Isolation of non-secure software from secure software to limit virus infection
First Claim
1. A program-execution apparatus comprising:
- means for receiving both encrypted programs and unencrypted programs;
means for storing the received programs;
means for executing the stored programs; and
means for selectively preventing the executing means from executing the stored programs that were received unencrypted, while allowing the executing means to execute the stored programs that were received encrypted.
5 Assignments
0 Petitions
Accused Products
Abstract
A personal digital assistant (PDA) receives and executes both encrypted and unencrypted programs. Encrypted programs are fairly secure from virus infection, while unencrypted programs are not. To prevent contamination of the PDA with infected encrypted programs, only those encrypted programs that are keyed to the individual PDA'"'"'s unique device identifier can be decrypted and executed by that PDA. To prevent non-secure programs from corrupting secure programs and their data, programs that were received unencrypted are prevented from modifying programs that were received encrypted as well as data generated by their execution. When a user suspects a virus infection, the user pushes a special button on the PDA that prevents execution of programs that were received unencrypted and hence are suspected of being infected, while allowing continued execution of programs that were received encrypted and hence are presumed to be secure.
-
Citations
9 Claims
-
1. A program-execution apparatus comprising:
-
means for receiving both encrypted programs and unencrypted programs; means for storing the received programs; means for executing the stored programs; and means for selectively preventing the executing means from executing the stored programs that were received unencrypted, while allowing the executing means to execute the stored programs that were received encrypted. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A program-execution apparatus having a unique apparatus identifier and comprising:
-
a receiver for receiving both encrypted programs and unencrypted programs; a decryption engine for decrypting, into unencrypted programs, only those of the encrypted programs that are encrypted via an encryption arrangement that is based on said unique apparatus identifier; a memory for storing both the received programs and data generated by execution of the received programs; a processor for executing only unencrypted said stored programs, wherein execution of an unencrypted stored program may modify either another stored program or data generated by the other stored program; means for identifying both those stored programs that were received encrypted and those stored data that were generated by execution of the programs that were received encrypted; means for preventing the programs that were received unencrypted from modifying both the identified programs and the identified data; and means for selectively preventing the processor from executing the stored programs not identified by the identifying means while allowing the processor to execute the stored programs identified by the identifying means. - View Dependent Claims (7, 8, 9)
-
Specification