Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments
DCFirst Claim
Patent Images
1. An information appliance comprising:
- at least one processing logic device for executing at least one instruction;
a first storage for storing first data and first program code including said at least one instruction and including a user data;
a second storage for storing second data;
a switching system for selectably and independently coupling and decoupling the processing logic device with the first storage and/or the second storage under automated control, the switching system receiving at least one control signal from the processing logic device for selecting a condition of the switching system;
the processing logic device operating in a control configuration and in a user data configuration according to the following conditions;
(i) the processing logic device may be coupled with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;
(ii) the processing logic device may not be coupled or only restrictively coupled to communicate known information with the first storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment;
(iii) the processing logic device may be coupled with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and
(iv) the processing logic device may be coupled with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
Information appliance, computing device, or other processor or microprocessor based device or system provides security and anti-viral, anti-hacker, and anti-cyber terror features, and can automatically create multiple sequentially or concurrently and intermittently isolated and/or restricted computing environments to prevent viruses, malicious or other computer hacking, computer or device corruption and failure by using these computing environments in conjunction with restricted and controlled methods of moving and copying data, combined with a process that destroys malicious code located in computing environments and data stores.
186 Citations
18 Claims
-
1. An information appliance comprising:
-
at least one processing logic device for executing at least one instruction; a first storage for storing first data and first program code including said at least one instruction and including a user data; a second storage for storing second data; a switching system for selectably and independently coupling and decoupling the processing logic device with the first storage and/or the second storage under automated control, the switching system receiving at least one control signal from the processing logic device for selecting a condition of the switching system; the processing logic device operating in a control configuration and in a user data configuration according to the following conditions; (i) the processing logic device may be coupled with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; (ii) the processing logic device may not be coupled or only restrictively coupled to communicate known information with the first storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; (iii) the processing logic device may be coupled with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and (iv) the processing logic device may be coupled with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for operating an information appliance of the type having at least one processing logic device for executing at least one instruction, a first storage for storing first data and first program code including said at least one instruction and including a user data, and a second storage for storing second data;
- the method comprising;
selectively and independently switching to couple and decouple the processing logic device with the first storage and/or the second storage under automated control upon receipt of at least one control signal from the processing logic device for selecting a condition of the switching system; operating the processing logic device in a control configuration and in a user data configuration according to the following conditions; (i) permitting coupling the processing logic device with the first storage when the processing logic is loaded with a program instruction not capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; (ii) not permitting coupling the processing logic device with the first storage or only restrictively permitting coupling the processing logic device with the first storage to communicate known information when the processing logic is loaded with a program instruction that may be capable of executing a data item that has intrusted content or that did not originate within a known controlled environment; (iii) permitting coupling the processing logic device with the second storage when the processing logic is loaded with a program instruction that may be capable of executing a data item that has untrusted content or that did not originate within a known controlled environment; and (iv) permitting coupling the processing logic device with the first storage and the second storage when the processing logic is loaded with a program instruction that is only capable of copying a data item from the first storage to the second storage or from the second storage to the first storage. - View Dependent Claims (13, 14, 15, 16)
- the method comprising;
-
17. An information processing device comprising:
-
a housing having a form factor of a computer PC Card and a plurality of PCCardBus interface connections; a plurality of processors disposed within said housing; a plurality of data stores disposed within said housing or coupled thereto; a protected data store portion selected from said plurality of data stores for storing at least a user data; a data store switch system coupled with said plurality of data stores, said switch system coupled with a data store switch configuration for configuring communication with one or more data store disposed within said housing; an I/O switch system coupled with at least one peripheral, said I/O system coupled with an I/O system configuration including a plurality of traits for configuring communication with said peripheral disposed within said housing; a plurality of computing environments, each said computing environment including at least one processor and identified by at least one trait selected from said plurality of traits, including; a data store switch communication path coupled with said data store switch, said data store switch communication path coupling at least one data store with said computing environment according to said data store switch configuration; an I/O switch communication path coupled with said I/O switch system, said I/O switch communication path for coupling said peripheral with said computing environment according to said I/O switch system configuration; said computing environment capable of performing a processing activity including receiving input from said I/O switch system and sending output to said I/O switch system, said processing activity performed independently of said processing activity of another computing environment; a control computing environment selected from said plurality of computing environments for configuring said data store switch configuration, for configuring said I/O switch system configuration, said data store switch configuration supporting communication between said control computing environment and said protected data store; and at least one user isolated computing environment selected from said plurality of computing environments; wherein said I/O switch system configuration is configured to direct a received input to at least one of said computing environment, said I/O switch system configuration is configured to direct an output generated by one or more of said plurality of computing environments to said peripheral. - View Dependent Claims (18)
-
Specification