Method of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

US 8,171,537 B2
Filed: 01/28/2011
Issued: 05/01/2012
Est. Priority Date: 01/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:

at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;

wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and

wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and

said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and

said method comprising the steps of;

controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer;

receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and

transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securely controlling through a private network a computer protected by a hardware-based inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, comprising: two separate network connections separated by an inner hardware-based access barrier or inner hardware-based firewall protecting a private network connection configured for connection to a private network of computers but not protecting a public network connection configured for connection to a public network configured to include the Internet, the method including the step of controlling at least one operation of the computer, the control being provided through the private network and the operation involving data and/or code transmitted through an out-only bus or channel. Another method includes the step of controlling an operation of a second or third private protected unit of the computer, the control being provided through a second or third private network, respectively.

65 Citations

View as Search Results

29 Claims

1. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
  
  wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer;
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and
  
  transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said controlling step includes controlling said computer remotely.
  - 3. The method of claim 1, wherein said controlling step includes remotely providing administrative functions for said computer.
  - 4. The method of claim 3, wherein said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 5. The method of claim 3, wherein said controlling step includes performing at least one operation in the public unit of said computer.
  - 6. The method of claim 3, wherein said computer further comprises:
    - at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
      
      said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,
7. The method of claim 6, wherein said computer further comprises:
- at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
  
  said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
  
  controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
  
  transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.

8. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall with an out-only or in-only bus or channel, said computer being configured to operate as a general purpose computer connected to the Internet, and said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; and
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall;
  
  wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least one out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit, and said out-only bus or channel includes a hardware output on/off switch;
  
  wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are also connected by at least one in-only bus or channel that includes a hardware input on/off switch; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer;
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer;
  
  transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit; and
  
  receiving data and/or code from said public unit part through said in-only bus or channel to said first microprocessor or core or processing unit.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein said controlling step includes remotely controlling said computer.
  - 10. The method of claim 8, wherein said controlling step includes remotely providing administrative functions for said computer.
  - 11. The method of claim 8, wherein said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 12. The method of claim 8, further comprising the step of performing at least one operation in the public unit of said computer.
  - 13. The method of claim 8, wherein said computer further comprises:
    - at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
      
      said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,
14. The method of claim 13, wherein said computer further comprises:
- at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
  
  said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
  
  controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
  
  transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.
15. The method of claim 8, wherein said controlling step includes at least said first microprocessor or core or processing unit controlling said hardware output on/off switch and/or said hardware input on/off switch.

16. A method of securely controlling through a second private network a second private unit of a computer protected by an inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
  
  said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,said method comprising the steps of;
  
  controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
  
  transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein said controlling step includes remotely controlling said second private protected unit of said computer.
  - 18. The method of claim 16, wherein said controlling step includes remotely providing administrative functions for said second private protected unit of said computer.
  - 19. The method of claim 16, wherein said controlling step includes remotely maintaining the second private protected unit of said computer, remotely testing the second private protected unit of said computer, or remotely updating an operating or application system of said second private protected unit of said computer.
  - 20. The method of claim 16, further comprising the step of performing at least one operation in the public unit of said computer.

21. A method of securely controlling through a third private network a third private unit of a computer protected by an inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer; and
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
  
  said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
  
  said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method comprising the steps of;
  
  controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
  
  transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access bather or inner hardware-based firewall to at least a part of said public unit or said protected private unit or said second protected private unit.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21, wherein said controlling step includes remotely controlling said third private protected unit of said computer.
  - 23. The method of claim 21, wherein said controlling step includes remotely providing administrative functions for said third private protected unit of said computer.
  - 24. The method of claim 21, wherein said controlling step includes remotely maintaining the third private protected unit of said computer, remotely testing the third private protected unit of said computer, or remotely updating an operating or application system of said third private protected unit of said computer.
  - 25. The method of claim 21, further comprising the step of performing at least one operation in the public unit of said computer.

26. A method of securely controlling through a private network a computer protected by an inner access barrier or firewall, configured for connection to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
  
  wherein said inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are connected by at least an out-only bus or channel that transmits data and/or code that is output from the at least one protected private unit to be input to the at least one public unit; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling at least one operation of said computer from said private network of computers, said operation including at least transmitting data and/or code from said private network of computers to said separate private network connection in said protected private unit of said computer;
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of said computer; and
  
  transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit through said out-only bus or channel to at least a part of said public unit.
- View Dependent Claims (27)
- - 27. The method of claim 26, wherein:
    - said out-only bus or channel also includes a hardware output on/off switch, andsaid inner hardware-based access barrier or inner hardware-based firewall is configured in a manner such that the at least one protected private unit and the at least one public unit are also connected by an in-only bus or channel that includes a hardware input on/off switch; and

28. A method of securely controlling through a second private network a second private unit of a computer protected by an inner access barrier or firewall, configured for connection to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall; and
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
  
  said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,said method comprising the steps of;
  
  controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
  
  transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said protected private unit.
- View Dependent Claims (29)
- - 29. The method of claim 28, wherein said computer further comprises:
    - at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
      
      said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Frampton E. Ellis
Original Assignee
Frampton E. Ellis
Inventors
Ellis, Frampton E.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US13/016,527
Publication Number

US 20110231926A1
Time in Patent Office

459 Days
Field of Search

726/11, 726/22, 726/30, 713/194
US Class Current

726/11
CPC Class Codes

G06F 21/71   to assure secure computing ...

G06F 21/85   interconnection devices, e....

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0209   Architectural arrangements,...

Method of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links