System and architecture for secure computer devices

US 9,231,921 B2
Filed: 08/20/2013
Issued: 01/05/2016
Est. Priority Date: 08/20/2013
Status: Active Grant

First Claim

Patent Images

1. A secure computer comprising:

a plurality of peripheral subsystems for receiving, storing, retrieving from storage and outputting data;

a host system running an operating system and applications that receive, store, retrieve and output the data, the host system including a system bus and an interface for connecting the host system to an expansion bus that is separate and independent from the system bus, the expansion bus being one of a Peripheral Component Interconnect (PCI) and a PCI Express (PCIe) expansion bus;

a secure subsystem that controls access by the host system to the plurality of peripheral subsystems for receiving, storing, retrieving and outputting the data; and

a secure connection between the expansion bus interface of the host system and the secure subsystem that connects the plurality of peripheral subsystems to the host system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.

95 Citations

View as Search Results

20 Claims

1. A secure computer comprising:
- a plurality of peripheral subsystems for receiving, storing, retrieving from storage and outputting data;
  
  a host system running an operating system and applications that receive, store, retrieve and output the data, the host system including a system bus and an interface for connecting the host system to an expansion bus that is separate and independent from the system bus, the expansion bus being one of a Peripheral Component Interconnect (PCI) and a PCI Express (PCIe) expansion bus;
  
  a secure subsystem that controls access by the host system to the plurality of peripheral subsystems for receiving, storing, retrieving and outputting the data; and
  
  a secure connection between the expansion bus interface of the host system and the secure subsystem that connects the plurality of peripheral subsystems to the host system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The secure computer according to claim 1, wherein the host system comprises one of a x86 processor, ARM processor, MIPS processor, QorIQ processor and PowerPC CPU.
  - 3. The secure computer according to claim 1, wherein the plurality of peripheral subsystems includes one or more of a video subsystem, an audio subsystem, a storage subsystem, a networking subsystem and a Universal Serial Bus (USB) subsystem.
  - 4. The secure computer according to claim 1, wherein the secure subsystem is implemented by a Field-Programmable Gate Array (FPGA) or Application-Specific Integrated Circuit (ASIC).
  - 5. The secure computer according to claim 1, wherein the secure subsystem is configurable by a remote management system external to the secure computer.
  - 6. The secure computer according to claim 5, wherein the remote management system communicates with the secure subsystem via a network.
  - 7. The secure computer according to claim 5, wherein the remote management system specifies how the secure subsystem controls access to the plurality of peripheral subsystems by the host system.
  - 8. The secure computer according to claim 1, wherein the secure subsystem comprises an embedded processor.
  - 9. The secure computer according to claim 7, wherein the embedded processor comprises an ARM processor.
  - 10. The secure computer according to claim 1, wherein the plurality of peripheral subsystems comprises a Serial Advanced Technology Attachment (SATA) storage subsystem.
  - 11. The secure computer according to claim 10, wherein the SATA storage subsystem supports hard drives or solid state drives connected via SATA 1.5, 3.0 and 6.0 Gbs protocols.
  - 12. The secure computer according to claim 10, wherein the SATA storage subsystem manages prioritized access to an attached SATA storage device by the host system and the secure subsystem.
  - 13. The secure computer according to claim 10, wherein the secure subsystem performs one or more of encryption of data as it is stored by the SATA storage subsystem and anti-virus scanning of data by the SATA storage subsystem.
  - 14. The secure computer according to claim 10, wherein the secure subsystem performs automated backup of data stored by the SATA storage system.
  - 15. The secure computer according to claim 14, wherein the automated backup is performed transparently to the host system.
  - 16. The secure computer according to claim 2, wherein the USB subsystem supports any devices connected via USB 1.1, 2.0 or 3.0 protocols.
  - 17. The secure computer according to claim 16, wherein the secure subsystem performs one or more of encryption of data sent via the USB subsystem, gatekeeping of devices attempting to attach via the USB subsystem, and snooping of data sent or received via the USB subsystem.
  - 18. The secure computer according to claim 2, wherein the secure subsystem performs one or more of video overlay of video streams from the host system to the video subsystem, watermarking of video displayed via the video subsystem, analytics of screens displayed via the video subsystem, remote screen viewing of video displayed via the video subsystem and remote storing and analyzing of video displayed via the video subsystem.
  - 19. The secure computer according to claim 18, wherein the analytics comprises Optical Character Recognition (OCR).
  - 20. The secure computer according to claim 2, wherein the secure subsystem performs one or more of mixing of audio streams from the host system and secure subsystem for output via the audio subsystem, watermarking of audio streams output via the audio subsystem, and forwarding of audio output via the audio subsystem to a remote management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Janus Technologies, Inc.
Original Assignee
Janus Technologies, Inc.
Inventors
Raskin, Sofin, Wang, Michael, Porten, Joshua, Chin, Shaoan
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US13/971,677
Publication Number

US 20150058970A1
Time in Patent Office

868 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 13/385   for adaptation of a particu...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

System and architecture for secure computer devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

95 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and architecture for secure computer devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others