when the computer is connected to the network including the Internet; and said hardware-based access barrier or firewall permitting access by another computer in the network including the Internet to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the network including the Internet when the microchip is connected to the network including the Internet. - View Dependent Claims (6, 9, 12, 15, 18, 21, 24)
-
-
25. A method of protecting a personal computer having a microchip including a microprocessor, the microprocessor including a master control unit that is configured using hardware and firmware and includes at least two processing units;
- an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip, the protected portion including at least said master control unit of the microprocessor and at least one of the processing units of the microprocessor, and the unprotected portion including one or more unprotected processing units that are separate from and located outside of said inner hardware-based access barrier or firewall, comprising;
allowing a user of the personal computer to control the processing units of the microprocessor; connecting said protected portion of the microchip through at least a first connection to at least a first network of computers; connecting said unprotected portion of the microchip through a second connection to a second network of computers including the Internet; denying access by the hardware-based access barrier or firewall to said protected portion of the microchip by the second network when the personal computer is connected to the second network; and permitting access by another computer in the second network to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the second network when the personal computer is connected to the second network.
- an inner hardware-based access barrier or firewall that is located between a protected portion of the microchip and an unprotected portion of the microchip, the protected portion including at least said master control unit of the microprocessor and at least one of the processing units of the microprocessor, and the unprotected portion including one or more unprotected processing units that are separate from and located outside of said inner hardware-based access barrier or firewall, comprising;
-
26. A method of protecting a computer having a master controlling device that is configured using hardware and firmware;
- at least two microprocessors;
a protected portion of the computer;
an unprotected portion of the computer; and
an inner hardware-based access barrier or firewall that is located between the protected portion of the computer and the unprotected portion of the computer, the protected portion including at least said master controlling device and at least one of the microprocessors, and the unprotected portion including at least one of the microprocessors, said at least one microprocessor of the unprotected portion being separate from and located outside of said inner hardware-based access barrier or firewall, comprising;allowing a user of the computer to control the microprocessors; connecting said protected portion of the computer through at least a first connection to at least a first network of computers; connecting said unprotected portion of the computer through a second connection to a second network of computers including the Internet; denying access by the hardware-based access barrier or firewall to said protected portion of the computer by the second network when the personal computer is connected to the second network; and permitting access by another computer in the second network to said one or more of the processing units included in the unprotected portion of the microchip for an operation with said another computer in the second network when the personal computer is connected to the second network.
- at least two microprocessors;
-
27. A method of protecting a computer having a master controlling device that is configured using hardware and firmware;
- at least two microprocessors;
a protected portion of the computer;
an unprotected portion of the computer; and
an inner hardware-based access barrier or firewall that is located between the protected portion of the computer and the unprotected portion of the computer, the protected portion including at least said master controlling device and at least one of the microprocessors, and the unprotected portion including at least one of the microprocessors, said at least one microprocessor of the unprotected portion being separate from and located outside of said inner hardware-based access barrier or firewall, comprising;connecting said protected portion of the computer through at least a first connection to at least a first network of computers; connecting said unprotected portion of the computer through a second connection to a second network of computers including the Internet; controlling the computer from the protected portion through the first network; and performing operations in the unprotected portion using the second network.
- at least two microprocessors;
Specification