Hacking-resistant computer design
First Claim
1. A computer system comprising:
- a first partition comprising;
a first CPU,at least one memory module,at least one write module,at least one I/O module,at least one data store comprising at least one data file, anda memory addressing structure, comprising;
at least one program code address range,at least one first partition data address range, andat least one second partition data address range;
at least one critical data file;
computer executable code stored in the program code address range, wherein the computer executable code comprises an operating system;
wherein the first CPU is configured to execute only the computer executable code stored in the program code address range;
wherein the computer executable code is hardware protected by hardware switch;
a bus, anda second partition comprising;
a second CPU,at least one data store comprising at least one data file, anda communication module coupled to a network;
wherein the first partition is interconnected to the second partition through the bus;
wherein the first partition is configured to execute a pull command to read data from the second partition and write the data to the at least one second partition data address range of the first partition;
wherein the first partition is configured to execute a push command to write data to the second partition;
wherein the first partition, with hardware protected computer executable code, cannot accept a push command from the second partition or a pull command from the second partition; and
wherein the second partition is restricted from accessing the first CPU or the at least one memory module.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition through a bus or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing between computer executable code, critical data files, and data files read from the second partition. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
21 Citations
20 Claims
-
1. A computer system comprising:
-
a first partition comprising; a first CPU, at least one memory module, at least one write module, at least one I/O module, at least one data store comprising at least one data file, and a memory addressing structure, comprising; at least one program code address range, at least one first partition data address range, and at least one second partition data address range; at least one critical data file; computer executable code stored in the program code address range, wherein the computer executable code comprises an operating system; wherein the first CPU is configured to execute only the computer executable code stored in the program code address range; wherein the computer executable code is hardware protected by hardware switch; a bus, and a second partition comprising; a second CPU, at least one data store comprising at least one data file, and a communication module coupled to a network; wherein the first partition is interconnected to the second partition through the bus; wherein the first partition is configured to execute a pull command to read data from the second partition and write the data to the at least one second partition data address range of the first partition; wherein the first partition is configured to execute a push command to write data to the second partition; wherein the first partition, with hardware protected computer executable code, cannot accept a push command from the second partition or a pull command from the second partition; and wherein the second partition is restricted from accessing the first CPU or the at least one memory module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising:
-
at least one partition computer comprising; a first partition comprising; at least one CPU, at least one memory module, at least one write module, at least one I/O module, at least one data store, and a memory addressing structure, comprising; at least one program code address range, at least one first partition data address range, and at least one second partition data address range; computer executable code stored in the program code address range wherein the computer executable code is hardware protected by hardware switch; wherein the at least one CPU of the first partition is configured to execute only the computer executable code stored in the program code address range; a bus; and a second partition comprising; at least one CPU, at least one memory module, at least one data store comprising at least one data file, and a communication module communicatively coupled to an external network; and wherein the first partition is interconnected to the second partition through the bus; wherein the first partition is configured to execute a pull command to read data from the second partition and write the data to the at least one second partition data address range of the first partition; wherein the first partition is configured to execute a push command to write data to the second partition; wherein the first partition, with hardware protected computer executable code, cannot accept a push command from the second partition or a pull command from the second partition; wherein the second partition restricted from accessing the first CPU or the at least one memory module; at least one separate computer communicatively coupled to the at least one I/O module; wherein the at least one separate computer is not communicatively coupled to an external network; wherein the at least one separate computer comprises at least one critical data file and at least one data segment; wherein the at least one write module is configured to read from or write to the at least one separate computer; wherein the second partition cannot read from or write to the at least one separate computer; and wherein the at least one separate computer cannot read from or write to the second partition. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification