Apparatus and method for protecting a computer system against computer viruses and unauthorized access

US 6,931,552 B2
Filed: 05/02/2001
Issued: 08/16/2005
Est. Priority Date: 05/02/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A virus trap computer system for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said virus trap computer system comprising:

an embedded personal computer coupled to the host computer system, said embedded personal computer receiving all external computer communications that are directed to the host computer system;

means for monitoring the external computer communications and detecting whether the intrusion is present in the external computer communications; and

a password controller coupled to the embedded personal computer and a network interface, said password controller receiving an external communication from the network interface, identifying a password in the external communication, and in response to receiving a valid password, allowing the external communication access to the embedded personal computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed an apparatus and method for protecting a first computer system against an intrusion such as a computer virus or an unauthorized access. The apparatus comprises a second computer system that is coupled to the first computer system in a manner that permits the second computer system to receive all computer communications that are directed to the first computer system. The second computer system detects an intrusion before the intrusion reaches the first computer system. The second computer system deletes the intrusion by deleting the operating system and all other data on the second computer system. After the compromised operating system and data have been erased, a clean version of the operating system and data is supplied to the second computer system from a restoration controller within the second computer system, or from the first computer system, or from a backup copy of the clean version of the data.

Citations

41 Claims

1. A virus trap computer system for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said virus trap computer system comprising:
- an embedded personal computer coupled to the host computer system, said embedded personal computer receiving all external computer communications that are directed to the host computer system;
  
  means for monitoring the external computer communications and detecting whether the intrusion is present in the external computer communications; and
  
  a password controller coupled to the embedded personal computer and a network interface, said password controller receiving an external communication from the network interface, identifying a password in the external communication, and in response to receiving a valid password, allowing the external communication access to the embedded personal computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The virus trap computer system as set forth in claim 1 wherein the virus trap computer system is capable of deleting the intrusion by erasing data within the virus trap computer system.
  - 3. The virus trap computer system as set forth in claim 2 wherein the data erased by the virus trap computer system comprises one of:
    - a computer virus software program, an operating system of the virus trap computer system, and at least one computer software program within the virus trap computer system.
  - 4. The virus trap computer system as set forth in claim 2 wherein after the virus trap computer system has deleted the intrusion by erasing data within the virus trap computer system, the virus trap computer system is capable of receiving a clean version of data that existed in the virus trap computer system before the intrusion occurred.
  - 5. The virus trap computer system as set forth in claim 4 further comprising a restoration controller for supplying to the virus trap computer system, the clean version of the data after the virus trap computer system has deleted the intrusion by erasing data within the virus trap computer system.
  - 6. The virus trap computer system as set forth in claim 4 wherein the virus trap computer system receives the clean version of the data from one of:
    - (1) the host computer system, and (2) an external backup copy of the clean version of the data.
  - 7. The virus trap computer system as set forth in claim 1 further comprising a peripheral switch that switches control of at least one computer peripheral from the virus trap computer system to the host computer system and from the host computer system to the virus trap computer system.
  - 8. The virus trap computer system as set forth in claim 7 further comprising a control switch coupled to the host computer system, said control switch capable of causing the peripheral switch of the virus trap computer system to switch control of said at least one computer peripheral from the virus trap computer system to the host computer system.
  - 9. The virus trap computer system as set forth in claim 1 further comprising:
    - a data transfer switch coupled to the embedded personal computer and to the host computer system;
      
      wherein the data transfer switch transfers data from the host computer system to the embedded personal computer when the data transfer switch is set in read only mode; and
      
      wherein the data transfer switch transfers data from the embedded personal computer to the host computer system and from the host computer system to the embedded personal computer when the data transfer switch is set in read and write mode.
  - 10. The virus trap computer system as set forth in claim 9 wherein the data transfer switch is exclusively controlled by the host computer system.
  - 11. The virus trap computer system as set forth in claim 1 further comprising:
    - a mass storage device coupled to the embedded personal computer; and
      
      a restoration controller coupled to the embedded personal computer and to the mass storage device, restoration controller for (1) causing all data on the embedded personal computer and the mass storage device to be erased, and (2) after the data has been erased, supplying a clean version of the erased data to the embedded personal computer and to the mass storage device.
  - 12. The virus trap computer system as set forth in claim 11 further comprising:
    - a mass storage integrity controller coupled to the embedded personal computer and to the mass storage device, said mass storage integrity controller for detecting an intrusion on the mass storage device, and requesting the embedded personal computer to cause the restoration controller to cause all data on the mass storage device to be erased.
  - 13. The virus trap computer system as set forth in claim 1 wherein the password controller is coupled to the host computer system, and wherein the host computer system, in response to receiving a valid second level password from the password controller, allows the external communication access to the host computer system through the embedded personal computer and through a data transfer switch.

14. A virus trap computer system for protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, said virus trap computer system comprising:
- an embedded personal computer coupled to the host computer system, said embedded personal computer receiving all external computer communications that are directed to the host computer system, and detecting an intrusion before the intrusion reaches the host computer system;
  
  a mass storage device coupled to the embedded personal computer;
  
  a mass storage integrity controller coupled to the embedded personal computer and to the mass storage device, said mass storage integrity controller detecting an intrusion on the mass storage device;
  
  a restoration controller coupled to the embedded personal computer and to the mass storage device, said restoration controller deleting the intrusion by erasing data within the embedded personal computer and within the mass storage device, said restoration controller thereafter supplying a clean version of the erased data to the embedded personal computer and to the mass storage device; and
  
  a password controller coupled to the embedded personal computer and to a network interface, said password controller receiving a computer communication from the network interface, identifying a password in the computer communication, and in response to receiving a valid password, allowing the external computer communication access to one of;
  
  the embedded personal computer and the host computer system.
- View Dependent Claims (15, 16)
- - 15. The virus trap computer system as set forth in claim 14 wherein the embedded personal computer, the restoration controller, and the mass storage integrity controller are implemented on one integrated circuit chip.
  - 16. The virus trap computer system as set forth in claim 14 wherein the embedded personal computer, the restoration controller, the mass storage integrity controller, and the password controller are implemented on one integrated circuit chip.

17. A method of protecting a host computer system from an intrusion such as a computer virus or an unauthorized access, method comprising:
- coupling a virus trap computer system to the host computer system, said virus trap computer system comprising an embedded personal computer coupled to the host computer through a data transfer switch;
  
  coupling a password controller to the embedded personal computer and to a network interface;
  
  receiving a computer communication in the password controller from the network interface, said computer communication being directed to the host computer system;
  
  identifying a password in the computer communication;
  
  in response to receiving a valid password, sending the external computer communication to the embedded personal computer for transfer to the host computer system; and
  
  detecting the intrusion by the embedded personal computer before the intrusion reaches the host computer system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The method as set forth in claim 17 further comprising the step of:
    - deleting the intrusion by erasing data within the virus trap computer system.
  - 19. The method as set forth in claim 18 wherein the data erased by the virus trap computer system comprises one of:
    - a computer virus software program, an operating system of the virus trap computer system, and at least one computer software program within the virus trap computer system.
  - 20. The method as set forth in claim 18 further comprising the step of:
    - after the step of deleting the intrusion, receiving in the virus trap computer system, a clean version of data that existed in the virus trap computer system before the intrusion occurred.
  - 21. The method as set forth in claim 20 wherein the clean version of the data is provided by one of:
    - a restoration controller in the virus trap computer system, the host computer system, and an external backup copy of the clean version of the data.
  - 22. The method as set forth in claim 17 further comprising the steps of:
    - switching control of at least one computer peripheral between the virus trap computer system and the host computer system according to host computer system requirements utilizing a peripheral switch in the virus trap computer system; and
      
      using a control switch coupled to the host computer system to cause the peripheral switch of the virus trap computer to switch control of said at least one computer peripheral from the virus trap computer system to the host computer system.
  - 23. The method as set forth in claim 17 further comprising the steps of:
    - coupling a data transfer switch to the embedded personal computer and to the host computer system;
      
      transferring data from the host computer system to the embedded personal computer when the data transfer switch is set in read only mode;
      
      transferring data from the embedded personal computer to the host computer system and from the host computer system to the embedded personal computer when the data transfer switch is in read and write mode; and
      
      exclusively controlling the data transfer switch with the host computer system.
  - 24. The method as set forth in claim 17 further comprising the steps of:
    - coupling a mass storage device to the embedded personal computer;
      
      coupling a restoration controller to the embedded personal computer and to the mass storage device;
      
      in response to a signal from the restoration controller, causing all data on the embedded personal computer and on the mass storage device to be erased; and
      
      after the date has been erased, transferring a clean version of the erased data to the embedded personal computer and to the mass storage device.
  - 25. The method as set forth in claim 24 further comprising the steps of:
    - coupling a mass storage integrity controller to the embedded personal computer and to the mass storage device;
      
      detecting an intrusion in the mass storage device with the mass storage integrity controller; and
      
      requesting the embedded personal computer to instruct the restoration controller to erase all data on the mass storage device.
  - 26. The method as set forth in claim 17 further comprising the steps of:
    - coupling the password controller to the host computer system; and
      
      in response to receiving a valid second level password in the password controller, allowing the external computer communication access to the host computer system through the embedded personal computer and through the data transfer switch.

27. A virus trap for protecting an associated host computer from a computer virus received from an external source, virus trap comprising:
- a mass storage device that stores data and application programs;
  
  an embedded processor that controls the virus trap and runs the application programs;
  
  means for receiving communications from the external source and supplying the communications to the embedded processor;
  
  an integrity controller that monitors the data and application programs to detect unauthorized read or write operations;
  
  a restoration controller, responsive to a detection of an unauthorized read or write operation, for taking corrective action to erase corrupted data and/or applications associated with the detected unauthorized read or write operation, and to restore the erased data and/or applications with uncorrupted data and/or applications;
  
  a data transfer switch that transfers data to or from the host computer; and
  
  a password controller that verifies a password received from the external source and allows access to the data transfer switch only when the password controller positively verifies the password.

28. A virus trap for protecting an associated host computer from a computer virus received from an external source, said virus trap comprising:
- a mass storage device for storing data and application programs;
  
  an embedded processor for controlling the virus trap and running the application programs;
  
  a password controller for receiving and verifying a first-level password from the external source;
  
  means, responsive to a positive verification of the first-level password, for receiving communications from the external source and supplying the communications to the embedded processor;
  
  an integrity controller for monitoring the data and application programs to detect unauthorized read or write operations; and
  
  a restoration controller, responsive to a detection of an unauthorized read or write operation, for taking corrective action to erase corrupted data and/or applications associated with the detected unauthorized read or write operation, and to restore the erased data and/or applications with uncorrupted data and/or applications.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 29. The virus trap of claim 28, further comprising a data transfer switch connected to the host computer, wherein access to the data transfer switch is granted only when the password controller positively verifies a second-level password received from external source.
  - 30. The virus trap of claim 29, wherein the password controller notifies the host computer that the second-level password has been positively verified, and the host computer activates the data transfer switch in response.
  - 31. The virus trap of claim 30, wherein the host computer activates the data transfer switch in a unidirectional mode allowing only data transfers from the host computer to the virus trap.
  - 32. The virus trap of claim 30, wherein the host computer activates the data transfer switch in a bi-directional mode allowing data transfers from the host computer to the virus trap and from the virus trap to the host computer.
  - 33. The virus trap of claim 32, wherein the host computer deactivates the data transfer switch if no data is transferred for a predefined time period.
  - 34. The virus trap of claim 28, wherein the integrity controller also monitors system for the embedded processor.
  - 35. The virus trap of claim 34, wherein the restoration controller includes a memory for storing uncorrupted operating system software for the embedded processor.
  - 36. The virus trap of claim 35, wherein the memory in the restoration controller also stores uncorrupted data and/or application programs.
  - 37. The virus trap of claim 28, wherein the integrity controller sends a non-maskable interrupt to the embedded processor when an unauthorized read or write operation is detected, said interrupt causing the embedded processor to send an alert to a user the host computer.
  - 38. The virus trap of claim 37, wherein the restoration controller takes the corrective action when instructed to do so by the user of the host computer.
  - 39. The virus trap of claim 37, wherein the restoration controller takes the corrective action automatically upon determining either (1) corruption to the data or applications programs is severe, or (2) the user of the host computer does not respond to the alert for a predefined time period.
  - 40. The virus trap of claim 28, wherein the restoration controller performs a high-level restoration in which only data address tables are erased and restored, upon determining that the corruption to the data or application programs is not severe.
  - 41. The virus trap of claim 28, wherein the restoration controller performs a low-level restoration in which all data, application programs, and the operating system of the embedded processor are erased and restored, upon determining that the corruption to the data or application programs is severe.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JSM Technologies LLC
Original Assignee
Clyde R. Calcote, James B. Pritchard
Inventors
Pritchard, James B., Calcote, Clyde R.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US09/847,757
Publication Number

US 20020166067A1
Time in Patent Office

1,567 Days
Field of Search

713/165, 713/170, 713/188, 713200-202, 709223-224, 709/225, 709/229
US Class Current

726/34
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Apparatus and method for protecting a computer system against computer viruses and unauthorized access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for protecting a computer system against computer viruses and unauthorized access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links