Personal computer internet security system

US 7,281,266 B2
Filed: 10/31/2006
Issued: 10/09/2007
Est. Priority Date: 09/05/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A software application stored as a computer program encoded onto memory installable on a personal computer, wherein the computer program comprises executable instructions for:

an isolated operating environment; and

a secondary operating system functional within the isolated operating environment on the personal computer,wherein primary data files of the personal computer are prevented from being accessed by malicious code from an external data source.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software application installable on a personal computer protects the computer'"'"'s primary data files from being accessed by malicious code (e.g., viruses, worms and trojans) imported from an external data source, such as the Internet. A master file serves as the image from which all other software code and functions are derived. Activation of the master image file establishes a secondary operating environment (isolation bubble) in which a secondary operating system including a browser and any other desired applications are installed and run. Access permissions for communications between the computer at large (primary operating system) and the secondary operating system to prevent any access to the files on the primary operating system from any operations originating from the secondary operation system. Activation of the secondary operating system is required before any connection to the Internet (or other external data source) is enabled.

11 Citations

View as Search Results

20 Claims

1. A software application stored as a computer program encoded onto memory installable on a personal computer, wherein the computer program comprises executable instructions for:
- an isolated operating environment; and
  
  a secondary operating system functional within the isolated operating environment on the personal computer,wherein primary data files of the personal computer are prevented from being accessed by malicious code from an external data source.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The software application of claim 1, wherein the isolated operating environment executable instructions include primary operating system (POS) permission code for modifying the POS permissions.
  - 3. The software application of claim 1, wherein the isolated operating environment executable instructions include installation code for checking and setting the isolated operating environment.
  - 4. The software application of claim 3, wherein the isolated operating environment executable instructions include installation code for checking and setting the isolated operating environment, wherein the installation code checks for a current installation condition of the software application.
  - 5. The software application of claim 4, wherein the installation code copies any files from the software application as are necessary in view of checking for the current installation condition of the software application.
  - 6. The software application of claim 4, wherein the installation code establishes short-cuts as are necessary in view of checking for the current installation condition of the software application.
  - 7. The software application of claim 1, wherein the isolated operating environment executable instructions include code checking and setting the isolated operating environment start up requirements.
  - 8. The software application of claim 7, wherein the isolated operating environment start up requirements include “
    - freshness”
      
      of secondary operating environment (SOE) files, allocation of volatile memory to the SOE, allocation of data storage to the SOE, READ ONLY condition of the primary operating system partitions and connections, state of intranet activity, READ ONLY condition of user access to primary operating system partitions.
  - 9. The software application of claim 1, wherein the isolated operating environment executable instructions include code checking and setting the isolated operating environment runtime requirements.
  - 10. The software application of claim 9, wherein the isolated operating environment runtime requirements are set to provide at least two run modes.
  - 11. The software application of claim 9, wherein the isolated operating environment runtime requirements are set to provide at least a run mode with met access and a run mode without met access.
  - 12. The software application of claim 1, wherein the isolated operating environment executable instructions include code checking and setting the isolated operating environment exit requirements.
  - 13. The software application of claim 1, wherein the isolated operating environment executable instructions includes code checking and setting the isolated operating environment exit requirements comprising disconnecting a secondary operating environment (SOE) from an met, closing a node interface, freeing an SOE volatile memory allocation, flushing a temporary data storage allocation, disconnecting from any SOE files and partitions, refreshing SOE boot file, and restoring an intranet connection.
  - 14. The software application of claim 1, wherein the isolated operating environment executable instructions include code checking and setting the isolated operating environment requirements, including:
    - allocating and connecting to a region of volatile memory for a secondary operating environment (SOE), allocating and connecting to a data storage space, providing a connection to a central processing unit of the personal computer, connecting to an external data source node, providing a connection to a video card of the computer, providing a connection to a sound card of the computer, providing a connection to a printer of the computer, providing a connection to a mouse and a keyboard of the computer, and forming a network bridge between the secondary operating system of the SOE and the primary operating system of the personal computer.

15. A method for securing a personal computer system from intrusion from an external data source comprising:
- requesting a connection with an external data source from a primary operating system; and
  
  accessing the external data source using a secondary operating system from within an isolated operating environment functioning separate from the primary operating system;
  
  wherein the isolated operating environment comprises at least one input/output (I/O) connection with the external data source,wherein the external data source is limited to operation within the isolated operating environment, andwherein the personal computer system is secured from malicious code contained in a file downloaded from the external data source.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, further comprising:
    - operating a software application from within the isolated operating environment.
  - 17. The method of claim 15, further comprising:
    - accessing the secondary operating system using a shortcut from the primary operating system.
  - 18. The method of claim 15, wherein the secondary operating system is operated in a safe operations mode.
  - 19. The method of claim 15, wherein the secondary operating system is assigned a default IP address.

20. A computer readable medium storing instructions installable on a personal computer for protecting primary data files of the personal computer from being accessed by malicious code by an external data source, the instructions comprising functionality to:
- provide an isolated operating environment comprising a secondary operating system, wherein the secondary operating system functions separate from a primary operating system (POS) on the personal computer;
  
  provide primary operating system permission codes to limit access to a node coupled to an external data source to the isolated operating environment under control of the secondary operating system;
  
  initiate an external data source interface session via the node within the isolated operating environment;
  
  allocate a memory space and a temporary data storage space to the secondary operating system for the duration of the session; and
  
  establish connectivity with the external data source via the node under control of the secondary operating system to isolate operative communication with the external data source to the isolated operating environment to protect the personal computer from malicious code derived from the external data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Burnt Hickory Company LLC
Original Assignee
Exobox Technologies Corp.
Inventors
Goodman, Reginald A., Copeland, Scott R.
Primary Examiner(s)
Smithers; Matthew
Assistant Examiner(s)
Fields; Courtney D.

Application Number

US11/591,112
Publication Number

US 20070044148A1
Time in Patent Office

343 Days
Field of Search

726/16, 713/176, 709/223
US Class Current

726/16
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 9/45558   Hypervisor-specific managem...

Personal computer internet security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Personal computer internet security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links