System and method of protecting a system that includes unprotected computer devices
First Claim
Patent Images
1. A computer system, comprising:
- a back panel including a protected back panel portion and a non-protected back panel portion, including;
a first logical node;
a second logical node;
a back panel network that connects the first logical node to the second logical node for communication, wherein the first and second logical nodes are in the non-protected back panel portion;
a switch configured to the back panel network and associated with the first logical node, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network; and
an I/O controller that controls the switch to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion;
a first computer device connected to the first logical node;
a second computer device connected to the second logical node; and
a network interface unit (NIU) connected to the first computer device and a trusted network, wherein when the switch is in the blocked state, the first computer device is not in direct communication with the trusted network, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method to selectively isolate one or more unprotected computer devices from the rest of the computer system and/or from the network. The ability to isolate and/or authenticate the software and/or hardware on or interacting with the unprotected software and/or hardware provides for a secured system despite the presence or use of an unprotected computer device.
60 Citations
17 Claims
-
1. A computer system, comprising:
-
a back panel including a protected back panel portion and a non-protected back panel portion, including; a first logical node; a second logical node; a back panel network that connects the first logical node to the second logical node for communication, wherein the first and second logical nodes are in the non-protected back panel portion; a switch configured to the back panel network and associated with the first logical node, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network; and an I/O controller that controls the switch to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion; a first computer device connected to the first logical node; a second computer device connected to the second logical node; and a network interface unit (NIU) connected to the first computer device and a trusted network, wherein when the switch is in the blocked state, the first computer device is not in direct communication with the trusted network, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU. - View Dependent Claims (2, 3, 4, 5, 6, 17)
-
-
7. A computer system, comprising:
-
a back panel including a protected back panel portion and a non-protected back panel portion, including; a plurality of logical nodes; a back panel network that connects at least one of the plurality of logical nodes to another logical node for communication, wherein the plurality of logical nodes are in the non-protected back panel portion; a plurality of switches configured to the back panel network, wherein each of the switches is associated with respective one of the logical nodes, and each of the switches includes a blocked state for selectively isolating to block the respective one of the logical nodes from communicating with the back panel network, and an unblocked state for allowing the respective one of the logical nodes to be in communication with the back panel network; and an I/O controller that controls each of the plurality of switches to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion; a plurality of computer devices, each computer device is connected to a respective one of the logical nodes; a plurality of network interface units (NIUs), each NIU is connected to a respective one of the computer devices; and wherein each NIU is connected to a trusted network, wherein at least one of the plurality of computer devices connected to its respective logical node is not in direct communication with its respective trusted network when the switch associated with the same respective logical node is in the blocked state, and each of the plurality of computer devices is configured to send data to the trusted network via the respective NIU and receive data from the trusted network via the respective NIU. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for building a computer system that is to be connected to a trusted network, comprising:
-
configuring a back panel that includes a first logical node, a second logical node, an I/O controller, and a back panel network that includes a switch, wherein the back panel includes a protected back panel portion and a non-protected back panel portion, and wherein the first and second logical nodes are in the non-protected back panel portion and the I/O controller is in the protected back panel portion; configuring the I/O controller to control the switch, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network; configuring the back panel network to be in communication with the first logical node and the second logical node; configuring a first computer device to be in communication with the first logical node; configuring a second computer device to be in communication with the second logical node; configuring a network interface unit (NIU) to be in communication with the first computer device and the trusted network, wherein the first computer device is configured to not be in direct communication with the trusted network when the switch is in the blocked state, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU. - View Dependent Claims (14, 15, 16)
-
Specification