System and architecture for secure computer devices
First Claim
1. A secure computer comprising:
- a plurality of peripherals for receiving, storing, retrieving from storage and outputting data;
an expansion bus;
a host system running an operating system and applications that receive, store, retrieve and output the data, the host system including a system bus that is separate and independent from the expansion bus;
a secure subsystem that controls access by the host system to the plurality of peripherals for receiving, storing, retrieving and outputting the data;
a secure connection between the secure subsystem and the host system; and
peripheral connections between the secure subsystem and the plurality of peripherals, wherein the host system is incapable of accessing the plurality of peripherals for receiving, storing, retrieving from storage and outputting the data except through the secure subsystem via the secure connection,wherein certain of the peripheral connections comprise the expansion bus.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.
105 Citations
19 Claims
-
1. A secure computer comprising:
-
a plurality of peripherals for receiving, storing, retrieving from storage and outputting data; an expansion bus; a host system running an operating system and applications that receive, store, retrieve and output the data, the host system including a system bus that is separate and independent from the expansion bus; a secure subsystem that controls access by the host system to the plurality of peripherals for receiving, storing, retrieving and outputting the data; a secure connection between the secure subsystem and the host system; and peripheral connections between the secure subsystem and the plurality of peripherals, wherein the host system is incapable of accessing the plurality of peripherals for receiving, storing, retrieving from storage and outputting the data except through the secure subsystem via the secure connection, wherein certain of the peripheral connections comprise the expansion bus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A secure computer comprising:
-
a plurality of peripherals for receiving, storing, retrieving from storage and outputting data; an expansion bus, wherein the expansion bus comprises one of a Peripheral Component Interconnect (PCI) and a PCI Express (PCIe) expansion bus; a host system including an x86 processor running a Windows operating system and applications that receive, store, retrieve and output the data, the host system further including a system bus and an interface for connecting the host system to the expansion bus that is separate and independent from the system bus; a secure subsystem that is separate from the host system and includes one of a Field-Programmable Gate Array (FPGA) and an Application-Specific Integrated Circuit (ASIC) and having a processor core, the secure subsystem controlling access by the host system to the plurality of peripherals for receiving, storing, retrieving and outputting the data; a secure connection between the secure subsystem and the host system; and peripheral connections between the secure subsystem and the plurality of peripherals, wherein the host system is incapable of accessing the plurality of peripherals for receiving, storing, retrieving from storage and outputting the data except through the secure subsystem via the secure connection, wherein certain of the peripheral connections comprise the expansion bus. - View Dependent Claims (16, 17, 18, 19)
-
Specification