Method of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers
First Claim
1. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and
said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
said method comprising the steps of;
controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer;
receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and
transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of securely controlling through a private network a computer protected by a hardware-based inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, comprising: two separate network connections separated by an inner hardware-based access barrier or inner hardware-based firewall protecting a private network connection configured for connection to a private network of computers but not protecting a public network connection configured for connection to a public network configured to include the Internet, the method including the step of controlling at least one operation of the computer, the control being provided through the private network and the operation involving data and/or code transmitted through an out-only bus or channel. Another method includes the step of controlling an operation of a second or third private protected unit of the computer, the control being provided through a second or third private network, respectively.
65 Citations
29 Claims
-
1. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and said method comprising the steps of; controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer; receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
said method further comprising the steps of; controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit.
-
-
7. The method of claim 6, wherein said computer further comprises:
-
at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer; said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit, said method further comprising the steps of; controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.
-
-
8. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only or in-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; and wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit, and said out-only bus or channel includes a hardware output on/off switch; wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are also connected by at least one in-only bus or channel that includes a hardware input on/off switch; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and said method comprising the steps of; controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer; receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit; and receiving data and/or code from said public unit part through said in-only bus or channel to said first microprocessor or core or processing unit. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
said method further comprising the steps of; controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit.
-
-
14. The method of claim 13, wherein said computer further comprises:
-
at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer; said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit, said method further comprising the steps of; controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.
-
-
15. The method of claim 8, wherein said controlling step includes at least said first microprocessor or core or processing unit controlling said hardware output on/off switch and/or said hardware input on/off switch.
-
16. A method of securely controlling through a second private network a second private unit of a computer protected by an inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer; said second protected private unit of the computer includes at least a third microprocessor or core or processing unit, said method comprising the steps of; controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method of securely controlling through a third private network a third private unit of a computer protected by an inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; and wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer; said second protected private unit of the computer includes at least a third microprocessor or core or processing unit, at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer; said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit, said method comprising the steps of; controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall, configured for connection to the Internet, said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least an out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and said method comprising the steps of; controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer; receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit. - View Dependent Claims (27)
said method further comprising the step of; receiving data and/or code from said public unit part through said in-only bus or channel to said first microprocessor or core or processing unit.
-
-
28. A method of securely controlling through a second private network a second private unit of a computer protected by an inner access barrier or firewall, configured for connection to the Internet, said computer comprising:
-
at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer, at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, and at least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit, said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, and said second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer; said second protected private unit of the computer includes at least a third microprocessor or core or processing unit, said method comprising the steps of; controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit. - View Dependent Claims (29)
said method further comprising the steps of; controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.
-
Specification