JP2007524161A - Separation multiplexed multidimensional processing in virtual processing space with virus, spyware and hacker protection features - Google Patents

Abstract

Information equipment, computing devices, or other processor- or microprocessor-based devices or systems provide security and anti-virus, anti-hacker, and anti-terrorism features, with multiple sequential or simultaneous and intermittent separation and Automatically generate restricted computing environments and, in connection with the restricted and controlled methods of moving and copying data, malicious code located in those computing environments and data storage devices; By being used in conjunction with a destructive process, the collapse and failure of viruses, malicious or other computer hackers, computers or devices can be prevented. Streams are time multiplexed with systems, devices, architectures and methods for maintaining the isolation of multiple processes running on a single physical processor. Virtual multidimensional processing space and virtual processing environment. Temporal multiplex processing in a single CPU. Process isolation using address control and mapping. Multiple processes are selected, configured, switched, and / or multiplexed in physical and / or virtual processing or computing space to create a physical and / or virtual processing or computing environment.
[Selection] Figure 20

Description

  The present invention relates generally to security for computers, information equipment, mobile communication devices, and other electronic devices, and anti-virus, anti-hacker and cyber-terrorism features, and more particularly to malicious code that may be present in the device. Numerous simultaneous or sequential temporal processing environments to prevent malicious code from affecting the system or other user or program data, as well as security to generate procedures and programs, and anti-virus, anti-hacker and anti-terrorism It relates to computers, information equipment, mobile communication devices, and other electronic and computing devices that support features.

  Related Applications: This application is incorporated by reference for Kennes Largman and Anthony B. More and 35 U.S. for both the following US patent applications invented by Jeffrey Blair. S. C. Claim the benefit of priority under 120. US Utility Patent Application No. 11 / 022,290 filed December 23, 2004 entitled “Isolated Multiplexed Multi-Dimensional Processing In A Virtual Processing Space Having Virus, Spyware, and Hacker Protection Features”; US Utility Patent Application Nos. 10 / 760,131 and 2004-10 entitled "Computer System Architecture And Method Providing Operating-System Independent Virus-, Hacker-, and Cyber-Terror-Immune Processing Environments" filed January 15, 2004. PCT / US2004 / 33955 filed on 13th of March.

  When based on prior art, computers, cellular phones, and a wide range of devices that use computer or processor technology include computer hackers, viruses, cyber terrorism, spyware, and / or other malicious or harmful computer programs. Susceptible to code. Although antivirus software is known, such antivirus software often becomes obsolete as each new virus is written or published. In addition, during the initial stages of such publication, some computers will typically suffer at least some damage. Although the use of firewalls and other safeguards is also known, firewalls are generally not incorporated into portable computers or portable computers that operate over public networks other than corporate information technology (IT) environments. There are a number of hacker technologies that always defeat the firewall. The global cost of damage from computer viruses, spyware, and hackers is estimated to reach tens of billions of dollars each year. More importantly, there is a dependency on computers to control and maintain the operation of air traffic, transportation systems, building environmental controls, stock markets, telephone systems, nuclear power plants, and other public and private infrastructure. As it grows more and more, the potential damage from such malicious code exceeds monetary estimates.

  There is a need for architectures, systems, and methods of operation that provide immunity from malicious activities such as computer hackers, viruses, spyware, cyber terror attacks, and the like. In a sense, there is a continuing need for a universal vaccine that counters such malicious agents. Also, unlike conventional computers where a user can initiate a “repair” on demand by returning to a known clean installation of operating system and application program software and / or data, files or data sets There continues to be a need for computers that reset or erase memory and data storage prior to opening the memory to create a known clean or sterile storage environment.

  The present invention provides security and anti-virus, anti-hacker and anti-terrorism features, and automatically generates a number of sequential or simultaneous and intermittently separated and / or restricted computing environments, By using these computing environments in conjunction with the process of destroying malicious code located in the computing environments and data storage in connection with the restrictions and controlled methods of moving and copying data, viruses, malicious Or, the collapse and failure of other computer hackers, computers or devices can be prevented.

  In one embodiment, the present invention provides an information equipment architecture, system, apparatus, and method for configuration and operation. The information device has a first storage device for programs and data, and processor logic, and is of a type that executes computer program instructions to perform a task with user data. Operates to create and maintain separate control processing environments and user processing environments. (1) User data having unknown or unreliable content is embedded in the user data in the control processor logic environment. And (2) when user data having unknown or unreliable content is separated from the first storage device in the user processor logic environment. Only exposed to a temporary storage device different from the first storage device. It is so.

  In another embodiment, the present invention stores at least one processing logic device for executing at least one instruction and first data and first program code including at least one instruction and including user data. A first storage device, a second storage device for storing second data, and a processing logic device selectively and independently coupled to the first storage device and / or the second storage device under automatic control And a switching system for isolating, comprising a switching system for receiving at least one control signal from the processing logic device and selecting a state of the switching system, the processing logic device comprising a control configuration and a user data configuration Operation on the basis of the following conditions: (i) processing logic The device may be coupled to the first storage device when program instructions are loaded into the processing logic that have unreliable content or cannot execute data items that did not occur in a known control environment, ii) The processing logic device is not coupled to the first storage device when program instructions are loaded into the processing logic that can execute data items that have unreliable content or did not occur in a known control environment. (Iii) the processing logic device may store the second storage when program instructions are loaded into the processing logic that can execute data items that have unreliable content or did not occur in a known control environment. And (iv) the processing logic device may be from the first storage device to the second storage device or Information that operates such that when a program instruction that can only copy a data item from two storage devices to a first storage device is loaded into processing logic, it may be coupled to the first and second storage devices Provide equipment. A method for configuring and operating the information appliance is also provided.

  Embodiments of the present invention select, configure, switch and / or multiplex multiple processes in physical and / or virtual processing or computing space to create a physical and / or virtual processing or computing environment. In one specific embodiment, temporal multiplexing of multiple processes is performed in a manner that maintains separation between processes, and problems in one process (such as running a program virus) are separated. The process or stored program or data is not affected. Separation may also be selectively overridden by a trusted administrator using trusted architectural elements and program elements.

  Embodiments of the present invention include devices, computers, notebook computers, personal data assistants, personal data organizers, cellular phones, mobile phones, wireless receivers, wireless transmitters, GPS receivers, satellite phones incorporating processing or computational logic. Computers mounted on automobiles, computers mounted on aircrafts, navigation devices, household devices, printing devices, scanner devices, cameras, digital cameras, television receivers, broadcast control systems, electronic instruments, medical monitoring devices, security devices, environmental control systems It can be applied to a variety of electronic devices and information appliances such as those selected from a set including, but not limited to, process monitoring or control systems, and combinations thereof.

  The present invention generally relates to computers, information equipment, mobile communication devices, cellular and mobile telephones, personal data assistants (PDAs), music storage and playback devices, data organizers, hybrid devices incorporating these functional elements, and other The present invention relates to electronic systems and devices. More particularly, the present invention relates to systems and devices that provide security features and anti-virus, anti-hacker and anti-terrorism features, and more particularly, multiple sequential or simultaneous and intermittent separation and / or Or automatically create limited computing environments and destroy malicious code located in those computing environments and data storage in connection with the restricted and controlled methods of moving and copying the data It also relates to a device that can be used in conjunction with a process to prevent the collapse and failure of viruses, malicious or other computer hackers, computers or devices.

  In the present invention, these needs are satisfied by providing architectures, systems, solutions, and methods for computing devices and other information equipment. This new solution creates computers and information devices that are inherently able to escape hackers and viruses and other malicious agents and code. Further, unlike computers that allow a user to initiate a “repair” on demand by reverting to a previous backup of the software, the architecture, system and method embodiments of the present invention open each file. Before doing so, the memory and data storage are reset or erased to maintain a known clean or sterile storage and processing environment. For example, by using this new technique, the data storage device can be automatically reformatted or erased and the memory is exposed to unreliable or unknown code in the computing environment or After and each time it may have been exposed, it can be cleared or reset before moving or opening a new file in the computing environment.

  With respect to this architecture, system and method, embodiments of the present invention provide a computing environment that is intermittently separated and / or communicationally constrained, which are generated and operated by an automated control system. And understand that it will end. Different isolation levels and / or levels of security or escape from malicious code can be implemented based on the needs of the computing environment and / or the need for devices that incorporate or use the computing environment.

  It protects computers and computing devices from hackers, viruses and cyber terrorism, as well as potential damage or intrusion such as spy software (spyware), keystroke recorders, and hackers, viruses, worms, Trojan horses, An architecture, system, apparatus, method, computer program, and computer program product for protecting against damage from similar threats and weaknesses are described. Cyber terrorism is an attempt to disable or weaken a computer system, for example, an attack initiated by attempting unauthorized access to a user's private data. The present invention provides a solution to potential cyber terrorism.

  Conventional computer systems typically include a processor, memory, display, display controller, and input / output controller. The present invention provides a plurality of special purpose subsystems (physically or temporally separated) housed within a computer system (or other device) housing or case. These special purpose subsystems typically perform limited functions and have limited interaction with other special purpose subsystems.

  General purpose or special purpose subsystem (also called “separated processing unit”, “separated computing environment” or more simply “computing environment” in some embodiments, sometimes further characterized by adjectives in functional description Can be designed for a number of purposes, including supporting information storage, performance of work, and handling of communications.

  Also, the computing environment and the elements of such a computing environment are modular, and the CSCE or CCE computing environment until a defective element or set of elements that make up the computing environment is replaced or repaired with a working part. It should also be noted that a control entity such as can be dynamically configured so that certain defective elements and / or computing environments can be decommissioned. Any diagnostic process that attaches the element (eg, via one or more switches) and tests and removes the element can be performed to identify and isolate the problem.

  The aspect of the computing environment will be described below. This description is somewhat general due to the wide range of specific embodiments and physical implementations that can be implemented. A computing environment may execute one or more computer program instructions. One or more computing environments can be coupled to the computer system. This computing environment can be represented by physical representations, logical representations, and / or a combination of physical and logical representations. In physical representation, the computing environment may incorporate a number of physical computer elements, such as a central processing unit (CPU), one or more memories, and one or more peripherals. In a logical computing environment display, a first computing environment can coexist with other computing environments by using one or more common computing elements. The first computing environment is such that communication is supported between the first computing environment and other computing environments that may communicate viruses, hackers, or other intentional or accidental malicious code or data. Are separated from other computing environments. For example, in one embodiment, only indirect communication of a limited set of information is performed. In another embodiment, direct communication is possible, but such communication is permitted, such as, for example, window screen coordinates, mouse position coordinates, or other data types and quantities, as described in further detail. It may be limited to a specific way to allow only data format and quantity. A filter or limiter may be used to restrict communication between the first computing environment and the second or other computing environment. In some embodiments, these filters and / or limiters are hardware circuits that cannot be corrupted by malicious code, and in other embodiments, software and / or firmware may be used for such filters or limiters. Well, in other embodiments, hybrid hardware-software / firmware filters and / or limiters may be used. Each computing environment typically includes processing activity that includes receiving input from one or more peripheral devices via an I / O switch system and sending output to one or more peripheral devices via the I / O switch system. Can be executed. A processing activity executed by one computing environment is usually independent of a processing activity of another computing environment. According to one embodiment of the present invention, the potential malicious processing activity of one computing environment does not directly interfere with the processing activity of another computing environment.

  According to one embodiment, the isolated computing environment and other physical or logical computing environments may reside in different address spaces corresponding to the computer system. As a result, each physical or logical computing environment is isolated from the operation of each other logical computing environment. Further, it will be apparent that various configurations may be used to manage the generation and operation of multiple ethical computing environments. In addition, operating systems (eg, Linux, Macintosh, Microsoft Windows®, and / or other operating systems) can be combined into a logical computing environment, a physical computing environment, and / or a combination of logical and physical computing environments. It should be understood that this can be accommodated.

  A control computing environment may be selected from the computing environment to configure and / or reconfigure the data storage switch system configuration and / or the I / O switch system configuration. The data storage switch system configuration can support communication between the control computing environment and the protected data storage device, as described above. According to one embodiment of the present invention, the initial boot sequence identifies initial configuration information in computer CMOS data to identify a control computing environment, a protected data storage device, and a data storage switch system configuration. And / or configuration of the I / O switch system configuration can be initiated.

  One or more user computing environments can be selected from the computing environment to perform computer processing separately from the control computing environment and other user computing environments. The user computing environment allows data (such as computer files) to be received through a data storage device that is communicatively coupled to the user computing environment. According to one embodiment, the control computing environment may be communicatively coupled to a first data storage device that may contain user information and a protected data storage device that may also contain user information. The control computing environment is configured to support copy information between the protected data storage device and the first data storage device. After the control computing environment initializes the first data storage device, the first data storage device is communicatively detached from the control computing environment and then user computed for use independently of the other computing environments. Installed in the environment. After the user computing environment completes an activity (eg, editing a file, receiving an email, etc.), the first data storage device is detachably attached from the user computing environment and attached to the control computing environment. Also good. Again, the control computing environment is configured to support copying information between the protected data storage device and the first data storage device. As a result, data may be saved independently of processing activity in the user computing environment. Accordingly, malicious code processed within the user computing environment will not corrupt other files and / or data stored in the protected data storage device.

  In one embodiment, sophisticated processing power, such as processing power that can provide the ability to execute malicious computer program code or software, is selectively and intermittently removed only during a copy operation. This sophisticated process or process itself is switched from an accessible state during a copy operation or disabled in response to a signal from the control entity and then re-enabled when the operation is complete. This operation may be used, for example, for a file save operation or may be used when copying data or a master template to a computing environment.

  Returning to the description of other features, in one embodiment, the storage special purpose subsystem or computing environment (or computing environment of the protected storage device) stores the data and allows the data to be accessed while allowing limited access to the stored data. Can be designed to search. A working special purpose subsystem (also called a separate processing unit computing environment) processes information to achieve the same results as a general purpose computer in various applications, but at the same time It can also be designed to protect user data from loss or corruption. A communication special purpose subsystem (or control and switching computing environment) can be designed to facilitate communication between other special purpose subsystems or computing environments.

  Each special purpose subsystem or computing environment typically communicates processing power, memory, logic, and the special purpose subsystem or computing environment with another (internal or external) element based on the processing to be performed. One, some combination, or all of the coupling interfaces may be included. The processing capability may be some form of computer processing unit (CPU) or ASIC. The processing capability may be a CPU of a computer system or a CPU shared by a number of special purpose subsystems. Accordingly, processing power associated with a special purpose subsystem may be used by a computer system or other special purpose subsystem.

  Exemplary features and aspects of the present invention will first be described to provide at least partial orientation to the architecture, features and advantages of the present invention. Following this description, a number of exemplary architectures and structural topologies are described in further detail to facilitate an understanding of both the broad scope of the present invention and the particular structural and methodological implementation. .

  Various embodiments of the present invention provide simultaneous and / or intermittent and sequential or temporal (time) separation and / or constraints on processing or computing environments, data storage and processes, and communications. In at least some embodiments, this separation and / or constraint may be prior to using the computing or processing environment for subsequent operations, e.g., before opening another file or data set for the operation. Combined with erasing, reformatting, resetting or other sterilization of the processing or computer environment used.

  In one embodiment, a computer system, or other device incorporating a computing system or capability, may erase / reset and copy all or part of the master template sequentially and automatically before each new file is opened. In doing so, a new type of self-repair feature can be provided based on repairing the computer or preventing defects in the first instance.

  In one embodiment, user data is stored in one or more simultaneously or intermittently sequentially separated and / or restricted data storage devices and / or intermittently separated and / or restricted protected computing environments. Is done. Here, the protected data storage device (s) or protected computing environment (s) can be referred to as a protected data storage device (PDS). The protected data storage device also stores any type of data such as user data and files, application program code programs or applets, operating systems or parts thereof, device drivers, status or status information, or some other type of information. it can.

  The structure, organization, and stored content of a protected data storage device or more general protected storage device can vary from system to system, but includes several features (including some optional features) that can be given: This is described below with reference to one embodiment. A protected data storage device includes, but is not limited to, data (user data, computer program code, email, web pages, instructions, operating system code, or other sets or collections of binary bits in the data storage device. ) Represents a data storage device used to store information in a manner that prevents data) from being executed. Therefore, the data is typically not exposed to a processing environment that performs processing or operations on the stored data or information based on the contents of the stored information. This same separation from exposure is also applied during data and software copy operations so that the malicious code contained therein cannot be executed until it enters a separate computing environment, where Even if it is exposed, it can be housed in a separate state at best by polluting its particular computing environment.

  According to one implementation of the present invention, a user file (e.g., a user word processing document, email, spreadsheet, Microsoft Outlook or other contact file, password, cellular phone number list, PDA stored data, or Other user data or programs) can be stored in the protected data storage device. In one embodiment, protection is a structure or data that stores data in a protected storage device, resulting in the execution of malicious code or binary sequences, such as may be present in a virus, robot, hacker code, or other malicious code. This is achieved by making the process inaccessible. Ideally, user operations such as editing the corresponding work processing document or opening and reviewing email messages (and their attachments) can be performed at a location (or other location) within the protected data storage and computer. It is performed in a copy of the original data independently of the original version of the document stored on an electronic device (eg PDA, cellular phone, analog or digital camera, or other information device). The separation of the protected storage of the original file or data set and the storage and operation for the copy of the file or data set will be described in detail elsewhere. In this regard, apart from a processor capable of executing a virus or other malicious code, such code is simply a collection of “0” and “1” bits, either stored in a data storage device or some data storage. It will be apparent that it does not matter if it is moved or copied from one device to another.

  One or more data storage devices of the present invention can be used to define a protected data storage device. A number of protected data storage devices may be arbitrarily defined but are usually not required. According to one embodiment of the present invention, the protected data storage device is independent of the processing environment in which user files can be modified, and user data or other files (possibly computer application programs, operating systems, and other non-users). (Including code or data). Note that the master template may be a form of non-user data stored in a type of protected storage. Alternatively, this may be referred to as a protected master template storage device.

  According to one configuration of the invention, the user's decision to edit a document causes the original version of the document to be copied from the protected data storage device to the second data storage device. A second version of the document can be generated using a user computing environment that can be coupled to a second data storage device for editing the original document. For example, an action by the user, such as saving a second version of a document, generates a series of instructions that copy the second version of the document back from the second data storage device to the protected data storage device. Copying the second version of the document back to the protected data store can overwrite the original version of the document.

  Including structures and procedures for storing and retrieving binary data in and from a protected data storage device and / or protected master template storage device, and malicious code or data stored in the same storage device or the same computer system How to operate on this protected information that is processed by the computing system without receiving certain data will be described in detail elsewhere in this specification.

  Returning to the description of the system, in order to protect the protected data storage device from the processing or execution of code that may occur with unknown code and potentially malicious code, the control computing environment may contact the protected data storage device as necessary. Separating and / or limiting communication simultaneously or intermittently is performed by switching communication. A directory of data in a protected data storage device can be created, for example, by a control computing environment or a protected storage computing environment (see further description of specific computing environment configurations made elsewhere herein). ), And this directory can communicate to a separate and / or restricted computing environment (for example, simultaneously or intermittently) such as a desktop computing environment. Embodiments of these control computing environments, protected storage computing environments and desktop computing environments, and other computing environments are described in detail elsewhere herein with reference to the accompanying drawings. Note that in one embodiment, the directory is formed by a protected storage computing environment that may include limited processing power. For example, this may include functions for reading and writing ASCII and extended ASCII file names and directories, and may include the ability to copy and move data, and may include the ability to create file directories. However, it generally does not include many other functions or capabilities required to verify or execute code or perform other functions that can be detrimental to the integrity of the system, program or data. This information may be collected by the control computing environment or transmitted to the control computing environment by the protected storage computing environment.

  In at least one embodiment of the present invention, one, more than one, or any combination of the following structures and / or procedures can be combined into a single computing environment configuration and / or process, and Note that it may be determined or may be dynamically determined and configured. That is, (a) control environment, (b) protected storage device, (c) desktop environment, (d) switch, (e) switch configuration, (f) reformat / erase environment, (g) video control environment, ( h) Video processing and combinations or subsets thereof. In addition or alternatively, any other structure and / or procedural element may be implemented as described elsewhere herein. Thus, for example, in one embodiment, the present invention can be configured with two computing environments, one of which includes all environments and switches and switch configurations, but excludes user computing environments and The second environment includes only the user environment.

  To open the user data, the user can select a file name located in or identified by the desktop computing environment, or display of data such as “shortcut” or “alias”. The actual file is not opened or executed in the desktop computing environment, and in the embodiment of the present invention, it does not actually exist in the desktop computing environment. Rather, this file name and location information (a pointer or reference to a file or data set) can be sent to a control computing environment that may not be separated from the desktop computing environment. In this embodiment, the control computing environment then separates the file corresponding to the file name selected by the user (or other designated entity) from the protected data storage device at a plurality of simultaneously or intermittently and / or It can be copied to one of the communication environments (for example, user computing environment # 1) limited in communication. In this example, a command is sent to user computing environment # 1 to open the file, and a command is sent to the switch (s) to end unrestricted communication with user computing environment # 1. The The architecture, systems, and methods associated with such operations are described in detail elsewhere herein.

  At least in part, for this reason, if user data is "infected" with malicious code and executed, it will damage or destroy other user data or information in storage devices protected from malicious code execution. But the first infected data file will be damaged. Also, if application program computer code or operating system program code is contaminated or compromised or may have been so, such contamination or compromise will affect the continuous operation of the system or device. It can be said that it does not reach. This is because, at best, the copy is contaminated or compromised and is not reused.

  In this embodiment, user computing environment # 1 can be connected to the control computing environment via any restricted communication path, which may be restricted in one or more of a number of ways. For example, the communication path may be limited by an ASIC limiter or filter that has a significantly limited communication capability, such as allowing only a predetermined set of ASCII characters to pass, and such a set and its order is feasible. It is known not to support instructions reliably or with a predetermined high probability. The limiter may, for example, compare the bit or character for which communication is attempted with a permitted set of bits or characters. In this particular embodiment, for example, a very limited number representing concepts such as “save file” and “erase / reset this computing environment” and / or Alternatively, it may contain or possess only the functions necessary to communicate the binary “0” or “1” bits of the combination or sequence to the control environment, eg, within a certain time period or certain events (1 One or more) may include a limit on the amount of information that can be communicated.

  Alternatively or additionally, for example, an electrical or optical light pulse or other signal is communicated to a receiver connected to the control environment, for example, one pulse means “save file” And a continuous pulse of two timings together can mean "Erase / Reset this computing environment". These are only examples, and it will be apparent to those skilled in the art in view of this document that other signaling mechanisms can be implemented that limit the amount or nature of the information, but provide the required behavior. .

  After the data storage device and its computing environment are “exposed” to the user document and thus potentially exposed to intentional or accidental malicious program code such as viruses, spy software, etc., the data storage device is fully It can be reformatted and / or cleared, erased and reset in any combination to eliminate all data such as hidden partitions, drivers, boot sectors, hidden codes, etc. The computing environment may also be “re-set” (eg, power cycling, otherwise cleared or reloaded) in a manner that ensures there is no residual contamination before the next use. .

  The switching and copying processes described above (and in various other embodiments described elsewhere herein) securely move data to and from the isolated computing environment and data storage device or storage subsystem. This process can be controlled and organized by the control computing environment and its associated software and connected switches. A master template (which will be described in detail in various embodiments elsewhere herein, but briefly contains or contains clean, uncontaminated executable code), as needed, Can be copied between data storage devices.

  A number of switches and switching systems and means are described with reference to a number of embodiments. Again, since the architecture, system and method of the present invention can be widely applied to a number of different physical implementations and device types, it will be described in a somewhat general manner. In one embodiment, a generic switch system is used to combine one or more sources and one or more destinations, between the source and destination, eg, 2 of many examples that can be named. If only one is named, communication can be supported between the first storage device and the second storage device or between the network interface card (NIC) and the computing environment. This communication may support bidirectional communication between the source and the destination, or may support only unidirectional communication. A typical switch system may be combined with a switch configuration that is used to determine which source should be combined with which destination. This switch configuration can be, for example, one or more logic circuits, data files, lookup tables, and / or connections or valid enabled between source (s) and destination (s). Other means for identifying or designating a particular communication path may be included. In one embodiment, the switch configuration can identify invalid or non-enabled communication paths, and in yet another embodiment, the switch configuration is invalid (non-null) between possible sources and destinations. Both enabled and enabled communication paths can be identified. A typical switch system can be implemented in hardware, software, and / or a combination of hardware and software.

  According to an embodiment of the present invention, a general switch system can be implemented in hardware as a physical switch. The source can be represented as an IDE drive and the destination can be represented as a computing environment. Each source can be coupled to a common switch system using IDE cables. Each destination can also be coupled to a generic switch system using IDE cables. According to one embodiment of the present invention, the switch configuration can be expressed based on the physical capabilities of the switch, and the IDE cable is physically coupled to the switch. Thus, the physical operation and / or twisting of the physical switch connects a given IDE cable corresponding to the source to a given second IDE cable corresponding to the destination to allow communication between the source and destination. Can be supported. Communication between the source and destination may support two-way communication. According to one embodiment of the invention, the switch can be operated manually and / or under the direction and / or control of one or more computing environments.

  According to one embodiment of the present invention, a typical switch system can be implemented in a combination of hardware and software, for example, through the use of a computer system coupled to the generic switch system. The computer system can execute one or more computer instructions and may be used to construct a general switch system. The multiple instructions may include, for example, configuration instructions, communication instructions, and access instructions. The configuration instructions can be used to configure communications to support enable or disable communications between a given source and destination. The communication instructions can be used to receive, transmit, and / or verify information regarding one or more configurations. For example, the communication command can be used to receive information for later use by the configuration command. Access instructions can be used to read and / or write information about the switch configuration. However, it will be apparent that other instructions and / or sets of instructions may be used.

  The data storage device switch system can include the functions of a general switch system, where the source represents the data storage device and the destination can represent the computing environment. The general configuration can be used to identify which data storage device is coupled to which computing environment. As described above, an IDE device can represent one embodiment of a data storage device that can be configured to support communication with one or more computing environments.

  In accordance with one embodiment of the present invention, data storage device switch systems can be combined in a data storage device switch system configuration that can expand the number and / or type of features corresponding to the general configuration. A feature of the data storage device switch system can further support configuration communication between the source and destination.

  I / O and / or other peripheral or device switch systems can include the functionality of a general switch system, where the source represents the peripheral and the destination can represent the computing environment. . The general configuration can be used to identify which data storage device is coupled to which computing environment. A keyboard device can represent one embodiment of a peripheral device that can be configured to support communication with one or more computing environments.

  In accordance with one embodiment of the present invention, I / O systems can be combined in an I / O system configuration that can expand the number and / or type of features corresponding to the general configuration. The features of the I / O switch system further support configuration communication between the source and destination. In such switch and communication path situations, in one embodiment, the data storage device switch communication path is used to couple the computing environment to the data storage device switch. The data storage device switch communication path is used to support communication with at least one data storage device based on the data storage device switch configuration, as described above. According to one embodiment, one of the data storage devices coupled to the computing environment includes an operating system that can be used as a computer boot device by the computing environment.

  Similarly, I / O switch communication paths are used to couple the computing environment to the I / O switch system. An I / O switch communication path can be used to couple one or more peripherals to one or more computing environments. An I / O switch system configuration can be used to direct output from one or more computing environments to a single output device. Similarly, an I / O switch system configuration can be used to direct input from a single peripheral computing device to one or more computing environments.

  The I / O switch system configuration can be configured to direct the received input (or output) to at least one computing environment based on the corresponding feature. The I / O switch system configuration also allows the output generated by one or more computing environments to be input / output based on the corresponding feature (see the feature description elsewhere in this document). It can be configured to point to or from a device, peripheral device, or other element in the system.

  Directing attention to another type of signal, in one embodiment, the video signal output from each separate computing environment is no longer able to execute malicious code (eg, the output goes to the graphic “Primitive and Attributes”). Note that they can be combined or mixed at a point during processing of these video signals (when converted and / or when the video signals are analog signals). This prevents windowed video signals representing processes performed in separate computing environments from being used as a medium that cross-contaminates different computing environments. (Note that not all computing environments require or generate a video output signal, because some processing, especially in specialized devices, can process data in the computing environment, (This is because it does not generate a signal that the user can see.)

  In one embodiment, the so-called “separated global toolbar” can also be used for certain or dynamic (eg, context sensitive) commands and / or other operations or functions. This separate global toolbar can appear in its own separate video layer or in the desktop computing environment to protect it from malicious code. Conveniently, the isolated global toolbar is always at the top or displayed in response to some user command or action so that the user or other trusted control entity can take action in one of the computing environments. Can be controlled directly. For example, if the user sees suspicious output represented in the windowed video portion of the display screen, the user can access the isolated global toolbar to perform the processing performed in the computing environment. The process including arbitrarily performing various options such as saving or not saving the file can be terminated. In one embodiment, this gives the user or human operator administrative control over the operation of the entire system as well as the operations performed within the computing environment. In principle, a global toolbar can allow any operation or function, but in some embodiments, a global toolbar has a more limited set of administrative functions or operations. In certain embodiments, the functions and operations accessible via the global toolbar can be set based on system defaults, administrator preferences, user preferences, or other rules or policies.

  In one embodiment, these functions and operations may be performed by computer program software instructions in addition to or separately from the functions. In other embodiments, there may be hardware elements, and in yet other embodiments, there may be a combination of hardware and software. Thus, each environment may be separated by software, switching and copying operations may be performed by software, and so on.

  Note that any procedural steps can be reduced or eliminated, and the functions of the computing environment described herein can be mixed and matched as needed. In some examples, the determination of whether to include or exclude any step or procedure is based on the threat environment, data and / or operational sensitivity, speed requirements, storage attributes (eg, magnetic storage To electronic RAM), and other factors. For example, the functionality of the control computing environment can be combined with a desktop computing environment and / or switch configuration, and / or a switch and / or protected storage.

  The principles of the present invention go beyond specific computer operating systems, application programs, user interfaces, or device types or characteristics. In essence, the architecture, system, method, and procedure of the present invention provide a logic circuit that can perform the intended logical or arithmetic operation using information (eg, in the form of binary bits). By applying different or additional information so that the intended operation is not performed or additional operations are performed. Susceptible to change or collapse. In modern devices such as computers, information equipment, cellular or other mobile phones, automotive electronics, home appliances, GPS receivers, PDAs, the logic is a controller, processor, microprocessor, or other programmable logic circuit. Or the logic means or the like, and the information used is computer program instructions and arbitrary data. In the future, optical computing systems currently under development will be further commercialized, and therefore the present invention is expected to be applicable to optical computing and information processing systems and optical processors.

  Although the description herein has focused attention on computer and computing environments, the present invention has logic for interpreting instructions and / or data, and thus is virus, hacker, spyware, cyber terrorism or others. It is clear that the present invention can be applied to all kinds of devices and systems that are susceptible to accidental or intentional malicious attacks by foreign agents.

  In the following, attention is directed to some features of conventional computing systems and to comparable aspects of various embodiments of the present invention. Since the present invention can be implemented in many different physical forms, a number of embodiments will be described as an example of how a typical system can be implemented. Those skilled in the art will appreciate that these are merely additional embodiments of the invention that implement some or all of these features.

  FIG. 1 is a diagram illustrating a typical laptop (or other) computer system 1900 according to the prior art. As is well known, this computer system includes a CPU 1508-1, a data storage device 1502-1 (usually in the form of a rotating magnetic hard disk drive), and one or more peripherals 1541-1, 1541-2,. ..Equipped with a case or housing in which electronic devices such as 1541-N and mechanical elements are placed. The housing or case 1902 typically also attaches or supports a pointing device such as a display screen 1904, a keyboard, and a mouse. In such a computer system 1900, additional external peripheral devices can be attached or connected via various connector ports that are usually provided. In such a conventional computing system, data storage device 1502-1 and peripheral device 1514-N are coupled to CPU 1508-1 in a fixed topology through the system and peripheral device bus, as is well known. For example, data storage device 1502-1, typically a hard disk drive or solid state memory (RAM), is always coupled to the CPU unless physically removed from system 1900. Similarly, CPU coupled memory is usually always coupled to the CPU unless removed, and in most conventional computing systems, some portion of such memory (eg, in the form of an on-chip cache) is always and permanent. Is coupled to the CPU. Similarly, peripheral devices such as CDROM, DVD reader / writer, network interface card (NIC), modem, floppy disk drive (FDD), wireless interface card, and other peripheral devices are coupled to the system. And coupled directly to the CPU or indirectly via fixed buses and interconnects. Since these connections are always present, it may provide an opportunity for viruses or other malicious code to be introduced into the CPU, CPU related memory, BIOS, or data storage. Such malicious codes may act immediately or remain dormant until some future time or event. Means for achieving such defenses and a level to escape such defenses will be described in detail with respect to embodiments of the present invention.

  FIG. 2 illustrates a desktop computer system, laptop computer system, notebook computer system, personal data assistant (PDA), fixed or mobile wired or wireless communication device (mobile phone, cellular phone, satellite phone, radio frequency transmitter and / or An information device such as a receiver is illustrated. In general, the structures, methods, computer programs, and computer program products of the present invention include or include at least one processing element, such as a controller or microcontroller, CPU, ASIC, microprocessor, logic circuit, or other processing element. It can be applied to and used with electronic devices or systems that can be adapted as such. (Other embodiments of the invention are also described, which may use two or more processing elements, including combinations of processing element types discussed herein.) Such systems may vary. Operations such as certain predetermined, dynamically determined or other logic, computation, word processing, email, network computation, music processing, video processing, internet browsing, voice processing or coding or decoding, digital cameras Can be implemented to perform picture or image acquisition or processing, GPS signal reception and processing, location navigation, entertainment in mobile phone digital cameras. It will be apparent to those skilled in the art that, in view of the description herein, a large number of electronic devices and systems fall within the applicable application sector. Although the present invention is particularly effective when virus protection and anti-hacker protection is desired, and when it is desired to process a large number of applications simultaneously, these two effects may be achieved separately.

  In the illustrated embodiment, a single computing environment, or more conveniently, in most embodiments of the systems and methods of the present invention, multiple multiple independent computing environments 1508-1, 1508-2, ... 1508-N is generated. These computing environments 1508 have features similar to the special purpose subsystem 1120 in the embodiments of FIGS. 7 and 8, and the similarities become more apparent after a number of embodiments of the present invention have been described in detail. Would. An independent computing environment may be used, for example, in any combination of hardwired or programmable arithmetic or logic circuits, programmable microcontrollers, processors, microprocessors, CPUs, ASICs, and perhaps as well known Supported by support elements such as microprocessor memory, power, etc., can be physically implemented. At least some embodiments provide a physical structure for generating a computing (processing) environment 1508 using a central processing unit (CPU), microprocessor, microcontroller, ASIC, or some combination. In some cases, the physical elements that support the desired computing environment are commanded with the complexity of the processing or computing task. In one embodiment, the elements that generate the computing environment are dynamically selectable and configurable. Such selection and configuration may be under the control of the user or, more generally, under the automatic control of the computing system 200 and determined at some predetermined or dynamic. Preferably based on measured physical or logical state, environmental conditions, processing requirements and complexity, application program size, and dataset size. . Spare elements can also be provided, and such spare elements (eg, CPU, memory, storage device, video processor, coprocessor, modem, network or Ethernet processor, etc.) can be replaced with a failed element. Can be switched. Also, the ability to dynamically allocate and configure provides efficiency when there should be a large number of computing environments. This is because it is not necessary to provide all processing capabilities for each environment.

  Computing environment 1508 is coupled to or coupled to peripherals 1514-1,... 1514-N or to I / O switch configuration data or logic 1512 via any I / O switch system 1510 based on switching commands. Or may be selectively combined. The requirements for any I / O switch system 1510 in a particular embodiment of the present invention may depend on factors such as the characteristics of the particular peripheral device and the degree of security or isolation required or desired. In certain embodiments, a peripheral device may be directly connected to one or selected computing environment, may be permanently connected, may be permanently disconnected, or switchable May be connected. The computer system 2000 of FIG. 2 may include, for example, a display device 1904 that is attached to and held by a case or frame 1902. It also generally includes input devices such as keyboards and pointing devices, which include many other aspects of input and output, such as voice input, touch screen, voice or verbal computer-generated speech, etc. If given, it is not required. Also, the LCD display may take the place of the computer screen in devices such as cellular phones, PDAs and digital cameras, among other devices.

  As with the other switches and switch systems described herein, switching is a mechanical that achieves the desired switching and maintains the desired or necessary voltage, current, isolation, impedance, termination, and / or electrical characteristics. It can be any one, multiple, or many of electrical, electronic, transistor, diode, microprocessor, digital or analog. For example, a switch that connects or disconnects a hard disk drive to the CPU does so without damaging the CPU or the hard disk drive. In certain situations involving certain devices, switching may turn off the device or parts of the device, or otherwise limit the operating voltage or current, or stop the clock to the device, or the data line Alternatively, it can be accomplished by interrupting the communication path but not the power line, or by other ways of stopping operation as is well known in the art. As described elsewhere herein, in some examples, these switching operations are guaranteed isolation levels between the elements of the computing system and the different computing environments 1508-1, ... 1508-N. Is intended to give

  Also, multiple computing environments (also referred to as special purpose subsystems 1120 in the embodiments of FIGS. 7 and 8) may be connected to one or more data storage devices 1502 through the data storage device switch system 1504 based on switching commands. Or can be selectively coupled to or coupled to data storage device switch configuration data or logic 1506. The data storage device may be any combination of storage devices known or under development in the art, such as rotating magnetic hard disk drives, rotating or non-rotating optical storage media, CD, DVD, holographic recording, nanotechnology Including, but not limited to, base storage devices, solid state memory (RAM, ROM, EEPROM, CMOS, etc.), molecular and atomic storage devices, chemical memory, and other storage devices or systems. The individual logical storage elements 1502-1, 1502-2,... 1502-N are configured or divided into a single physical device, or a combination of physical devices, or a single For logical storage device 1502-2 (for example), a number of different physical devices may be used to provide the desired or required storage capacity, the speed at which data is copied to the device, the speed at which data is written from the storage device, the clear and It will be apparent that / or erase or overwrite speed and performance, or other operating characteristics are available. For example, in one embodiment for a notebook computer, several data storage devices 1502 are implemented as logical partitions of a single physical hard disk drive. In another embodiment, all data storage devices 1502 are implemented with solid state memory devices to provide fast read, write and erase speed performance. Various types of multi-port memory formats and architectures are available and can be used. For example, a Rambus memory may be used with a conventional memory chip. In yet another embodiment, multiple data storage devices 1502 are implemented as individual platters or disks on a multi-disk hard magnetic disk drive. Such a drive can have a single controller and a control set of read / write heads, or can have separate controllers and actuator arms and read / write heads that can optionally operate independently, Ensures separation of data paths, which allows malicious code (eg, from viruses, robots, or computer hackers) to move from one computing environment to another and intended separation of multiple computing environments Ensure that sex and independence cannot be destroyed.

  For physically small devices (eg, PDAs, mobile phones, or other communication devices), it is expected that it is preferable to use only solid state memory compared to memory with mechanical moving parts. This is because energy consumption is low, size is small, calorific value is low, access speed is fast, read / write speed is fast, and erase speed is fast and easy to erase. Such solid state memory may be integral to the device (eg, mobile phone) or may be external but pluggable through mechanical and electrical connectors or coupling (eg, Microsoft Windows operating system). (OS) and PalmPilot OS-based PDA; PDA and cellular phone combination; PDA, cellular phone and digital camera combination device; digital camera; cellular phone; digital audio and / or video recorder and player; MP3 player; By using a Sony SmartMedia®, a compact memory card or module that can be used as a basic or additional memory for other devices and memory systems known in the art. In addition, although it is not solid state, a small and inexpensive storage device and subsystem can be used.

  Comparing the conventional computer system 1900 of FIG. 1 with the embodiment 2000 of the present invention of FIG. 2 reveals a number of differences. In conventional systems, the data storage device 1502-1 is connected directly to the CPU 1508-1 or connected via a slightly fixed and permanent connection, eg, one or more buses or interconnects. . (In some cases, for certain device types, the need for specific storage devices, peripheral devices, or other system elements during computer operation, not under program control, but at times based on processing operations. Or, mechanical and manual disconnection is possible, as desired.) Compared to the conventional system 1900, the number of data storage devices 1502-1,. Based on the state of the data storage device switch system 1504, it is coupled through the data storage device switch system to a computing environment (eg, a computing environment that includes some processing or computing power, such as but not limited to a CPU). In general, any one of the data storage devices 1502 is coupled to any one of the computing environments or none. More generally, a given data storage device is intermittently coupled or connected to a computing environment when there is a need for coupling or connection, and a particular data storage device 1502 is disconnected during the presence of the computing environment. May change. A prevailing default is that such data storage and other devices are not coupled or connected unless access is specifically desired, required, and allowed by the controller or controlling computing environment.

  Further, in embodiments of the present invention, pairing or switching connections between physical elements such as a particular CPU and a particular data storage device (eg, hard disk drive or solid state memory chip) can be used for different processing operations. It can change dynamically (this is not required). Similarly, in at least some embodiments including optional I / O switch system 1510 and optional I / O switch configuration 1512, computing environment 1508 is coupled to peripheral device 1514 via I / O switch system 1510 only. Is done. Switchable connections or couplings can change various switching mechanisms, eg, one or more electrical connections, remove power from an interface or peripheral device, and stop clock signals required for peripheral operation. And any of the other well-known mechanisms, structures, and methods for making a peripheral appear to be absent or inaccessible to a computing environment.

  The operation of enabling or disabling (or connecting and disconnecting) the data storage device 1502 and / or the peripheral device 1514 can be performed automatically under program control without human user intervention (although the computer Enabled or disabled by commands or other actions by the user of the system), and as many times as necessary to enable and disable the operation of the computer system 2000 of the present invention. It will be clear that it is good. For example, if the computer has an interface or bus that operates at 100 MHz, the data storage device and peripherals can be switched as needed when the interface or bus operation is initiated, executed, and completed. May be combined and separated. For example, switching can occur at least at rates of 1 Hz, 10 Hz, 100 Hz, 1 KHz, 1 MHz, and 10 KHz, and higher and lower rates, and intermediate rates. Also, in view of this description, the data storage device switch system 1504 and the I / O switch system 1510 (when present) switch simultaneously to enable different CPUs to data storage devices and / or peripheral devices, Or it will be apparent that it can be disabled.

  In a typical conventional computer system 1900, peripheral device 1514 is connected directly to CPU 1508 and is not switchably connected and disconnected (ie, enabled and disabled) during operation of the computer system. Clearly, disconnecting data storage devices and peripherals also makes them available for other computing environments. In a conventional system, even if a peripheral device can be hot-plugged in, the insertion of the peripheral device is a manual operation that requires human user interaction. Other differences between conventional computer systems and methods and the systems and methods of the present invention will become more apparent with respect to the description of other embodiments of the present invention described herein.

  FIG. 3 is an architecture and system 1500 for supporting multiple independent computing environments 1508-1,... 1508-N, which can support multiple independent computing environments, and certain processing operations. FIG. 1 is a schematic diagram illustrating an architecture and system with a computer system that can be effectively used to isolate and isolate a computer to prevent contamination or attacks that damage user data by malicious viruses, robots or hackers. . Such a computer system 1500 includes a plurality of data storage devices 1502, a data storage device switch system 1504 (and an optional data storage device switch configuration unit 1506), an optional I / O switch system, and an I / O switch configuration. An I / O system, such as one that includes one or more peripherals 1514 coupled to the computing environment 1508 via a computing unit, and one or more computing environments 1508.

  One or more data storage devices 1502 can be coupled to a computer system. Data storage device 1502 represents a memory area. The data storage device may be implemented by any type of storage medium, such as a magnetic hard disk drive, optical storage medium, solid state memory, other types of data storage devices, or a combination of these data storage medium types. A data storage device may also represent a memory area corresponding to a disk drive, and / or a portion of one or more disk drives, and / or a combination of physical disk drives. According to one embodiment of the present invention, the data storage device 1502 may include a copy of the master template. An embodiment of a method that can be used in connection with the system of the present invention is described below with reference to FIG.

Embodiments of a Method for Using a Computer System that can Support Multiple Independent Computing Environments Referring to FIGS. 4, 5 and 6, a method for setting, initializing and operating an embodiment of a computer system according to the present invention and A mode of operation will be described. The methods and procedures illustrated here can be applied at least to the architecture and system shown in the embodiments of FIGS. 2 and 3, and in other embodiments of the invention, such as FIGS. 9-17. It will be apparent that the embodiments shown and described (but not limited thereto) may be modified accordingly due to slight structural differences. The headings and subheadings provided throughout this chapter and specification serve as a convenient reference for the reader to the specific aspects of the invention and where the embodiments of the invention are described. Embodiments of the invention are described throughout the specification, drawings and claims, and it is believed that the invention should be understood throughout the specification, drawings and claims.

  In one embodiment of the invention, computing environment (s) are created or established, initialized, configured with switches, controlled, operated on one or more computing environments, and users within the computing environment. And / or the method and component procedures of the present invention for performing control operations, completing user processing, saving files, and terminating processing in a computing environment may be implemented as a computer program or tangible It is advantageous to be implemented as a computer program product that includes computer program instructions that are stored on a medium and that perform the methodological steps of the method and system of the present invention. Other embodiments may perform some or all of these procedures using a combination of hardware logic, firmware and / or software.

  Embodiments of the method of the present invention are described below. These and other aspects of the methods and procedures of the present invention, including any procedures and steps specific to the embodiments, will be described with respect to particular embodiments throughout the specification.

Initial System Setup and Establishing Computing Environment Referring to FIG. 4, one embodiment of the method of the present invention using multiple independent computing environments (1508-N) initiates system startup (1602) at 1604. Configure I / O switch system configuration (1512) and data storage device switch configuration 1506 at 1604, configure I / O switch system 1510 to support communication, and store data to support communication This includes configuring device switch system 1504 to perform control processing at 1623 and to perform user processing at 1631. Normally, the control process also includes a setting process control in 1615 and a save process control in 1621.

  Initiating system startup at 1602 may include an initial boot sequence similar to the known boot sequence of the computer system. The boot sequence further includes supporting at 1604 the definition and / or modification of one or more switch configurations, eg, data storage device switch configuration and / or I / O switch configuration. An initial configuration of each switching system can be initiated and one or more communication paths can be established between one or more sources and one or more destinations based on the corresponding switch configuration 1604. Switch configuration 1800 includes procedures for configuring a data storage device switch (1804) and configuring an I / O system switch (1806) along with procedures for initiating the computing environment shown in FIG. be able to. (Other embodiments of the present invention provide a synthesis procedure for configuring data storage and I / O switches when initially configuring or reconfiguring a computing environment.)

  Still referring to FIG. 5, which illustrates an embodiment of a procedure for starting a computing environment, according to one embodiment of the present invention, power is turned on via a physical switch 1704 to provide system startup during a start operation 1702. Can start. At system startup, the CMOS memory 1708 can be used to define one or more steps of the initialization process and / or boot sequence. The boot sequence 1706 or other initialization sequence or procedure uses information coupled to the CMOS 1708 or other memory storage device to establish the switch system configuration and then initialize the corresponding switch system. Apply and / or change the configuration and communicatively couple the source and destination. One or more computing environments may also be initiated at 1602 by system startup.

  Further, referring to FIG. 4, establishing a computing environment at 1608 and 1622 configures the I / O switch system configuration and data storage device switch configuration, configures the I / O switch system, and communicates. And configuring a data storage device switch system to support communication.

  According to one embodiment, two data storage devices (eg, data storage devices 1502-1, 1502-N) may be coupled to the computing environment. The first data storage device may include an operating system to support processing activities of the computing environment. The second data storage device may contain various information that can be used or acted upon by the computing environment. The various information can include, for example, specific user information and / or configuration information. The specific user information can include a document to be edited by the user. The configuration information can be used by the control computing environment to configure the data storage device switch configuration and / or the I / O switch configuration.

  Typically, the control computing environment is established at 1608 before the user computing environment is established. In some embodiments, a control computing environment or the like can be established during initialization. As described above, the first control computing environment can be established by the boot sequence. The first data storage device can support a computer operating system. The second data storage device can represent a protected data storage device. After the data storage device is coupled to the computing environment, the computing environment can be booted to allow the user to interact with the computing environment. User input may be received via an I / O switch system 1510 that is configured to communicate to the control computing environment inputs corresponding to the control computing environment traits (eg, region traits and computing environment identifying traits). . Similarly, the output from the control calculation environment can be transmitted to peripheral devices (eg, peripheral devices 1514-1,... 1514-N) based on the features corresponding to the control calculation environment. Thus, the control computing environment can boot from the first data storage device and access the protected data storage device. As a result, the user can interact with the control computing environment.

  Options for using optional “traits” within embodiments of the architecture, system and method of the present invention are described below. Reference to a feature is done elsewhere in this specification, but being used effectively is an optional feature. In one embodiment, at least one characteristic, attribute, descriptor, or feature may be used to represent each source and destination (and represent characteristics of other elements of the system). The feature may represent a physical identifier and / or a logical identifier. According to the IDE disk drive storage device described above, each IDE cable can be identified by physical coupling with a physical switch. IDE drive information (eg, master and / or slave designation, drive size, etc.) can be used to identify the drive and / or data coupled to the drive.

  Similarly, at least one feature is used to represent each destination, eg, a computing environment or CE. If the computing environment represents a separate physical computing environment, it can be identified by a distinct physical computing characteristic, eg, a unique interface coupled to a generic switch. According to one embodiment of the invention, a computing environment can be represented as a logical computing environment that can share some or all of the physical computing characteristics corresponding to another computing environment. The logical computing environment can be identified in various ways, for example, by a unique process identifier.

  One or more features may correspond to an output device, such as a computer monitor and / or a computer graphics card. According to one embodiment, the spot color may correspond to a display area associated with a potential view area of the computer monitor. The display output from the source can be located based on the display area spot color, so that the output from one computing environment is directed to the display in the area associated with the area spot color. A region feature can include a pair of x, y coordinates that define a rectangular display region associated with a potential view area of a computer monitor. Accordingly, display output from a particular computing environment can be represented in a corresponding region rather than another region based on one or more features.

  One or more spot colors may correspond to the input device. As described above, the region features associated with potential view areas can be further extended to identify when input is communicated to a particular computing environment. Also, mouse movements and mouse commands correlate with the rectangular display area so that the input corresponding to the rectangular display area is directed to the corresponding computing environment. As a result, mouse movements within a region can be communicated with a computing environment corresponding to the same region. The use of a feature generally extends to devices, subsystems, or peripherals that are used with, associated with, or potentially enabled with the system as needed or on an intermittent basis. And may include an external device or system that can enter into communication with the system of the present invention.

  A computing environment feature can be used to identify one or more outputs as originating from the computing environment. A computing environment feature can also be used to identify one or more inputs and the corresponding computing environment that is the designated recipient of the input. One or more computing environment features may be used to identify the computing environment. A computing environment feature can also be used to uniquely identify a computing environment. This feature can identify the computing environment by corresponding physical attributes, logical attributes, or a combination of these attributes. For example, a feature can identify the physical address of one or more computing system elements. Alternatively, a feature can identify a logical address corresponding to a logical computing environment. Further, it will be apparent that a particular feature can identify a number of characteristics of a given computing environment, and the number and format of the corresponding features can be varied according to the present invention.

  Features can be used, for example, to help organize and configure elements of the system of the present invention to accomplish one or a set of processing tasks. Such a configuration may include configuring various switches, switching systems, and switching means to provide the desired connections to storage devices, I / O devices, and / or other peripheral devices.

Minimizing User Configuration in Switch Configuration and Control Environment One type of computing environment that can constitute a switch system is a control computing environment. (Other embodiments of the present invention combine different computing environments so that other changes can be made thereto as described elsewhere in this document.) The control computing environment is a data storage device switch configuration. Switch system configuration such as configuration and I / O switch configuration can be reconfigured. The configuration of the corresponding switch system can be done in various ways, for example configuring and / or reconfiguring communication via the switch when changes to the supporting switch configuration are made and / or determined. Is done. Further, communications between the control computing environment and the switch system and / or switch system configuration can be encrypted to help ensure that only the control computing environment can configure the switch system.

  In one embodiment, for example, data or other information corresponding to a protected data storage device in which protected data or a master template is stored is corrupted (eg, a user data file or computer program residing or residing in the control computing environment). Processing user data or unknown or unreliable data within the control computing environment is disabled or not allowed to eliminate the possibility of code corruption. According to one embodiment of the present invention, when a user initiates a user operation, eg, an activity that can normally be performed by the user (eg, email, word processing, etc.), the user operation is performed in a separate computing environment. Can be processed. In embodiments of the present invention that combine user interfaces, control operations, and / or protected storage into a single computing environment or subsystem, the configuration of the environment allows such environments to support the processing of user data. Without running such user data in its controlled environment, allowing it to collapse. Processing operations such as copy operations can be supported, but such copy operations are performed so as not to allow execution or infection of other system files by malicious code.

  The control computing environment can receive user input to initiate user operations. Computer mouse input is received by the I / O switch system and directed to the control computing environment based on the I / O switch system configuration. Other inputs from other peripherals are also received by the control computing environment via the I / O switch system.

Initiating and performing user operations within a user computing environment A user in a computing environment can initiate a user operation. In one example, the user can double click on a particular icon displayed in the area of the monitor. Mouse actions can be received by the control computing environment, causing an initialization of the individual computing environment at 1612 and user processing, eg, word processing, at 1631. The control computing environment can initiate the creation of a separate processing environment to perform word processing corresponding to existing and / or new documents. If this is an existing document, the control computing session needs to copy a copy of the document to a third data storage device for later use by the user computing environment. The control computing environment can configure the switch system to support the user environment. The data storage device switch system can be configured to couple the third data storage device and the fourth data storage device to a user computing environment. The I / O switch system can be configured to couple peripheral devices to the user computing environment, for example, a display area can be coupled to the user computing environment. A user computing environment may also be initiated by a signal or event triggered by a change to one or more switch configurations. Various other solutions can also be used to initialize the user computing environment.

  As part of initializing the user computing environment at 1606, the file to be edited is launched after the user computing environment is booted. According to another embodiment, an existing user computing environment is coupled with a corresponding data storage device so that the file can be processed within the user computing environment. According to one embodiment of the present invention, the file (s) to be edited are resident at a specified location, the corresponding application is launched, the corresponding file is opened, and / or the user. Can support activities. The control process may be performed by a control computing environment, which configures one or more switch configurations, initializes one or more switch system reconfigurations, one data storage device and other It may include copying information between the data storage device and copying information between the protected data storage device and another data storage device.

  User processing can include interaction with the control computing environment and the user computing environment. Processing normally associated with functions that can be performed by a user can be configured to be processed in an independent user computing environment. Accordingly, user processing activities do not directly interfere with processing activities in the control computing environment and / or processing activities in other user computing environments. Information can be accessed into a user computing environment by copying computer information from one data storage device to another based on computer information necessary to support a particular user processing activity, for example The word processing activity requires access to the user file to be edited.

  Typically, the control calculation process can include a control setting process at 1615 and a control save process at 1628. The control settings can be used to support the establishment of a user computing environment to be used to perform at least one processing activity, eg, a word processing activity. The control save process includes saving user information to the protected data storage device. When the user processing activity is complete, information related to the user processing activity is saved at 1618 to the protected data storage device and the user computing environment is not allowed to directly perform the save function to the protected data storage device.

  According to one embodiment of the present invention, the control computing environment can copy one or more files to a temporary data storage device. The control computing environment updates the data storage device switch configuration at 1616 to allow the user computing environment to access the temporary data storage device. According to one embodiment, the control computing environment can verify that the user computing environment is communicatively coupled to the temporary data storage device. Thereafter, at 1614, the control computing environment can wait for processing corresponding to one or more user computing environments to complete. While the user computing environment waits for completion, the control computing environment performs functions that can correspond to general desktop functions. This desktop function corresponds to, for example, management of data storage devices, configuration of data storage devices, and copying of calculation information between data storage devices to remove computer viruses from one or more data storage devices. Usually, the function corresponding to the desktop function is limited to reducing the possibility of corrupting the calculation information stored in the protected data storage device.

Completing User Processing Upon completion of user processing activity, the control computing environment can be notified based on a variety of different notification solutions. According to one such solution, the user computing environment is terminated and the termination is sensed by the corresponding switch system. The switch system can actively notify the control computing environment that the data contains user information to be entered into the protected data storage device.

  In response to the completion of the user activity, the control computing environment couples the user data storage device to the control computing environment and protects user information and / or files in a protected data store independent of processes performed by the user computing environment. Can be copied to the device. Thus, other files stored in the protected data storage device are not corrupted by the operation of the independent user computing environment.

  In accordance with one embodiment of the present invention, using the file save command as a trigger event, the control computing environment is directed to the protected data storage device independently of other operations that can be performed in the context of the user computing environment. Have user files stored. According to one embodiment of the present invention, the temporary data storage device is coupled to both the user computing environment and the control computing environment, and the user computing environment may collapse other files that are coupled to the control computing environment. Do not. The user computing environment can save the file to a temporary data storage device, where the control computing environment can have the ability to copy the file to the protected data storage device and / or the intermediate data storage device. The intermediate data store can be used later, for example, to save the corresponding file in the protected data store when the user application is closed. Communication with the user computing environment can be performed passively to help ensure that the user computing environment does not corrupt files stored in the protected data storage device.

  User files can be saved to temporary data storage as a result of a file save command. Following the start of the save command, the data storage device switch system can verify that the data storage device is coupled to the saved file. If the file exists, a series of instructions can be executed to copy the file from the temporary data storage device to the protected data storage device.

  According to one embodiment of the present invention, the control computing environment can wait for the corresponding user computing environment to complete user activity, eg, saving a file. Thereafter, the data storage device switch can be configured to disconnect the temporary data storage device from the user computing environment. The temporary data storage device can then be coupled to a control computing environment. Protected data is also coupled to the control computing environment. Files can be copied from temporary data storage to protected data storage independent of the user computing environment. The temporary data storage device is then disconnected from the control computing environment and recoupled to the user computing environment.

  According to another embodiment of the present invention, the save process can trip and / or set a flag corresponding to a switching system communicated to the control computing environment. The existence of one or more files can be verified. If file verification indicates the presence of a file, a series of computer instructions can be executed to copy one or more files from the temporary data storage device to the protected data storage device.

  According to another embodiment of the present invention, a keyboard command (eg, Control-S) can be used to save a file. The I / O switch system can be configured to communicate command sequences to both the user computing environment and the control computing environment. Thus, the control computing environment can reconfigure the data storage device switch and / or the I / O switch system to support copying files saved in the user computing environment to the protected data storage device.

  According to another embodiment of the present invention, a file can be transferred to a protected data storage device when the user computing environment is closed and / or blocked. According to one embodiment of the present invention, a closed user computing environment can be verified by the data storage device switch system with a changed power state corresponding to the data storage device supplied by the user computing environment.

  According to another embodiment of the present invention, a graphics area corresponding to a computer display monitor can be used to identify when user input corresponding to a particular computing environment has been received. User input can be analyzed within the I / O switch system and / or within the control computing environment based on the particular implementation. According to one embodiment, a save command and / or a close command corresponding to a user computing environment identifies that user information needs to be saved to the protected data storage device and / or a computer to the protected data storage device Can be used to trigger saving of information.

  Closing the user computing environment may include turning off the power switch. The switching system can sense changes in power consumption and / or power outages. If the user closes the application and its corresponding user computing environment, the control computing environment can sense the transition and save the corresponding user data in the protected data store. Prior to reconfiguring the data storage device, the corresponding switch system can verify that power to the data storage device containing user data is disabled and / or in an off state. The control computing environment can then disconnect the data storage device containing the user information from the user computing environment and copy the user information to the protected data storage device as described above.

  According to one embodiment of the present invention, the data storage device can be cleaned after being coupled to the user computing environment. The control computing environment can reformat and / or clean one or more data storage devices after the user computing environment has used the data source. Also, the master template data storage device can be used to initialize the data storage device prior to coupling the data storage device to the user computing environment. According to another embodiment, the control computing environment can initiate another user computing process defined to support reformatting and cleaning one or more data storage devices.

  Having described the architecture topology and system structure for the embodiment of FIGS. 2 and 3 and the initialization and operation aspects for the methods and procedures of FIGS. 4, 5 and 6, such computing devices, information equipment and processing Additional machine architecture, structure, and methodological aspects are described below.

  FIG. 7 includes a special purpose subsystem or computing environment 1120 (eg, 1120-1 and 1120-2) and a common controller 1130 within a computer system 1110 that includes a display 1140, a keyboard 1150, and a mouse 1160. 1A illustrates an embodiment 1105 of the present invention coupled to a number of peripheral devices 1108 including:

  Although only two special purpose subsystems are shown, the system may include a single subsystem or computing environment or multiple such subsystems, or multiple single special purpose subsystems. It will be apparent that it may include active use of multiple times or may include multiple special purpose subsystems having different structures and / or operational characteristics. For example, a plurality is 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24. 32, 50, 64, 100, or more special purpose processing systems, or intermediate numbers thereof, as is well known in the art, physical space, circuit density, heat generation, and Subject to other packaging and connection design issues.

  Furthermore, in at least one embodiment, the structure and method of the present invention can be implemented in hardware having only a single subsystem or computing environment, in which case the computing environment or subsystem is in a different process. Used sequentially. In one embodiment of this single computing environment system, separate logic is used to store and restore computing environment states, thereby using the computing environment to perform the intended processing operations. At the same time, the ability to restore the initial or intermediate state of the second or control process can be maintained.

  Structure and / or processing characteristics may vary in different processing capabilities (eg, different number of operations per second, different amounts of processor-related memory, different processor architectures or instruction sets, or different operating systems), or different physical or logical allocation forms A mass storage device or a special purpose subsystem having a hard disk drive, an optical storage medium, or a solid state memory storage device can be included, but is not limited to.

  Controller 1175 and its associated and coupled memory storage device 1176 are bi-directionally coupled to selected subsystems or all of a plurality of special purpose subsystems (eg, special purpose subsystems 1120-1 and 1120- 2). Each direction of bidirectional coupling to or from any special purpose subsystem may be intermittent and / or switchably enabled and disabled. Further, the connection between the controller 1175 and the memory storage device 1176 may be switchably enabled and disabled.

  As shown, any individual logic controller 1180 can be coupled between the first and second special purpose subsystems 1120. A common controller 1130 is coupled to the special purpose subsystem 1120-1 and the special purpose subsystem 1120-2 via an interface 1170. In embodiments of the present invention, they are the same interface or separate interfaces. An optional interface 1170 may be coupled between the special purpose subsystems 1120-1 and 1120-2, and such coupling may be intermittent or enabled or disabled when not needed or desired. You may be disabled. In this embodiment, the interfaces are shown as bi-directional, but unidirectional interfaces may be used separately and enabled or disabled independently or as a set. Further, although a single line is shown for clarity, the interface may be implemented as multiple connections or communication paths, such as, but not limited to, an interface multi-wire bus interface. It will be clear. A display or display subsystem (eg, a conventional display subsystem including a video processor card or chipset, a driver, and a display screen) also receives data in the form of electrical signals from the common controller 1130 and the common controller 1130. It will then be apparent that the input is received from and as a result of a process executing on one or both of the special purpose subsystems 1120-1 and / or 1120-2. Hardware, software and firmware, or combinations thereof, such as arithmetic and logic circuits in display subsystem 1140, common controller 1130, and / or special purpose subsystems 1120-1 and 1120-2, for example, a user computing environment desktop , And the desired graphical display reflecting the currently active and currently inactive windows.

  Also, keyboard 1150 and mouse input 1160 are typically unidirectional from the keyboard or mouse to a common controller unless some feedback is provided in the form of electronic signals or audio, mechanical or tactile feedback. This unidirectionality of display screens, keyboards, and mouse devices makes them normally escaped from malicious computer attacks from outside the local computing environment, and in at least some instances they are trusted when they occur. It is treated as a sexual input or a secure (safe) input.

  FIG. 8 shows another embodiment 1106 of the present invention similar to the embodiment shown and described in FIG. This alternative embodiment includes a special purpose subsystem 1120 and a common controller 1130 within a computer system 1110 that is coupled to a number of peripherals 1108 including a display 1140, a keyboard 1150 and a mouse 1160. As shown, a controller system may be connected between the first and second special purpose subsystems 1120-1 and 1120-2, and, similar to the embodiment of FIG. May be coupled between such special purpose subsystems. In this embodiment, controller 1175 and associated memory storage device 1176 are implemented using one of special purpose subsystems 1120-3 operating as controller system 1177. The controller system 1177 (1120-3) is selectively coupled to one, two or more or all of the other special purpose subsystems 1120 and to the common controller 1130 via the interface 1170. The structure of the special purpose subsystems illustrated herein and how they are configured to perform various master control and / or monitoring functions such as operating as an application execution and processing unit or operating as a controller system 1170. Will be described with reference to other drawings elsewhere in this specification.

  Further embodiments of the architecture, system and method of the present invention for information equipment, computers or data processing devices are described below. A plurality of data storage devices including at least one protected data storage; and a plurality of switching systems for communicatively coupling (and separating) at least one source to a plurality of destinations, wherein the source is a data storage source A switching system including a storage device switch system and an I / O switch system, the source of which is a peripheral source; coupled between the data storage device switch system and the I / O switch system, and a separate computing environment; Is a plurality of computing environments (sometimes referred to as shells) for performing processing activities independently, where the destination is the computing environment, and the switching system communicatively couples the source and destination And communicatively coupled to the protected data storage device and switch based on processing activity At least one control computing environment selected from a plurality of computing environments to constitute a configuration; at least one user computing environment selected from the plurality of computing environments, wherein processing activity is in the protected data storage device Recall that another embodiment of the information appliance or computer system of the present invention comprising a user computing environment that is not performed is described.

  In one embodiment of this information appliance and computing system, each of the computing environments is further defined to be identified by at least one feature selected from a plurality of features, and the switching system is based on the features of the source and destination. And at least one control computing environment is selected from the plurality of computing environments to configure a switch configuration based on processing activity and characteristics.

  The embodiment of FIG. 9 shows additional implementation and structural details that reveal additional aspects and features that can be incorporated into devices and systems using the present invention. Similarities between this system architecture and structure will become apparent from what has been described above with respect to FIGS.

  In this embodiment, five computing environments 2108-1 to 2108-5 are specifically shown, but any number (M) of computing environments may be provided statically or dynamically. It will be apparent that at least some of these computing environments 2108-1, ... 2108-5 have apparently slightly different elements or internal structures. Indeed, in some embodiments of the invention, the structure and operation of the computing environment may be different (and perhaps significantly different), while in other embodiments they may be the same, and in yet other embodiments, The hardware may be the same, but running different operating systems or application programs, or some other software configuration is different. In some of these computing systems, the configuration of multiple computing environments is dynamically configured with respect to hardware, firmware, software, or a combination thereof.

  In the system 2100 of FIG. 9, the two computing environments 2108-4 and 2108-5 apparently have the same structural configuration (though they have different software and data), and the other three computing environments 2108-1, 2108-2, and 2108-3 have apparently different structures. The structure and operation of these different computing environments are described below, and using these common structure computing environment modules that can be dynamically customized to provide the desired effective structure and operations. How it can be implemented arbitrarily and effectively will be shown later with respect to FIG.

User Interface Computing Environment First, focus on the User Interface Computing Environment (UICE) 2108-1. It provides user interface operations but includes a central processing unit (CPU) 2120 that typically includes a processor and processor coupled memory rather than a conventional user interface. The CPU may also include other chips or circuits commonly referred to as processor chip sets, as is well known. The CE 2108-1 also includes a storage device 2121 that can be switchably coupled to the CPU 2120.

  It should be noted that in one embodiment, a user can manipulate files or data sets that are somewhat transparent to the actual operation of the computer system and computing environment. For example, in one embodiment, from the user's point of view, an icon or filename or other description reference is simply dragged from one location (eg, desktop, hard disk drive icon, or other location) to another location. In fact, in the desktop example, the control computing environment or user computing environment computes an item (eg, a file) that is dragged into / out of the area corresponding to the desktop coordinates, and the item in the desktop environment or other destination. An icon can be generated and the actual file can be placed in a protected storage device.

  In the illustrated embodiment, the storage device 2121 is a secondary template that stores two storage portions, ie, all or a selected portion of a master template (see the description of the master template described elsewhere herein). With a portion (STP) 2122 and an optional temporary data storage portion (TDP) 2123 that stores user data files but can be eliminated when the need to provide storage in this environment is minimal in most embodiments Is shown as Recall that in the preferred embodiment of this computing environment 2108-1 there are no application programs or actual files in this environment, only references, links or pointers to such programs or actual files. (Note that other computing environments also have a minimum temporal storage requirement as a result of minimum processing requirements.) Computing environment 2108-1 is identified as a user interface computing environment (UIC) and can be a human user or An interface is provided between operator 2129 and computer system 2100.

  Typically, a user interface computing environment (UICE) 2108-1 is a secondary template that contains only the operating system elements and application programs (if any) necessary to provide the computing environment with the identified computing or data processing or control capabilities. Has a part. For example, when UICE primarily receives requests and commands from human user 2129 and processes them to send signals to the control and switching computing environment, UICE may use word processing, photo editing, email, network or Internet. There is no need to have browsing or other common or non-common application programs in the stored secondary template 2122. It may also have an operating system that is different from other computing environments, or has an operating system that contains only operating system code, code parts, libraries or other features to support its responsibilities. May be. This same principle of providing only operating system elements and application programs or application program elements also applies to other computing environment secondary templates and is not considered a preferred solution, but in all situations the master A complete copy of the template or more than the minimum required operating system and application programs may be provided.

  In other embodiments, such as embodiments of computing environments generated or configured to perform image processing operations, the STP 2122 can store Microsoft Windows 2000 operating system code and Adobe Photoshop application software; The TDP 2123 can then store one or more input digital image files, intermediate files generated during execution of Adobe Photoshop application software while processing the images, and output files generated. The TDP 2123 may also store files for undoing other user or temporal system data, eg, previous edits or data copied to the clipboard.

  In actual implementation, the STP and TDP may be part of the same physical storage device, eg, solid state memory, magnetic disk drive, or other storage medium, or may be different physical devices, or different types of devices. Further, using some of the dynamic switching configuration methods described herein, STP and / or TDP can each be a plurality of similar or different data storage formats, such as hard disk drive storage and solid state RAM, ROM. , EEPROM, or the like.

  Storage device 2121 can be selectively and switchably coupled to CPU 2120. In the embodiment of FIG. 9, separate first switch 2124 and second switch 2125 are shown connecting and disconnecting CPU 2120 to and from STP 2122 and TDP 2123. Although a simple icon for a switch is shown, in view of the description herein, a switch may be a simple wire that is usually not connected, but connected and disconnected, and more generally an interface It will be apparent that a set of conductors such as a signal conditioning circuit for signals on the bus and its interface bus. Switching to connect the CPU to the storage device can be accomplished by means of enabling communication between the CPU and the storage device, and switching to disconnect the CPU from the storage device is described elsewhere herein. As described above, this can be achieved by means for disabling communication between the CPU and the storage device. These STP-CPU and TDP-CPU switches 224, 225 (or more general storage 2221 vs. CPU switches (not shown separately) to protect the integrity of the computer system 2100 in cooperation with other structures and procedures. The operation of)) will be described after the other elements of the system 2100 are described in detail.

  A peripheral switch 2157 is provided to couple and disconnect (or enable and disable) one or a combination of peripheral devices, input devices, output devices, etc. For example, keyboard, mouse, network interface or NIC, microphone, speaker, headset, floppy disk drive (FDD), hard disk drive (HDD), PC card, memory card, CD, DVD, serial or parallel interface device, GPS device, USB devices, scanners, biometric readers, wireless interfaces, or other peripheral devices can be assigned to a particular computing environment. Although switch 25157 is shown as part of a desktop and user interface computing environment (UICE) 2108-1, it is considered a separate stand-alone switch or switch subsystem controlled by a CSCE or other control computing environment. And it may be implemented as such. In another embodiment, this is controlled to couple peripherals directly to other computing environments as needed and on a permission basis. In other embodiments, video output from the computing environment can be switched and / or processed via peripherals or input / output switching systems. These peripheral switching and connection capabilities can also be combined with other switching systems 2150 for storage devices and controlled by the CSCE 2108-2 as described elsewhere in this document. The computer environment 2108-1 may also include additional elements that are not necessary or activated for the particular functions and operations of the current computing environment. Such additional elements may include, for example, ROM, RAM, ASIC, and / or additional circuitry and logic elements.

Protected Storage and Read / Write Control Computing Environment Protected Storage Computer Environment (PSCE) 2108-3 stores original or primary master template PMT 2148 in master template protected storage 2142 and primary user data 2149 in user data protection storage 2143. Configured to memorize. In one embodiment, functions and operations performed by protected storage computing environment (PSCE) 2108-3 can be combined with functions and operations performed by control and switching computing environment 2108-2, and vice versa. Is possible.

  The master template takes various forms or contents and may be, for example, a copy of data (commands, instructions, data elements, etc.) representing the ideal state of the computer system or elements of the computer system. The master template may be generated, for example, by copying data from an operating computer system or computer system element, or otherwise generated. The computer system may be in an ideal state before generating the master template. The ideal state of a computer system can be represented by data accessible to the computer system. If different secondary templates are to be used for different computing environments, different master template portions or portions of a single master template can be communicated separately to other computing environments 2108. Data in this situation is operating system (e.g., Linux, Unix (R), Windows 98, Windows 2000, and improvements and extensions to these operating systems), applications (e.g., WordPerfect, Microsoft Office), user data (e.g., Operating system preferences, background images, generated documents), and component data (eg, BIOS, PRAM, EPROM). In certain embodiments, in addition or alternatively, the data includes information that can access computer systems, including local and remote data storage devices, and data in other databases. However, only when the protection measures and procedures of the present invention are observed to maintain the separation of these other data elements. As an example, a master template for a computer system can include all information installed on that computer system, such as the Microsoft Windows 98 or 2000 operating system, WordPerfect application, Microsoft Word application, and user-generated documents. . This information may be installed across one or many storage elements accessible to the computer system, as described herein. In addition, the master template can include a copy or ideal state version of the BIOS settings, or it can provide multiple BIOSes adapted to a particular computing environment.

  In some embodiments, the master template may represent a snapshot of a newly purchased computer system. Such systems are typically in an ideal state with an operating system and various applications pre-installed, thus allowing the user to begin using the computer system. For a particular user, a master template may represent an ideal state of a computer system including, for example, an operating system, applications, and user customization. For example, user customization may include a previous user selection of a picture or “.jpg” image, such as a user's pet picture, as a desktop background.

  Optionally, the master template can be generated from the first computer system and then used as a master template for a different computer system. The first computer system may be a manufacturer's computer system. Thus, the ideal state of the first computer is transferred to a second computer system or multiple computer systems. In one embodiment, a master template is generated in one computing environment and then moved with an appropriate safety device and stored as a master template. Embodiments of the present invention effectively support the updating, patching, reinstallation and replacement of elements of the master template and perform these operations with substantially the same or the same user interaction and with substantially the same or the same operational results. It can be so. Alternatively, the master template may be generated by a selective copy process. For example, based on the particular OS in use, the program queries the registration device to determine what entries are associated with a particular program or application, and then the files and files associated with that particular program or application You can choose to selectively copy only entries to the master template.

  In the illustrated embodiment of the protected storage device and read / write computing environment of FIG. 9, there is no connection to a processor that allows execution of binary information stored in the master template protected storage device 2142 or the user data protection storage device 2143. . This separation can be achieved by not physically providing processing power, such as a CPU, or by disabling such a CPU from a protected storage device. This disabling may be accomplished by using a switch described elsewhere in this specification, or whether it is a computer program code instruction or data. It may be achieved by other known means for preventing binary data.

  In this embodiment, the only processing operation allowed for binary data stored in the master template protected storage device 2142 or the user data protected storage device 2143 is a read operation, and in some cases (wherever in this document) Write operations). These can be referred to as copy operations for convenience.

  The architecture, system, method, procedure, and computer program product of the present invention have been maliciously or accidentally introduced or exposed to computers, computing devices, information equipment, PDAs, cellular phones, and other processor coalescing devices. Protects against hackers, viruses and cyber terrorism, whether or not they are, as well as potential damage or intrusion such as spy software, keystroke recorders, and hackers, viruses, worms, Trojan horses, and similar threats And protect against damage from weaknesses.

  In one embodiment, the master template protected storage device 2142 is one or more sets of computer program code instructions that can communicate to other computing environments, and sufficient computer program code instructions to provide operational capabilities for specified operations of the computing environment. Remember. In one embodiment, there is a set of computer program code that allows operations that may be required by the user or by the system itself to be performed, and each computing environment is responsible for this complete master template at a time, as described below. Receive a copy of In other embodiments, the master template protected storage device 2142 stores many different sets and only those sets that provide the operations required for a particular computing environment are sent there. As a result, copy operations are generally smaller and faster, with lower individual and overall storage requirements. If erasure is required, additional time savings are realized for smaller template sizes. Different secondary templates can be stored or created as needed, but storing the secondary templates in a copy ready form exposes low security risks and high operating speeds.

  In one embodiment, the user data protection storage device 2143 stores an original version (or copy) of user data or files referred to as protected user data 2149. For example, such user data can be email, any form of email attachment, word processing document, TIFF image file, JPEG image file, MP3 file, computer program, operating system or storage version of an operating system file, computer program It may include or be selected from a stored version of an application program, a device driver, and other types of computer data, files, or a set of data or files such as a collection of “0” and / or “1” bits. May be. Interestingly, user data protection storage may store computer viruses, with or without knowledge, or even files containing computer viruses, computer robots or bots, spyware, or other malicious computer program code. . If such a virus, bot, spyware, or other malicious computer program code is present and stored alone in the protected storage device 1422, 2143, no threat is posed and it is present in the storage device. No harm is caused. In one embodiment, the processor is separated from the protected storage device when access to the data or computer program stored in the protected storage device is not required, while in other embodiments the processor is stored in the protected storage device. The processor is coupled to the protected storage device because it is not configured to execute data or computer program files and does not cause damage to the protected storage device, the processor, or the protected storage device computing environment 2108-3. Can be left. In one embodiment, the decision to maintain a continuous communication path between a protected storage device and a processor in the protected storage device computing environment 2108-3 is the function or operation supported by the protected storage device computing environment. This is done based on the set. These same things combine the protected storage computing environment with other computing environments, eg, the user interface computing environment and the control and switching computing environment (but not the user data separation computing environment). Applicable to form.

  As suggested, in one embodiment, the protected storage computing environment 2108-3 is for initial loading or reloading of master templates or user data, compilation, virus scanning or detection, testing, or other special operations. In addition, a separate or disabled processor, such as a CPU 2140, that can be switched to couple to a protected storage device via switches 2144, 2145 may be provided. Enabling the connection between the CPU and the protected storage device is usually to prevent other data in the protected storage device from being corrupted if a virus or other malicious computer program code is present and executed. Only allowed if precautions are taken. In embodiments where only “dumb copy” operations are supported between protected storage devices, the CPU or other processor may remain coupled or connected to the protected storage device. A dumb copy is a copy that does not open or expose a file to be copied to computer program code that may cause contamination or infection. The dumb copy may be bit-by-bit, byte-by-byte, or other copies, or may be implemented, for example, by a fixed hardware logic circuit or ASIC, or preventive measures may be taken through the use of software or firmware, or It may be a bit copy operation, such as taken by using hardware and software / firmware combinations.

  The protected storage computing environment 2108-3 is passed through a plurality of switches 2250, eg, a copy from MTPS enable switch 2251, a copy from UDPS enable switch 2252, and a write to UDPS 2253, and the other Can be combined with any of the computing environments 2208-1, 2208-2, 2208-4, and 2208-5 (or any of the M computing environments).

  In one embodiment, a command from the MTPS enable switch (SW1) 2251 is accessed (or denied access) to a secondary template portion of the computing environment, eg, STP 2122 of computing environment 2108-1, and is appropriate to be read or copied. Enable (or disable) the correct master template portion. The copy-from-UDPS enable switch (SW2) 2252 accesses (or denies access) the user data storage portion of the computing environment, eg, the TDP 2123 of the computing environment 2108-1, and the appropriate user data to be read or copied Enable (or disable) the file. Usually, only one file or set of files required to perform the operation is copied, not the entire set of user data in the protected storage device 2143. Other embodiments can copy the entire user data set, but this is inefficient and clearly has a beneficial purpose except in some cases during maintenance, diagnostics, and / or repair operations. It does not fulfill.

  Write-to-UDPS (SW3) 2253 is accessed (or denied access) from one of the other computing environments that are created or modified and written back to UDPS 2143 of computing environment 2108-3 and is appropriate to be read or copied Enable (or disable) user data or files. In some embodiments, a single switch provides a bidirectional capability to read from and write to user data protection storage device 2143, and thus only one switch (or set of switches) is required. It is clear that secondary templates copied and sent from MTPS 2142 are usually not modified, so it usually does not need to be written back to MTPS 2142. Therefore, copying from MTPS to STP is unidirectional. Separate bidirectional handshakes and control signals or levels can be used as signaling protocols for events such as copy requests, copy ready, copy complete, data received, etc. Parity or other error detection and error correction can be performed as is well known and consistent with aspects and features of the present invention for verifying that the transfer was done without errors, This is optional.

  In one embodiment, changes to the master template (or other templates that can be used in the system) are (i) copied or loaded into one of the user-separated computing environments, and Update it using the required operating system, application program, compiler, debug, link, or other program procedure, and (iii) copy it back to the protected storage as a new master template Includes saving. A copy and saved version of the master template may be replaced with the original or saved as a new file or an updated version.

  These switches or sets of switches may be elements or sets of elements of computing environment 2108-3, individual elements or sets of elements external to computing environment 2108-3, or combinations thereof. In one embodiment, the switch is provided with hardware logic circuitry, and in another embodiment is implemented by a microcontroller with very limited set processing capabilities, thus enabling sophisticated multi-element and multi-signal switching mechanisms. Yes, but no malicious code is executed. In yet another embodiment, the switching is implemented as an application specific integrated circuit (ASIC). Switching is performed under the control of a microprocessor with a very limited instruction set installed as a secondary template part (STP), so that it will execute or allow execution of malicious code. Can not.

  As described elsewhere in this document, a protected storage device may be implemented on or in any type or combination of storage devices or memories. In one embodiment, configured for external and portable protected storage devices, for example, a user can use a credit card size storage device (e.g., flash memory card, USB memory device, Sony Memory Stick, PC card based memory, or other format). Storage device) with their protective storage device and plug it into one of its supporting computers or devices. In one embodiment, the architecture, system and method provide an optional hidden and protected backup storage system.

Control and Switching Computing Environment Next, the Control and Switching Computing Environment (CSCE) 2108-2 is responsible for controlling and coordinating the operation of other computing environments of the system 2100 (with contributions from the user interface computing environment 2108-1). explain. In short, a switch connects a source to a destination. In some embodiments of the system 2100, features of the data storage device switch system are supported, and such features can further support the configuration of the communication path between the selected source and destination. Note that in at least some embodiments, the CSCE or other control computing environment has the ability to switch and couple any peripheral to any computing environment.

  The computing environment 2108-2 receives input from the user interface computing environment (UICE) 2108-1 and switches 2250 (eg, switch sets SW1 2251, SW2 2252, and SW3) of the protected storage computing environment (PSCE) 2108-3. 2253) and interact with each other computing environment 2108 to actuate the switch and establish a connection or communication between the computing environment's processor (eg, CPU) and storage (eg, STP and TDP). Combine or decouple (enable or disable). Switch control may be somewhat straightforward, for example, by electrical connections and signal or voltage levels, or a set of electrical signals or levels, or within a computing environment that receives signals from the control and switching computing environment 2108-2. May be indirect by any other processor, CPU, ASIC, or other circuit or logic element, or a combination of these direct and indirect architectures and methods.

  As shown in the embodiment of the control and switching computing environment 2108-2, this comprises a system switching controller unit 2138, which takes into account the current state and configuration of the computing system 2100 including available computer resources. And receive commands from UICE 2108-1 in response to user input and commands or system activities and events. In some embodiments, scheduling and element prioritization and usage arbitration are also provided by the system switch controller 2138. The switch configuration and status, as well as other information and data, can be stored in the switch configuration information storage 2139, which can be routed through one or more buses, interfaces, or communication circuits to the system switch controller. 2138 is operably coupled.

  In this embodiment, the CSCE 2108-2 receives one, and more generally, a set of signals 2180 from the UICE 2108-1. These signals are generally sufficient to communicate the user request input to UICE 2108-1 and configure other elements of computer system 2100 to perform the request. For example, the user can mouse click on a Microsoft Word icon on the UICE desktop that is expected to launch or an instance of a Microsoft Word word processing program. UICE 2108-1 indicates that UICE 2108-1 and its elements (eg, CPU 2120 and storage device 2121) have installed a Windows 2000 operating system, Microsoft Word 2000, and a document that the user wishes to edit to an external human user 2129. Configured to present, but in practice may not have them, and pointers, links, aliases or other references to operating systems, application programs, and user data files, among other computer system elements Just give it.

  In particular, the Microsoft operating system and the Microsoft Word application program exist as MT2148 and are stored in the protected storage device MTPS2142 of PSCE2108-3. If the user's word processing document exists and is not newly created, it is stored in the protected storage device UDPS 2149 and can be retrieved therefrom.

  Having described some of the structure and operational characteristics of the control and switching computing environment (CSCE), also referred to as the system “brain”, some of the functions and operations involved in certain embodiments of CSCE A list is shown. Not all of these functions need to be performed by CSCE (or CCE in the embodiments described below). It will be apparent that the specific functions and operations depend on the implementation of the entire computer system, the CSCE (or CCE), and other computing environments.

  In some embodiments of the invention, the CSCE loads its own operating system (OS) at startup (or reset) and, after that load, some of the operations or functions enabled or supported by the rest of the system. Or all) are organized. The architecture, system and method of the present invention are operating system neutral, and any known operating system may be used in the present invention and may be adapted for use. Different operating systems may be used for the different computing environments of the system to allow the computer system to run different operating systems and sets of application programs suitable for the operating systems, if desired. In some embodiments of the present invention, for example, when a user segregated computing environment is designated to perform a particular processing function or operation, as long as the computer system hardware can support the operating system and the intended operation, the operating system It may be determined dynamically that the system has been loaded.

  Certain embodiments of the present invention use different operating systems for different computing environments, and such operating systems are based on system needs, user-selected processing tasks, data properties, or other factors. Thus, it may be predetermined as a function of task or time, or may be determined dynamically. For example, known or announced Microsoft Windows operating systems (eg, Windows 98, Windows NT, Windows 2000, Windows XP, and improvements, improvements and extensions thereof), Linux, Unix, Apple operating systems, various disk operating systems (DOS), Alternatively, other special or proprietary operating systems or control programs can be used in various computing environments as long as they support the intended operation and the device for that operation.

  In some, but not necessarily all, embodiments of the present invention, the CSCE operating system or application program (or a combination of the two) is only a partial list for purposes of illustration (some or All) can be controlled or organized. (Ii) perform data storage device (DSD) connection switching; (ii) execute computer program applications (or hardwired operations when applicable) while optionally verifying command reception and / or completion of commanded operations; Send commands to the computing environment to activate; (iii) track clickable windows and / or cursor coordinates; (iv) repair and detect, clean, and / or remove viruses or other malicious code (V) perform and control template and / or master template switching, reformatting, erasing, copying, resetting, rebooting, and other operations as described herein; (vi) “isolated” A global taskbar or equivalent user account Generating a Seth possible user interaction tool and displayed (alternatively, may be generated by desktop and interface computing environment this task bar or tool). Also, these and other embodiments are optional, but one or more of the following may also be performed. (Vii) provide an “open” dialog screen; (viii) provide a “save” dialog screen; (ix) perform network communication switching (see, for example, the description of the “netlock” operation); (x ) Receive secure signals from the communication environment; (xi) track the order in which the communication environment was created and / or the order or priority of the current communication environment; (xii) to and within different computing environments Switch mouse and keyboard; (xiii) switch other inputs / outputs or peripherals to and within different computing environments; (xiv) coordinate email access and processing; and / or Perform other combinations of these functions.

  In one embodiment, the CSCE may also serve to control, align, and / or process video signals associated with processing activity in various computing environments (including processing activity in the CSCE itself), or A separate computing environment or video processing unit or logic circuit or other means can be used for this purpose. When a separate video processor or controller is used, the CSCE may generally serve to coordinate and organize its operations with other system elements, but in certain embodiments, the video processor or controller may be responsible for the system. Participate in CSCE or other controls.

  In view of the description herein, the user computing environment (potentially tainted files may be opened and executed) is separated from the control computing environment, but for known clean data or computer programs It is clear that the description of the user interface, control and switching, protected storage, video processor, and other operations and functions that operate as a separate computing environment is somewhat artificial and primarily for illustration purposes. Let's go. Note that embodiments of the present invention provide a separation of various non-user data control or processing environments, as well as embodiments in which these control functions are combined. Although some combinations are described in detail by way of example, it should be understood that other combinations of different control or management functions and operations are consistently supported with other principles of the present invention.

  It will also be apparent that different levels or degrees of separation are required or allowed for different computing or processing environments, or for different times within a particular or set of processing or computing environments. For example, in situations where a virus or hacker code should open and process an unknown file or data set in a computing environment that may be exposed to a processor and code capable of executing such code, the file or data The separation of the view from the set and the “outside world” is absolute and is contained within a user-separated computing environment. This absolute separation is between the specific user computing environment and other user computing environments and the control environment.

  In other situations, the degree or level of isolation may be limited so that it is not harmful at all to the computer or user, or can only tolerate the permitted degree of harm. This represents a type of user or administrator override, and several policies and rules can be set that allow a more generous use of the system. For example, if the computer system is normally used in an intranet in-house computing environment with current protection software, firewalls, and other protections provided by the company's Information Technology (IT) department, filtering Is already provided, it may be allowed to disable special processing of emails. Other embodiments can override all isolation when the network or computing environment is generally reliable. This generous override is not referenced in all embodiments, but demonstrates the flexibility afforded by the architecture, system and method of the present invention. Therefore, different levels or degrees of isolation can be provided and the present invention should not be construed as limited to architectures, systems, methods or procedures that do not allow any degree of non-isolation or override. It will be clear.

  Operations performed on processing video (digital or analog) from different computing environments may be output from a number of computing environments (eg, signals 2187-1,...) For display on a monitor or display device, for example. 2187-5, ... 2187-N), including, but not limited to, combining or otherwise formatting. While any of a variety of initial or default conditions can be implemented, in one embodiment, the default setting during booting is to disable or turn off the video signal of the computing environment. This is because in any unassigned computing environment, there must be no activity until some system or user initiated activity is commanded. Alternatively, the CSCE (or other entity) may turn on / off or enable / disable the video signal.

  In some embodiments, “processing” the video output from the computing environment is accomplished, for example, to provide a “layering” effect on a single monitor. For example, the most recent active computing environment can always move to the “top” (or “front”) layer, otherwise it is processed based on predetermined rules or policies. The CSCE may contribute to controlling and organizing the process if it is not directly responsible for the process. For example, the CSCE uses one or more commands to the video controller to help determine which “layers” should be “front” and how to merge video output from various computing environments. Can be sent. The reason why CSCE has this information is that it is the cursor coordinates of the mouse or pointing device for other purposes such as determining layer, active computing environment, unassigned or inactive computing environment, window position, mouse click And maintain a database of information regarding position and switching.

  In certain embodiments, such as those in which the video graphics card or video subsystem continuously transmits signals (even for “black” or empty screens), the video signal is turned “on / off” in the video controller. Or it can be “enabled / disabled”. Alternatively, the CSCE or video controller is simply instructed to “ignore” this signal from that particular computing environment when the computing environment is unassigned or inactive. In other words, the video card of the computing environment (whether it is a separate card or chip or integrated into a processor or other logic circuit) is optional, but always “pumps out” the video signal. Or a CSCE or other video controller can only output such a video signal when it enters an active processing environment. This advantageously has the effect of reducing power consumption and heat generation and extending the life of the system and its components. The CSCE also sends signals to the video controller or to inform what video input from the computing environment should be processed, what information should be used for each video input, and what information can be ignored. Can be sent to the processor (when present). For example, the portion of the desktop for each computing environment may be suppressed when it is duplicated or does not represent actual activity in the computing environment.

Isolated processing unit computing environment The system 2100 also includes one or more other unassigned isolated processing unit (IPU) computing environments (IPUCE) or shells, eg, CE2108-4 and CE2108-5. In the embodiment of FIG. 9, the CPU (2160, 2170), the storage devices (2161, 2171) including the STP (2162, 2172) and the TDP (2163, 2173), and the interfaces (2169, 2179) And switches (2164, 2165, 2174, 2175) for coupling or separating (enabling or disabling communication) between the storage device and the CPU.

  Computing hardware that supports and interacts with this combination of operating system, application program, user data file and UICE 2108-1 under control of CSCE 2108-2 Allows protection and separate processing of selected Microsoft Word programs with user data.

  In operation, the UICE sends a command containing the necessary data to the CSCE 2108-2 via the signal 2180. The CSCE receives these signals in view of the current designation of the resources of the system 2100 and other rules or policies for the system configuration and selects an appropriate computing environment, eg, computing environment 2108-4. Other embodiments of the invention may be implemented as individual elements (e.g., those that may be assembled as computer elements, even though they are not physically connected at the time of manufacture of the computer and are not located adjacent to the hardware of computer system 2100). , CPU and storage).

  When the computing environment 2108-4 is selected by the CSCE 2108-2, and more specifically selected by a rule policy or algorithm in the system switch controller (SSC) 2138, the SSC receives one or more signals 2186-4. Sent to CE 2108-4 to communicate with the identified user document file that it has been assigned to perform the Microsoft Word processing program under the Microsoft Windows 2000 operating system. CE 2108-4 optionally confirms that it has received communication under some handshake or other communication protocol, i.e., a simple communication protocol comparable to a single logic voltage level. Thus, signal 2186-4 (s) may be unidirectional or bidirectional. The SSC 2138 also communicates one or more switch control signals 2181 to the switch 2250. For example, switch control signals 2181-1, 2181-2, and 2181-3 configure one or more switches SW1, SW2, and SW3 to allow the desired storage device access. These same switches are optional, but effectively validate the communication from the SSC and are configured appropriately for the intended cooperation (eg open or closed, or enabled / disabled). Status can be returned to indicate that Similarly, the switch 2250 can send a data format transmission ready communication to a target destination such as STP 2162 and / or TDP 2162 of the storage device 2161, which are optional but ready for data format reception. Signals can be directed to switch 2250 in any desired manner.

  More particularly, in this example of word processing, SW1 2251 enables communication of all or selected portions of a master template including the Microsoft Windows 2000 operating system and at least the Microsoft Word application program. Alternatively, it should be noted that in some embodiments, the operating system and application programs may be provided separately from separate sources. In yet another embodiment, an operating system may be provided in the computing environment so that it does not need to communicate each time, stored in STP 2162 so that it does not need to communicate each time, or It may be provided in a combined ROM or otherwise provided. However, it should be noted that if the STP is not cleared after use, there is a potential for contamination when a malicious code is written to the STP, but this is not a problem when retrieved from read-only memory or ROM. .

  SW1 2251 is either parallel (if the provided communication path is sufficient to support multiple access paths) or serial (if communication path 2187 is not sufficient to support multiple access paths). , Configured to connect the MTPS 2142 to the STP 2162, where the STP 2162 receives the requested computer program code. Similarly, SW2 2252 is configured to provide a communication path through which identified user document files from UDPS 2143 can be copied to TDP 2163. Recall that the hardware / firmware / software that can be accessed during the copy operation is not sufficient to allow the execution of malicious code. For example, a hardware-only copy circuit that is adapted to copy bits from source to destination can capture (or read) and bit from source without being corrupted by a virus, hacker or other malicious code Is only copied (or written) to the destination. A buffer between the source and destination may optionally be used, such as a filter or limiter. Software and / or programmable hardware may also be used for the copy operation, but the ability of such a copy means is from unintended changes that compromise the immunity of the system or computing environment. Effectively protected. Preferably, the copy operation is only a copy of a binary bit or set of bits without any other interpretation, but the present invention need not be limited by this condition, using other protection measures, It would be desirable to be able to prevent possible execution of malicious code.

  In one embodiment, the process of copying data is "dumb", i.e., restricted so that the copied data cannot be executed, so that the data storage device data is not damaged by the malicious code. For example, to move or copy data, it can be encoded, or use an ASIC with limited functionality, or use a direct memory transfer, or other method of moving or copying data This is one that does not allow execution of data containing some executable code of the bit sequence. Optionally, the copy operation may be organized by a control system that can address or access the isolated working system (s) and the isolated or protected storage system (s). it can.

  Selecting a file to open in the storage system can initiate the process of copying the file from the storage system or source (such as UDPS) to a working computing environment (such as STP2166 in IPUCE2108-4) and switch 2250 After the connection with the UDPS 2143 via the network is completed, the data or file can be opened to allow exposure to the CPU 2160. Saving the file to the working computing environment can begin the process of copying the file to the storage system. If the file is abandoned in the working computing environment, a new or updated file or data set is copied or written to the destination storage system (eg, UDPS 2143) and deleted in the source storage system (eg, TDP 2161) (preferably (Physically erased) process can be started. The terms “copy” or “copies” or “copying” can be used in a broad sense: algorithm, snapshot, compressed data, bit by bit, encryption, Including, but not limited to, encoding.

  The isolated computing environment also sends a flag or other information or indicator 2191 identifying the status of the isolated computing environment (or some element in the ICE) to the control and switching computing environment 2108-2. , Otherwise you can communicate. Such a status or state is one of an operation ready state, a process complete state, a file copy or save ready state, a reset state, and / or other data or information that the control environment requires or can use. Or a combination thereof may be included.

  A separate computing environment may also be used to combine or merge different computing environment windows into a single display device (if such a single display is desired) and control environment 2108-2 and / or desktop and Window xy coordinates for use by the user interface computing environment 2108-1 (or by a separate video graphics processor or video display unit controlled by the CSCE), and optionally the window size 2192, or Otherwise, they can communicate. Also, communication lines or links 2191, 2192 may be shared across a single line or link. In addition, various features described elsewhere in this specification can be communicated via a communication line or link.

  These and other communication paths, communication links, or signal lines limit information, data, binary bits, etc. format, sequence, number or quantity, and infect between one computing environment and another. To further reduce this risk, a filter or limiter as described elsewhere in this specification can be installed. These filters and limiters will be described in detail with respect to other embodiments of the present invention.

  If the proper combination of operating system, application program and user data is present in CE 2108-4, the word processing operation can begin. The file can be saved in TDP 2163 until it exits the word processing program, or it can be saved by using an intermediate save with a write operation to UDPS 2143 via a suitably configured switch SW3 2253.

  Conveniently, the CPU 2160 is disconnected or disabled from the storage device when a read or write operation is performed between the MTDS 2142 or UDPS 2143 and the storage device (eg, STP 2164 or TDP 2163), thus the MTDS 2142 or UDPS 2143 is never exposed to CPU 2160 in such a way as to allow execution of malicious code and contaminate protected storage device MTDS 2142 or UDPS 2143.

  When word processing is complete and a new or edited file is written back to protected storage, the signal or state change or “flag” or other indication, followed by instructions from the CSCE, the contents of STP 2162 and TDP 2163 Cleared and erased. This clearing or erasure must be an actual erasure, for example by overwriting the storage medium or reformatting the master boot record or partition table, so the last data set stored there Malicious code that may have been present does not spread to other files or datasets. This is different from most conventional systems that simply update the directory to remove references to files that are deleted rather than actual deletions. The desire to erase the storage space used, preferably the entire accessible storage space, makes high speed solid state memory more desirable than low speed electromechanical storage devices such as hard disk drive storage devices. This also significantly reduces the amount of storage space accessible within the computing environment. In some embodiments, dynamically allocating storage space of different sizes, adding memory that is accessible as the process requires more memory, and solid state memory and large and inexpensive hard disk drive storage The ability to configure both is obtained.

  Considering the description up to this point, an operating system that can support the execution of virus code in a computing environment after user data residing in a protected storage device UDPS 2143 contaminated with a virus is moved along with the virus to CE2108-4 And the situation exposed to the CPU 2160 becomes clear.

  For example, if the virus is not executed for some reason, such as when the virus is exposed to the CPU and operating system but its execution date condition is not met, Returned to the protected storage device UDPS 2143. In this case, neither the specific computing environment 2108-4 nor the entire system 2100 is damaged by being exposed to a virus (or other malicious code).

  On the other hand, a virus (or other malicious code) is executed while in the computing environment 2108-4 to explode or otherwise CPU, CPU-related RAM, or other memory, and / or STP 2162 or TDP 2163 Even when the storage device is contaminated, its harmful effects are limited to the isolated computing environment 2108-4. This architecture and processing system and method does not provide a path for viruses or other malicious code to escape to other parts of the system 2100 and contaminate data in the system 2100 or protected storage device MTPS2142 or UDPS 2143. Even if a virus-contaminated file is returned to the protected storage device MTPS2142 or UDPS 2143, other operating systems, application programs or other data files will not be contaminated. This is because PSCE 2108-3 does not have a processor that can execute the bit pattern contained in the data, they are simply “0” and “1” bits, and have programmatic meaning within their computing environment. Because it does not have. Again, recall that the only operation where the bits are exposed is a dumb copy operation by hardware, software and / or firmware that can only perform a copy, and there are few more. If the virus is executed while in a non-PSCE computing environment 2108, it may damage or destroy the copy of the file, but the original data or file in PSCE is still complete. . Obviously, if the presence of a virus or other malicious code is found, it is desirable to take steps to clean or remove the virus and replace the virus-contaminated version with a cleaned version. Such virus or malicious code detection and / or cleaning operations are actually performed on a copy of a file in a separate computing environment before the cleaned copy of the file is sent back to protected storage. One of the processes to be performed. Saving the file as a non-overwrite version is another storage option.

  Having described the structural and operational features that can be safely processed with maliciously infected files, the graphic or display screen display for human user 2129 will now be described, apart from the main points. For purposes of explanation, assume that computer system 2100 is a windowed system and can display each process in a separate window of the display subsystem. Operating systems such as Microsoft Windows, Unix, Linux, Apple Macintosh OS and other normal operating systems support such windows and structures, and technologies that provide a display of each process in a separate window on a common display. To do. Therefore, each computing environment includes a display screen or graphic output 2187 that is processed by the video display subsystem 2192 to provide a windowed multitasking processing system that is very similar to a conventional multitasking windowed system. By pressing a keyboard button and assigning the mouse to an active process or window, input / output is similarly provided via the keyboard 2190 and mouse 2191 or other pointing device. User 2129, or in some situations, the system itself identifies the selected or active window, and keyboard and mouse actions are tracked and identified to the selected process. In essence, the keyboard, mouse or pointing device, and display process are assigned to the active window or other identified active process by UICE 2108-1 and CSCE 2108-2.

  Similarly, each other device or peripheral device in the computer system includes a floppy disk drive, a USB port and a USB peripheral device attached via these ports, a modem, a network interface circuit or card (NIC), a modem, a CSCI interface. And devices, PC card slots and interfaces, and devices connected via these interfaces, CD reader / writer, DVD reader / writer, scanner, printer, audio system, microphone, speaker, serial or parallel interface, and coupling to these interfaces Including one or more of connected devices, cameras, recorders, and other I / O or peripheral devices or systems that can be coupled to a computer or information device. But it is not limited.

  The architecture, system and method of the present invention include a processor, such as, but not limited to, a computer, a PDA, a mobile communication device and telephone, a cellular phone, a digital camera, a video recording device, a navigation and mapping system, and an automobile engine management system. Aircraft navigation and guidance systems, network servers and routers, digital and HDTV television receivers and processors, security systems, and any other electronic devices and systems, incorporating processors, viruses, spyware, bots, computer hackers Recall that it can be applied to a set of devices and equipment having, and others susceptible to malicious codes. Also, accidental problems associated with the execution of computer code that has not been fully debugged can cause code defects when the system is tested and debugged, or otherwise used in one of the isolated computer environments. Recall that can be handled in a way that prevents harmful effects on other parts of the system. Thus, the set of possible input devices, output devices, input / output devices, and peripherals are a wide variety of sets and are not limited to devices typically associated with a conventional desktop or mobile notebook computer. A peripheral device is, for example, an automobile or aircraft that is controlled or monitored by an information system formed in accordance with the principles of the present invention.

  Also, in view of the description herein, these various peripherals are found in the UICE 2108-1 desktop environment, but the process of actually accessing these peripherals (beyond the keyboard and mouse) is to the peripherals. Derived from one of the other isolated processing environments that require access to, or more preferably, creates or initiates a new process that interacts with the peripheral device, and via stored and shared data via UDPS It will be apparent that the peripheral device or subsystem is provided with data or otherwise interacts with it.

Another embodiment of combining user interface, control & switching functions and protected storage computing environment control and user interface computing environment 2108-1, switching computing environment 2108-2, and protected storage and read / write computing environment 2108- 3 have been described, in view of this description, these operations may be performed in a separate user computing environment, for example, the separated computing environment 2108-4 or 2108-5 in the embodiment of FIG. It will be apparent that can be combined and executed in separate single computing environments. In particular, such an architecture and system configuration does not allow the combined blocks to execute user data and / or unreliable code and execute data or programs to a separate computing environment. As long as operations such as move or copy can only be performed and cannot be opened or executed, at least some of the advantages of the system and method of the present invention can be provided. In some embodiments, only reliable access to the control entity is allowed (regardless of whether it is distributed or combined among multiple computing environments). For example, based on rules and policies that can be enforced, keyboard and mouse input can be treated as a reliable input or interactive medium. Standard security procedures for turning on or powering on and logging into a computer or device, such as passwords and biometrics, allow the user to access the system and thus possibly enter keyboard and mouse input and be trusted. Can be implemented to give additional guarantees.

Another embodiment with dynamically configurable system elements Although described with respect to one particular multi-computing environment embodiment showing some of the operation, control, interface and protection features, a common set of computing environments is used A specific set of user interface computing environments (UICE), control and switching computing environments (CSCE), protected storage computing environments (which can be configured to perform word processing, e-mail, internet browsing or other operations ( PSCE), and other embodiments implementing other computing environments (CE) are described.

  FIG. 10 illustrates another embodiment system 2200 for processing data or other information. Similar to the embodiment 2100 described above with respect to FIG. 9, the system and architecture 2200 includes one or more processors, controllers, microprocessors, central processing units, along with methods and procedures for configuring and operating the system. (CPU), ASIC, logic circuit, or other means for processing electronic data can be applied to a wide variety of different electronic device sets, including those conventionally.

  For convenience of explanation, several elements such as various computing environments, peripherals, switches, control lines, and other signals are depicted with the same or similar topologies and denoted with the same reference numerals. There are many ways to implement the principles of the present invention, and each of these descriptions and drawings (eg, the embodiment and system configuration of FIGS. 9 and 10) is a description of how to implement and operate the system according to the present invention. It will be clear that this is only an example.

  System 2200 includes a processing unit for desktop and user interface computing environment (UICE) 2108-1, a processing unit for control and switching computing environment (2108-2), a processing unit for protected storage computing environment 2108-3, 2 Two separate processing unit computing environments IPUCE # 1 2108-4 and IPUCE # 2 2108-5. In the embodiment of FIG. 9, exemplary processing unit elements are shown and described to perform the desired operation of a particular processing unit 2108-1, ... 2108-5, ... 2108-N. . The embodiment of FIG. 10 has a common element configuration that allows multiple modular units to be dynamically configured to perform the functions and operations required for initialization, configuration and operation of the system 2200. It is shown. Although the same or common elements are not required, it is advantageous to use a common set of elements that may be customized or customized with software, firmware, and user or system data based on the intended operations and processing capabilities. is there.

  Given this general correspondence between computing environments 2108-1 to 2108-5, this description highlights implementation differences (if any) and / or details.

  Referring to the processing unit of the desktop and user interface computing environment (UICE) 2108-1, the CPU 2120, here, as is well known in the art, is a processor (PR), processor coupled memory in the form of RAM, and Note that it is shown to include any processor chipset and BIOS. It will be apparent that any form of processor, microprocessor, central processing unit, ASIC or other logic circuit capable of performing the tasks of the control and switching computing environment (2108-2) may be used. Even for the entire system 2200, which is required to perform sophisticated and complex data processing and requires a CPU capable of executing complex computer program instructions, the desktop and user interface computing environment (UICE) 2108-1 Note that the “processor” of the processing unit may be a very simple element.

  The same is true for the processing unit of the control and switching computing environment (2108-2) and the processing unit of the protected storage device computing environment 2108-3. Indeed, in one embodiment, the functions of the processing unit of the control and switching computing environment (2108-2) and the processing unit of the protected storage computing environment 2108-3 can be performed by a single unit 2155, and In other embodiments, the functions and operations of the master template copy switch 2151 and the protected storage device copy switch 2152 can be combined into a single unit 2156.

  The UICE 2108-1 also receives a control signal 2184A from the CSCE (2184A-1), an operating system (OS) and / or an application program from the protection master template (2184A-2), and a protection storage device (2184A-3). Shown as receiving data. It can also send data back to the protected storage device (2184A-4). These four sets of signals are shown as being present in each computing environment, but not all connection lines are shown for clarity. Not all signal lines are required or used for certain processing operations.

  This embodiment also shows an allocation function that works with UICE, CSCE and PSCE to combine and make available different peripherals to the processing operations that require them. It is noted that in at least one embodiment, a keyboard and mouse (or other pointing or selection device, eg, a touch screen) can be used for other computing environments as well as directly for processing units in desktop and user interface computing environments. I want.

  An optional ASIC 2126 is also shown. In at least some embodiments, a CPU or ASIC (or other logic circuit) is sufficient to provide the necessary interface processing capabilities, but both are shown here for modularity and generality.

  Referring to the processing unit of the control and switching computing environment (2108-2), the processing unit of the control and switching computing environment (CSCE) is shown as a similar set of elements, but of storage for programs and data. It will be apparent that content typically varies based on the functions and operations provided by the computing environment. In the case of CSCE 2108-2, temporary storage device 2149 is shown as including I / O switch configuration data 2158 and data transfer or read / write switch configuration data 2159.

  Referring again to the processing unit of the protected storage device computing environment 2108-3, a similar set of elements is shown again. The protected storage for the master template and user data is shown as part of this unit. A complete copy of the master template including the operating system and application program elements, or in one embodiment, multiple template copies suitable for different processing operations that may be required by the user, is stored in this protected storage device 2141. It was. User files and possibly system files are stored in protected storage device UDPS 2143. The protected storage device should not be exposed to a processor or CPU that can execute user data (or code instructions) that may be present, so if a processor or CPU is provided, it is disabled or disconnected from the protected memory. I want to recall that Accordingly, switches 2144 and 2145 are opened, or other steps are taken to disable the processor, such as removing operating voltages or withholding operating clock signals necessary for operation. This is generally the process by which a circuit such as an ASIC or other logic or processing circuit 2146, possibly cooperating with software and / or firmware, reads and writes to protected memory and maintains their separation. It means having the ability. Note that the master template copy switch and the protected storage device copy switch (s) may be part of the PSCE or may be separate but in communication with it. Copying (reading and / or writing) can be performed, for example, by an ASIC or other logic or processing circuit 2146.

  Referring to the two separate processing unit computing environments, IPUCE # 1 2108-4 and IPUCE # 2 2108-5 also maintain this modular computing environment structure. These processing units comprise a CPU that supports the full spectrum of processing operations required to perform word processing, internet connection and interaction, cellular telephone call reception, voice encoding and decoding operations, and the like. Convenient.

Embodiment with Combined Control and User Separation Computing Environment FIG. 11 illustrates an embodiment 2300 of the present invention having a combined control computation environment for user processing and one (or more) separate computation environments. It is shown. The combined control computing environment performs the necessary operations of the control and user interface computing environment 2108-1, switching computing environment 2108-2, and protected storage and read / write computing environment 2108-3 of the above-described embodiments. The operations of computer system 2300 are organized as given. The separate computing environment 2304-1 can take the form described in the previous embodiment, and although not described in detail here, such an ICE typically is for executing a set of instructions intended for the ICE. Processing logic 2381 and a storage device 2380 that can be coupled to and separated from the processing logic in a switchable manner are provided.

  In any given embodiment, some features and procedural steps are optional and may not be required based on the ability to be performed and / or the degree of security or immunity desired. It will be clear. Some features and procedures can be implemented dynamically based on the current state of the system and the intended computing environment operation, among other factors. In any case, in view of the description herein, it will be apparent that these control operations are performed in a separate (physical or temporal) computing environment from a separate user computing environment.

  In this embodiment, a control processing or computing environment (CCE) 2302 is established and operates to create, control, and exit one or more separate computing environments 2304-N. In this embodiment, only one separate computing environment 2304-1 is shown for simplicity of illustration, but a number of such separate computing environments (ICE) or subsystems for user processing can be fixed or It can be configured and operated dynamically.

  The CCE 2302 includes several logic circuits or other logic means 2320 (eg, a controller, microcontroller, processor, microprocessor, central processing unit or CPU, ASIC, programmable logic, etc.) and one or more communication links. 2328 and a storage device 2321 that can be switchably coupled to and disconnected from this logic means 2320 through one or more switches or switching means 2325. The switch or switching means 2325 generally comprises a plurality of switches or switching elements suitable for coupling or separating the signals and data between the storage device 2321 and the logic means 2320, for example, a storage device, for example, A well-known signal conditioning circuit for coupling and decoupling to a logic circuit such as a CPU may be provided.

  Provide separate memories in the form of ROM, RAM, registers, etc. based on the format of the logic circuit or logic means 2320 and connect or disconnect (enable or disable) via one or more memory switches 2326 in a switchable manner. You can also. Switching can selectively enable communication or signaling in either direction to / from memory or storage (eg, for read or write) or in both directions. In the context of this embodiment and other embodiments of the present invention, the terms switch, multiple switches, switching means, etc. should be given the broadest possible interpretation and from one position to another. A device, logic, hardware or device that enables or disables the ability to physically or logically couple or separate signals, or to communicate signals between such locations regardless of electrical or optical connections Software exists or may exist.

  The type and capability of the logic circuit or logic means 2320 may generally depend on the logic or other processing operations to be performed by the CCE 2302. For example, the processing operations to be performed as control for a general purpose notebook computer may differ at least in part from the control operations to be performed for a cellular phone or electronic camera. This is because the operations to be performed by these different devices may generally be different.

  In certain embodiments, in a separate computing environment 2304, storage device 2321, memory 2322, I / O or peripheral device (eg, keyboard 2390, mouse 2391, or network NIC 2392), and / or storage device (s) 2380. Various switches (eg, switches 2350, 2360, 2325, 2326) and switching capabilities for coupling or disconnecting signals or signals to and from the logic circuit 2320 may be provided, or in other embodiments, logic Separate switching means may be provided that are fully or partially controlled by circuit or logic means 2320. In this or other embodiments, a single switch, a set of switches, a number of individual switches, or a number of sets of switches can be used to accomplish the desired switching operation.

  At least some switches can be at least partially controlled by CCE 2320, but communication links, signal lines, buses, or other connections may not pass through CCE 2320 or be accessible by its elements. It will be clear. For example, in at least one embodiment, the network NIC 2392 is switchably connected or disconnected from the isolated computing environment 2304-1, but data or bits received from the NIC are not passed through the CCE 2320 and are sent to the malicious agent. Is passed only through ICE 2304-1. In at least some embodiments, separate modem and / or network NIC devices and communication paths are provided for receiving data from and transmitting data to the external environment, providing additional immunity and system protection. Give a good measure. When the received data is separated from the transmitted data, this also provides a measure of protection for other computers or devices external to the system 2300. This is because the opportunity to send tainted data or include malicious agents is reduced or eliminated. Storage device 2321 may be implemented as a single physical device, may be implemented as a combination of two or more physical devices, or as one or part of one or more physical devices. May be implemented. For example, it may be in any form of magnetic, optical, solid state or other memory formats well known in the art or may be developed.

  In the illustrated embodiment, the storage device 2321 is a master template protection storage device (MTPS) 2322, a user data protection storage device (UDPS) 2323, and switch configuration information for the storage device and / or I / O device. Or data 2324 and operating portions of operating system elements and application programs 2325 required to support device interface and control with the user. Optionally, a temporary working storage device 2326 may be provided. In some embodiments, the type of storage device for these different storage elements is advantageously selected to facilitate fast read and / or write access and / or erasure of elements from the storage device. . In particular, solid state or semiconductor memory may facilitate fast access and quick and reliable erasure of the user computing environment after the user computing environment session is completed and terminated or closed.

  One or more separated computing environments 2304-1,... 2304-N may be configured in a fixed manner or dynamically. Temporal separation is used when the number of processors or other hardware tends to limit the number of physical (eg, hardware) individual sessions, as described elsewhere in this document. Additional separate computing environments can optionally be implemented with intermittent access to the hardware.

  Each ICE 2304 passes through a CCE control switch 2350 when access for reading and / or writing to a protected storage device (eg, MTPS 2322 and / or UDPS 2323) or other portion of the storage device 2321 is requested. It would be advantageous to be able to switchably couple to 2321 (or a portion of the storage device). In the embodiment shown in FIG. 11, data in 2351, data out 2352, and OS-Apps (operating system and application program) 2352 communications or signal paths are shown. In different embodiments, a single communication or signal path (eg, wire, multi-wire bus or optical link) is used with path assignment and arbitration circuitry or other logic means, via such a single link. Communication can be assigned and controlled. Further, in an embodiment in which an operating system and / or application program is provided in the ICE 2304, there is no need to provide a path between the storage device 2380 of the ICE 2304 and the storage device 2321 in the CCE.

  This or these same communication links 2351, 2352, 2353 may also be used to communicate any flags 2355, window xy coordinates 2356, ICE video output 2357, and / or dedicated or time sharing intermittent. Peripheral devices can be combined on the base. Alternatively, separate dedicated or shared communication links can be used for these signals or data.

  Flag 2355 provides status and / or command and control between CCE 2320 and ICE 2304, for example, but not limited to, the following flags or status. In other words, “reading ready for reading ICE master template”, “reading for reading ICE user protection data”, “reading for ICE processing”, “encountered ICE processing error”, “request to save file to protected storage device”, “file save operation "Complete", "CCE command to reset and erase ICE", and other states and commands to support the desired operation. In some embodiments of the present invention, the nature and complexity of the flag is reduced in order to reduce or eliminate the possibility that a status or command and control flag will accidentally communicate or transmit a virus or malicious code between the ICE and the CCE. Simple and short (eg several bits or bytes) deliberately kept.

  As already described for other embodiments, video or graphic-related output signals or data 2357 are provided from each ICE to capture a representation or display of an ICE user environment (eg, a word processing screen) and display screen or other Can be displayed on the device 2393. In most embodiments, a single display device is used, but the present invention does not exclude multiple display devices or indeed multiple video or graphics processors. When operating in a window environment, the window's xy or line sample coordinates and window size, or other descriptors for the ICE window, are communicated to the CCE (or video processor 2392 controlled by the CCE) and thus a different ICE. Multiple windows from can be combined with each other and optionally combined with a desktop (eg, Microsoft 2000 desktop) display or video display 2393 generated by CCE 2302.

  Filters or limiters that limit the type and / or amount of data communicated over the communication path may be between the CCE storage device 2321 and the ICE 2304, and / or between the ICE 2304 and the video display control unit 2392, and / or Arbitrarily provided between ICE 2304 and CCE for flags, window coordinates and dimensions, or other states or commands and control signals, it is advantageous to do so.

  For example, a storage device access limiter 2370 can be provided between the storage device 2321 and the ICE storage device 2380. Similarly, a limiter 2371 can be placed in the video signal path between each ICE and the CCE or video display control unit 2392.

  In one embodiment, limiters are coupled with switches (eg, switches 2350, 2360), while in other embodiments they are separate. Such a filter or limiter function may be implemented as part of the CCE logic, may be implemented as part of the ICE logic, or may be implemented as part of both. It is also optional to provide redundancy with some confirmation between the ICE element and the CCE element. In general, in this embodiment, either of these filtering or limiter operations involves a comparison between the attempted communication and a permitted set of communications. If the attempted communication is allowed, it is allowed to pass; if it is not allowed, it is not allowed to pass. While various error messages and / or notifications can be implemented arbitrarily based on rules or policies, it is desirable to do so.

Embodiment with a single temporally separated computing environment for control and separation user processing FIG. 12 only provides a single physical computing environment, but intermittent access and temporal or temporal separation An embodiment is shown that can support multiple logical or virtual computing environments using the configured access. This single physical computing environment can support the control of the CCE described in the above embodiments and a separate processing computing environment for one or more user processing sessions. This type of intermittent access with temporal separation can also be used in other embodiments of the invention that have or can support multiple physical computing environments.

  In the illustrated embodiment, a single processing logic element 2404 (eg, a processor, a microprocessor, an ASIC, a controller, a microcontroller, or other logic or processing circuit means) is passed through a switch or switching means 2412 to a storage device 2406. Can be communicatively coupled.

  In one embodiment, the storage device 2406 can be physically or logically partitioned or partitioned to provide isolation between the isolated computing environment storage device 2410 and the control computing environment 2408, including, for example, a master Templates and protected user data and operating system and application program elements can be stored without fear of contamination. A separate computing environment storage device is provided for storing working copies of user data, operating system and application program elements, temporary storage, etc. during the execution of the ICE. Sharing common physical storage means that even if malicious code is executed while operating in ICE mode, it does not reach or contaminate or infect the protected data storage device, eg, a master template or Conveniently achieved by a control routine or procedure that ensures that the original protected user data file or the like is not damaged.

  Other embodiments of the present invention use separate physical storage or memory and do not experience accidental accesses such as those that may occur due to hacker attempts to overflow the allocated memory address range. Memory address or access control. Providing separate physical storage for control and protection storage versus isolating the working storage of the computing environment provides an additional level of isolation. This is because the communication line or bus does not interconnect the two (ie, physically or logically switches them off and disables them) so that there is no complete physical separation so that no contamination occurs. It gives a possibility. It is also optional to use a different physical storage device, but conveniently it is ROM or EEPROM for the control environment storage portion, RAM for ICE, and for large data or program storage devices. The effect of using different storage devices such as a magnetic storage device such as a hard disk drive. Also, different physical memory and / or memory types may be used in each ICE or CCE request for storage devices.

  The switch or switch means 2412 also serves to couple and disconnect input / output or other peripheral devices (eg, but not limited to a keyboard 2416 and mouse 2418) to a selected one of the computing environments. Can do. In embodiments where the same processing hardware is temporarily assigned to different computing environments, switching is still desirable to enable or disable the use of inputs, outputs or other peripherals to maintain the desired degree of isolation. . For example, a keyboard and mouse can be coupled to both control and separation computing environments that run word processing applications, while a network NIC card can only be coupled and enabled to a separation computing environment that runs Internet network browsing sessions. Cannot be combined or enabled.

  In one embodiment, a reset mode is provided to initiate a boot or restart to a known initial state. The operating system and application program for the start state are stored in the nonvolatile memory of the control environment storage device 2408 in a form that can be easily reset and reloaded. In one embodiment, it is stored in a high speed ROM. This mode is the process by which the segregated computing environment typically leads to the generation of one or more new files or data sets, or the generation of revised or new version (s) of such files or data sets. Allow to perform the operation. In one embodiment, the reset mode procedure searches a specific area of the storage device for such a new or revised file or data set and makes a copy to the protected storage device to create a prescribed rule or Add or replace files in protected storage according to policy. The reset mode procedure simply copies the file or data set, but does not open or execute it, so protection is maintained as in the other embodiments described above.

  In another embodiment, temporal separation from shared hardware resources is achieved by storing and re-storing intermediate logic or processor 2402 state. By storing the processor 2404 and other necessary state information or data, one process, such as the control process, can be interrupted, and the processor state can be stored and re-stored upon interrupt and resume, a new separation calculation The process can be performed (completely or partially), and so on. In this way, a large number of processing sessions can be performed using a minimal physical hardware set. The structure and method of storing and restoring processor state so that multiple processes can be handled during a defined time period is sometimes referred to as concurrency or multitasking. These known structures and methods are not described in detail here. However, in connection with the present invention, a register or other memory storage device to store the state of the processor 2404 individually for multiple computing environments to maintain isolation and to prevent malicious code from avoiding isolation. Note that may be provided. Thus, each individual temporally allocated segment of a processor (eg, chip, RAM, storage, or some combination thereof, or other element or segment) may be individually, as a group, or collectively Can be reset or repaired.

  In one embodiment, a separate reset logic 2450 is coupled to a hardware or software reset button or switch 2451 that transitions between different computing environments and stores state when one process is interrupted, It then provides the necessary separation control to restore that state when the process resumes. The reset logic, which may be hardwired logic or programmable, generates signals to the processor 2404 for storing and restoring states and setting other device 2400 parameters and conditions. Control lines to the device elements are provided as needed between the state storage register 2453, the storage device 2406, the processor 2404, and the switch 2412. In certain embodiments, processes in a separate computing environment can generally run toward completion so that only the control process is suspended and then resumed. In other embodiments, any process is suspended and resumed.

  It will be appreciated that certain embodiments of this type are particularly applicable to so-called thin computing devices such as cellular telephones. Such devices need to handle voice processing associated with telephone conversations, receipt of electronic images or pictures, calendar item or phone number lock-up during a single use of the device. By facilitating a large number of processes of this type using minimal hardware, the cost of the device can be reduced, a small size can be maintained, and a reduction in power consumption and heat generation can be achieved.

Alternative Embodiment with Single Time Shared Computing Environment for Controlled and Decoupled User Processing Referring to the embodiment of FIG. 13, an architecture and general configuration of system 2500 according to aspects of the present invention is shown. . In this embodiment, the first computing environment 2501 includes desktop environment and control environment functions, erasure / reformatting of these functions and / or environments, switch (s), switch configuration (s). ASIC with predetermined or dynamically determined communication with protected storage device (s), network interface and connection or card, limited communication capability to provide or store a certain isolation level, video processing And / or may be configured to include or include support for video control, mouse and keyboard input, input / output connections, peripheral device connections and controls, and combinations thereof as required. This first computing environment 2501 is coupled to a second or user computing environment 2502 via a switch 2503 (which may itself optionally be configured or implemented within the first computing environment). This second user computing environment has the same separation as described in previous embodiments of the present invention, and therefore other incidental or intent by virus, hacker, cyber terror, and malicious computer program code Give the same immunity to common attacks or contamination.

  Typically, the user computing environment 2502 generates a video output signal that can be processed by the user computing environment or processed through the first control computing environment 2501 and displayed on a display device. However, in some embodiments of the present invention, not all computing environments require a video output signal, nor does the user need to be aware that a separate computing environment has been generated. Will be clear. For example, in some cellular telephones, the computing environment created to process or encode and decode the audio signal does not require video output and simply generates the necessary signal. This is just one example of a situation where the output is a data set, in which case the data set is generated and used in real time or near real time and is not stored. From the description herein, it will be apparent that the input and output of the computing environment will vary based on the processing task.

  A switch or switching means 2503 can combine or separate data 2506 (eg, a copy of a user file or document) between the user computing environment 2502 and the first computing environment 2501, wherein the first computing environment is: Handles control, interface, protection storage, switching and other functions for the operation of system 2500. An optional optional limited communication link 2508 including a communication line and optional ASIC or other logic circuit or logic means is provided to save files and erase the computing environment as described elsewhere herein. , Erase memory, erase storage, communicate window and / or object coordinates and recognition, communicate mouse coordinates, and so on. These switchings are optional, the communication path may be direct, and a combination of signals (commands, data, etc.) may be combined and multiplexed, or otherwise communicated via a defined set of communication links. It will be clear. Such a communication link may be a wire, bus, optical link, or other connection means, as is known in the art.

  For other embodiments described herein, a filter or limiter 2510 may be provided in the communication path to filter or limit the type, pattern, number or amount of bits or data sent over the communication path. Any other special dedicated communication path or link 2526 can be provided as well as other common sharable communication paths or links.

PC card bus or interface card embodiments and conventional computers While numerous embodiments of the system, architecture and method of the present invention have been described, an ISA bus, PCI bus, USB bus, which provides bandwidth suitable for the desired performance level, The implementation of the system, architecture, and method of the present invention suitable for cards or other circuits attached via a SCSI bus, PC card bus, or other bus or interface is described below. Similarly, the present invention is used in connection with a card, chip, or chipset that can be retrofitted into a system or peripheral bus, eg, ISA, PCI, SCSI, firewall, USB or other bus or connection. be able to.

  PC card implementation is particularly useful. This is because notebook computers and other information devices with PC card slots or cables can be modified to provide a level of security and anti-virus and anti-hacker performance without completely replacing the notebook computer Because.

  With reference to FIG. 14, the elements of the PC card coupled to the host computer processor and main processor memory will be described. In a typical PC card interface, the PC card is connected to the computer's PCI local bus via a PCI to card bus bridge as is well known in the art. The PCI local bus is then coupled to the host computer bus via a host-to-PCI bridge. This host bus is the same bus that is coupled to the host computer processor or CPU. Access to all peripherals of the host processor and host computer provides an opportunity to retrofit the PC card based auxiliary processing system having the benefits of the system, architecture and method of the present invention.

  FIG. 14 schematically shows a PC card version of the present invention. Although PC cards are advantageously used, the present invention may be implemented on other different devices and connected or coupled to a notebook computer or other information device by other existing or developed interfaces. Will be clear.

  The PC card bus provides all the signals necessary to couple the system of the present invention to the notebook computer. In one embodiment, the host computer circuitry is used to provide a user interface computing environment, while in other embodiments, only the PC card processor is used for processing. In one embodiment, the hard disk drive of the host computer is used, while in other embodiments, solid state memory on the PC card or coupled to the PC card by a cable is used. Conveniently, if the computer has multiple PC card slots or connectors, one slot can be installed and connected to a PC card that supports the processor system of the present invention, and the second card is Memory storage devices can be supported including hard disk drives, optical, solid state or other memory storage devices, or combinations thereof. It is also possible to provide a storage device for both the processor PC card and the PC card-based storage device.

  FIG. 15 is a diagram illustrating a generalized architecture 2600 for coupling a PC card 2602 to a PCI-to-card bus bridge 2604 and to the PCI local bus 2605 by the bridge circuit. This PCI local bus is then coupled to a host-PCI bridge 2610, which provides access to the host bus 2612 and the host processor 2614. A main memory 2616 such as a DRAM is coupled to the host bus 2612 and the PCI local bus 2505 via the host-PCI bridge 2610. The PC card in this embodiment includes the computer system of the present invention, while the host processor 2614 is a processor installed in a conventional notebook or desktop computer. For ISA or PCI cards, it will be apparent that they can be coupled directly to an ISA local bus or ISA bus, as is well known in the art. The PC card 2602 conveniently includes storage devices, network interconnect cards (NICs), modems, graphics processors, wireless communications, and other devices, as well as peripheral operating characteristics of the entire computer system.

  Alternatively or additionally, PC card 2602 may include a connector for coupling such a device to the card. Other embodiments enhance storage, communication, video processing, or other features and cooperate with a PC card (or other plug-in card in a desktop computer) 2602 that includes the processing and computing environment of the present invention. Therefore, a second PC card may be provided. Various handheld and portable devices such as cellular phones, organizers, personal data assistants, satellite phones, equipment, entertainment systems, or plugs can be used to provide the computing and processing environment of the present invention in a modifiable or pluggable package It can be extended to other devices or systems with in-card or external interface capabilities.

  FIG. 16 illustrates individual dynamically configurable system elements, such as, but not limited to, memory elements (eg, RAM or ROM) 2702, any form of data storage device (eg, magnetic hard disk drive or other Storage subsystem or device 2706, solid state memory 2708, optical storage 2709, etc.), video processing element 2704, signal processing element 2711, Ethernet interface 2712, network interface card 2713 or capability, modem 2714, wireless interface 2715, processor 2705, switch or switching element 2730, communication path, wire and / or bus 2720, ASICS 2717, and other elements described in connection with the present invention, embodiment 2700 of the present invention. It is. Only the interconnection capability is shown in this figure, which can be applied to any of the above-described embodiments of the invention that provide additional architectural, topology, system and method details. Dynamic configuration or reconfiguration can be performed at initialization, during operation (even when other processing operations are in progress), or at system reset. In one embodiment, an assignment table or data structure 2725 is stored that identifies assignments of different elements and elements to different computing environments.

  The dynamic configuration of some or all of these elements has already been described for other embodiments of the architecture, system and method of the present invention. For example, as mentioned above, the computing environment and the elements of such a computing environment are modular, and the defective elements or sets of elements that make up the computing environment are swapped or repaired to the working part. Until then, certain result elements and / or computing environments can be dynamically configured by a control entity such as a CSCE or CCE computing environment. Also, as noted above, certain embodiments of the present invention are described above using a dynamically assignable and configurable central processing unit (CPU), microprocessor, microcontroller, ASIC, or some combination. A physical structure can be provided to create a form of computing or processing environment. This dynamic configuration also provides flexibility in selecting the characteristics of an element or element to suit a particular processing task when elements or elements having different characteristics can be physically used in the system. In some cases, the complexity of the processing or computing task dictates the physical elements that support the desired computing environment, such as the need for a very fast processor or large memory, or in other cases only Direct physical elements that support the desire to minimize power consumption for conservative monitoring tasks that require little processing power or speed and a minimum amount of memory. Such selection and configuration is made under user control or, more generally, based on certain predetermined or dynamically determined rules or policies under automatic control of the computer system. Recall that it is done optionally and preferably based on the measured physical or logical state of the computer system, environmental conditions, processing requirements and complexity, application program size and data set size. I want. Other embodiments of the present invention provide for discrete elements (eg, CPUs and storage devices) that can be assembled as computer elements, even if they are not physically connected at the time of manufacture of the computer, or even if not adjacent to the computer system hardware. ) Give dynamic allocation. In certain embodiments, dynamic assignment and configuration can include and use external elements or elements that can be configured through an external port via the switching system described above. In some embodiments, the control computing environment (eg, CSCE, CCE, or other control computing environment described herein) includes a switch or switching system described for peripheral devices, input / output devices, and / or storage devices. It can be incorporated and / or controlled to enable communication paths, switch computing system elements together, and establish links and connections to perform the intended operations.

  FIG. 16 shows the different types of elements as connected to a single schematic “line”, but each element is a wire, set of wires with appropriate electrical (or optical) properties. Obviously, it is coupled to other elements by a bus or other communication link and a signaling protocol to support the intended communication. Such suitable characteristics are conventional and well known in the art and are therefore not described in detail here. While certain embodiments of the present invention provide a dynamic configuration of all the above-described elements and elements (and others not specifically addressed), other embodiments provide a more limited dynamic configuration, such as It will also be apparent that it provides the ability to dynamically configure different data storage devices for a dynamically or fixedly configured computing environment.

  FIG. 17 illustrates an embodiment of multiple computing environments, each having a set of wires, buses or other interfaces and elements that connect the computing environment elements to different signal lines or buses via a switch “X”. Multiple data storage subsystems are also shown (possibly with different logical partitions, or themselves composed of multiple physical devices), which can be used on all computer systems for use by different computing environments. Can be assigned dynamically. In certain embodiments, each computing environment can include a number of data storage elements, and the dynamically assignable or switchable data storage device includes storage or processing tasks (eg, temporary storage). ) Represents additional storage capacity when the required storage capacity for) exceeds the storage available in the defined computing environment.

  FIG. 18 illustrates that the computing environment 2801 of the present invention allows multiple keyboards 2803 and mice 2804 (or other input or pointing devices), keyboard communication lines or links 2807 (eg, electrical cables or wireless links) and mouse communication lines. Or via a link 2808 how to combine into a separate “set” of the computer system of the present invention or a separate computing environment (ice) within the entire computing environment 2801, and via a video communication signal link 2806 a number of discrete video Indicates whether it can be combined into a “set”. The output is sent to a single monitor or individual monitor 2805 to generate independent “nodes” 2802-1,... 2802-N, which are independent and separate from each other, yet all single. Operations can be performed under the control of a controller or control environment.

Embodiments Having Multiple Dynamically Configured Virtual Computing Environments or Processing Environments Various embodiments of the present invention have been described which include (i) user interface, control and switching functions, and protected storage computing. Embodiments that combine with the environment (see, eg, FIGS. 9 and 10 and accompanying descriptions); (ii) Embodiments in which system elements are dynamically configurable (see, eg, FIG. 10 and accompanying descriptions) (Iii) embodiments in which there is a single temporally separated computing environment for control and separation user processing (see, eg, FIG. 12 and accompanying description); (iv) Embodiments in which there is a single temporally shared computing environment for control and segregated user processing (see, eg, FIG. 13 and accompanying description); (v) PC card bar An embodiment in which a computer or other interface card and a conventional computer are present (see, eg, FIGS. 14 and 15 and accompanying descriptions); (vi) for defining a computing environment based on computing tasks or otherwise Embodiments in which the system has individual dynamically configurable system elements (see, eg, FIG. 16 and accompanying description); and (vii) multiple computing environments are defined or configured, each of which is an element Embodiments having a set of computing environment elements and wires, buses or other interfaces that connect computing environment elements through switches or multiplexers (ie, matched sets of switches) to different signal lines or buses (eg, , See FIG. 17 and accompanying description). Other embodiments of the invention are also described, and this list does not attempt to identify all embodiments, but another embodiment referred to herein as a virtual processing space and a virtual processing environment. It establishes the basis for displaying.

  As described below, this embodiment allows for the dynamic configuration of physical system elements (including aspects of selection, assignment and switching), along with the expansion of temporal multiplexing (time or temporal dimension). Merge into any set of dimensions in a dimensional virtual processing space. These embodiments also introduce the concept of dynamic configuration and the concept of PC card bus or other interface card extension to other plug-in cards or modules such as PCI card slot daughter board, motherboard chipset replacement or addition, As well as interfaces that can be interposed between conventional elements, such as conventional microprocessors (eg, the types manufactured by Intel, Advanced Microdevices, Motorola and others) and conventional computer motherboards and processors ( Otherwise, it can be extended to embodiments with the interface of the present invention (which can be mated). In addition, the concept of plug-in cards and interfaces can be combined. Embodiments of the virtual processing or computing space and the virtual processing or computing environment are described in detail below.

Embodiment of Multidimensional Virtual Processing Space (VPS) with Multiple Multiplexable Virtual Processing Environments (VPE) This embodiment and the embodiments described above may or may not reside in a virtual processing space. It provides a virus, hacker and other maliciously coded immune environment that is kept separate from other processes. Process input from external and potentially contaminated sources is processed through an input isolator into a separate processing environment within the virtual processing space that is cleaned and cleared before accepting a new process. Otherwise, it is reset to a known reliable state so that contamination that may have been introduced by previous processes is eliminated. The processing environment then processes or executes the received external process and upon completion, accepts the process output or result via the output isolator to the outside world, eg, the requesting process or result. Direct to another process configured to. The input and output isolators can be the same physical isolator or different, and the advantage of using different isolators is that the incoming process can be handled in part overlapping the outgoing process. . If the processing environment detects a problem during processing, such as executing or attempting to execute a virus or other malicious code or damage code (even code that appears to be data), the process may report an external process result. Can't flash and communicate it to the outside world. However, if a virus or other malicious code is executed, the processing environment is cleaned, cleared, reset, or returned to a known reliable state. In one embodiment, the known reliable state is optional, but is recovered from a trusted template or other protected storage device that is kept separate from the processing environment during the processing task. (Embodiments of the present invention that include embedded templates do not require this clearing and recovery.) A reliable template is a source for reloading operating systems, application programs, system parameters, and the like. In one embodiment, isolation is provided by providing a reliable template in read-only memory. In one embodiment, the input-to-processor and processor-to-output separation is a hardware circuit that only performs a copy or transfer operation of a bit or bitstream and executes a virus or other malicious code. Provided by hardware circuitry that cannot be modified or changed to perform other operations. An embodiment of how to separate the processing environment for two processing environments and two external processes is shown in FIG.

  While aspects of multi-processing environment separation have been described above, other embodiments for a single processing or computing environment, multiple computing environments, and temporally multiplexed computing environments have already been described in detail. It will be obvious. The details of how to maintain separation are also applicable to this embodiment and attention will be directed to a multi-dimensional processing space that incorporates at least some of these features.

  Referring to FIG. 20, an embodiment of a multi-dimensional virtual processing space for processing or executing at least one, typically multiple, or multiple processes is shown. Therefore, the virtual processing space may be one-dimensional, two-dimensional, three-dimensional, four-dimensional, or N-dimensional, where N is a positive integer. In principle, N is any positive integer, without any restrictions, but in practice one or more physical hardware elements (eg, logic circuits, microprocessors, microcontrollers, memory elements, For the feasibility of configuring, allocating, controlling and / or operating a large number of virtual processing environments within a defined time period (or other operational limitations). In addition, the number of virtual processing environments is, for example, a certain number less than 1000, for example, a specific integer between 1 and 1000, or less than 100, or less than 10, or 2, 3, 4, 5, 6, 7 , 8, 9, 10 or less.

  Due to the difficulties associated with schematizing the structure and operation of a virtual processing space having dimensions greater than three dimensions, the description herein focuses on an example of a three-dimensional processing space. The term “virtual” is used herein at least in part for the following reasons. That is, a multi-dimensional processing space, possibly one-dimensional or three-dimensional, based on an individual's viewpoint can be created in a single physical processor. Even when considering processor events in a time-based or temporal sequence, the dimensions can be considered as two dimensions (processor spatial dimension + time) or four dimensions (three processor spatial dimensions + time). When multiple processors are configured, the dimensions are further expanded or multiplied. Indeed, the structure, apparatus and method of the present invention give a larger dimension, so that an N-dimensional virtual processing space is created over a smaller number of physical processors and time.

  The embodiment of FIG. 20 includes dimensions of “processor number” (or number of processors), “processing time segment” (which may be interpreted as one or a set of processor clock cycles or other time intervals), and “process Format "(in one embodiment, it may be interpreted as relating to a resource or set of resources within one physical processor). The processor types identified in FIG. 20 are, for example, but not limited to, floating point operations, graphic rendering operations, communication operations, and other mireds of different operation types, including computation, information processing, , Signal processing, communications, games, animation, speech processing, digital signal processing, and other instructions, codes, or types of operations known in the computational or information processing field.

  In accordance with the present invention, some form of processing operation is provided by providing a special processor that separates the elements of a conventional processor to be integrated, or by providing a special processor that makes the processor elements separately accessible or addressable. It will be apparent that elements that are not used in can be used for other operations during a common or partially overlapping time period. The present invention also allows multiple instantiations or copies of processor elements to be provided within a single processor without duplicating the entire structure within the processor. In the embodiment of FIG. 20, five virtual processing environments are defined in the virtual product space, as shown in Table I below, which illustrates the virtual processing environments and multiplexed isolation or separation parameters.

  The paradigm provided by this virtual processing space uses a logic circuit (eg, one or more switches or switching elements) to, for example, select one of the multiplexer inputs when selecting an input signal. It can be selected as a single output and similar to the multiplexing operation that is provided to subsequent circuitry of the electrical system.

Table 1. Examples of virtual processing environments and multiplexed isolation or separation parameters

  In the system, apparatus and method of the present invention, external processes (or their definition commands, instructions, and data) are selectively routed to a specific set of resources (referred to as a virtual processing environment) in the virtual processor space, or Multiplexed. A virtual processing environment may also be defined by a set of physical or logical switches, switching elements, or a set of switches or switching elements (eg, a multiplexer or a set of multiplexers).

  FIG. 20 illustrates an embodiment in which an N-dimensional virtual processing space 2950 defines multiple virtual processing or computing environments including VPE1 2951, VPE2 2952, VPE3 2953, and VPE4 2954. Some of these virtual processing or computing environments may also correspond to physical processing or computing environments. Virtual processing space (VPS) and virtual processor environment (VPE) configuration, allocation, and control unit (CACU) 2960 includes physical processing resources such as processor (s), memory, cache, I / O. It serves to configure the device, keyboard, display, CD ROM, and other processing elements or peripherals required. In this embodiment, the VPS 2950 is defined along a physical processor recognition dimension axis 2955, a processing time segment dimension axis 2956, and an instruction or processing type dimension axis 2957. In this embodiment, the defined instruction or process type is a floating point format, a graphic rendering format, and a communication format. It will be apparent that other formats may be defined. In one embodiment, an instruction or process type is identified, which can use different aspects of processing system resources. Further, as described for the dynamically configurable and switchable elements of the systems of FIGS. 16 and 17, the processing system can be provided with a desired set of configurable resources, These physical elements can then be assigned to specific processes. The ability to define a particular virtual processing embodiment is limited based on physical processing resources, and thus defines a virtual processing space to support the desired virtual (or physical) processing or computing environment. It will be clear that the capacity depends on the physical resources present. Changes that extend physical resources allow for an extension of the VPS dimension. If redundant resources are provided for a particular configuration, the VPS 2950 can provide multiple instantiations or copies of a particular VPE.

  The CACU 2960 also communicates with and controls the trusted template source 2958, which includes known clean and functional versions, operating systems, program applications, driver software, system or program parameters and data. Or store or generate other software elements that are or may be required to handle specific processing operations. The manner in which the template is protected from modification or contamination and is used as a reliable source of processing code and instructions is described elsewhere in this specification and also in the specification of related patent applications incorporated herein. Therefore, the description will not be repeated here.

The isolated storage allocation controller logic 2962 can process process 2941 (eg, processor inputs P ₁ 2942-1, P ₂ 2942-2,... P _K 2942-K) to a specific isolated storage lock (ISL) 2943 (eg, , ISL ₁ 2944-1, ISL ₂ 2944-2, ... ISL _M 2944-M). The separate storage allocation controller 2962 operates to switch the web or fabric connections of possible connections so that a particular process is exclusively routed and connected to an available ISL 2943. These ISLs are then connected to the appropriate virtual processing environment, where the connection is actually made with physical resources. Connect the process input to the processor (e.g., a physical representation of the VPE) via input isolation (or input ISL) and the operations associated with connecting the processor output via output isolation (or output ISL), The method of FIG. 21 will be described. Since the operation for dynamically switching and configuring the elements has already been described, the description will not be repeated here. Although dynamic allocation of ISLs in the input process is not required and may be fixed, such dynamic configuration and allocation provides additional flexibility due to such dynamic configuration and allocation. It is effective because it is given.

  Although the three-dimensional virtual processing space has been described for the processor number, time segment, and process type in the embodiment of FIG. 20, the dimensions are not limited to these dimensions. For example, the dimensions can be extended to other processing parameters, variables, conditions, etc., with the physical structure, instruction set and format, data set and format properly configured. In addition, the above description includes personal computers, notebook computers, servers, routers, personal information devices, personal data assistants, information devices, cellular phones, televisions, household devices, automotive electronics, industrial control and automation, robots. Although suggested digital calculations currently commonly used in aircraft control and other calculation and information processing systems and devices, the present invention is not so limited. For example, the present invention is also applicable to analog computation and signal processing, digital computation and data processing, and hybrid digital-analog devices and systems. The present invention is also applicable to optical calculations where additional dimensions such as frequency, wavelength, propagation mode, and other optical devices and system parameters can be selected and multiplexed. Optical, digital and / or analog elements can be provided in any combination to configure, assign and control the virtual processing space and multiple virtual processing environments defined herein. Configuration, assignment, and control may be fixed at the time of manufacture, may be established by programming operations, or may be dynamically set by control elements during operation based on operation policies.

  Embodiments of the system, apparatus, and method of the present invention can be used for tasks to be processed using any of various types of switching, interconnection, multiplexing, selection, configuration, and / or multiplexing. While it is possible to achieve the desired structures, different configurations can be used simultaneously within a single processing system as appropriate for those structures and procedures. Although various switches and switching and control mechanisms and methods have been described for other embodiments, these mechanisms and methods can also be used in these embodiments.

  Numerous forms or forms of multiplexing are known in the art, other forms and forms may be developed in the future, and any or all of them can be used in connection with the system, apparatus and method of the present invention. It will be clear. The following list is given as an example and is not limiting. Address multiplexing, burst time division multiplexing, code division multiplexing, demultiplexing, differential multiplexing, separate multiplexing, multiuser multiplexing, multiuser spatial multiplexing, orthogonal frequency division multiplexing, polarization division multiplexing , Spatial division multiplexing, spatial multiplexing, subcarrier multiplexing, statistical multiplexing, time division multiplexing, wavelength division multiplexing, secure virtualization, method of generating individual or secure processing or computing environment, and And / or other techniques, procedures or methods for multiplexing or partitioning information, data or computer processing. It is also clear that one or a combination of these multiplexing mechanisms, virtualization mechanisms, or splitting mechanisms can be used.

  Having described embodiments of a virtual processing space (VPS) and a plurality of virtual processing or computing environments, processes and methods for operating each virtual processing environment within the virtual processing space are described below. It is understood that the order of the steps is only an example, and that different orders can be used to achieve the same or similar results, and that some steps can be performed in parallel where no contention for resources occurs. I want. Each main step in process 2970 is numbered and the substeps within each main step are indicated by letters. In addition, the flowchart of FIG. 21 illustrates a method embodiment.

1. Identifies the external process and creates, configures or assigns a reliable virtual processing or computing environment (and any isolated storage lock) to execute the identified external process (step 2971)
(A) A first external process input (EP1in) to be executed from among a plurality of possible external process inputs (EP1in, EP2in,... EPKin), where K is an integer in the range of positive numerical values. Is identified (step 2971a). For simplicity of explanation and terminology, the terms external process input (EP1in) and external process output (EP1out) refer to the input and output processes, respectively, and perform processes that occur as a result of the execution of such processes. Refers to the content necessary to do (eg, operating system requirements and / or parameters, application programs and / or parameters, commands, instructions, data, or other elements necessary to define or execute a process).

  (B) If an integer in the range of positive numerical value is N, it is the first among a plurality of possible virtual processing environments (VPE1, VPE2, VPE3,... VPEM) in the N-dimensional virtual processing space (VSP). One known reliable virtual processing environment (VPE1) is established (step 2971b). A virtual processing environment may be considered a virtual computing environment when the process to be executed is a computing process or, more simply, a computing environment. Since these processing or computing environments are isolated from each other and from external processes and are either virtual or physical subsystems or units, they are user application processes, system controlled, or others It is also referred to as a separate processing unit computing environment that can be used for any purpose regardless of the operation or processing task. For example, these virtual processing environments include control and switching computing environments, protected storage computing environments, read / write control computing environments, user interface computing environments, user computing environments, control computing environments, separate processing unit computing environments, user interface computing. It can be configured to operate as an environment, or other computing or processing environment. These virtual computing or processing environments may be determined statically but are advantageously dynamically defined and can be constructed from existing system elements. Such system elements may be local or geographically distributed.

  (C) Optionally, separate storage locks (see below for ISL1in and ISL1out) are identified and configured at this stage and made available as needed, as described below, and / or Or assigned (step 2971c). Note that an isolated storage lock can store commands, data, or other information or content, but cannot execute a set of bits that may be a virus or other malicious code. The term “lock” in the phrase isolated storage lock is used in the same way as the term lock used in spacecraft and other pressure or pollution control chambers or “air locks” in the environment. This prevents direct connection or influence from the environment on one side to the environment on the other side of the airlock.

2. External process input is securely loaded into a reliable virtual processing environment (step 2972)
(A) Establishing a first known reliable (cleared) isolated storage lock (ISL1in) for storing the input elements needed to execute EP1in (step 2972a).
(B) EP1in is released (coupled) from ISL1in (step 2972b). (Combination and separation may be fixed or dynamically determined, and may be physical, logical, or virtual.)

  (C) Load EP1in into ISL1in. (Load or transfer between source and destination is performed using a copy operation and a copy device or hardware that cannot perform multiple bits of copied content (eg, EP1in or EP1out) when copied) (Step 2972c). Furthermore, separate storage locks (ISL1in and ISL1out) advantageously do not perform multiple bits of content stored in them. It is also advantageous that there is never a connection between the external process and the virtual processing environment, and (i) a copy of the external process input is communicated to the virtual processing environment via an input isolation storage lock; (Ii) It is clear that a copy of the external process output is communicated from the virtual processing environment to the external process (or another designated process) via an output isolation storage lock.

(D) ISL1in is separated from EP1in (logically or physically disconnected) (step 2972d).
(E) Release (join) ISL1in to VPE1 (step 2972e).
(F) Transfer / load / copy EP1in from ISL1in to VPE1 (step 2972f).
(G) Separate (cut) ISL1in from VPE1 (step 2972g).

3. An external process is executed in the separated virtual computing environment (step 2773).
(A) Process EP1in using VPE1 to generate an EP1out output result (step 2973a).

4). The external process result is securely unloaded to the starting external process (step 2974).
(A) Establishing a first known reliable (cleared) isolated storage lock (ISL1out) to store output elements resulting from execution of EP1in by VPE1 (in some embodiments, ISL1in is , ISL1out, but in other embodiments it is different) (step 2974a).
(B) Release (join) VPE1 to ISL1out (step 2974b).
(C) Transfer / load / copy EP1out to ISL1out (step 2974c).
(D) Separate (cut) VPE1 from ISL1out (step 2974d).
(E) ISL1out is de-separated (coupled) to EP1out (where the output result EP1out may be considered as the same process as the input process EP1in or a different process) (step 2974e).
(F) Transfer / load / copy EP1out to EP1 (step 2974f).
(G) Separate (cut) VPE1 from ISL1out (step 2974g).

5). Deallocate the trusted virtual processing environment and release the allocated virtual processing space resources (step 2975)
(A) The virtual processing environment or virtual processing space resource allocated to VPE1in or VPE1out is released and deallocated (step 2975). Alternatively, it should be noted that resources may be deallocated and deallocated at any time after their usage is no longer required for the process (step 2975a). For example, resources may be scheduled for use by a process after they are identified to the process, but from a pool of available resources for other external or internal processes until needed There is no need to be excluded.

  It will be apparent that the process described herein is only one embodiment for achieving the desired or required degree of separation. Other methods and procedures for achieving separation may be used, and the order of steps in the embodiments described herein may be changed while achieving the same result.

Embodiment of Multiplexing Multiple Process Streams with Separation in a Single Computer in Time In one embodiment of the present invention, individual processes or processing streams are kept separate by the control circuitry of other control logic and To be separated. A processing stream can be used when more than one process execution is required to complete a complex or multi-part process. In this regard, isolation means that execution of a process, such as execution of a computer operating system and / or application program instructions, is performed separately from other processes in the processing logic (if it is desired). means. The processing logic may be a microprocessor, processor, controller, microcontroller, special purpose coprocessor, digital signal processor, optical computer, analog computer, or other device or system that performs processing operations. Although this description focuses on a single processor having a single processor core, its architecture and method can be applied to each or a selected one of a multiprocessor system or to multiple cores of a single processor. It can also be applied. The present invention may also be applied to computers having multiple processors on a single board and / or multiple computers distributed between different boards or different machines but coupled to each other or to other master control logic. It can also be applied to processors.

  Multiple processes can be distinguished or separated based on any one or combination of physical processing space variables or based on a multi-dimensional virtual processing space described elsewhere in this document. Some particularly useful variations include temporal or time-based switching or multiplexing or time division of processing tasks within at least a partially shared set of processing resources. Such a processing situation is, for example, when a large number of processes have one or more caches or other very fast intermediate memory between the processor logic and the memory subsystem in a computer with a single processor. This is the process of how time is multiplexed. In some modern computers, the fast intermediate memory is one or more so-called Level 1 (L1) and / or Level 2 (L2) cache memories, and the memory subsystem is random access memory (RAM). However, the present invention is not limited to these configurations and does not require an intermediate memory such as a cache memory. Such computers also typically include an operating system, application programs, and one (or more) mass storage devices such as hard disk drives for storing operating systems, application programs and user data. Good. In the future, other mass storage non-volatile storage systems are expected to increase or replace some of these hard disk drives.

  Separating one process from another usually means that, for example, a problem that occurred in one process or process stream has impacted another process or processing stream, or the operating system, application program, system or program data It is desirable to prevent corruption or to prevent user data from being corrupted by another process. These problems have traditionally been caused by computer viruses, computer hacker code, computer spyware or robots (so-called “spybots”), or other malicious code. They may also arise from computer operating system or application program bugs or code errors, or inconsistent computer machine settings, device errors, or device driver problems. Separate from one program process in a memory or memory subsystem, eg, a cache or other intermediate memory (eg, level 1 and / or level 2 cache memory), or a memory subsystem (eg, processor-related RAM memory, etc.) Memory overflow that occurs during the program process can frequently cause program defects or contamination.

  Separation of user data and / or program or operating system elements can be accomplished in various ways, including but not limited to logical separation, separation based on memory address management, physical separation, eg, device Or switchably disconnecting all or part of a communication or power path that enables the operation of the subsystem and disabling it, or making a particular device, system or subsystem invisible to one or more processes Can be achieved. These methods and means for separation may be transient during short time periods or long time periods. A process never sees or accesses a device or subsystem.

  Memory management is particularly important when processing multiple processes or process streams in a single computer that has only a shared processing resource, such as one physical processor and shared physical memory. Processor execution and mass storage management are also valuable tools for preventing malicious activity in computing or processing systems. For example, if other program items, data items, files, user data, etc. exist but can be hidden from other processes, one process may exit the computer or other process within the computing or processing environment. Or, it is less likely to spy on or obtain information about the data, and in certain embodiments, such ability is eliminated.

  On the other hand, in some situations, a trusted user (eg, an administrator with sufficient permissions and defenses) can execute a reliable program to determine the operational health of the processing system and It is desirable to be able to monitor the activity and / or take corrective action or otherwise maintain system operation. Therefore, embodiments of the present invention provide a separation or non-separation choice for each process.

  Several attempts have been made to provide a degree of software-based isolation to address some problems, but isolation cannot be guaranteed when desired, and therefore knowledgeable and sophisticated It will allow entry points, chillies-heal, or other opportunities for hackers and viruses to use. Operating systems of various versions of Microsoft Windows (Windows 98, 98SE, NT, 2000, XP, etc.) are particularly targeted as having application programs for this operating system. Other operating systems for Apple computer products, various personal data assistants, cellular telephones, and other information devices are also targeted and susceptible to attack.

  The temporal multiplexing of the present invention described herein can be a single physical computing machine, a multi-processor computing machine, a single processor with a so-called dual-core or multi-core processor, or a virtual computing machine (eg, limited to this). In any of these configurations, there are additional multiplexing or processing dimensions in addition to time and / or to the process. There may or may not be an associated actual time or time sequence. The system, apparatus, architecture, and method of the present invention can also be applied to computing machines independent of their underlying technology, such as optical computing machines, digital computing machines. , Analog computing machines, biological or neurological based computing machines or systems, and / or hybrid computing machines, including but not limited to combinations of the computing technologies described above. The present invention also includes various non-computing machines including computing elements, such as televisions, entertainment systems and devices, video processors, automobile and aircraft simulation and / or control systems, and / or other processors or processing logic having processing logic. It can also be applied to an apparatus or a system.

In order not to obscure the manner in which individual processes are kept individually, the following description is limited to computing machines with a single processor. In this case, A, B and C referred to three input process stream, respectively, members _{A 1, ··· A i, B} 1, ··· B j, and C _1, the · · · C _K Provided that I, J and K are positive integers. The present invention can be easily extended to other physical and virtual computing and processing systems, independent of format or application, as described for this embodiment.

  In addition to allowing temporal sharing of processing resources or devices or circuits in one of a physical or logical or virtual computing machine, eg, a virtual processing or computing environment, the system and method of the present invention provides a computing environment. Keep the separation so that the different processes present in are protected from contamination. This means that each process sees and / or accesses the memory individually, so that only the portions of the memory and other elements of the processing environment that have the right to see and access are visible and there. This can be achieved at least in part by making it inaccessible. Further, being able to see and / or access only when allowed may be read-only access, or may allow both partial or complete read and / or partial or complete write operations. . Finally, even when a device or circuit is made visible, what can be viewed can be limited so that only a portion of the device, device features, or other capabilities of the device can be observed. In one embodiment, different exclusive portions of the memory device are made visible and can provide read / write access to two different processes, while the monitoring process can only read the entire memory.

  In the prior art, computer hackers or viruses are known to destroy computer operations and overflow memory and buffers. The control of memory in these machines is primarily under software control, which resides in the BIOS, operating system, application program, or some combination thereof. All of these can usually access hackers, viruses and other malicious code, so they can be accessed and modified without the user's knowledge or without the user's permission.

  The present invention maintains the configuration and control of the processing environment, including memory configuration and control, in a brand new environment (and thus a reliable environment), so that unintended errors, malicious hackers or virus code may be in this configuration or control. Access and change it so that it does not interfere with the computer system or data or other information within the computer system. Therefore, contamination of other processes or data belonging to those processes is also protected. In general, even if malicious code is present in a computer system, it can cause contamination by an execution agent (eg, a central processing unit or all or part of circuitry in a processor such as a CPU, or other logic processing device). (Or circuit) and another program and / or data. If there is only an execution agent, then malicious code can be executed, but no other data or program elements can be tainted. If the malicious code is only stored with another program or data without separation (eg, on a common hard disk drive) and cannot simultaneously access the program execution agent, the malicious code may be stored in another program or data. Does not contaminate items. Also note that the data may be program information, such as executable code, or accompanied by it, so you must be suspicious of files that simply appear to be non-executable code due to file format extensions. I want to be. Recall that separation may be physical, logical, virtual, or other means or combination of means.

  Embodiments of the present invention provide both of these features. In one particular embodiment, the memory configuration and control is maintained in a reliable read-only memory (ROM) that cannot be written or otherwise modified by the executing program. Reliable special procedures are provided so that necessary changes can be made in a reliable and secure manner. In another embodiment, a hardware ASIC is used to maintain memory configuration and control. In another embodiment, the memory configuration and hardware configuration can be changed using a hardware ASIC that has firmware that can be changed, but cannot be changed by a process originating from an unreliable source, such as a process running on a computer processor. Control is maintained. Memory configuration and control may be configured with a single physical memory of a fixed size allocated to a particular process, or using statistical monitoring, or the number of concurrent processing environments and execution It may be determined dynamically via a user profile that suggests expected process memory or other resource requirements.

  Embodiments of the present invention eliminate the computing environment repair process after completing a processing or computing task (successfully or unsuccessfully) by using, for example, a brand new, reliable and stable embedded master template Or simplify. In such cases, the processing environment need not be flushed or cleared and then restored. For example, embodiments of the present invention may include a read-only memory that stores the Microsoft Windows XP operating system (or other operating system software) and other application programs required for the processing environment. Different processing environments may comprise different operating systems and / or application programs embedded or stored. Further, some solutions can embed certain elements and load other elements as needed to allow flexibility and increase speed and throughput. For example, in one embodiment, an operating system can be embedded and an application program can be loaded into a write-accessible memory. In such an embodiment, the embedded operating system does not need to be flushed and restored, but the memory storing the potentially harmful application program is flushed after its processing task is completed, It is then restored to a known brand new state.

  With reference to FIG. 22, one architecture and operation scenario for a time multiplexed operation of three processes A, B, and C is described below for a single processor and memory. For convenience of explanation, it is assumed in the description that the three processes (“A”, “B” and “C”) are waiting for the processor to be available and start simultaneously. Conventional elements such as computer systems, processors, memories, etc., known to those skilled in the art are not shown in order not to obscure the present invention.

  The computer system 3002 includes a processor 3004 having a level 1 (L1) cache 3006, one or more input bus ports 3008 for receiving one or more input streams from the input source 3010, and one or more to the receiver 3014. One or more output bus ports 3012 for communicating output streams and ports or pins for communicating status 3016 and control 3018 are provided. The processor also includes a bus or other means for communicating with on-chip, on-board, or other memory, eg, level 2 (L2) cache 3020 and random access memory (RAM) 3022. This processor may be a conventional processor or a microprocessor, or it may be of a special design. The architecture of the present invention also includes timing, address control, and switching (TACS) logic 3030 that includes an input bus port 3032 for receiving an input or set of inputs 3036 and an output or set of outputs 3038. And an output bus port 3034 for communication. In this embodiment, TACS logic 3030 receives input 3036 intended for processor 3004 as input 3040 and is connected to receive processor output 3042 and further process it to generate output 3038.

The TACS logic comprises serializer logic of input stream 3036, or other input process stream serialization means 3044, which receives input process stream 3036 (in this example, three input processes A, B and C) and Optionally, parse them or otherwise identify the elements to be processed within them. The term serializer is intended to have the broadest possible meaning and is not limited to processing the input stream bit-by-bit, byte-by-byte, word-by-word, or in any other particular way, but rather input An input stream that has one or a combination of stream characteristics is accepted in one or a combination, and each stream can be processed according to a specified set of policies or logic to produce its output. is there. (Deserializers can similarly receive and deserialize inputs and generate their outputs in one or some combination.) This is also optional, but used by each process during a particular processing cycle. The elements of the processor to be performed can also be identified, but this is mainly effective when other elements of the processor are to be assigned separately to one process or another process. These elements may be, for example, a single instruction, a single instruction with its data, multiple instructions, or a command as present in typical computing machines and methods. Other sets of instructions, data, etc. may be used. In this example, serializer 3044 includes one element of A (eg, A ₁ ) followed by one element of B (eg, B ₁ ), followed by one element of C (eg, C ₁ ) And then repeat for A (eg, A ₂ ), B (eg, B ₂ ) and C (eg, C ₂ ) until each end, and handle additional process streams. In another example, a selection can be made from the waiting process stream at input 3032 based on a predetermined or dynamically determined policy. There is no limit to the number of input streams, and in one embodiment, TACS logic 3030 and processor 3004 are queued until they are ready to accept them for processing. Usually one of A, B or C is different in length and ends first, but there is no reason to wait for the other to finish until the next process stream D is parsed and serialized. In practice, the processes are performed completely independently of each other. Other configurations can be implemented, for example, if processor stream B has higher priority, multiple elements of B are interspersed between single elements of A and C, e.g. serialized stream “... A ₁ B ₁ B ₂ B ₃ C ₁ .

  The following is an embodiment of a process where processor memory, such as L1 3006 or L2 3020 cache memory or other buffer memory on processor chip 3004, or external memory such as RAM 3022 is controlled to maintain absolute separation of processes. Explained. Another way to provide in-memory isolation is to provide a separate physical memory chip, cache or other high-speed intermediate memory, or other memory subsystem, eg, RAM memory, which is costly, interconnected , And other things are undesirable. It is more feasible to have separate physical memory devices or chips when multiple processors or multiple processor cores are implemented. Furthermore, in some embodiments, multiple processor cores and high speed memory associated with each core are provided so that a separate memory subsystem (eg, external RAM) is not required.

  However, not all embodiments require or benefit from absolute segregation or isolation of processes, and in some embodiments allow authorized trusted administrators to monitor computer operations. A reliable monitoring process may be provided. Other processes that operate without absolute separation are allowed if there is a defined level of confidence between the processes. Furthermore, as long as multiple inputs and outputs are grouped together and processed at the isolation levels described herein, multiple processes can be processed together without reliability. For example, a processing environment may be created to perform word processing operations and photo editing processes using two different application programs. The present invention operates even if the input and output of this processing environment are text documents and picture files. This is because the present invention does not have to worry about what the input or output characteristics or content from the processing or computing environment is.

  In this embodiment, the serialized stream 3050 is generated by the reliable TACS logic 3030 and the TACS logic is responsible for the apparent process environment configuration (in short, the physical or logical configuration of the computer). ) Based on the process element being handled. In one embodiment where the elements of streams A, B and C are serialized as described above, the timing control circuit operates to read and apply a different configuration for each element as it is received. The TACS logic effectively reads different configuration records (eg, BIOS configuration from a reliable ROM) at each instant and is identified to process A for each time slice dedicated to process A. Only memory that is assigned to A, which includes only seeing the memory assigned to A, and is a random occurrence in other memory outside the memory (address) range specified for process “A” To prevent access.

  In one embodiment, this memory management and control is accomplished by having the processor 3004 write to and read from certain address ranges (or other identified portions) and RAM of the L1 and L2 caches. . This can be accomplished, for example, using an address remapping mechanism where only one region of each memory is visible to the processor, and these regions are stored in each memory (eg, L1, L2, RAM, and mass Mapped to a different address range of the storage device disk drive), otherwise identified by it. In other words, the processor sees the first L1 cache address range ADDR1 3061, which means that the processing process “A” actually reads or writes to the address range ADDR2 3062 associated with process “A”. And when processing process “B” actually reads or writes to address range ADDR3 3063 associated with process “B”, and processing process “C” actually does process “C”. When reading or writing to the address range ADDR4 3064 associated with "." Similar mapping or identification is performed for other storage devices, such as hard disk drive storage devices, level 2 caches, and RAM. Similarly, other devices may be mapped to specific processes or otherwise identified exclusively to maintain isolation. Again, in embodiments of the present invention, the mapping or exclusive identification or designation is not simply a re-designation of the operating system or software, so that one process does not see or notice another process. Includes reliable control to redefine configurations or elements.

  In the illustrated embodiment, the TACS 3030 is a control (and optional state) signal to the L1 cache 3065, a signal to the L2 cache 3066, a signal to the RAM 3066, and an optional signal to the mass storage device or other device 3068. It plays a role of controlling the memory address via the.

  It is not a problem that one of processes A, B or C contains and executes a virus or other malicious code. Any common process environment element that may be contaminated is not shared with any element of the process environment that needs to be cleared, reset, or repaired and retained before being used in another process. Therefore, if process B executes a virus, the effect of such execution appears only in the memory allocated to process B. When the B process completes or terminates due to an error, the B allocated memory is reset and no contamination is propagated to other processes. However, typically, internal elements of the processor (eg, excluding content stored in the cache memory) do not have a residual element of another process. This is because the next process (e.g., an instruction with instructions or associated data) or such a residual element itself does not operate itself to cause failure or contamination. If the code causes a processor element (such as a register) to transit, such code is irrelevant because it is not held there, and the next code effectively purges its remaining elements, but the storage device In some cases, the device must be flushed, otherwise reset, or branded to a known reliable state. In the case of conventional processor architectures and devices that can be used in connection with features of the present invention and that may contain harmful residual features, such elements can be cleared or reset. This can be taken into account by timing address control and switching logic. For example, clearing instructions or code may be introduced after a potentially harmful instruction or process, or if such harmful things cannot be anticipated in advance, clear or reset the process. Or may be introduced between each process owned by another process. For future processor architectures, clear or reset features may be incorporated into the processor architecture to improve processor throughput without having to insert a clear or reset process into the input stream.

  When the processor 3004 generates its output 3052, they are received by the processor-side input port 3070 and processed by the TACS logic to deserialize the combined output stream 3052 and provide the proper output order. The output stream 3038 is shown in an order that matches the order of the input stream 3036, but this matching ordering is used to identify which process a particular output is responsible for using a tag or other process identifier. Not needed.

  While specific embodiments of how to use specific timing, address control and switching logic (TACS logic) 3030 have been described, those skilled in the art will appreciate that other structures and methods may be used to implement other implementations of the invention. It will be apparent that the form can be achieved. Such an embodiment is shown in FIG. 23, which illustrates another embodiment of a system for maintaining a controlled degree of separation between multiple processes in a computer using address range control. . Logic for processing computer program instructions or other instructions, eg, processor logic 3080, which is a processor, controller, or central processing unit, includes some internal address control logic 3081. Various forms of processor address control logic are known in the art and will not be described in detail here. Separate address control and isolation logic 3082 may be provided, or the address isolation and control logic features of the present invention may be incorporated into the processor address control logic, or otherwise provided within processor 3080. Address isolation and control logic (AICL) 3082 passes control and status signals to address control logic 3081 in the processor and optionally to addressable memory / cache / storage subsystem (s). Pass through. Addressable memory / cache / storage device 3085 may be, but is not limited to, for example, RAM, ROM, cache memory, hard disk drive, or other storage device or memory map input / output device. Input is received by the AICL 3082 and processed to generate a control signal 3083 that can be communicated to the address control logic 3081 and the addressable memory 3085. Alternatively, the AICL 3082 generates a control signal 3083, which is communicated to the address control logic 3081, which can then address additional control signals 3089 (and optional receive status signals). Can communicate with the memory 3085. The structure of the AICL 3082 generally depends on the nature of the input 3086 to be processed, which may be defined statically or determined dynamically based on the input. The output 3087 is typically the same output generated for the corresponding input of a conventional processor, but can optionally suppress abnormal processing conditions such as the execution of viruses or other malicious code and No errors or exceptional conditions (or system faults) that may have occurred.

  In the embodiment of FIG. 22, it is emphasized that it can be applied to temporal multiplexing, recalling that individual processes or processing streams are kept and separated separately by the control circuitry of other control logic. It is also recalled that multiple processes can be distinguished or separated based on one or a combination of physical processing space variables or based on the multidimensional virtual processing space described elsewhere in this document. I want. The reason and benefit of the degree of complete or controlled separation is described elsewhere in this document and is a multidimensional processing space that can be defined for a set of separation variables or parameters, so the description is repeated here. Absent.

  In one embodiment, the control environment executed during one time slice or period receives a request for an operation filed or left by an uncontrolled process during the previous time slice or period. This request is shared with another process, but is made or filed so as not to contaminate that process. For example, a single bit or a small number of bits that cannot carry executable code is stored in one or more registers in the processor or other logic. When the control environment sees or queries these registers and confirms that the request has been made by another process, a flag or other indicator (again, eg a bit in the register or a few bits) Can accept or deny access or permission to an operation or capability, so that the operation or capability can be utilized the next time the requesting process can use the computing environment . An operation or capability may generally be an operation or capability that allows the computing environment to be configured such that the control environment does not allow operations or conditions that may expose other processes or data to contamination. The allowed operations or capabilities can be defined, for example, in a set of rules, policies, tables, logic, or other manners. In some embodiments, the permission or access grant changes the configuration of the apparent computing environment, and the storage device, e.g., hard disk drive or other mass storage device, processor-related memory subsystem, e.g., random access memory Make all or part of one or more processor-related high-speed intermediate memories, eg, all or part of cache memory visible and accessible, enable or hide input or output ports, use network interface card Enable or hide, and / or more generally hide, limit, open, close, otherwise request a set of devices, circuits, logic, operations, hardware or software elements Against the process Enabling or disabled Te. Granting permission or access to one element or capability naturally allows the control process to restrict or deny permission or access to others, and thus maintain a proper degree of isolation. Granting or denying access or access can be, for example, a physical change in which a switch or set of switches closes to create a physical path or start a device or circuit, or physical hardware in a computing environment. It can occur in logical changes that change logic or software or firmware, or in other ways that change or generate different virtual, logical or physical processing or computing environments. These combinations are established in rules, policies, tables, logic, or other ways, but this establishment is protected from being altered by uncontrolled processes, and indeed, in some embodiments, a special administrator Requires privilege. As noted elsewhere herein, some of these changes to the computing environment may use aspects of the dynamic switching and configuration structures and methods described elsewhere herein, or other structures. And can be established using methods.

  Some of the inevitable shared devices include a memory subsystem (usually RAM) and a high-speed memory intermediate between the memory subsystem and the processor (usually one or more on a processor chip or chipset). Cache memory). These different parts of memory use other well-known techniques to configure and control the address control logic and procedures described above, address assignment, master, data, and instruction bus availability, description tables, etc. To make it look different. In one embodiment of the present invention, a descriptor table that can be stored in memory or in a data structure in a register is typically hidden from other processes and made visible only to the controlling process, if any. In another embodiment, selected portions of the descriptor table are kept hidden while other portions are made selectively visible to one or more processes, and in other embodiments, Even when individual descriptor tables are maintained and control is performed to make one or more of them selectively available to the process, making them visible, it is transient Only for a specific instruction or part of the process. Traditionally, such descriptor tables are visible to and accessible to all processes, and this visibility and access is an opportunity for malicious code to change the contents of such descriptor tables. And thus can give the ability to change the computing environment and cause damage. Isolating, hiding or denying access to such descriptor tables related to the memory address or other elements of the computing environment, except for the control process, is another way that the computing or processing environment can be protected. It is. In at least one environment, the configuration information is maintained in read-only memory, and the operating system and application program provided to the uncontrolled process (and in some embodiments the controlled process) can also store the stored configuration information in this manner. It cannot be operated.

  In addition or alternatively, these and / or other embodiments of the present invention may include various buses, input / output ports or devices within the processing environment, application program software loaded into the environment, operating within the processing environment. Visibility to and / or access to the system or operating system elements, or a combination of these or others, can be controlled. In at least some embodiments, the presence of a selected hardware or software element (and thus a denial of access thereto) is guaranteed to be undetectable to the operating system. In certain embodiments, this advantageously modifies the operating system (including embedding a reliable read-only reversion of the operating system) and / or configures at the hardware and / or firmware level. Guaranteed by controlling. In some embodiments, a physically or logically separate BIOS is provided that configures or reconfigures each processing environment on a dynamic basis. In other embodiments, a baseline BIOS configuration is established and configuration changes to add specific capabilities are dynamically established.

  As an example, in one particular embodiment, the address location or range is defined statically or dynamically one level or one layer below the operating system layer and the operating system (Microsoft Windows, Linux, Apple Computer, (Or other operating system) changes those definitions, otherwise it cannot be affected and the operating system only sees definitions that are allowed to be seen. A low-level program or process is a program or process that is not accessed by others such as, for example, the operating system, application programs, and of course, does not access data that may potentially contain malicious code. Process is fine. In some embodiments, this low-level definition uses protected BIOS, by address control logic (when the element to be hidden is a memory address location), by TACS control, by the main processor itself, or by the processor Or can be accomplished by other logic that operates as a separate logic element and communicates with the processor. When TACS control is included, it can generate a global description that defines a specific address range that is made available exclusively to, for example, time-multiplexed multiplex events. Another controller may define address separation based on the other non-temporal definition separation available to the N-dimensional virtual processing space.

  In one embodiment, the table differentially defines the availability of memory address ranges for each process, and such a definition may be logical or physical. In one embodiment, the BIOS maintains the mapping in the form of a table. For example, if the total RAM memory available to the computing or processing system hardware is 1 gigabyte, the low-level control process may cause the operating system to determine a predetermined or dynamically determined amount of memory, for example, Allow only 256 megabytes to be seen. The low level program or control is different and different for different instantiations of the operating system such as the first Microsoft Windows operating system associated with the first process and the second Microsoft Windows operating system associated with the second process. Make the memory address range available.

  Conventional systems and methods typically allow all processes to interact, but do not do so when program code is properly designed, and differ when malicious, hacker or virus code is introduced. And a single “sand box” or “bowl of soup” that exposes the data to collapse. One of the advantages of the system and method of the present invention is that each process uses its own sandbox or clean empty bowl, and therefore can be implemented or attempted to run in a processing or computing environment. Even if there is a virus code, no contamination will occur.

  Using the techniques described above for restricted message passing between a control process and another process, the control process can be configured (condition, state, flag, Obviously, other processes can be effectively controlled (except for other directives that it leaves the processor). The control process can also clear, flush, reset, and re-establish a brand new processing environment after other processes have used the processing resources to which it has been granted access.

  The ability to selectively hide portions of memory by controlling memory address ranges as described herein can be applied to memory mapped devices or subsystems within or external to the computing or processing environment. The system and method of the present invention can selectively conceal the results of other devices, circuits, software, etc., in other benefits as well. For example, in an embodiment of the present invention, user data is exposed to a processing element, causing it to execute some malicious code hidden in the data (or program) and causing contamination of the computing or processing environment. The need or desire to move from a first storage location (eg, a non-volatile storage device in a hard disk drive) to another separate storage location (sometimes referred to as an explosion chamber) has been described. However, embodiments of the present invention that provide guaranteed control isolation of memory, storage or logic portions do not require copying or moving data to the isolated storage, and thus time consuming steps. Eliminated. In essence, such an embodiment of the present invention configures the processing environment such that the location of the data item itself is isolated, and optionally, some additional memory or other storage device is temporarily stored. Functioning storage devices, or other purposes necessary or desirable for a particular process. Therefore, the steps of copying to a secure storage device and copying back from the secure storage device before processing can be eliminated. Copying of the data is still done prior to execution, thus ensuring that the original data item is retained and not further contaminated, even if there is a problem with the process. Maintaining such a copy can, for example, inspect items and / or clean up contamination or viruses if cleaning is possible.

  Other embodiments of the present invention may provide a memory or storage device that can be dynamically switched to / from a computing environment or to a specific instantiation of a computing environment. This eliminates the need for copying and / or swaps in one of a number of cleaned memories while swapping out other memory that may have been contaminated from exposure to previous processes. Provide another mechanism for cleaning or flushing by a separate process. Another embodiment of the present invention logically cuts or segments memory into different parts, each part likely having a different master template, and thus different memory address ranges can be used for processing tasks in a processing or computing environment. A completely new and brand new master template ready to be stored.

  In another embodiment, a computing environment can be created by generating or generating a template or operating system in one address range and user data in another address range on the same or different physical devices. In fact, a number of computing environments having a master or other template and data can be created in this way. Each is a complete and logically isolated environment. This is because low-level configuration or other controls ensure that there is no interaction outside the defined memory address range. Supervisor control, defined in hardware, firmware, software, or a combination thereof, is a hypervisor for controlling each processing environment, switching output elements, and managing multiple processing environments so that no contamination occurs. A visor can be given. In one embodiment, this supervisor control or hypervisor cannot override or change the low-level configuration that prevents contamination. An external management process can be provided so that software or firmware elements can be loaded, updated or purged as needed.

  In view of the description herein, it is apparent that various methods can be used to generate or copy a reliable portion of software or code to a memory, storage device or processor. In certain embodiments of the invention, these are referred to as templates and master templates. As described elsewhere in this document, various protected copy mechanisms can be used. For operating systems and processors that support some of the energy saving hold, hibernation, recovery and wakeup features that store system state from the processor and / or volatile RAM memory to non-volatile memory (eg, hard disk drive) These features can be used to generate a template or, if the template is pre-stored, a reliable template can be written from storage to memory or processor. Thus, the template is a form that can be adapted to existing operating systems and hardware that support these features.

  Various embodiments of system configurations and operational scenarios are described herein. For example, embodiments have been described in which there are multiple physical processors each having a specified computing or processing environment. The embodiment described with reference to FIG. 9 showed a user interface computing environment, a control and switching computing environment, a protected storage computing environment, and at least one computing environment. In the embodiment of FIG. 10, the system comprises a desktop and user interface computing environment processing unit, a control and switching computing environment processing unit, a separate processing unit computing environment, a protection storage device computing environment processing unit, and a separation processing unit computing environment. Yes. In these embodiments, a single (or small set) of processors is used in a multiplexed fashion to perform a large set of processes using a small set of physical hardware and / or software elements. Can do. This description emphasizes the flexibility and applicability of the system and method of the present invention to processes, and the process has been described by way of example, but grouped together some particularly named or identified process functions and operations. Thus, it is worth emphasizing that they are performed within the same process while maintaining isolation as needed. A combination or grouping of processes defines, for example, a desktop and user interface processing environment, a video processing environment, and a control and switching environment into a super control environment, where the super or grouped processing environment is It is particularly useful for some reliable control or supervisor operations such as maintaining separate from the user data processing environment.

  This process or grouping benefit provides, but is not limited to, some degree of efficiency in the multiplexed embodiment of the present invention, in particular the temporal multiplexing embodiment. As the number of individual processes decreases, the complexity of switching between different processes is reduced, and the time spent by storing and reloading states and / or loading templates and / or clearing the processing environment is also reduced. it can. In one embodiment, all non-user data processes are defined and implemented within a single control processing environment, and the user data related processing environment is executed and maintained separately from the control environment.

  For this embodiment, as well as all other multiplexed processing scenarios, the priority for execution is assigned to a different process and a specific processing resource (eg, a specific port, digital signal processor (DSP), or It should be clear that the priority for access to other resources) or the amount of time allocated to the process (processor clock cycle or instruction cycle) can be adjusted. This adjustment can be set statically or dynamically. The default may be set and then changed when a high priority process is to be performed. High priority processes include, for example, real-time or pseudo real-time processing applications such as video image capture, computer games, and other processes where detectable delay is uncomfortable for the user. Normal or low priority processing applications include word processing applications that require very little processing power to keep the user typing in the text. Obviously, different systems can be set with different processing priorities based on the user's goals and the environment in which the computer system is deployed.

  The solution just described emphasizes how many processes can be grouped, combined, or integrated into a larger or more complex process. Other solutions may take what is considered a single process and use multiple system resources for its execution. For example, in a system configuration with a large number of physical processors, a large number of memories that can be coupled to these processors, and / or a large number of other copies of available resources, the processing requirements of a single process are distributed among them. The process can be performed more quickly or with the desired throughput. Typically, a process with a large number of processors can be distributed between different processors and is relatively complex with easily definable subtasks that can combine their results in some way to produce the final result Simple processing tasks that have a large amount of data or large parallelism and allow the rapid completion of all tasks with the use of multiple processors. Although the basic conventional processing is different from the processing described here, the SETI processing task is one prominent example of a single large processing task that is divided among multiple processors.

  Any processing task is thus divided, redefined and / or distributed. In view of the flexible switching and system configuration features described with respect to the embodiment of FIG. 16 and elsewhere herein, and / or the virtual processing space and temporal or other non-temporal multiplexing embodiments described above. It is apparent that the present invention provides a system and method that allows multiple system resources to be configured and unconfigured statically or dynamically to extend beyond a single processor configuration. For example, in an embodiment that is multiplexed in time, different processes may have multiple processors so that only one part of the processor is shared (sharing the processor in some way) and one processor is dedicated. It may be configured for dedicated use or for partial access to multiple processors. Where shared processor access is implemented, such sharing is only allowed in a manner consistent with the security and protection features already described for the present invention. This switchable assignment of processors, CPUs, or other processing or computing logic to processes can also be applied to other system resources.

  This aspect of the invention applies to grid computing, clustering, parallel processing, massive parallel processing, symmetric processing, and / or other processing scenarios where some degree of parallel, distributed or collaborative processing is beneficial. It is particularly useful and effective.

  At least in part, multiple or multiple processing resources, eg, multiple processors or CPUs, because multiple system resources are logically or physically combined or used in a multiplexed or parallel computing configuration. A physical computing system with multiple memories or multiple system-on-a-chip (SOC), one or one in an optimal way based on definition rules, policies or logic A system can be constructed that can be configured automatically (or manually) and dynamically based on a current set of needs to accomplish a set of processing tasks. Optimization parameters may include, for example, maximum throughput, fastest execution, minimum power consumption, maximum error reduction, minimum heat generation, or other data or operation preferences or requirements. Embodiments of the present invention that incorporate this feature are optional, but the ability to dynamically combine these resources enables a relatively low performance processor to minimize hardware costs without affecting performance. Alternatively, a CPU or other system element can be used.

  In light of the description herein, embodiments of the present invention statically or dynamically (e.g., the previously described multiple systems) include a physical or virtual computing system or environment to include (or remove) any available resources. It will be apparent that it can be configured to be switchable (by using one of the cushing mechanisms). For example, in addition to a processor, memory device, hard disk drive, or other storage subsystem, embodiments of the present invention can be used with a modem, network interface card (NIC) or other network interface, sniffer or read-only NIC, video display or processing. Card or logic circuit, graphics card or logic circuit, universal serial bus (USB) port and interface, firewall or IEEE 1394 interface and port, serial port, parallel port, PC card port and interface, PCI interface, memory interface, microphone and speaker input And output port, digital signal processor and logic, printer port, CD and To the extent that DVD interfaces, audio and video processing logic, wireless interfaces, and other hardware alone, hardware running software or firmware can be switched or multiplexed, and ports that interface to external devices can be enabled or disabled Can switch or multiplex external devices and systems.

  In one embodiment, one of the processes performed is a network interface, such as a network interface card (NIC) type process. The NIC has a buffer or other storage means for storing data received from an external source or process. Once received and stored, the multiplex processing scenario can read the buffer and treat the received data like any other protection processing mechanism. In other words, external sources are likely to cause greater problems than internal data sets with respect to pollution (eg, email, spam, viruses, spybots, or spyware-loaded websites, etc.). The protection provided by the system and method provides the same high level of protection as other user data sets. These same benefits are provided regardless of whether the external connection is via a modem, floppy disk, USB memory device, input / output port, wireless connection, or other interface. Means are provided to isolate this input data so that it does not contaminate other user data or stored reliable versions of application programs and operating systems.

  The use of the switching and control features of the present invention may include buffers, caches, data that may exist within a processing or computing system, including (but not limited to) embedded operating system, application program software code, or embedded data. The present invention can be applied to any of the storage device and / or the memory system and the subsystem. As described for hard disk drive storage devices, switches or switching logic may be used to transfer identified buffers, caches, data storage devices, and / or memory systems or subsystems from computer systems, statically, dynamically, or It can be physically and logically added and / or removed in a time multiplexed manner. Furthermore, the switching and control features of the present invention can also be applied to system resources not normally associated with data storage functions, such as video or graphics controllers or processors, printers, sound cards, or other system or computer resources. Memory address range mapping, power on / off, BIOS-based configuration and deconfiguration, and other means of hiding or making visible such system resources are described throughout this specification and are described in detail herein. Do not repeat.

  See particularly systems having embedded operating system (s), application program (s), and / or other storage or memory storing executable or non-executable code or data These embedded elements can then be switched (eg, added) to the processing environment or switched off (eg, removed) from the processing environment and necessary to perform the processing task. The desired or required operating system (s), application program (s), or other code or data can be provided. For example, an embedded storage version of data, such as Microsoft Windows XP (or other operating system), Microsoft Outlook, Adobe Photoshop, and / or embedded screen image graphics, physically or logically separate different memory or storage means Can be embedded in. These may be, for example, different memory chips or logically separated portions of a common physical device separated by address mapping and control as described above or via other means. These are then added to the processing environment when the need is indicated, and removed from the processing environment when the need no longer exists, releasing resources for another process. The control environment or other control element in the system anticipates or detects the need for specific embedded (and non-embedded) code or data and uses the above-described switching and configuration features of the present invention. Configure the embedded element into a processing environment. The detection may be a request or other detection means, for example a program call. The control environment or other control element also anticipates or detects when the need for the embedded element times out, and removes the element from the processing environment configuration for use in other processing requests. It plays a role of making it possible.

  A control environment and / or hardware switching environment (optionally including some software and / or firmware) can access any of addressable memory, embedded storage, etc. as read-only, write-only, or read-write memory Thus, the nature of access can be controlled or limited. This access type control (read only, write only, read-write) is generally useful based on the processing task at hand. This also keeps the particular memory or storage device holding the template in read-only mode for normal access, does not contaminate or compromise the template with write operations, and provides sufficient access privileges. A procedure is also provided to allow the user or process to update the template (eg, to a new version).

  With respect to maintaining physical or logical separation of storage devices, hard disk drives or other rotating storage media having multiple platters or surfaces are separated by operating the read / write heads separately for each platter surface. May be. Conventionally, a hard disk drive having two platters and four surfaces is operated by a single disk drive controller and an actuator that moves multiple read / write heads in concert. Embodiments of the present invention at least read / write so that one controller is aware of only that single (or set of) surfaces and read / write heads and not other surfaces or heads within the same hard disk drive. A separate controller is provided that controls access to the write head in an independent manner. In another embodiment, separate actuators may also be provided so that the actuator arm and read / write head operate independently for each surface or set of surfaces. The dynamic configuration features of the present invention can also be applied to hard disk drives to allow more or fewer surfaces to be used and to make them read-only, write-only, or read-ride enabled. .

  In one embodiment of the present invention, features of the present invention are provided in a logic board in or attached to a hard disk drive or in a disk drive controller. The logically or physically separated hard disk drive platter surface can then be used in a separate storage device. In one embodiment, these elements and features are combined so that a hard disk drive with control features forms a network device having the protection and security features of the present invention without the need for a separate computer or external processor. To do. Therefore, the present invention also provides a network or network-configured device having the protection and security features of the present invention.

Any other features that can be used in embodiments of the present invention. Many different embodiments of computer and information equipment architecture, system configuration, and methods and procedures for forming and operating computers, information equipment and other devices. In the following, some features (including some optional features) that can be provided with some embodiments will be described below. These descriptions also provide some indications of the types of applications that are handled in various computer environments, and make them particularly susceptible to viruses, hacker codes, Trojan horses, and other malicious code for security or immunity. It also shows how to cause sex problems and how to solve such problems using the architecture, systems, methods, and procedures of the present invention. In this description, the use of the term CE's computing environment has been described in any of the various computing environments, separate computing environments, or computing or separating subsystems described herein, as well as the related applications discussed herein. It is intended to encompass computing environments and subsystems.

  Data can be moved using direct memory access between special purpose subsystems or computing environments that use separate logical controllers such as ASICs or logical controllers. The process of moving the data will probably not allow execution of data that may enable or release hackers, viruses, other malicious code, and the like. Furthermore, the data may be encrypted, compressed or encoded to prevent its execution.

  Repair or recovery of the computing environment can be performed as needed. The computing environment (CE) can be repaired or returned to an ideal state using an automated repair process. Such repairs may be done “on the fly” or after each transaction or without rebooting. The master template typically represents the ideal state of the special purpose subsystem and may be stored in a storage system. A transaction may include reading an email, and opening each individual email message represents an individual transaction. Optionally, one or more items can be ignored during the repair process. For example, if an email is opened, the repair process operates ignoring the open email, detects and repairs the problem, and then the user responds to the email without giving up Also good. In another embodiment, all downloads and emails can be saved immediately to the storage system, after which the downloads or emails can be opened in the work subsystem.

  In one embodiment, CE logic can trigger an event related to the repair process. The repair process can make a comparison between the working system master template and the current working system state. Differences between them can trigger a subsequent repair process, and some or all of the different data is deleted from the working system. Furthermore, data can be copied from the master template as needed by the repair process. In one embodiment, the repair process may make the working system identical to the master template.

  In one embodiment, the repair process can be performed after one or more e-commerce transactions, after surfing one or more web pages, and so on. Thus, all known and unknown viruses and Trojan horses can be disabled before the next transaction. This process does not exclude viruses, worms and Trojan horses from the computer (which may be stored in the storage system) but keeps them inactive. The repair process can repair volatile and non-volatile memory, or can clear volatile memory or set volatile memory to an ideal state.

  In one embodiment, if a user selects more than one email to open, more than one email can be copied to the working system and opened simultaneously. Optionally, each email can be copied, opened, viewed, and manipulated separately into its own separate working system. If the user needs to copy data from one separate email to another, a copy process that does not allow code execution can be used.

  In one embodiment, web commerce software, or email software, or any software is modified to copy and use only individual records or copies of records that are specifically required for the transaction to the storage system, then It can be copied back to the storage system database so that repairs are made after each such transaction. Optionally, in transactions where the data interacts with, for example, one or more databases or CGIs, the transaction is split into separate segments and the data is separated as required by separate storage system (s) or working system Copy to and from and repair can be performed between each segment of the transaction or between several segments of the transaction. Optionally, the software can include instructions that define what type of data constitutes the transaction and restrict the copy process to only copy data that meets certain criteria.

  In one embodiment, in order to further speed up the repair process, the working system master template and the working system software are each loaded into their own separate, separate volatile memory areas or shells to speed up the repair process. Can be raised. Thus, if the working system data is in volatile memory and the master template is in volatile memory, repairs can be made at a higher rate. Alternatively, a new working system shell can be used to eliminate the need for repair. For example, if a user can open an email and read the email using one shell and wish to respond to the email, the user can open a second shell for the response. Must be used. Optionally, the first shell or computing environment can be checked against viruses, while the user writes a response to the email using the second shell, and an additional shell or computing environment It can be ready for use.

  In another embodiment, data can be downloaded directly to the storage system using encryption or compression or other copying methods that prevent the data from executing. Optionally, a separate hidden backup or archive system can be used in the present invention, depending on the storage system or working system volatile or non-volatile memory (s) or A hidden backup or archive array of data can be formed and time stamped. Also, when copying data to such a backup or archive system, the techniques described herein can be used to prevent file execution and damage to the backup system data.

  For file save operations, in one embodiment, every time a save is made to the working system, a copy can be made to the storage system. Optionally, to prevent the virus or Trojan horse from causing havoc by performing millions of saves saved to the storage system, but optionally, at a frequency that allows the file to be saved. Limits can be imposed, or other limits can be imposed on the process of saving data to the working system. Optionally, this may be a ROM or part of a copy, store, save or other program.

  Individual processors with limited functions can be used to process data in a separate working system, or limited functions can be provided to the main processor. This can be done with a large number of data storage devices or a single data storage device with separate partitions.

  In one embodiment of the system and method of the present invention, data is transferred to / from one or more computing environments in / from one or more second computing environments in a manner that eliminates the risk of malicious code transfer. Directly transferred. In one embodiment, the method procedure includes, for example, using an ASIC or other logic circuit or logic means capable of transmitting and / or receiving ASCII or extended ASCII in a first computing environment. It may include connecting to a data line leading to a computing environment. In certain embodiments, the capabilities of the ASIC or logic means are particularly limited so that no additional processing occurs. Optionally, the second computing environment may receive ASCII data directly, or the data may be received by a second ASIC that has the ability to receive and / or transmit ASCII or extended ASCII data. Also good. These ASICs may limit the amount of data, ASCII characters, and / or requests made (eg, within a time period), for example, to prevent buffer overruns.

  In one embodiment, any handling for ASCII filters or stripped files or content can be provided. For example, if a file, dataset, or Internet or World Wide Web content is not ASCII stripped or filtered, the file from the outside world and the file derived from it (or derived from its descendants or children) are “non- A file or content that has been marked or identified as “secure” and potentially infected, but stripped or filtered to contain only some allowed ASCII characters, is “secure” Can be identified. This type of marking can also be used for certain other files or content other than ASCII. Therefore, in general, a file may be treated as secure if it turns out that it was optional but could not be exposed to potentially problematic infections, malicious or just unknown code, and is thus exposed If it is known that it is not, it may be marked as secure.

  In one embodiment, for example, a repair process may be performed that includes or includes one or more of the following. (A) make the CE's software identical and / or partially identical to all or part of the master template; (b) delete and / or delete the computing environment or part thereof, eg the computing environment storage (“explosion chamber”); And / or repair and / or switch to a secondary CE, (c) reformat and / or repair one or more data storage devices, master boot records, partition tables, etc., (d) one and / or Perform further repair processes, or (e) a combination of these. The repair process can be performed, for example, whenever the user abandons the document (and / or when it is performed using other criteria). Thus, each new document can be opened in a clean environment that does not include viruses and / or hacker software or other malicious code.

  In one embodiment, the master template is optionally stored and / or stored in a data store that is normally invisible to the user and is referred to as a protected master template and / or master template. Optionally, this may be “read only” and / or locked and / or turned off and / or disabled and / or disconnected and / or deactivated until needed. And / or communication with it can be terminated and / or deactivated. These (and other) techniques can be used to protect the protection master template from malicious code.

  In one embodiment, the user's personal data (documents created by the user, email, address book, bookmarks, favorites, etc.) using data storage device (s) and / or partition (s). , Database elements, etc.) can be temporarily stored. This data storage area can be referred to as a temporary data storage device. For example, when a user saves a document, it is saved to temporary storage. When a user saves a database, for example, it (and possibly its associated elements) is saved to temporary storage. When a user downloads an email, it is saved to temporary storage. When items such as bookmarks and favorites are created, they are saved to temporary storage when they are created and / or when the application quits. When a document is requested from a protected storage device (described elsewhere in this document), it is first copied to a temporary storage device. For example, if the user wishes to open an Internet browser, favorites / bookmarks and other user information are copied from the protected storage device to the temporary storage device. Note that this is an optional step that is not essential to the process, but is desirable in certain embodiments.

  The repair process can either repair the temporary storage device or replace it with a new copy prepared in advance. For example, in one embodiment, multiple temporary storage areas may be prepared in a separate state. Thus, if necessary, the old temporary storage (s) can be deleted and replaced with one or more new ones created using, for example, RAM, RAM disk, shell, etc. it can.

  In one embodiment, for example, the protective storage device may be a storage area where the user's personal data is separated from the explosion chamber except after repair or when the explosion process is suspended. A temporary storage device (optionally) when data is “shuttled” from a protected storage device to a temporary storage device and then returned to the protected storage device from the temporary storage device after processing the document. It can be a data storage area that can be used. Also, the temporary storage device may in one embodiment always have access to a computing environment (also referred to herein as an explosion chamber in this specification and related applications mentioned above). In this example, the user may save data to a temporary storage device while working, and when giving up, the document (or other file or data set) is transferred from the temporary storage device to the protected storage device. Copied.

  With reference to files and backups, but optional, in one embodiment, the backup system (s) or archive is a continuous backup of all user personal data, eg, documents, emails, favorites, etc. Can be used to hold Optionally, if the file is damaged by a virus or collapse, the user can copy past versions from the backup system. Successive backups and / or archives are time / date stamped and the user can easily determine when the backup was made. The frequency of backup may be predetermined by the manufacturer as a default, but can be changed by the user. Optionally, the backup system (s) can usually be hidden from the user. In one embodiment, when the backup system is made available to the user, it is kept in a “read-only” mode to prevent accidental changes by the user. Optionally, the backup may be on a separate data storage device (and in some embodiments a partition) and / or may be located anywhere on the network, for example. Note that this is an optional step that is not essential to the process, but is desirable in certain embodiments.

  In response to an indication that a problem or error has occurred in the computing environment, various steps for recovery or repair can be taken. In one embodiment, the processor is allowed to complete processing and / or it can be “cleared” or reset, and the RAM can be cleared or reset (optionally unavailable and / or deactivated). Making the second isolated RAM available, for example, establishing communication with the second RAM while the first RAM is cleared, but the use of the second RAM is not required, and It is also optional to make it available for activation), and the processor and / or RAM can now be used for the repair process. Although one embodiment of a repair process for an explosion chamber or isolated processing environment is described below, many other processes and / or different processors and / or RAMs or other memories or storage devices may be used. In one embodiment, repair of a CE may be defined as replacing a CE with another CE. One way to accomplish this is to delete the first CE and activate communication with the second CE. Alternatively, the first explosion chamber can be repaired while the second CE is in use.

  Email or e-mail inboxes and outboxes are typically stored as large files containing a large number of individual messages. For example, one “inbox” may include all messages sent to the user. Thus, when an email is read or sent, the entire email file is at risk from viruses or hackers. According to one embodiment of the present invention, the email software can be modified so that only one email to be opened for use can be copied to a temporary storage device or separate computing environment at a time. This protects other emails from being polluted. Repairs can be made before opening the next email. In one embodiment, an address book and / or other email elements can be stored in the protected storage device, and only the specific address (s) selected by the user are to be used from the protected storage device. Copied to the area. Thus, the virus does not access the user's entire address book. Optionally, address book updates can be limited to protect the address book from contamination so that the repair process must be performed first.

  Optionally, just as most email programs process individual emails as one file, databases and other software may store multiple files as one large file or database. . Such software is modified so that individual files and / or individual records are copied to temporary storage and acted on one at a time by the user without compromising the entire database. The repair can then be performed before opening the next file or record. For example, each email in the email inbox can be stored as a separate file. Alternatively, the location of the data can be entered into a directory and / or database, and only that data can be copied to temporary storage and / or CE without opening the file on the protected storage . In one embodiment, the computer program code can prevent user data from being opened in the protected storage device. In one embodiment, an email and / or database can be copied from a protected storage area to a CE and / or other data storage device, and one (or more than one) email or file Can be opened and operated. Only that email (or database file) can be opened and manipulated, and the email and / or the rest of the database can be deleted (since it still exists in the protected storage). In one embodiment, users and websites utilize proprietary technology and methods of the present invention. For example, in one embodiment, a system or device user decides to conduct an e-commerce transaction at a website. Rather than entering data into the website in a conventional manner, the user indicates that he wishes to perform an e-commerce transaction, which causes the website software to pick up the user's public encryption key (or the user's public encryption key). Software gives it automatically). The website moves the user key to the separate computing environment and performs encryption using a stand-alone application program or procedure that the user can use to enter transaction or database information. The encrypted file may then be moved to a connected separate computing environment, connected to or coupled to a network such as the Internet, or a standalone computing environment in which a stand-alone application is encrypted. You can also connect to the network. The encrypted application is then sent to the user. The user's computer receives the application, moves it to the separate computing environment, and decrypts the application in the separate computing environment. The user then enters those user data into the application. The application can generate a database of what the user has entered and then encrypts the database and establishes a network connection with the isolated computing environment or the encrypted database into a new separated computing environment And the encrypted data can be sent back to the e-commerce site, moved to a new separation computing environment, and decrypted. In this way, decrypted databases and e-commerce are never exposed to the network.

  In one embodiment, the Ethernet cable (or other network connection communication link) communicates only in one direction rather than in both directions, and the receive and transmit cables are each switched to communicate separately with the computing environment. In these embodiments, each line or direction of Ethernet (or other network connection communication link) is switched separately such that each communication link is coupled to a separate, separate computing environment. One computing environment transmits, another compute environment receives, and their activities are coordinated by a control computing environment such as CSCE or CCE. In another embodiment, a pair of network interface cards or capabilities (NICs) or modems are configured to transmit only or receive only in pairs that provide transmit / receive capabilities. By providing one computing environment with receive-only capabilities and another separate computing environment with transmit-only capabilities, hackers and viruses escape even if hackers or viruses access the receiving computing environment. Is not possible, i.e. it is not communicated anywhere from a transmission-only computing environment.

  In one embodiment, an internal DHCP router or other router is optionally provided, and the computing environment can have multiple network transactions, multiple NIC cards, or multiple I / O devices. In one embodiment, multiple peripheral devices are exclusively coupled to multiple computing environments in an isolated manner. These devices are, for example, USB devices, firewall devices, SCSI devices, serial devices, or other device types well known in the art.

  In one embodiment, the old file can be retained rather than replaced with a previously saved version of the file. For example, when updated Netscape bookmarks and user data are copied back to protected storage, they do not replace previous versions of Netscape bookmarks and backgrounds. Thus, the next time the data is used, if it collapses and does not work properly, the control method and / or the user can perform a repair and switch back to use the previous version of the data. .

  In one embodiment, optionally two or more CEs can be generated, one having, for example, a complete master template and the other, for example, a frequently used application and operating system Contains only the shortened set. Optionally, but when the software is required, if the CE does not include the software, the required software includes, for example, a complete set of user software and is copied from a master template that optionally includes the operating system By doing so, it can be added to the CE.

  In one embodiment, optionally, prior to activating network communications, some or all email to be sent protects the email by performing encryption in a separate computing environment before sending. The method can be used to encrypt and then the email can be copied to a second separate computing environment where it can be sent (and exposed to potential hackers). Encrypted emails are moved to a separate computing environment after being received and then decrypted. Thus, email is never exposed to the Internet in unencrypted form. The software of the present invention automatically triggers the encryption and / or decryption process without user intervention. Optionally, the user's public key can be automatically provided with each email.

  Optionally, in one embodiment, the protected storage device can be read-only and / or locked until the CSCE or CCE or other control environment receives a command to move data to the CE. Thus, in this example, code (eg, ROM instructions and / or operating system) can instruct the CSCE to perform repairs when the user selects a document to open in the protected storage device. Then, following repair, the CSCE switches the protected storage device to read-write and / or unlock. Data can be copied from the protected storage device to the temporary storage device and / or the explosion chamber. These events may occur in other orders, may include additional and / or other steps, and / or may not include some of these steps.

  Optionally, if multiple CEs operate simultaneously and one “crashes” and / or abandons and / or is closed and / or no longer needed, another CE may be in use. Ready to replace. For example, a switch can be made to a secondary CE and / or communication with a secondary CE can be activated.

  In one embodiment, code associated with a protected storage device may not allow execution of data and / or may not support execution of data on the protected storage device. Therefore, in this embodiment, there is no user data that can be executed in the protected storage device. Optionally, communication with the protected storage device is never established at the CE prior to repair, and is never established before a new network connection with the CE and / or before opening the user document. . Thus, the protected storage device is not affected by hacker and virus execution.

  In one embodiment, the computing environments (also referred to as x chambers or explosion chambers) may be identical to each other and / or have differences from each other and / or may act as a “time delay” mirror. Good. In one embodiment, the secondary CE may be the same, but keystrokes and / or inputs are sent to multiple CEs in a delayed state. Thus, some CEs are time delayed and if the CE crashes, the control system can switch to the time delayed CE. In one embodiment, the control method can use a process watcher and / or crash detection system to determine whether to switch to the secondary system CE, and optionally diagnoses the problem, one after the other. The problem can be avoided when switching to an old CE.

  In one embodiment, data in volatile memory can be copied and / or saved and / or backed up to another memory area and / or logic device prior to executing the command. It is possible to store successive backups of data before executing the command. A new secondary system and / or secondary self-repair user work area can then be used when the command is executed and when problems such as freezes occur and / or volatile memory Any backup can be loaded into volatile memory. This gives a good copy of volatile memory for use. If the problem or freeze occurs again, an older version of the saved volatile memory can be used. Optionally, the user (s) are notified of the problem and asked to enter what and / or how to enter data and / or change other behavior . Optionally, process watchers and / or error detection systems can be used to identify problems. Optionally, when secondary CE is used, the control method may choose to use an initial backup of volatile memory and / or process the data differentially to avoid crashes. You can command the secondary system.

  Another way of performing the repair is, for example, preparing a large number of CEs in isolation. These CEs may be in the form of a RAM disk, RAM, shell, volatile memory, or other data storage device, may have an associated RAM, and / or processing and / or computing environment, and 1 A copy of all or a portion of one or more master templates may be included. Separation can be generated, for example, by activating and / or deactivating communications to switch the CE from a separate backup to the current CE.

  Optionally, in one embodiment, if one or more unexpected and / or unidentified files appear in the temporary storage area (eg, information about what data should be in the temporary storage area) One or more files that do not appear in the protection database), for example, control methods and / or operating systems, and / or code in ROM cause such files to attract user attention. The user is given the option of destroying and / or saving the file (s) and / or marking the file to indicate that there is some suspicion in the file (s) and / or Or it may require further testing and / or validation. In yet another embodiment, unidentified files are deleted and / or saved to data storage and / or marked for further examination and / or automatically and / or for further testing. Sent manually somewhere, for example to a network administrator and / or a virus inspection entity.

  In one embodiment, one or more data storage devices are switched between read-only and read-write modes, and / or between locked and / or unlocked modes, and / or accessible and / or inaccessible modes. It may be hardware and / or software. In one example, a user opens a file from a read-only data storage device, manipulates the file, and saves it to a temporary storage area when saving the file. Optionally, when closing some or all of the files, the logic and control method can perform one or more of the following steps. That is, clear and / or reset RAM, clear / reset processor, and / or unlock and / or lock one or more data storage devices, and / or read / write and / or read only, Move data from temporary storage to data storage, close / lock / read only one or more data storages, optionally clear / reset temporary storage areas (optionally perform repair process) And wait for the next user command. In one embodiment, the temporary storage device is comprised of volatile and / or nonvolatile memory. In one example, random access memory and / or flash ROM, and / or other data storage devices may be used. In one embodiment, to copy data between documents, the data to be copied can be loaded into one or more unique address (es) of RAM and / or volatile memory. When a paste command is received, data can be communicated by using a copy process that does not allow execution of the data. For example, data can be simplified so that only ASCII text that cannot be executed is transmitted.

  In one embodiment, files cannot be opened in protected storage, but they can be copied, moved, deleted, flagged, backed up, archived, and subjected to other functions (such as, but not limited to) But not). However, only when these functions are executed from a “secure” interface such as a control environment.

  In one embodiment, a secure environment, eg, its own user interface software, is used to execute commands that change preferences, change master templates, delete backups, or provide other management events to the control environment, etc. Management must be performed from a control environment with Here, the word separation is used to convey the notion that something mentioned there is separated at some point, but it may not be separated at other specific times mentioned there. For example, when the user data is being executed, the CE can be separated until the repair process is executed. Then, in order to perform a repair process, for example, communication with a read-only master template can be established, repairs can be performed, and then other communication with the CE, for example, communication with a network can be established. Separation is used as needed and when it is necessary to prevent hacking and virus spread.

  Referring to the master template, a “disposable copy” of the master template used for CE can be generated in a number of ways using various criteria. In one embodiment, various master templates for CE can be generated. Criteria for generating a master template can be established. For example, one criterion is based on selecting a program that is typically used for a computer / computing device. For example, assume that computer users most commonly use: (1) word processing program, (2) e-mail program, (3) two internet browsers, and utilities to prevent pop-ups, and online auctions, and various other applications, games, utilities and / or others A program that uses a small amount of the program. Using this example, the master template (s) can be generated using each of these needs as a reference. Thus, one master template can include an operating system and a word processing program, and another master template can include an operating system and an email program. Another master template can include an operating system, two internet browsers, a pop-up prevention utility, and a program that tracks online auctions, yet another master template can include all user software .

  In another embodiment, one (or more) master templates can be generated, and only a portion of the master template needed to meet the criteria can be copied to generate one or more CEs. For example, there may be one master template, which can be used to generate a portion of the master template in one or more CEs. For example, using the criteria described above, a single master template can be used to generate a CE that is probably ready for use by a user.

  In one embodiment, the user can select which CE (s) should be used / opened and can copy the data to the CE (s). Optionally, the selection of the CE and / or master template copy to be used may be made automatically or organized by code. For example, if the user selects a word processing document to open, when the document is selected, the code can perform a search for CEs containing the appropriate word processing software and / or a database and The directory may be checked to identify the appropriate software location and / or other means may be used to identify the correct software and / or CE to be used.

  In some embodiments of the present invention, data from one, many, or all computing environments can be displayed on a single display device (or a set of display devices fewer than the operating computing environment), and thus It would be desirable to share such display devices and subsystems without contamination.

  In one embodiment, the control environment can use multiple modes of operation. For example, in the first mode of operation, the control environment does not allow copying between user computing environments except ASCII and extended ASCII, and / or does not allow file sharing on the network. In the second mode of operation, the control environment allows copying of unknown executable code and / or allowing file sharing over the network. The first mode may be classified as “immunity to hackers and viruses”, while the second mode of operation may be classified as “resistant to hackers and viruses” or “non-secure”. . The document generated in the second operation mode may be displayed as, for example, a “non-secure” document. Additional modes of operation can be used. The switching mode can be performed, for example, by the control environment and / or by the user and / or by the administrator. Switching may be automatic and / or triggered by a manual switching process, or may be triggered by certain conditions being detected.

  There are many other possible modes that can be implemented with embodiments of the present invention. For example, various management modes can exist. In one example of a management mode, a user can verify a key, password, or identity or permission to perform repairs and / or maintenance on one or more computing environments such as a protected storage device or a controlled environment. Must be used. In a second example of management mode and / or repair mode, the protected storage device (s), control environment (s) are automatically saved to one or more data storage devices, They can be reset / erased and reloaded as needed to regenerate their state with a brand new state. Various environment master templates, such as the control environment, can be used, and with proper authorization and switching, another environment can repair the control environment during the maintenance process. In one embodiment, this switching can occur on a schedule and / or be triggered by the user.

  In another embodiment, the control environment can display each file saved to the protected storage device. If the file is unknown or unreliable, for example, “untrusted” is displayed, while if the file is generated from within a brand new environment, the control environment Can be displayed as “reliable”. In one example, in a “immunity to hackers and viruses” mode, the control environment allows reliable data to be copied from a first user computing environment to a second user computing environment, It is not permitted to copy “unreliable” data to the second user computing environment. Switching to a “less secure” mode can allow the control environment to copy unreliable code from the first user computing environment to the second user computing environment, and the resulting file is Here, “Unreliable” is displayed.

  In another embodiment, in one mode, linked data in two or more computing environments can be copied directly between these environments. In another embodiment, a group of reliable linked data can be copied or moved to the user environment, and if all data is reliable, the data is copied between them. And / or cross-linked. Thus, the entire database and linked data set is moved or copied to the user computing environment and manipulated while the data is cross-copied and linked between the various documents and / or databases. If all data is reliable, all data can be manipulated together in one user computing environment. (Alternatively, more than one, eg, second, third, etc.) Because all codes are reliable, the user computing environment can communicate directly with the first computing environment. In different unreliable operating modes, unreliable data can be merged with reliable or unreliable data to form unreliable data and displayed as such. In this way, the entire database of linked data and databases can be maintained and shared in a trusted environment.

  In another embodiment, a computer-configured network using this new technology provides reliable data, databases, and linked data documents communicated over a reliable / secure communication line. Can be shared and mixed.

  In one embodiment, the control computing environment, for example, will never allow a mixture of files that are shown to be unreliable and files that are shown to be reliable. This method advantageously allows an entire network of computers attached by a reliable / secure network connection to share and mix together reliable files, databases and linked data. At the same time, you can have untrusted files on their computers and have the ability to use those untrusted files without jeopardizing the trusted files.

  In one embodiment, the server may be of the technology described herein, the client node can be connected via a secure / reliable network connection, and the client node is configured with a conventional computer. Also good. In this example, the server can perform the following steps: (1) reformat the hard drive of the client computer and clear the memory; (2) give the user computer access to the desktop environment after the user selects a file in the desktop environment; and (3) remove the requested file. In addition to giving to the user environment, communication with the desktop environment is limited to, for example, one bit meaning a “save” file, and more than two bits, ie, a save file and an erase calculation environment. In step (4), the user file is copied from the client computer to the user computing environment on the server in order to save the file so as not to put the control environment in a dangerous state. You can save the data in the usual way to save the location data. Then, in step (5), the client computer can be reformatted and reset by the server when the client is terminated. Optionally, the client acts as a “thin client” and therefore there is little or no data that needs to be copied back to the client computer.

  In one embodiment, files that are marked untrusted are made reliable by, for example, a “stripping” process that removes potentially executable code from the word processing document. For example, unreliable file data is copied to a secure environment as an ASCII character and classified as reliable. In one embodiment, the protected storage device may be external and / or portable and / or hot swappable and / or portable media. In one embodiment, software and / or physical buttons and / or switches and / or combinations may be used to trigger events such as reset / repair the computing environment.

  An internal or external backup system, which may or may not be hidden, can be switched by, for example, the control environment to back up protected storage devices, master templates, control environment copies, etc.

  A description will now be given of how to display and use data from the selected computing environment or set. Such data is used, but is not limited to, in the computing environment and in the computing environment between the processing event and the display of the data or activity in the computing environment and the actual video output, video output or output. Or an intermediate data set or file to be generated.

  In one embodiment that includes a window-based user interface, for all (or selected) windows, icons (and names of application programs or data that such icons represent), and other such data and / or identification means All (or selected) size, shape and position coordinates are calculated (also referred to as “explosion chamber” or “x chamber” in some embodiments, including code explosion but not harmful to the outside) To a control entity in the system, typically a control computing environment (also referred to as “brain” in some embodiments), eg, a CSCE or CCE computing environment as described above. This information may be used, for example, in one or more different computing environments or using computer program software instructions that are executed in a time separated manner when a single concurrent computing environment operation is supported. Thus, a control computing environment using the procedure of the present invention can be provided. Alternatively, all or a portion thereof can be generated by or in the control computing environment.

  This data stored and tracked by the control computing environment is referred to herein as “computing environment data” or “x room data”.

  In addition or in addition, the control computing environment may include control data or other data referred to as “brain data”, such as the order in which each “layer” or “process” was generated, and each window. Data representing the order generated can be tracked. It can also maintain information about selective or active windows or processes.

  A control computing environment, such as a CSCE or CCE, described in one embodiment and also referred to as a system “brain” for other embodiments, may include a mouse cursor or other pointing device location and / or a keyboard or other User input activity can also be tracked. Accordingly, the control computing environment can determine the position of the mouse cursor (when a mouse or pointing device click occurs) relative to the position of the open window, icon, etc. generated by each computing environment. Although the description herein primarily describes human user interaction using keyboard and mouse commands, in practice, the system and method of the present invention may include various user interactions such as, but not limited to, touch Screen interactions and commands, voice interactions and commands, drop-down menus, hot spot selection interactions and commands, function button presses, pen stylus interactions and commands, and various known or anticipated developments in this technology It should be apparent that other user input and interaction methods and devices are applicable.

  Thus, the mouse position “click” (or other “selection”) is calculated and compared to the window position of the assigned computing environment (and which window is “forward” or “active”). This allows the CSCE to specifically determine which window (or icon or item or computing environment process) is intended to be selected and receive its “click” position.

  Thus, when the mouse button is clocked, the control computing environment, for example, which layer is “active and forward” in conventional window terminology, which application is launched, or where the mouse and keyboard signals are sent. The redirection can be determined based on information collected by the control computing environment.

  A direct connection from the computing environment (CE) to the CSCE is, for example, but not limited to, a first (possibly dedicated) ASIC from the computing environment to a second (possibly dedicated) ASIC in the CSCE (or filter). Can be used to prevent unintended activities or results. Such unintended consequences are, for example, some code execution that causes a buffer or memory overrun that is intended to bring up or spread malicious code. An ASIC is just one example of a logic circuit that provides a filtering or limiting operation so that only certain allowed processing occurs. For example, such logic may operate as a “receiver”, whether in the form of an ASIC or otherwise implemented, and receive communications as “x, y” or “line, sample”. It can only be understood or interpreted as coordinates, and cannot be understood or interpreted elsewhere. In some embodiments, a single ASIC or other logic located in the communication path between the computing environment and the CSCE is sufficient to provide the desired restriction or filtering action in the intended communication. Please be careful. Such an ASIC or logic circuit (optionally using software or firmware) can be controlled to securely and safely select a function from a set of possible allowed functions or operations that can be used. Or is dynamically programmable to perform such a selection (eg, download code from a protected storage device or other secure storage device, or control signal (s)) By sending).

  The “x room data” or the user calculation environment data that can be included in the data given to the control calculation environment is not limited to this, for example, but may include one or more of the following. The location and size of the window (such as a wireframe); the names of the icons and what they represent; the size of the file, the location of the file, and a similar file or dataset reference or identifier. As yet another example, these may include B-trees, master directories, desktop databases, etc. In addition or alternatively, this is intended to open, which application program, driver or operating system element is "associated" with or cooperates with any file or file type or device or device type, Alternatively, it may include a list of processing capabilities or other data structures or indexes.

  The control data or “brain data” may not include the following, or may include one or more. Data identifying the order in which layers, windows and / or processors were generated, the current order or priority of such layers, windows and / or processors, absolute mouse or pointing device, screen relative, window relative Cursor position and / or a combination of these or other data. In some embodiments, multiple computing environments have similar or identical attributes, and some of this data or information need only be generated once, and therefore there is a relative change to that computing environment. It will be clear that it only needs to be changed or adapted for each computing environment for subsequent updates when and when it occurs.

  While a number of embodiments of the invention including a number of optional features have been described, it will be apparent that different aspects and features of the invention can be combined and used together or separately. Here, a specific embodiment having these features in a certain combination will be described. This description is merely illustrative and is not intended to limit the scope or spirit of the invention in any way. Many aspects and features of the invention described anywhere in this specification are not described below.

  In one aspect, the present invention provides an information device. In one embodiment of this information equipment, the information equipment comprises a first storage device for programs and data, processor logic, and a format for executing computer program instructions for performing tasks including user data. In this information device, a separate control processing environment and a user processing environment are created and maintained. (1) User data having unknown or unreliable content is stored in the control processing logic environment. User data that is not exposed to computer program code capable of executing computer program code instructions embedded in the user data and (2) has unknown or unreliable content is stored in a first storage in a user processing logic environment. Temporary different from the first storage device when separated from the device Characterized in that so as to be exposed only to the storage device. In another embodiment of the information device, the information device is or includes a personal data assistant. In another embodiment of the information device, the information device is or includes a computer.

  In another aspect, the invention stores at least one processing logic device for executing at least one instruction and first program code including first data and at least one instruction and including user data. A first storage device, a second storage device for storing second data, and a processing logic device selectively and independently coupled to the first storage device and / or the second storage device under automatic control And a switching system for isolating, wherein the processing logic device receives at least one control signal from the processing logic device and selects a state of the switching system, the processing logic device comprising a control configuration and user data In configuration, it operates based on the following conditions: (i) Processing logic The device may be coupled to the first storage device when program instructions are loaded into the processing logic that cannot execute data items that have unreliable content or did not occur in a known control environment, ii) If the processing logic device has unreliable content or is loaded with processing logic loaded with processing instructions that can execute a data item that did not occur in a known control environment, is it not coupled to the first storage device? Or only limitedly coupled to communicate known information, and (iii) processing logic devices execute data items that have unreliable content or did not occur within a known control environment When a possible program instruction is loaded into the processing logic, it may be coupled to a second storage device and (iv) When a program instruction that can only copy a data item from the first storage device to the second storage device or from the second storage device to the first storage device is loaded into the processing logic, the logic device loads the first storage device and the second storage device. An information device is provided that operates such that it may be coupled to two storage devices.

  In one embodiment of the information equipment described above, the switching system can couple or separate the processing logic device to the first storage device and the second storage device at least in the following manner: (i) the processing logic device. Coupled to only the first storage device; (ii) coupling the processing logic device only to the second storage device; (iii) coupling the processing logic device to the first and second storage devices simultaneously; and (iv) the processing logic device. Are not coupled to the first storage device or the second storage device. In another embodiment of the information appliance, the processing logic device includes a microprocessor. In another embodiment of the information device, the processing logic device comprises a processing logic circuit comprising a microprocessor, a central processing unit (CPU), a controller, a microcontroller, an ASIC, a logic circuit, a programmable logic circuit, and combinations thereof. Selected from the set. In another embodiment of the information device, the information device is a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular phone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, an automobile. On-board computer, aircraft-mounted computer, navigation device, household device, printing device, scanning device, camera, electronic camera, television receiver, broadcast control device, electronic instrument, medical monitoring device, security device, environmental control device, electronic device, And a set of information devices consisting of combinations thereof. In another embodiment of the information device, the first data storage device and the second data storage device are independently selectable, and a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, It is selected from a set of storage devices consisting of solid state memory, chemical memory, magnetic memory, molecular memory, microdrive, flash memory, compact flash card memory, RAM memory, ROM memory, and combinations thereof.

  In another embodiment of the information appliance, the at least one processing logic device includes a plurality of processing logic devices. In another embodiment of the information appliance, at least one of the plurality of processing logic devices includes at least one microprocessor, and the at least one instruction includes a plurality of computer program code segments and applications from an operating system. A plurality of computer program code segments from the program, the switching system further comprising switch control commands for changing the switch configuration to selectively couple and disconnect the microprocessor from the first and second storage devices. It can be coupled to a microprocessor for receiving. In another embodiment of the information appliance, the plurality of processing logic devices are intermittently separated and communicatively constrained by an automatic control system that executes one of the processing logic devices. In another embodiment of the information appliance, the second storage device acts as a temporary storage device during processing operations when it is coupled to the processing logic device, and the processing is in an error state after each processing is performed. Configured to be automatically cleared independently when completed with or without an error condition, and further, the error condition includes detection of a virus or other malicious code execution. In another embodiment of the information equipment, the plurality of processing logic devices and at least the first and second storage devices can be dynamically configured to generate a computing environment having the determined characteristics. In another embodiment of the information equipment, the first storage device stores a master template file having an operating system and application program elements and a protected copy of user data.

  In another aspect, the invention stores at least one processing logic device for executing at least one instruction and first program code including first data and at least one instruction and including user data. A method of operating an information device of the type having a first storage device and a second storage device for storing second data, wherein at least one from a processing logic device to select a condition of the switching system Selectively and independently switching the processing logic device to and from the first storage device and / or the second storage device under automatic control upon receipt of the control signal; and Operating the processing logic device in a control configuration and a user data configuration based on the conditions of And (i) when a program instruction is loaded into the processing logic that cannot execute data items that have unreliable content or did not occur in a known control environment, the processing logic device and the first storage device (Ii) when program instructions are loaded into the processing logic that can execute data items that have unreliable content or that did not occur in a known control environment, the processing logic device and the first memory Do not allow coupling with the device or only allow limited coupling between the processing logic device and the first storage device to communicate known information, and (iii) have unreliable content or known control Processing logic device when program instructions that can execute data items that did not occur in the environment are loaded into processing logic And (iv) program instructions in the processing logic that can only copy data items from the first storage device to the second storage device or from the second storage device to the first storage device. And a step of allowing a combination of the processing logic device and the first storage device and the second storage device when loaded.

  In another embodiment of the method of operating an information device, the method further comprises erasing the second storage device after the processing logic device has processed the user data using the second storage device.

  In another embodiment of the method of operating an information device, the information device is a computer, notebook computer, personal data assistant, personal data organizer, cellular phone, mobile phone, wireless receiver, wireless transmitter, GPS receiver, satellite Telephone, automobile-mounted computer, aircraft-mounted computer, navigation device, household device, printing device, scanning device, camera, electronic camera, television receiver, broadcast control system, electronic instrument, medical monitoring device, security device, environmental control device, It is selected from a set of information equipment consisting of electronic devices and combinations thereof.

  In another embodiment of the method of operating an information device, the at least one processing logic device includes a plurality of processing logic devices. In another embodiment of a method of operating an information device, at least one of the plurality of processing logic devices includes at least one microprocessor, and the at least one instruction includes a plurality of computer program code segments from the operating system and A switch control command including a plurality of computer program code segments from an application program, wherein the switching system changes a switch configuration to selectively couple and disconnect the microprocessor from the first and second storage devices; Can be coupled to a microprocessor to receive

  In another aspect, the present invention provides a housing having a form factor computer PC card and a plurality of PCCardBus interface connections; a plurality of processors disposed within the housing; and disposed within or coupled to the housing. A protected data storage device portion selected from a plurality of data storage devices for storing at least user data; and a data storage device switch system coupled to the plurality of data storage devices. A switch system coupled in a data storage device switch configuration to configure communication with one or more data storage devices disposed within the housing; and an I / O switch system coupled to at least one peripheral device In the housing An I / O system coupled with an I / O system configuration that includes a plurality of features to configure communication with a configured peripheral device; a plurality of computing environments, each computing environment having at least one A data storage device switch communication path comprising a processor and identified by at least one special feature selected from a plurality of special features and coupled to the data storage device switch, wherein the at least one data storage device is connected to the data storage device. A data storage device switch communication path coupled to a computing environment based on a device switch configuration and an I / O switch computation path coupled to an I / O switch system, wherein peripheral devices are connected to the I / O switch system I / O switch communication path for coupling to computing environment based on configuration In addition, the computing environment can perform a processing activity that includes receiving input from the I / O switch system and sending output to the I / O switch system, the processing activity comprising another computation A computing environment that is executed independently of the processing activities of the environment; a control computation selected from a plurality of computing environments to configure the data storage device switch configuration and to configure the I / O switch system configuration A control computing environment in which the data storage device switch configuration supports communication between the control computing environment and the protected data storage device; at least one user separation computation selected from the plurality of computing environments; An I / O switch system configuration Is configured to direct received input to at least one of the computing environments, and further, the I / O switch system configuration directs output generated by one or more of the plurality of computing environments to the peripheral device. An information processing apparatus configured as described above is provided.

  In another embodiment of the information processing apparatus, the plurality of processors are a processing logic circuit comprising a microprocessor, a central processing unit (CPU), a controller, a microcontroller, an ASIC, a logic circuit, a programmable logic circuit, and combinations thereof. And a plurality of data storage devices are independently selectable, rotating magnetic hard disk drive, rotating magnetic floppy disk drive, CD, DVD, semiconductor memory, solid state memory, chemical Selected from a set of storage devices consisting of memory, magnetic memory, molecular memory, microdrive, flash memory, compact flash card memory, RAM memory, ROM memory, and combinations thereof.

  In another aspect, the present invention relates to a computer having a first storage device for program and data, processor logic, and executing computer program instructions for performing a task including user data. A separate control processing environment and user processing environment is created and maintained, (1) user data having unknown or unreliable content is computer program code instructions embedded in the user data in the control processor logic environment And (2) when user data having unknown or unreliable content is separated from the first storage device in the user processor logic environment, the first A temporary storage device different from the storage device Providing a computer, characterized in that it is exposed to.

  In another aspect, the invention stores at least one processing logic device for executing at least one instruction and first program code including first data and at least one instruction and including user data. A first storage device, a second storage device for storing second data, and a processing logic device that is selectably and independently coupled to the first storage device and / or the second storage device under automatic control. And a switching system for isolating, wherein the processing logic device receives at least one control signal from the processing logic device and selects a state of the switching system, the processing logic device comprising a control configuration and user data In configuration, it operates based on the following conditions: (i) Processing logic The storage device may be coupled to the first storage device when program instructions are loaded into the processing logic that have unreliable content or cannot execute data items that did not occur in a known control environment, (Ii) The processing logic device is not coupled to the first storage device when a program instruction is loaded into the processing logic that can execute a data item that has unreliable content or did not occur in a known control environment. Or only limitedly coupled to communicate known information, and (iii) the processing logic device can store data items that have unreliable content or did not occur in a known control environment. When executable program instructions are loaded into the processing logic, they may be coupled to a second storage device, and (iv) The logic device is configured such that when a program instruction that can only copy data items from the first storage device to the second storage device or from the second storage device to the first storage device is loaded into the processing logic, the first storage device and A computer system is provided that operates such that it may be coupled to a second storage device.

  In another aspect, the invention is a computer system of the type having a first storage device and at least one processor, wherein a separate control processing environment and a user processing environment are generated in at least one of the storage device and the processor. And (1) prevent the identified data from being exposed to processor-executable instructions embedded in the data, and (2) when the identified data is separated from the first storage device. The second storage device different from the first storage device is only exposed to the processor.

  The foregoing description of specific embodiments and best modes of the invention is merely illustrative of the invention. It is apparent that the present invention is not limited to the precise forms described herein, and that many changes and modifications can be made in light of the above teachings. These embodiments are selected to best illustrate the principles of the invention and its practical application, and those skilled in the art will make various modifications to suit the particular intended use. The invention and various embodiments may be best utilized. The scope of the invention is to be defined by the claims and their equivalents.

FIG. 1 illustrates a laptop computer or other computing system according to the prior art. 1 illustrates a laptop computer system or other information device according to an embodiment of the present invention. FIG. 1 is a schematic diagram of an architecture and system for supporting multiple independent computing environments according to one embodiment of the invention. FIG. 6 is a flowchart illustrating an embodiment of a method for using an embodiment of the present invention. 6 is a flowchart illustrating an embodiment of a method for initiating a computing environment. FIG. 6 is a flowchart illustrating an embodiment of a method for configuring one or more switch systems in a computing environment. FIG. 6 illustrates another embodiment of the present invention with a special purpose subsystem or computing environment and a common controller. It is a figure which shows another embodiment of this invention. FIG. 6 illustrates yet another embodiment of the architecture and system of the present invention. FIG. 6 illustrates yet another embodiment of the architecture and system of the present invention. FIG. 6 illustrates an additional embodiment of the present invention having a control computing environment and at least one separate computing environment combined for user processing. An embodiment of the architecture and system of the present invention that provides a single physical computing environment, but that can support multiple logical or virtual computing environments using intermittent and temporally segregated assignment and access of components. FIG. FIG. 6 illustrates another embodiment of an architecture and system configuration in accordance with aspects of the present invention. FIG. 5 shows an interface card embodiment of the present invention such as a PC card embodiment. FIG. 15 illustrates the PC card embodiment of FIG. 14 showing connections between the PC card and the peripheral bus, host bus, and host processor. FIG. 3 illustrates dynamic configuration and component switching and connection aspects within an embodiment of the invention. FIG. 6 illustrates another aspect of dynamic configuration and component switching and connection within an embodiment of the present invention. FIG. 6 illustrates yet another feature of an embodiment of the present invention including how the computing environment of the present invention combines multiple keyboards and mice and provides multiple individual sets of stacked videos. FIG. 6 illustrates an embodiment of a processing system environment that maintains a processing or computing environment separate from processor inputs and processor outputs. FIG. 2 illustrates an embodiment of an N-dimensional virtual processing space having multiple virtual and physical processing or computing environments. FIG. 4 illustrates an embodiment of a method for maintaining separation between an input and a processor. FIG. 2 illustrates a particular embodiment of a system, apparatus and architecture for performing temporal multiplexing of multiple processes in a physical or virtual processing environment with only one processor. FIG. 6 illustrates another system embodiment for maintaining a controlled degree of separation between processes in a computer.

Claims (30)

In a method for preventing contamination of first data due to execution of second data,
Interposing a first separator (device) between the source and processing logic and a second separator (device) between the processing logic and the receiver, the first and second separations. Each of the devices is not capable of executing instructions to enter the separation device from the source, from the receiver, or from the processing logic, and to access the processing logic and to the source or receiver by the processing logic Steps that prevent execution of instructions on the side,
Communicating the second data from the source via the first separator to the processing logic;
Processing the second data with the processing logic to generate a first result;
Communicating the first result from the processing logic via the second separator to the receiver.   The method of claim 1, wherein the first and second separators cannot execute instructions because they can only perform a copy operation with a binary bit or a plurality of binary bits.   The method of claim 1, wherein the copy operation is performed outside of the processing logic.   The method of claim 2, wherein the first and second separation devices are the same device.   The method of claim 2, wherein the first and second separation devices are different devices. In a method for preventing contamination of first data due to execution of second data,
Separating a source from processing logic and a receiver, wherein the separated source and the separated receiver are not capable of executing instructions to enter the isolated source from or from the processing logic. And preventing access to the processing logic and execution of instructions on the source or receiver side by the processing logic;
Communicating second data from the source to the processing logic in a separate mode;
Processing the second data with the processing logic to generate a first result;
Communicating the first result in a separate mode from the processing logic to the receiver.   The method of claim 6, wherein the separation is a logical separation.   The method of claim 6, wherein the separation is physical separation.   The method of claim 6, wherein the source and receiver are storage locations, and the separation is achieved using an address control procedure.   The method of claim 9, wherein the address control procedure includes suppressing a control level in a computer below an operating system to hide one memory location and make another memory location available to a process. .   In an information device having a first storage device for program and data and processor logic and executing computer program instructions for performing a task including user data, an individual control processing environment and user processing When the environment is created and maintained, (1) user data with unknown or unreliable content can be executed against computer program code capable of executing computer program code instructions embedded in the user data in a control processing logic environment. And (2) user data with unknown or unreliable content is different from the first storage device when separated from the first storage device in the user processing logic environment. It is characterized by being exposed only to temporary storage devices. Information devices. At least one processing logic device for executing at least one instruction;
A first storage device for storing first data and a first program code including user data and including at least one instruction;
A second storage device for storing second data;
A switching system for selectably and independently coupling and separating the processing logic device to the first storage device and / or the second storage device under automatic control, wherein the switching logic device is at least one from the processing logic device. A switching system for receiving one control signal and selecting a state of the switching system,
The processing logic device operates in the control configuration and the user data configuration based on the following conditions:
(I) when the processing logic device is loaded with program instructions that cannot execute data items that have unreliable content or that have not occurred in a known control environment, the first storage device May be combined with
(Ii) when the processing logic device is loaded with program instructions capable of executing data items that have unreliable content or did not occur in a known control environment, the first storage device Or only limited to communicate known information,
(Iii) when the processing logic device is loaded with program instructions capable of executing data items that have unreliable content or did not occur in a known control environment, the second storage device And may be combined with
(Iv) The processing logic device is loaded with program instructions that can only copy data items from the first storage device to the second storage device or from the second storage device to the first storage device. An information device that operates such that it may be coupled to the first storage device and the second storage device when done.   The switching system connects the processing logic device to the first storage device and the second storage device in at least the following manner: (i) coupling the processing logic device only to the first storage device; (ii) Coupling the processing logic device only to the second storage device; (iii) simultaneously coupling the processing logic device to the first and second storage devices; and (iv) coupling the processing logic device to the first storage device. 13. The information device according to claim 12, wherein the information device can be coupled or separated so as not to be coupled to the second storage device.   The information device according to claim 12, wherein the processing logic device includes a microprocessor.   The processing logic device is selected from a set of processing logic circuits comprising a microprocessor, a central processing unit (CPU), a controller, a microcontroller, an ASIC, a logic circuit, a programmable logic circuit, and combinations thereof. 12. The information device according to 12.   The information equipment includes a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular phone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, an onboard computer, an onboard computer, and a navigation device. , Home appliances, printing devices, scanning devices, cameras, electronic cameras, television receivers, broadcast control systems, electronic instruments, medical monitoring devices, security devices, environmental control systems, electronic devices, network devices, and combinations thereof 13. Information device according to claim 12, selected from a set of information devices.   The first data storage device and the second data storage device can be selected independently, and a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a chemical memory, a magnetic memory 13. The information equipment of claim 12, selected from a set of storage devices including memory, molecular memory, microdrive, flash memory, compact flash card memory, RAM memory, ROM memory, and combinations thereof.   The information device according to claim 12, wherein the at least one processing logic device includes a plurality of processing logic devices.   At least one of the plurality of processing logic devices includes at least one microprocessor, and the at least one instruction includes a plurality of computer program code segments from an operating system and a plurality of computer program code segments from an application program. In addition, the switching system can be coupled to the microprocessor to receive a switch control command that changes a switch configuration to selectively couple and decouple the microprocessor to the first and second storage devices. The information device according to claim 18, wherein   20. The information device of claim 19, wherein the plurality of processing logic devices are intermittently separated and communicated constrained by an automatic control system that executes one of the processing logic devices.   The second storage device acts as a temporary storage device during processing operations when it is coupled to the processing logic device, and if each processing is performed, the processing is completed in an error state or an error state. 20. The information of claim 19, wherein the information is configured to be automatically cleared independently upon completion without further error, and wherein the error condition includes detection of a virus or other malicious code execution. machine.   21. The information equipment of claim 20, wherein the plurality of processing logic devices and at least the first and second storage devices are dynamically configurable to generate a computing environment having determined characteristics.   The information device of claim 11, wherein the first storage device stores a master template file having an operating system and application program elements and a protected copy of user data. At least one processing logic device for executing at least one instruction; first data; and a first storage device for storing a first program code including at least one instruction and including user data; A method of operating an information device of a type having a second storage device for storing two data;
When the processing logic device receives at least one control signal from the processing logic device to select a switching system condition, the processing logic device is automatically controlled with the first storage device and / or the second storage device. Selectively and independently switching to combine and separate;
Operating the processing logic device in a control configuration and a user data configuration based on the following conditions:
(I) when a program instruction is loaded into the processing logic that has unreliable content or cannot execute a data item that has not occurred in a known control environment, the processing logic device and the first storage device; Allow the combination of
(Ii) when a program instruction capable of executing a data item having unreliable content or not occurring in a known control environment is loaded into the processing logic, the processing logic device and the first storage device; Or only communicating known information with limited permission to combine the processing logic device and the first storage device,
(Iii) when a program instruction capable of executing a data item having unreliable content or not occurring in a known control environment is loaded into the processing logic, the processing logic device and the second storage device; Allowed to combine, and
(Iv) when a program instruction that can only copy a data item from the first storage device to the second storage device or from the second storage device to the first storage device is loaded into the processing logic, the processing Allowing coupling of a logic device with the first storage device and the second storage device;
And a step of operating as described above.   25. The method of operating an information appliance according to claim 24, further comprising the step of erasing the second storage device after the processing logic device has processed user data using the second storage device.   The information equipment includes a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular phone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, an onboard computer, an onboard computer, and a navigation device. , Home appliances, printing devices, scanning devices, cameras, electronic cameras, television receivers, broadcast control systems, electronic instruments, medical monitoring devices, security devices, environmental control systems, electronic devices, network devices, and combinations thereof 25. A method of operating an information device according to claim 24, selected from a set of information devices.   25. A method of operating an information appliance according to claim 24, wherein the at least one processing logic device comprises a plurality of processing logic devices.   At least one of the plurality of processing logic devices includes at least one microprocessor, and the at least one instruction includes a plurality of computer program code segments from an operating system and a plurality of computer program code segments from an application program. And wherein the switching system is coupled to the microprocessor for receiving a switch control command to change a switch configuration to selectively couple and disconnect the microprocessor from the first and second storage devices. 28. A method of operating an information device according to claim 27, wherein the method is possible. A housing having a form factor computer PC card and a plurality of PCCardBus interface connections;
A plurality of processors disposed within the housing;
A plurality of data storage devices disposed within or coupled to the housing;
A protected data storage portion selected from the plurality of data storage devices for storing at least user data;
A data storage device switch system coupled to the plurality of data storage devices and coupled in a data storage device switch configuration to configure communication with one or more data storage devices disposed within the housing. Switch system;
An I / O switch system coupled to at least one peripheral device, wherein the I / O switch system is coupled in an I / O system configuration including a plurality of features to configure communication with the peripheral device disposed within the housing. I / O system;
A plurality of computing environments, each computing environment comprising at least one processor and identified with at least one feature selected from the plurality of features;
A data storage device switch communication path coupled to the data storage device switch, wherein the data storage device switch communication couples at least one data storage device to the computing environment based on the data storage device switch configuration. Route and
An I / O switch calculation path coupled to the I / O switch system, the I / O switch communication path for coupling the peripheral device to the computing environment based on the I / O switch system configuration Including,
In addition, the computing environment can perform processing activities that include receiving input from the I / O switch system and sending output to the I / O switch system, wherein the processing activity is a separate computation. A computing environment that is executed independently of the processing activity of the environment;
A control computing environment configured from the plurality of computing environments to configure the data storage device switch configuration and configure the I / O switch system configuration, wherein the data storage device switch configuration controls the control A control computing environment that supports communication between the computing environment and the protected data storage device;
At least one user-separated computing environment selected from the plurality of computing environments, wherein the I / O switch system configuration is configured to direct received input to at least one of the computing environments; The I / O switch system configuration is an information processing apparatus configured to direct an output generated by one or more of the plurality of computing environments to the peripheral device. The plurality of processors are independently selected from a set of processing logic circuits comprising a microprocessor, a central processing unit (CPU), a controller, a microcontroller, an ASIC, a logic circuit, a programmable logic circuit, and combinations thereof; And
The plurality of data storage devices can be independently selected, and include a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a chemical memory, a magnetic memory, a molecular memory, a micro memory 30. The information processing apparatus of claim 29, selected from a set of storage devices including a drive, flash memory, compact flash card memory, RAM memory, ROM memory, and combinations thereof.

Images