Methods of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

US 8,255,986 B2
Filed: 12/16/2011
Issued: 08/28/2012
Est. Priority Date: 01/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method of securely controlling through two private networks a computer configured to operate as a general purpose computer and configured for connection to the Internet, said computer comprising:

at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least an additional and separate first private network connection configured for connection to at least a separate, first private network of computers, at least said first separate private network connection being located in at least a first protected private unit of said computer, andat least a first inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects at least said first protected private unit of said computer and said at least one public unit of said computer;

wherein said first private unit, said public unit and said two separate network connections are separated by at least said first inner hardware-based access barrier or inner hardware-based firewall;

at least said first protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit,said second microprocessor or core or processing unit is separate from said first inner hardware-based access barrier or inner hardware-based firewall,at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, at least said second private network connection being located in at least a second protected private unit of said computer; and

said second protected private unit of the computer includes at least a third microprocessor or core or processing unit; and

said method comprising the steps of;

controlling at least one operation of said computer from said first private network of computers, said operation including at least transmitting data and/or code from said first private network of computers to said first separate private network connection in said first protected private unit of said computer;

receiving said data and/or code by said first microprocessor or core or processing unit in said first protected private unit of said computer;

transmitting data and/or code by said first microprocessor or core or processing unit in said first protected private unit to at least a part of said public unit;

controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and

receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and

transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first protected private unit.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securely controlling through a private network a computer protected by a hardware-based inner access barrier or firewall and optionally configured to operate as a general purpose computer connected to the Internet, comprising: two separate network connections separated by an inner hardware-based access barrier or inner hardware-based firewall protecting a private network connection configured for connection to a private network of computers but not protecting a public network connection configured for connection to a public network configured to include the Internet, the method including the step of controlling at least one operation of the computer, the control being provided through the private network and the operation involving data and/or code transmitted to the public network. Another method includes the step of controlling an operation of a second or third private protected unit of the computer, the control being provided through a second or third private network, respectively.

71 Citations

View as Search Results

27 Claims

1. A method of securely controlling through two private networks a computer configured to operate as a general purpose computer and configured for connection to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least an additional and separate first private network connection configured for connection to at least a separate, first private network of computers, at least said first separate private network connection being located in at least a first protected private unit of said computer, andat least a first inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects at least said first protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said first private unit, said public unit and said two separate network connections are separated by at least said first inner hardware-based access barrier or inner hardware-based firewall;
  
  at least said first protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit,said second microprocessor or core or processing unit is separate from said first inner hardware-based access barrier or inner hardware-based firewall,at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, at least said second private network connection being located in at least a second protected private unit of said computer; and
  
  said second protected private unit of the computer includes at least a third microprocessor or core or processing unit; and
  
  said method comprising the steps of;
  
  controlling at least one operation of said computer from said first private network of computers, said operation including at least transmitting data and/or code from said first private network of computers to said first separate private network connection in said first protected private unit of said computer;
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said first protected private unit of said computer;
  
  transmitting data and/or code by said first microprocessor or core or processing unit in said first protected private unit to at least a part of said public unit;
  
  controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and
  
  receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
  
  transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first protected private unit.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein at least one said controlling step includes remotely controlling said computer.
  - 3. The method of claim 1, wherein at least one said controlling step includes remotely providing administrative functions for said computer.
  - 4. The method of claim 3, wherein at least one said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 5. The method of claim 3, wherein at least one said controlling step includes performing at least one operation in the public unit of said computer.
  - 6. The method of claim 1, wherein said computer further comprises:
    - at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
      
      said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
      
      receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
      
      transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first or second protected private unit.

7. A method of securely controlling through two private networks a computer configured to operate as a general purpose computer and configured for connection to the Internet, said computer comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least an additional and separate first private network connection configured for connection to at least a separate, first private network of computers, at least said first separate private network connection being located in at least a first protected private unit of said computer, andat least a first inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects at least said first protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said first private unit, said public unit and said two separate network connections are separated by at least said first inner hardware-based access barrier or inner hardware-based firewall;
  
  at least said first protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit,said second microprocessor or core or processing unit is separate from said first inner hardware-based access barrier or inner hardware-based firewall,at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, at least said second private network connection being located in at least a second protected private unit of said computer; and
  
  said second protected private unit of the computer includes at least a third microprocessor or core or processing unit;
  
  said second protected private unit of said computer being located between said first protected private unit and said public unit of said computer; and
  
  said method comprising the steps of;
  
  controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second separate private network connection in said second protected private unit of said computer;
  
  receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
  
  transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or firewall to at least a part of said public unit or said first protected private unit.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein at least one said controlling step includes remotely controlling said computer.
  - 9. The method of claim 7, wherein at least one said controlling step includes remotely providing administrative functions for said computer.
  - 10. The method of claim 9, wherein at least one said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 11. The method of claim 9, wherein at least one said controlling step includes performing at least one operation in the public unit of said computer.
  - 12. The method of claim 7, wherein said computer further comprises:
    - at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of said computer;
      
      said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
      
      receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
      
      transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first or second protected private unit.

13. A method for an operator using at least one private network to securely control at least two computers of at least one cloud or other array or cluster of two or more computers, said computers being configured to operate as general purpose computers and configured for connection to the Internet, each of said at least two computers comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall;
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling at least one operation of each of said at least two computers from said private network of computers, said operation including at least transmitting data and/or code from said operator through said private network of computers to said separate private network connection in said protected private unit of each of said at least two computers;
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of each of said at least two computers; and
  
  transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit to at least a part of said public unit of each of said at least two computers.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein said controlling step includes remotely controlling said computer.
  - 15. The method of claim 13, wherein said controlling step includes remotely providing administrative functions for said computer.
  - 16. The method of claim 15, wherein said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 17. The method of claim 16, wherein said computer further comprises:
    - at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of said computer;
      
      said second protected private unit of the computer includes at least a third microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of said computer from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said computer; and
      
      receiving said data and/or code in at least a part of said second protected private unit of said computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
      
      transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first protected private unit.
  - 18. The method of claim 17, wherein said computer further comprises:
    - at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at leasta third protected private unit of said computer;
      
      said third protected private unit of the computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said computer; and
      
      receiving said data and/or code in at least a part of said third protected private unit of said computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
      
      transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first or second protected private unit.
  - 19. The method of claim 15, wherein said controlling step includes performing at least one operation in the public unit of said computer.

20. A method of at least a first computer securely controlling through a private network at least a second computer, said computers including personal computers, tablets, smartphones, or other general purpose computers and said computers being configured for connection to the Internet, each of said computers comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall;
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling by at least said first computer at least one operation of said second computer through said private network of computers, said control including at least transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit of at least said first computer to said separate private network connection in said protected private unit of at least said first computer;
  
  transmitting data and/or code from said separate private network connection in said protected private unit of at least said first computer through said private network of computers to said separate private network connection in said protected private unit of at least said second computer; and
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of at least said second computer from said separate private network connection in said protected private unit of at least said second computer; and
  
  transmitting said data and/or code by said first microprocessor or core or processing unit in said protected private unit to at least a part of said public unit in said second computer.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of claim 20, wherein said controlling step includes remotely controlling said computer.
  - 22. The method of claim 20, wherein said controlling step includes remotely providing administrative functions for said computer.
  - 23. The method of claim 22, wherein said controlling step includes remotely maintaining the computer, remotely testing the computer, or remotely updating an operating or application system of said computer.
  - 24. The method of claim 23, wherein each of said computers further comprises:
    - at least a separate, second inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, second private network connection configured for connection to at least a separate, second private network of computers, said at least a second private network connection being located in at least a second protected private unit of each said computer;
      
      said second protected private unit of each said computer includes at least a third microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of at least one of said computers from said second private network of computers, said operation including at least transmitting data and/or code from said second private network of computers to said second private network connection in said second protected private unit of said at least one computer; and
      
      receiving said data and/or code in at least a part of said second protected private unit of said at least one computer from said second private network of computers, said part of said second protected private unit including at least said third microprocessor or core or processing unit; and
      
      transmitting data and/or code by said third microprocessor or core or processing unit through said second inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first protected private unit of said at least one computer.
  - 25. The method of claim 24, wherein each said computer further comprises:
    - at least a separate, third inner hardware-based access barrier or inner hardware-based firewall that protects at least a separate, third private network connection configured for connection to at least a separate, third private network of computers, said at least a third private network connection being located in at least a third protected private unit of each said computer;
      
      said third protected private unit of each said computer includes at least a fourth microprocessor or core or processing unit,said method further comprising the steps of;
      
      controlling at least one operation of at least one said computer from said third private network of computers, said operation including at least transmitting data and/or code from said third private network of computers to said third private network connection in said third protected private unit of said at least one computer; and
      
      receiving said data and/or code in at least a part of said third protected private unit of said at least one computer from said third private network of computers, said part of said third protected private unit including at least said fourth microprocessor or core or processing unit; and
      
      transmitting data and/or code by said fourth microprocessor or core or processing unit through said third inner hardware-based access barrier or inner hardware-based firewall to at least a part of said public unit or said first or second protected private unit of said at least one computer.
  - 26. The method of claim 22, wherein said controlling step includes performing at least one operation in the public unit of said computer.

27. A method of at least a first computer securely controlling through a private network at least a second computer, said computers being configured for connection to the Internet, each of said computers comprising:
- at least one network connection configured for connection to at least a public network of computers including the Internet, said at least one network connection being located in at least one public unit of said computer,at least one additional and separate private network connection configured for connection to at least a separate, private network of computers, said at least one additional and separate private network connection being located in at least one protected private unit of said computer, andat least one inner hardware-based access barrier or inner hardware-based firewall that is located between and communicatively connects said at least one protected private unit of said computer and said at least one public unit of said computer;
  
  wherein said private and public units and said two separate network connections are separated by said at least one inner hardware-based access barrier or inner hardware-based firewall;
  
  said at least one protected private unit of the computer includes at least a first microprocessor or core or processing unit,said at least one public unit of the computer includes at least a second microprocessor or core or processing unit, configured to operate as a general purpose microprocessor or core or processing unit, andsaid second microprocessor or core or processing unit is separate from said inner hardware-based access barrier or inner hardware-based firewall; and
  
  said method comprising the steps of;
  
  controlling by at least said first computer at least one operation of said second computer through said private network of computers, said control including at least transmitting data and/or code by said first microprocessor or core or processing unit in said protected private unit of at least said first computer to said separate private network connection in said protected private unit of at least said first computer;
  
  transmitting data and/or code from said separate private network connection in said protected private unit of at least said first computer through said private network of computers to said separate private network connection in said protected private unit of at least said second computer; and
  
  receiving said data and/or code by said first microprocessor or core or processing unit in said protected private unit of at least said second computer from said separate private network connection in said protected private unit of at least said second computer; and
  
  transmitting said data and/or code by said first microprocessor or core or processing unit in said protected private unit to at least a part of said public unit in said second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Frampton E. Ellis
Original Assignee
Frampton E. Ellis
Inventors
Ellis, Frampton E.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US13/328,697
Publication Number

US 20120096537A1
Time in Patent Office

256 Days
Field of Search

726/11, 726/22, 726/30, 713/194
US Class Current

726/11
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/85   interconnection devices, e....

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

Methods of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Methods of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links