System and method for implementing content and network security inside a chip
First Claim
Patent Images
1. A system, comprising:
- at least one chip configured to be installed in a mobile device, the at least one chip comprising;
an intercepting device configured to intercept untrusted data from an untrusted portion of a network, the intercepting occurring before execution by a mobile device processor of the mobile device;
a security engine configured to provide security instructions operative to implement a security policy, the security instructions for providing internet gateway security for the mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data; and
a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted data from the intercepting device, to evaluate the untrusted data for violations of the security policy to identify trusted data from the untrusted data in accordance with the security policy, and to provide the trusted data to the intercepting device for transmission to the mobile device processor for execution.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.
-
Citations
26 Claims
-
1. A system, comprising:
-
at least one chip configured to be installed in a mobile device, the at least one chip comprising; an intercepting device configured to intercept untrusted data from an untrusted portion of a network, the intercepting occurring before execution by a mobile device processor of the mobile device; a security engine configured to provide security instructions operative to implement a security policy, the security instructions for providing internet gateway security for the mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data; and a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted data from the intercepting device, to evaluate the untrusted data for violations of the security policy to identify trusted data from the untrusted data in accordance with the security policy, and to provide the trusted data to the intercepting device for transmission to the mobile device processor for execution. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
a mobile device comprising; an internal bus; a mobile device processor communicatively coupled to the internal bus; a memory module communicatively coupled to the internal bus; a storage module communicatively coupled to the internal bus; a communication module communicatively coupled to the internal bus; an intercepting device configured to intercept untrusted data from an untrusted portion of a network, and from the memory module, the storage module, or the communication module, the intercepting occurring before execution of the untrusted data by the first mobile device processor; a security engine configured to provide security instructions operative to implement a security policy, the security instructions for providing internet gateway security for the mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data; and a dedicated security system processor dedicated to security functions and configured to;
execute the security engine, thereby enabling the security engine to receive the untrusted data from the intercepting device, to evaluate the untrusted data for violations of the security policy to identify trusted data from the untrusted data in accordance with the security policy, and to provide the trusted data to the router intercepting device for transmission to the first mobile device processor for execution.- View Dependent Claims (6, 7, 8, 9)
-
10. A system, comprising:
-
a flash memory device comprising; flash memory media; an intercepting device configured to intercept untrusted data from an untrusted portion of a network, the intercepting occurring before execution by a mobile device processor of a mobile device; a security engine configured to provide security instructions operative to implement a security policy, the security instructions for providing internet gateway security for the mobile device, the mobile internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data; and a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to;
receive the untrusted data from the intercepting device, to evaluate the untrusted data for violations of the security policy to identify trusted data from the untrusted data in accordance with the security policy, and to provide the trusted data to the intercepting device for transmission to the mobile device processor for execution. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method, comprising:
-
storing security instructions operative to implement a security policy, the security instructions providing internet gateway security for a mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in untrusted data, the untrusted data from an untrusted portion of a network; loading the security instructions into a memory; executing the security instructions with a dedicated security system processor dedicated to security functions; intercepting, with an intercepting device in a communication chip, the untrusted data before execution by a mobile device processor of the mobile device; routing the untrusted data from the intercepting device to the dedicated security system processor; evaluating the untrusted data for violations of the security policy with the dedicated security system processor executing the security instructions to identify trusted data from the untrusted data in accordance with the security policy; and providing the trusted data from the dedicated security system processor to the intercepting device for transmission to the first mobile device processor for execution. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method, comprising:
-
storing security instructions operative to implement a security policy, the security instructions providing internet gateway security for a mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policypre-runtime security protection from malicious code in untrusted data, the untrusted data from an untrusted portion of a network; loading the security instructions into a memory; executing the security instructions with a dedicated security system processor dedicated to security functions; intercepting, with an intercepting device contained in a flash memory device, the untrusted data before execution by a mobile device processor of the mobile device; routing the untrusted data from the intercepting device to the dedicated security system processor; evaluating the untrusted data for violations of the security policy with the dedicated security system processor executing the security instructions to identify trusted data from the untrusted data in accordance with the security policy; and providing the trusted data from the dedicated security system processor to the intercepting device for transmission to the mobile device processor for execution. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A non-transitory computer readable medium configured to store instructions in a communication chip, the instructions executable by a dedicated security system processor to perform a method, the dedicated security system processor dedicated to security functions, and the method comprising:
-
before execution by a mobile device processor of a communication chip coupled to a mobile device, intercepting, using an intercepting device, untrusted data from an untrusted portion of a network; routing the untrusted data to the dedicated security system processor; evaluating the untrusted data with the dedicated security system processor executing security instructions operative to implement a security policy, the security instructions providing internet gateway security for the mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data, the security instructions checking for violations of the security policy, and the security instructions operative to identify trusted data from the untrusted data in accordance with the security policy; and providing the trusted data from the dedicated security system processor to the mobile device processor for execution.
-
-
26. A non-transitory computer readable medium configured to store instructions in a flash memory device, the instructions executable by a dedicated security system processor to perform a method, the method comprising:
-
before execution by a mobile device processor of flash memory media of a flash memory device coupled to a mobile device, intercepting, using an intercepting device, untrusted data from an untrusted portion of a network; routing the untrusted data to the dedicated security system processor; evaluating the untrusted data with the dedicated security system processor executing security instructions operative to implement a security policy, the security instructions providing internet gateway security for the mobile device, the internet gateway security including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted data, the security instructions checking for violations of the security policy, and the security instructions operative to identify trusted data from the untrusted data in accordance with the security policy; and providing the trusted data from the dedicated security system processor to the mobile device processor for execution.
-
Specification