Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code

US 7,849,360 B2
Filed: 02/16/2006
Issued: 12/07/2010
Est. Priority Date: 05/21/2001
Status: Active Grant

First Claim

Patent Images

1. A computer comprising:

a processor;

a memory coupled to the processor;

at least one non-volatile data store including a first data store and a second data store;

a data port;

a communication device for communicating over a communications link to an external device over an external network; and

at least one of a (i) data store switch and (ii) a communications device switch, the data store switch when present having a switch state and being operative to modify the accessibility of at least one of the first and second data stores according to an access status of said communications device, and the communications device switch when present being operative to modify the accessibility of said communications device by said computer including by said at least one data store according to the access status of said communications device;

the computer being operable to execute an external network access program; and

the processor programmatically recognizing the intended launch or actual launch of the external network access program and controlling the state of the data store switch to make the second data store the only accessible data store when data is received from the external network over the communications link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention may back up or recover a computing device. The computing device may include a user computing environment and a supporting environment which stabilizes and functionality of the user computing environment. The invention may include one or more external devices or removable media.

Citations

13 Claims

1. A computer comprising:
- a processor;
  
  a memory coupled to the processor;
  
  at least one non-volatile data store including a first data store and a second data store;
  
  a data port;
  
  a communication device for communicating over a communications link to an external device over an external network; and
  
  at least one of a (i) data store switch and (ii) a communications device switch, the data store switch when present having a switch state and being operative to modify the accessibility of at least one of the first and second data stores according to an access status of said communications device, and the communications device switch when present being operative to modify the accessibility of said communications device by said computer including by said at least one data store according to the access status of said communications device;
  
  the computer being operable to execute an external network access program; and
  
  the processor programmatically recognizing the intended launch or actual launch of the external network access program and controlling the state of the data store switch to make the second data store the only accessible data store when data is received from the external network over the communications link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A computer according to claim 1, wherein the at least one non-volatile data store comprises first and second data stores and said data-store switch for modifying the accessibility of at least one of the first and second data stores by the computer.
  - 3. A computer according to claim 2, wherein the data port is operative to mediate and selectively link the computer to other devices over the communications link.
  - 4. A computer according to claim 3, wherein the computer is operable in:
    - (i) a connected state wherein the computer may use the data port to obtain data from another device over the communications link and the data-store switch may enable the second data store, and in (ii) a disconnected state wherein the computer may not use the data port to obtain data from another device over the communications link and the data-store switch may enable the first data store, so that the computer may enable only one of the first and second data stores at any given time and the data store enabled depending upon whether the computer is accessing the communications link or not accessing the communications link, and data received over the communications link being isolated only to the second data store.
  - 5. A computer according to claim 4, wherein if the data received over the communications link included a virus, hacking, or other malicious executable code, then the virus, hacking, or other malicious executable code is confined to the second data store.
  - 6. A computer according to claim 4, wherein only the second data store is available during operation in the connected state, and only the first data store is available during operation in the disconnected state.
  - 7. A computer according to claim 4, wherein both the first data store and the second data store are available during operation in the disconnected state.
  - 8. A computer according to claim 2, wherein the computer synchronously switches the data port and the second data store so that the first data store is never accessible when the data port is active, thereby improving the resistance of the computer to viral infection and hacking.
  - 9. A computer according to claim 2, wherein the computer further comprises a communications device enabling switch for enabling and disabling access by the computer to the communications device.
  - 10. A computer according to claim 9, wherein the enabling and disabling access is accomplished by one of powering up or down the communications device and altering a state of a data line on a communications bus coupling the communications device to the computer to alter the ability of the communications device to transfer data to a data port of the computer;
    - andthe communications device operated in conjunction with the communications link is selected from the set of communications devices consisting of an acoustic modem, a POTS telephone line, a tap, an Ethernet, a wireless modem, and radiation-permeable space.

11. In a computer of the type having a processor, a memory coupled to the processor, at least one non-volatile data store including at least one of a first data store and a second data store, a data port, and a communication device for communicating over a communications link to an external device on a network;
- a method of operating the computer system to protect the system degradation by from viral, hacker, and other malicious code contamination, the method comprising;
  
  providing at least one of a (i) data store switch having a switch state, and (ii) a communications device switch; and
  
  ;
  
  (i) when the data-store switch is provided, operating the computer system to modify the accessibility of at least one of the first and second data stores according to an access status of said communications device; and
  
  (ii) when the communications device switch is provided, operating the computer system to modify the accessibility of said communications device by said computer including by said at least one data store according to the access status of said communications device;
  
  operating the computer system to execute a network access program within the processor;
  
  programmatically recognizing the intended or actual launch of the network access program by the processor; and
  
  controlling the state of the data-store switch to make the second data store the only accessible data store when data is received from the external device on the network over the communications link.

12. In a computer of the type having a processor, a memory coupled to the processor, at least one non-volatile data store including at least one of a first data store and a second data store, a data port, and a communication device for communicating over a communications link to an external device on a network;
- a method of operating the computer system to protect the system degradation by from viral, hacker, and other malicious code contamination, the method comprising;
  
  providing at least one of a (i) data store switch having a switch state, and (ii) a communications device switch; and
  
  ;
  
  (i) when the data-store switch is provided, operating the computer system to modify the accessibility of at least one of the first and second data stores according to an access status of said communications device; and
  
  (ii) when the communications device switch is provided, operating the computer system to modify the accessibility of said communications device by said computer including by said at least one data store according to the access status of said communications device;
  
  operating the computer system to execute a network access program within the processor;
  
  programmatically recognizing the intended or actual launch of the network access program by the processor; and
  
  controlling the state of the data-store switch to make the second data store the only accessible data store when data is received from the external device on the network over the communications link; and
  
  the at least one non-volatile data store comprises first and second data stores and said data-store switch for modifying the accessibility of at least one of the first and second data stores by the computer;
  
  the data port is operative to mediate and selectively link the computer to other devices over the communications link;
  
  the method further comprising operating the computer in;
  
  (i) a connected state wherein the computer may use the data port to obtain data from another device over the communications link and the data-store switch may enable the second data store, and(ii) a disconnected state wherein the computer may not use the data port to obtain data from another device over the communications link and the data-store switch may enable the first data store, so that the computer may enable only one of the first and second data stores at any given time and the data store enabled depending upon whether the computer is accessing the communications link or not accessing the communications link, and data received over the communications link being isolated only to the second data store; and
  
  wherein if the data received over the communications link included a virus, hacking, or other malicious executable code, then the virus, hacking, or other malicious executable code is confined to the second data store.

13. A computing apparatus comprising:
- a processor and a memory coupled to said processor;
  
  at least one data store including a logical first and a second data store;
  
  means for providing virus and hacker code resistance to said computing device;
  
  means for providing a lockable network communication link that may be selectively and controllably locked and unlocked;
  
  multi-data storage server means including control means for repairing and replacing a failed server storage with an non-failed server storage;
  
  a plurality of computer peripherals and control means for cycling said plurality of peripherals; and
  
  means for supporting a plurality of different users and for separating a first users data from a second users data by enforcing user data security at a physical level rather than at the logical software level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vir2us, Inc.
Original Assignee
Vir2us, Inc.
Inventors
More, Anthony B., Largman, Kenneth, Blair, Jeffrey
Primary Examiner(s)
Beausoliel; Robert
Assistant Examiner(s)
Manoskey; Joseph D

Application Number

US11/358,371
Publication Number

US 20060143514A1
Time in Patent Office

1,755 Days
Field of Search

714/2, 714/7, 714/13, 714/19, 714/20, 714/23, 714/38, 726/3
US Class Current

714/13
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 11/1456   Hardware arrangements for b...

G06F 11/1469   Backup restoration techniques

G06F 11/1662   the resynchronized componen...

G06F 11/1666   where the redundant compone...

G06F 11/20   using active fault-masking,...

G06F 11/2094   Redundant storage or storag...

G06F 21/568   eliminating virus, restorin...

G06F 2201/84   Using snapshots, i.e. a log...

Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links