AU758189B2 - Method and apparatus for isolating a computer system upon detection of viruses and similar data - Google Patents

Method and apparatus for isolating a computer system upon detection of viruses and similar data Download PDF

Info

Publication number
AU758189B2
AU758189B2 AU19101/99A AU1910199A AU758189B2 AU 758189 B2 AU758189 B2 AU 758189B2 AU 19101/99 A AU19101/99 A AU 19101/99A AU 1910199 A AU1910199 A AU 1910199A AU 758189 B2 AU758189 B2 AU 758189B2
Authority
AU
Australia
Prior art keywords
data
data channel
channel
processor
virus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU19101/99A
Other versions
AU1910199A (en
Inventor
Steven D. Mann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
RVT Technologies Inc
Original Assignee
RVT Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by RVT Technologies Inc filed Critical RVT Technologies Inc
Publication of AU1910199A publication Critical patent/AU1910199A/en
Application granted granted Critical
Publication of AU758189B2 publication Critical patent/AU758189B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/81Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Communication Control (AREA)
  • Optical Communication System (AREA)

Description

-1- METHOD AND APPARATUS FOR ISOLATING A COMPUTER SYSTEM UPON DETECTION OF VIRUSES AND SIMILAR DATA BACKGROUND OF THE INVENTION 1. Field of the Invention: This invention relates to computer systems. More particularly, this invention relates to a method and apparatus for isolating a computer system upon detection of a virus and similar data.
2. The Prior Art: Any discussion of the prior art throughout the specification should in no way be considered as an admission that such prior art is widely known or forms part of common general knowledge in the field.
Recently, transmission of data viruses over the Internet has become a serious concern for Internet users. To reduce the concern, several methods are used to isolate computers from the Internet while the users are in local mode. However, when users of 15 such methods are in a connected mode, they become prey to any virus that they may •unwittingly download.
Computer virus scanners are common and can be used to detect a virus once it is downloaded. However, such scanners cannot prevent the virus from being downloaded.
They can only aid in the identification of a virus once it has already infected the user's 20 computer.
V Nowhere does the prior art disclose a method or apparatus for detecting a virus as "it is being received from a network and isolating the user's computer from the Internet when an incoming virus is detected.
SUMMARY OF THE INVENTION It is an object of the present invention to overcome or ameliorate at least one or more of the above-noted disadvantages of the prior art, or at least provide a useful alternative.
According to one aspect, the present invention provides an apparatus for isolating data receiving entity from a data sending entity, comprising: a. a first data channel, coupled to the data sending entity; b. a second data channel, coupled to the data receiving entity; c. means for comparing a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and for asserting a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus; and d. means, coupled to the first data channel and the second data channel and operationally coupled to the control signal, for isolating the first data channel from the second data channel when the control signal is asserted and for placing the first data channel and the second data channel in optical communication when the control signal is not asserted.
In another aspect, the invention provides an apparatus for isolating data receiving entity from a data sending entity, comprising: a. a first data channel, coupled to the data sending entity; b. a second data channel, coupled to the data receiving entity; c. a processor that is programmed to compare a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and to -assert a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus; d. a memory, operationally coupled to the processor, that stores at least one data word characteristic of a data virus that presents to the processor at least one data word characteristic of a data virus; e. an input buffer that stores data received by the processor from the first data channel; f. an optical isolator, coupled to the first data channel and the second data channel and having an enable signal input, that is capable of isolating the first data channel from the second data channel when the enable signal input is not asserted and is capable of placing the first data channel and the second data channel in optical communication with each other when the enable signal input is asserted; and g. a controllable power supply responsive to the control signal from the processor and coupled to the enable signal input of the optical isolator, the power supply asserting the enable signal when the control signal is not asserted and the power supply not asserting the enable signal when the control signal is asserted, thereby causing the optical isolator to isolate the first data channel from the second data channel.
In yet another aspect, the invention is a method for isolating data receiving entity from a data sending entity. When a data virus received from the data sending entity is detected, the data sending entity is isolated from the data receiving entity.
An advantage of the invention is that it prevents a data receiving entity, such as a S.computer, from receiving a virus from a data sending entity, such as a computer network.
°20 A further advantage of the invention is that it isolates the data sending entity from the data receiving entity without disrupting normal operation of either entity.
Unless the context clearly requires otherwise, throughout the description and the claims, the words 'comprise', 'comprising', and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is to say, in the ••co sense of "including, but not limited to".
.These and other advantages will become apparent from the following description of the preferred embodiment taken in conjunction with the following drawings, although variations and modifications may be effected without departing from the spirit and scope 1 of the novel concepts of the disclosure.
3a- BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS FIG. 1 is a simplified schematic diagram of the invention.
FIG. 2 is a detailed schematic diagram of the invention.
DETAILED DESCRIPTION OF THE INVENTION A preferred embodiment of the invention is now described in detail. Referring to the drawings, like numbers indicate like parts throughout the views. As used in the WO 00/36515 PCT/US98/26377 4 description herein and throughout the claims that follow, and "the" includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of "in" includes "in" and "on" unless the context clearly dictates otherwise.
As shown in FIG. 1, the apparatus 10 of the invention evaluates data received from a data sending entity 20, such as the Internet, by a data receiving entity 30, such as a personal computer or even a local area network. The data is received via a first data channel 22 coupled to the data sending entity 20 and a second data channel 32 coupled to the data receiving entity. A data comparitor 40 is operationally coupled to the first data channel 22 and is used to detect data viruses received from the first data channel 22. When a virus is detected, a data isolator 60, that is responsive to a control signal 42 from the data comparator 40, isolates the first data channel 22 from the second data channel 32. Thus, viruses are detected and prevented from being received by the data receiving entity As shown in FIG. 2, the apparatus 10 of one preferred embodiment of the invention interfaces with a peripheral control interface (PCI) 12 of a data receiving entity 30, such as a personal computer, to provide isolation from a data sending entity 20, such as the Internet. The data sending entity 20 is connected to an input interface 24, such as a standard PBX interface, via a first data channel 22. The data stream received by the input interface 24 is demodulated using a demodulator circuit 26 so as to conform to the data format of the data receiving entity The data stream is then fed into the data comparator 40. In the comparitor circuit 40, a UART chip 46 formats the incoming serial data into parallel data words and a processor 44, such as a PCI host controller, using an asynchronous transfer mode segmentation and reassembly, compares the parallel data with known virus signatures WO 00/36515 PCT/US98/26377 stored in a memory 48, such as an EEPROM. The processor 44, which is controlled by a control memory 50, buffers data from the UART chip 46 in a memory chip 52 as it awaits virus scanning analysis.
After the processor 44 has analyzed an incoming word, it is then sent to the data isolator 60 for eventual transfer to the data receiving entity 30. The data isolator comprises an optical isolator 62 that is driven by a power enable signal 66 received from a power supply conditioning ISO drive 64. The power supply conditioning ISO drive 64 receives power from a power up control logic circuit 54 which receives power from a power line 74 in the PCI bus 12.
If no virus is found, the data stream is transferred through the optical isolator 62 to a modulation level shifting circuit 68, that conditions the data for receipt by the data receiving entity 30, to a modem interface 34. The modem interface 34 provides protocol matching to the input interface 24 and sends the data to the data receiving entity When a virus is detected in the incoming data stream, a control line 42 from the processor 44 causes the power up control logic circuit 54 to cause the power supply conditioning ISO drive 64 to cut off power to the optical isolator 62, thereby causing the optical isolator 62 to prevent passage of data therethrough. A modem standby circuit 36 then takes over and simulates protocol exchanges with the input interface 24, thereby preventing an abnormal disconnect.
During power-up, the processor 40 runs the system through a self checking routine. If any system abnormalities are detected, an interrupt line 70 is asserted. The interrupt line 70 passes through an optical isolator 14 to ensure unidirectional data transmission to the PCI bus 12.
WO 00/36515 PCT/US98/26377 6 The power up control logic circuit 54 also performs a self check. a battery reference 56 is compared to the value on the incoming power line 74 from the PCI bus 12, and if the system is improperly powered, an interrupt line 72 is asserted. The interrupt line 72 is also passed through an optical isolator 16 that ensures that the interrupt line 72 is unidirectional to the PCI bus 12.
The above described embodiment is given as an illustrative example only. It will be readily appreciated that many deviations may be made from the specific embodiment disclosed in this specification without departing from the invention.
Accordingly, the scope of the invention is to be determined by the claims below rather than being limited to the specifically described embodiment above.

Claims (9)

1. An apparatus for isolating data receiving entity from a data sending entity, comprising: a. a first data channel, coupled to the data sending entity; b. a second data channel, coupled to the data receiving entity; c. means for comparing a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and for asserting a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus; and d. means, coupled to the first data channel and the second data channel and operationally coupled to the control signal, for isolating the first data channel from the second data channel when the control signal is asserted and for placing the first data channel and the second data channel in optical communication when the control signal is not asserted.
2. The apparatus of Claim 1, wherein the comparing means comprises: a. a processor; and b. means for presenting to the processor at least one data word characteristic of S: a data virus.
3. The apparatus of Claim 2, wherein the processor comprises a PCI host controller.
4. The apparatus of Claim 2 or 3, wherein the presenting means comprises a memory, operationally coupled to the processor, that stores at least one data word characteristic of a data virus. *o :oo•o :0 The apparatus of any one of Claims 2 to 4, further comprising an input buffer that o* 0stores data received by the processor. 25 6. The apparatus of any one of the preceding claims, wherein data on the first data channel is transmitted in a serial format and wherein the apparatus further comprises means for converting segments of serial data received from the first data rFichannel to data in a parallel format.
7. The apparatus of any one of the preceding claims, wherein the isolating means comprises an optical isolator.
8. The apparatus of Claim 7, further comprising a controllable power supply responsive to the control signal from the comparing means, the power supply generating an enable signal when the control signal is not asserted, wherein the optical isolator is powered by the enable signal so that when the optical isolator receives power from the enable signal, the first data channel and the second data channel are in optical communication with each other.
9. An apparatus for isolating data receiving entity from a data sending entity, comprising: a. a first data channel, coupled to the data sending entity; b. a second data channel, coupled to the data receiving entity; c. a processor that is programme to compare a plurality of data words received from the first data channel to at least one data word characteristic of a data virus and to assert a control signal when a data word received from the first data channel corresponds to a data word characteristic of a data virus; o oo S• d. a memory, operationally coupled to the processor, that stores at least one •••data word characteristic of a data virus that presents to the processor at least S•one data word characteristic of a data virus; S. 20 e. an input buffer that stores data received by the processor from the first data oooo• S"channel; f an optical isolator, coupled to the first data channel and the second data channel and having an enable signal input, that is capable of isolating the "first data channel from the second data channel when the enable signal input 25 is not asserted and is capable of placing the first data channel and the second data channel in optical communication with each other when the enable "signal input is asserted; and g. a controllable power supply responsive to the control signal from the processor and coupled to the enable signal input of the optical isolator, the power supply asserting the enable signal when the control signal is not 41 R A4asserted and the power supply not asserting the enable signal when the control signal is asserted, thereby causing the optical isolator to isolate the first data channel from the second data channel. The apparatus of Claim 9, wherein the processor comprises a PCI host controller.
11. The apparatus of Claim 9 or 10, wherein data on the first data channel is transmitted in a serial format and wherein the apparatus further comprises means for converting segments of serial data received from the first data channel to data in a parallel format.
12. An apparatus for isolating data receiving entity from a data sending entity substantially as herein described with reference to any one of the embodiments of the invention illustrated in the accompanying drawings. DATED this 5 t h day of July 2002 RVT TECHNOLOGIES, INC 15 Attorney: PHILLIP D. PLUCK Fellow Institute of Patent and Trade Mark Attorneys of Australia of BALDWIN SHELSTON WATERS :00000 000e o 0e 00. 000* 000f 0000
AU19101/99A 1998-12-11 1998-12-11 Method and apparatus for isolating a computer system upon detection of viruses and similar data Ceased AU758189B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US1998/026377 WO2000036515A1 (en) 1998-12-11 1998-12-11 Method and apparatus for isolating a computer system upon detection of viruses and similar data

Publications (2)

Publication Number Publication Date
AU1910199A AU1910199A (en) 2000-07-03
AU758189B2 true AU758189B2 (en) 2003-03-20

Family

ID=22268464

Family Applications (1)

Application Number Title Priority Date Filing Date
AU19101/99A Ceased AU758189B2 (en) 1998-12-11 1998-12-11 Method and apparatus for isolating a computer system upon detection of viruses and similar data

Country Status (5)

Country Link
EP (1) EP1137992A4 (en)
AU (1) AU758189B2 (en)
CA (1) CA2360782A1 (en)
MX (1) MXPA01007044A (en)
WO (1) WO2000036515A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7263616B1 (en) * 2000-09-22 2007-08-28 Ge Medical Systems Global Technology Company, Llc Ultrasound imaging system having computer virus protection
DE10064658B4 (en) * 2000-12-22 2004-04-08 Siemens Ag Computer arrangement which can be connected to a data transmission network
FI113499B (en) * 2002-09-12 2004-04-30 Jarmo Talvitie A protection system, method and device for using computer viruses and isolating information
AU2004200951B2 (en) * 2003-03-06 2007-02-01 Rod Holding Extension for information processing using photon image transmission
WO2005124561A1 (en) * 2004-06-21 2005-12-29 Anatoly Kopytko Method for protecting computer devices against viral codes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US5652685A (en) * 1995-01-17 1997-07-29 Latsu, Inc. Read/write head for contact with a media disk
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
ATE183592T1 (en) * 1994-06-01 1999-09-15 Quantum Leap Innovations Inc COMPUTER VIRUS TRAP
US5826013A (en) * 1995-09-28 1998-10-20 Symantec Corporation Polymorphic virus detection module
GB2322035B (en) * 1997-02-05 2001-09-19 Stuart Justin Nash Improvements in and relating to computers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US5652685A (en) * 1995-01-17 1997-07-29 Latsu, Inc. Read/write head for contact with a media disk
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers

Also Published As

Publication number Publication date
CA2360782A1 (en) 2000-06-22
AU1910199A (en) 2000-07-03
EP1137992A4 (en) 2003-02-05
EP1137992A1 (en) 2001-10-04
WO2000036515A1 (en) 2000-06-22
MXPA01007044A (en) 2002-09-18

Similar Documents

Publication Publication Date Title
US6003132A (en) Method and apparatus for isolating a computer system upon detection of viruses and similar data
US6081894A (en) Method and apparatus for isolating an encrypted computer system upon detection of viruses and similar data
JP3381055B2 (en) Virus intrusion prevention method and virus intrusion prevention mechanism
US7150045B2 (en) Method and apparatus for protection of electronic media
US7380277B2 (en) Preventing e-mail propagation of malicious computer code
US8245296B2 (en) Malware detection device
US20080046563A1 (en) Network Intrusion Prevention by Disabling a Network Interface
AU758189B2 (en) Method and apparatus for isolating a computer system upon detection of viruses and similar data
US20080071938A1 (en) Multifunction machine and a control method of the multifunction machine
KR20030044817A (en) Apparatus, method, and system for virus detection
KR20060067117A (en) Detection apparatus of embedded malicious code in office document and method thereof
CA2253933A1 (en) Half duplex uart control for single channel bi-directional wireless communications
US7426591B2 (en) Information communication device and condition setting method
JP3724146B2 (en) Computer, computer virus countermeasure method, and recording medium on which computer virus countermeasure program is recorded
KR100985076B1 (en) Apparatus and method for protecting data in usb devices
US8274679B2 (en) Information processing apparatus and method of controlling the same
EP0992908A2 (en) Network scan server ready state recovery method
JP4145171B2 (en) Image processing device unauthorized use monitoring device
US6601174B1 (en) Data processing system and method for permitting a server to remotely provide a client computer system's settings password to the client
US6643717B1 (en) Flow control
JP3682403B2 (en) Information transmission system
JPH10308863A (en) Communication equipment and communication method
US20080005315A1 (en) Apparatus, system and method for stream-based data filtering
JP2010226289A (en) Image transmission apparatus and program
JPH05233547A (en) Transaction inflow controller

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired