Method and apparatus enhancing computer system security

US 6,038,667 A
Filed: 10/14/1998
Issued: 03/14/2000
Est. Priority Date: 02/13/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system including a central processor unit, said central processor being plugged into a first socket on a first circuit board, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto through said first socket, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said respective plurality of control signal lines, said first control signal line including a first control signal, a method for enhancing the security of said computer system, said method comprising:

removing said central processor unit from said first socket;

replacing said central processor by plugging a second circuit board into said first socket, said second circuit board further having a second socket substantially identical to said first socket;

plugging said central processor unit into said second socket on said second circuit board; and

intercepting said first control signal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security enhanced computer system arrangement includes a coprocessor and a multiprocessor logic controller inserted into the architecture of a conventional computer system. The coprocessor and multiprocessor logic controller is interposed between the CPU of the conventional computer system to intercept and replace control signals that are passed over certain of the critical control signal lines associated with the CPU. The multiprocessor logic controller arrangement thereby isolates the CPU of the conventional computer system from the remainder of the conventional computer system, permitting separate control over the CPU and separate control over the remainder of the computer system. By controlling the control signals that are normally passed between the CPU and the remainder of the computer system, the multiprocessor logic controller permits the coprocessor to perform highly secure operations. These secure operations, selectable by a trusted operator or built in to a cooperating operating system, verify that the computer system is a trusted computing base which can be relied upon to perform its operations properly and without compromise.

Citations

22 Claims

1. In a computer system including a central processor unit, said central processor being plugged into a first socket on a first circuit board, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto through said first socket, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said respective plurality of control signal lines, said first control signal line including a first control signal, a method for enhancing the security of said computer system, said method comprising:
- removing said central processor unit from said first socket;
  
  replacing said central processor by plugging a second circuit board into said first socket, said second circuit board further having a second socket substantially identical to said first socket;
  
  plugging said central processor unit into said second socket on said second circuit board; and
  
  intercepting said first control signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1, wherein said step of intercepting said first control signal comprises:
    - disconnecting said first control signal line from said central processor unit;
      
      substituting a second control signal to/from said central processor unit in place of said first control signal by interposing said second control signal on said first control signal line.
  - 3. A method in accordance with claim 1, wherein said first control signal is a clock signal.
  - 4. A method in accordance with claim 1, wherein said first control signal is a interrupt signal.
  - 5. A method in accordance with claim 1, wherein said first control signal is a write strobe signal.
  - 6. A method in accordance with claim 1, wherein said first control signal is a read strobe signal.
  - 7. A method in accordance with claim 1, wherein said first control signal is a data ready signal.

8. A computer system comprising:
- a first processor having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said first processor on a respective plurality of control signal lines including a first control signal line being one of said respective plurality of control signal lines, said first control signal line including a first control signal;
  
  a multiprocessor logic controller for capturing said first processor unit; and
  
  a second processor, wherein, during said capturing, said multiprocessor logic controller assigns a second memory address space to said second processor and a first memory address space to said first processor, and wherein said second memory address space is non-accessible to said first processor; and
  
  whereinsaid multiprocessor logic controller captures said first processor by isolating said first processor from said second processor through a preventing of reception of said first control signal by said first processor, and wherein said multiprocessor logic selectively enables said second processor.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. A method in accordance with claim 8, wherein said step of preventing reception of said first control signal comprises:
    - disconnecting said first control signal line from said central processor unit;
      
      substituting a second control signal to/from said central processor unit in place of said first control signal by interposing said second control signal on said first control signal line.
  - 10. A method in accordance with claim 8, wherein said multiprocessor logic controller is responsive to said second processor to release said central processor unit by not preventing reception of said first control signal by said first processor.
  - 11. A method in accordance with claim 8, wherein said multiprocessor logic controller is responsive to said second processor to release said central processor unit by reconnecting said first control signal to said first processor.
  - 12. A method in accordance with claim 8, wherein said first control signal is a clock signal.
  - 13. A method in accordance with claim 8, wherein said first control signal is a interrupt signal.
  - 14. A method in accordance with claim 8, wherein said first control signal is a write strobe signal.
  - 15. A method in accordance with claim 8, wherein said first control signal is a read strobe signal.
  - 16. A method in accordance with claim 8, wherein said first control signal is a data ready signal.

17. A multiple processor system comprising:
- a first processor having a plurality of terminals for receiving a first plurality of control signals coupled thereto;
  
  a second processor;
  
  a multiprocessor logic controller for preventing reception of at least one of said first plurality of control signals by said first processor and for substituting at least one of a second plurality of control signals in place of said one of said first plurality of control signals, and for selectively enabling said first processor and said second processor, respectively, wherein, during said preventing reception, said multiprocessor logic controller assigns a second memory address space to said second processor and a first memory address space to said first processor, and wherein said second memory address space is non-accessible to said first processor.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. A multiple processor system in accordance with claim 17, wherein said one of said first plurality of control signals is a clock signal.
  - 19. A multiple processor system in accordance with claim 17, wherein said one of said first plurality of control signals is an interrupt signal.
  - 20. A multiple processor system in accordance with claim 17, wherein said one of said first plurality of control signals is a write strobe signal.
  - 21. A multiple processor system in accordance with claim 17, wherein said one of said first plurality of control signals is a read strobe signal.
  - 22. A multiple processor system in accordance with claim 17, wherein said one of said first plurality of control signals is a data ready signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Helbig Company LLC
Original Assignee
Walter A. Helbig Sr
Inventors
Helbig, Walter A. Sr.
Primary Examiner(s)
WRIGHT, NORMAN M

Application Number

US09/172,438
Time in Patent Office

517 Days
Field of Search

714/25, 714/26, 714/39, 714/46, 714/47, 714/9, 713/200, 713/201
US Class Current

726/16
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/567   using dedicated hardware

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2207/7219   Countermeasures against sid...

G06F 2211/1097   Boot, Start, Initialise, Power

G06F 2221/2101   Auditing as a secondary aspect

G06F 9/3879   for non-native instruction ...

Method and apparatus enhancing computer system security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus enhancing computer system security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links