Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments

US 7,392,541 B2
Filed: 01/15/2004
Issued: 06/24/2008
Est. Priority Date: 05/17/2001
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. An information appliance comprising:

at least one processing logic device for executing at least one instruction;

a first storage for storing first data and first program code including said at least one instruction and including a user data;

a second storage for storing second data;

a switching system for selectably and independently coupling and decoupling the processing logic device with the first storage and/or the second storage under automated control, the switching system receiving at least one control signal from the processing logic device for selecting a condition of the switching system;

the processing logic device operating in a control configuration and in a user data configuration according to the following conditions;

(i) the processing logic device may be coupled with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;

(ii) the processing logic device may not be coupled or only restrictively coupled to communicate known information with the first storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;

(iii) the processing logic device may be coupled with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and

(iv) the processing logic device may be coupled with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Information appliance, computing device, or other processor or microprocessor based device or system provides security and anti-viral, anti-hacker, and anti-cyber terror features, and can automatically create multiple sequentially or concurrently and intermittently isolated and/or restricted computing environments to prevent viruses, malicious or other computer hacking, computer or device corruption and failure by using these computing environments in conjunction with restricted and controlled methods of moving and copying data, combined with a process that destroys malicious code located in computing environments and data stores.

186 Citations

18 Claims

1. An information appliance comprising:
- at least one processing logic device for executing at least one instruction;
  
  a first storage for storing first data and first program code including said at least one instruction and including a user data;
  
  a second storage for storing second data;
  
  a switching system for selectably and independently coupling and decoupling the processing logic device with the first storage and/or the second storage under automated control, the switching system receiving at least one control signal from the processing logic device for selecting a condition of the switching system;
  
  the processing logic device operating in a control configuration and in a user data configuration according to the following conditions;
  
  (i) the processing logic device may be coupled with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;
  
  (ii) the processing logic device may not be coupled or only restrictively coupled to communicate known information with the first storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;
  
  (iii) the processing logic device may be coupled with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and
  
  (iv) the processing logic device may be coupled with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. An information appliance as in claim 1, wherein the switching system can couple or decouple the processing logic device with the first storage and the second storage in at least the following ways:
    - (i) processing logic device coupled with the first storage only, (ii) processing logic device coupled with the second storage only, (iii) processing logic device coupled with the first and second storage concurrently, (iv) processing logic device coupled with neither the first storage nor the second storage.
  - 3. An information appliance as in claim 1, wherein the processing logic device comprises a microprocessor.
  - 4. An information appliance as in claim 1, wherein the processing logic device is selected from the set of processing logic circuits consisting of:
    - a microprocessor, a central processing unit (CPU), a controller, a micro-controller, an ASIC, a logic circuit, a programmable logic circuit, and combinations of these.
  - 5. An information appliance as in claim 1, wherein the information appliance is selected from the set of information appliances consisting of:
    - a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular telephone, a mobile telephone, a radio receiver, a radio transmitter, a GPS receiver, a satellite telephone, an automobile on-board computer, an aircraft on-board computer, a navigation device, a home appliance, a printing device, a scanning device, a camera, an electronic camera, a television receiver, a broadcast control system, an electronic instrument, a medical monitoring device, a security device, an environmental control system, a electronic device, and combinations of these.
  - 6. An information appliance as in claim 1, wherein the first data store and second data store are independently selectable and selected from the set of storage consisting of:
    - a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a chemical memory, a magnetic memory, a molecular memory, a micro-drive, a flash memory, a compact flash card memory, a RAM memory, a ROM memory, and combinations thereof.
  - 7. An information appliance as in claim 1, wherein said at least one processing logic device comprises a plurality of processing logic devices.
  - 8. An information appliance as in claim 7, wherein at least one of said plurality of processing logic devices comprises at least one microprocessor and said at least one instruction comprises a plurality of computer program code segments from an operating system and a plurality of computer program code segments from an application program;
    - and wherein said switching system is coupleable to said microprocessor for receiving switch control commands for altering the switch configuration to selectably couple and decouple the microprocessor with the first and second storage.
  - 9. An information appliance as in claim 8, wherein the plurality of processing logic devices are intermittently sequentially isolated and communicatively restricted, by an automated control system executing one of the processing logic devices.
  - 10. An information appliance as in claim 9, wherein the plurality of processing logic devices and at least said first and second storage are dynamically configurable to create computing environments having determined characteristics.
  - 11. An information appliance as in claim 8, wherein the second storage is configured to perform as a temporary storage during a processing operation when it is coupled with the processing logic device and automatically erased after each processing has occurred independent if the processing completed with error condition or without error condition, where an error condition may include detection of a virus or other malicious code execution.

12. A method for operating an information appliance of the type having at least one processing logic device for executing at least one instruction, a first storage for storing first data and first program code including said at least one instruction and including a user data, and a second storage for storing second data;
- the method comprising;
  
  selectively and independently switching to couple and decouple the processing logic device with the first storage and/or the second storage under automated control upon receipt of at least one control signal from the processing logic device for selecting a condition of the switching system;
  
  operating the processing logic device in a control configuration and in a user data configuration according to the following conditions;
  
  (i) permitting coupling the processing logic device with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;
  
  (ii) not permitting coupling the processing logic device with the first storage or only restrictively permitting coupling the processing logic device with the first storage to communicate known information when the processing logic is loaded with a program instruction that may be capable of executing a data item that has intrusted content or that did not originate within a known controlled environment;
  
  (iii) permitting coupling the processing logic device with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and
  
  (iv) permitting coupling the processing logic device with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method for operating an information appliance as in claim 12, further comprising:
    - erasing the second storage after any processing logic device has used said second storage to process a user data.
  - 14. A method for operating an information appliance as in claim 12, wherein the information appliance is selected from the set of information appliances consisting of:
    - a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular telephone, a mobile telephone, a radio receiver, a radio transmitter, a GPS receiver, a satellite telephone, an automobile on-board computer, an aircraft on-board computer, a navigation device, a home appliance, a printing device, a scanning device, a camera, an electronic camera, a television receiver, a broadcast control system, an electronic instrument, a medical monitoring device, a security device, an environmental control system, a electronic device, and combinations of these.
  - 15. A method for operating an information appliance as in claim 12, wherein said at least one processing logic device comprises a plurality of processing logic devices.
  - 16. A method for operating an information appliance as in claim 15, wherein at least one of said plurality of processing logic devices comprises at least one microprocessor and said at least one instruction comprises a plurality of computer program code segments from an operating system and a plurality of computer program code segments from an application program;
    - and wherein said switching system is coupleable to said microprocessor for receiving switch control commands for altering the switch configuration to selectably couple and decouple the microprocessor with the first and second storage.

17. An information processing device comprising:
- a housing having a form factor of a computer PC Card and a plurality of PCCardBus interface connections;
  
  a plurality of processors disposed within said housing;
  
  a plurality of data stores disposed within said housing or coupled thereto;
  
  a protected data store portion selected from said plurality of data stores for storing at least a user data;
  
  a data store switch system coupled with said plurality of data stores, said switch system coupled with a data store switch configuration for configuring communication with one or more data store disposed within said housing;
  
  an I/O switch system coupled with at least one peripheral, said I/O system coupled with an I/O system configuration including a plurality of traits for configuring communication with said peripheral disposed within said housing;
  
  a plurality of computing environments, each said computing environment including at least one processor and identified by at least one trait selected from said plurality of traits, including;
  
  a data store switch communication path coupled with said data store switch, said data store switch communication path coupling at least one data store with said computing environment according to said data store switch configuration;
  
  an I/O switch communication path coupled with said I/O switch system, said I/O switch communication path for coupling said peripheral with said computing environment according to said I/O switch system configuration;
  
  said computing environment capable of performing a processing activity including receiving input from said I/O switch system and sending output to said I/O switch system, said processing activity performed independently of said processing activity of another computing environment;
  
  a control computing environment selected from said plurality of computing environments for configuring said data store switch configuration, for configuring said I/O switch system configuration, said data store switch configuration supporting communication between said control computing environment and said protected data store; and
  
  at least one user isolated computing environment selected from said plurality of computing environments;
  
  wherein said I/O switch system configuration is configured to direct a received input to at least one of said computing environment, said I/O switch system configuration is configured to direct an output generated by one or more of said plurality of computing environments to said peripheral.
- View Dependent Claims (18)
- - 18. An information processing device as in claim 17, wherein:
    - the plurality of processors are independently selected from the set of processing logic circuits consisting of;
      
      a microprocessor, a central processing unit (CPU), a controller, a micro-controller, an ASIC, a logic circuit, a programmable logic circuit, and combinations of these; and
      
      the plurality of data store are independently selectable and selected from the set of storage consisting of;
      
      a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a chemical memory, a magnetic memory, a molecular memory, a micro-drive, a flash memory, a compact flash card memory, a RAM memory, a ROM memory, and combinations thereof.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Vir2us, Inc.
Original Assignee
Vir2us, Inc.
Inventors
More, Anthony B., Largman, Kenneth, Blair, Jeffrey
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/760,131
Publication Number

US 20040236874A1
Time in Patent Office

1,622 Days
Field of Search

None
US Class Current

726/17
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/575   Secure boot

G06F 21/71   to assure secure computing ...

Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments

First Claim

2 Assignments

Litigations

1 Petition

Accused Products

Abstract

186 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links