KR20060135757A - Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features - Google Patents

Abstract

Information appliance, computing device, or other processor or microprocessor based device or system provides security and anti-viral, anti-hacker, and anti-cyber terror features, and can automatically create multiple sequentially or concurrently and intermittently isolated and/or restricted computing environments to prevent viruses, malicious or other computer hacking, computer or device corruption and failure by using these computing environments in conjunction with restricted and controlled methods of moving and copying data, combined with a process that destroys malicious code located in computing environments and data stores. Time multiplexed processing streams (2956) with system, device, architecture and method for maintaining isolation of multiple processes executing in single physical processor. Virtual multi-dimensional processing space (2955) and virtual processing environments (2951-2954). Temporally multiplexed processing in a single CPU. Process isolation (2943) using address control and mapping. Selecting, configuring, switching, and/or multiplexing multiple processes in physical and/or virtual processing or computing spaces to create physical and/or virtual processing or computing environments.

Description

ISOLATED MULTIPLEXED MULTI-DIMENSIONAL PROCESSING IN A VIRTUAL PROCESSING SPACE HAVING VIRUS, SPYWARE, AND HACKER PROTECTION FEATURES}

FIELD OF THE INVENTION The present invention relates to security and anti-bias, anti-hacker, and anti-cyber terrorism characteristics for computers, information devices, mobile communication devices, and other electronic devices. Or computers, information devices, mobile communications that support anti-bias, anti-hacker, and anti-cyber terrorism features to create multiple concurrent or sequential time processing environments and procedures and programs that do not affect program data. Devices, and other electronic computing devices.

According to the prior art, computers, cellular telephones, and broadband devices using computer or processor technology are vulnerable to computer hackers, viruses, cyber terrorists, spyware, and / or other malicious computer program code. Anti-virus software is known, but such anti-virus software becomes useless when new viruses penetrate. In addition, at least some damage to some computers may be done during the initial release phase. Although firewalls and other protective measures are known, these firewalls cannot be integrated into portable computers running on public networks outside the corporate information technology (IT) environment, and there are many hacking techniques that break down these firewalls. Worldwide cost losses resulting from viruses, spyware, and hacking are estimated at billions of dollars. The damage caused by such malware will be enormous, as more computers are used to control and manage the operation of airplanes, transportation systems, building environmental controls, stock markets, telephone systems, nuclear power plants, and other public and private facilities.

Accordingly, what is needed is a structure, system, and method of operation that can provide protection against malicious activities such as computer hacking, viruses, spyware, cyber terror attacks, and the like. There is a need for a universal vaccine against such malicious agents. In addition, unlike existing computers, in order to create a known clean storage environment before opening files or data sets, it is necessary to return to a known clean installation of the operating system and application program software and / or data, if necessary. What is needed is a computer that initiates a "treatment" and allows a user to reset and delete memory and data storage devices.

The invention provides security and anti-virus, anti-hacker, and anti-cyber terrorism characteristics, combined with processing to destroy malicious code located in computing environments and data storage devices, to limit data movement and copying, By using these computing environments in conjunction with a method of controlling it, it is possible to automatically eliminate multiple sequential or simultaneous and intermittent separate and restricted computing environments to prevent viruses, malicious or other computer hacks, computer or device destruction, and failures. Can be generated.

In one embodiment, the present invention provides information device structures, systems, devices, and methods of operating them. An information device of this type comprises a first storage device for programs and data, processor logic to execute computer program instructions to perform a task comprising user data; (1) prevent user data with unknown or untrusted content from being exposed in the control processor logic environment to computer program code capable of executing any computer program code instructions embedded in user data, and (2) storing first When disconnected from the device, the information device is created in such a way that separate control processing environments and user processing environments are created and maintained such that unknown or untrusted content is exposed only to the user processor logic environment of a temporary storage device different from the first storage device. It works.

In another embodiment, the present invention provides an apparatus comprising: at least one processing logic device for executing at least one instruction; A first storage device for storing first data and first program code, the first storage device comprising at least one instruction and one user data; A second storage device for storing second data; A switching system that selectively and independently couples and uncouples the first storage device and / or second storage device with the processing logic device under automated control, the switching system comprising processing logic to select a condition of a switching system. A switching system for receiving at least one control signal from the apparatus; Wherein the processing logic device operates in the user data configuration and control configuration according to the following conditions; (i) if processing logic is loaded with program instructions that have untrusted content or are unable to execute a data item that was not created from a known controlled environment, the processing logic device is associated with the first storage device; (ii) the processing logic device is not associated with the first storage device if the processing logic is loaded with program instructions that have untrusted content or are capable of executing data items that are not created from a known controlled environment; (iii) if processing logic is loaded with program instructions that have untrusted content or that are capable of executing data items that were not created from a known controlled environment, the processing logic device is associated with the second storage device; (iv) If the processing logic is loaded with a program command that can only copy data items from the first storage device to the second storage device or from the second storage device to the first storage device, then the processing logic device may be configured as the first storage device. And a second storage device. A method of implementing and operating an information device is provided.

Embodiments of the present invention provide for the selection, configuration, switching, and / or multiplexing of multiple processes in physical and / or virtual processing or computing spaces to create physical and / or virtual processing or computing environments. In one embodiment, the time for the plurality of processes in such a way as to maintain a separation between the processes so that problems in one process (eg, program virus execution) do not affect other processes or stored programs or data. Multiplexing is provided. Separation can be selectively canceled by a trusted user using trusted configuration and program elements.

Embodiments of the invention include any device including processing or calculation logic, computer, notebook computer, personal digital assistant, personal data generator, cellular telephone, mobile telephone, wireless receiver, wireless transmitter, GPS receiver, satellite telephone, automobile mounting Computers, airplane-mounted computers, navigation devices, home appliances, printers, scanners, cameras, digital cameras, TV receivers, broadcast control systems, electronic devices, medical monitors, security devices, environmental control systems, process monitoring or control systems, and their It can be applied to various electronic devices including a combination.

1 shows a laptop computer or other computing device, according to the prior art.

2 illustrates a laptop computer or other information device incorporating one embodiment of the present invention.

3 is a diagram of a structure and system that supports multiple independent computing environments, in accordance with an embodiment of the invention.

4 is a flowchart of one method for using an embodiment of the present invention.

5 is a flowchart of one method for initiating computing environments.

6 is a flow diagram of one method of implementing one or more switch systems for computing environments.

Figure 7 illustrates an alternative embodiment of the present invention that includes a special purpose subsystem or computing environment and a general purpose controller.

Figure 8 illustrates another alternative embodiment of the present invention.

9 illustrates another alternative embodiment with an inventive structure and system.

10 illustrates another alternative embodiment with a unique structure and system.

11 illustrates a further embodiment of the present invention having at least one independent computing environment and combined control computing environment for user processing.

12 may support multiple logic or virtual computational environments using temporally separated allocation and intermittent access of components and access, but with a unique architecture and system that provides only one physical computational environment. Figure shows an embodiment for.

Figure 13 illustrates another embodiment of an inventive architecture and system implementation in accordance with aspects of the present invention.

Figure 14 is a diagram of an embodiment of an interface card of the present invention, such as a PC card.

FIG. 15 is a diagram of the PC card embodiment of FIG. 14 showing the connection between the PC card and the peripheral bus, the host bus, and the host processor.

Figure 16 illustrates the dynamic configuration and switching of components and connections in the present invention.

Figure 17 illustrates another alternative aspect of dynamic configuration and switching and connection of components in one embodiment of the present invention.

FIG. 18 is a diagram illustrating additional features of the present invention, including how the inventive computing environment connects multiple keyboards and mice, and provides multiple individual layered video sets.

19 shows a processing system configuration in which processing or computing environments are kept separate from processor inputs and outputs.

20 illustrates an embodiment of an N-dimensional virtual processing space having a plurality of virtual and physical processing or computing environments.

21 is a diagram of a method of maintaining separation between inputs and a processor.

FIG. 22 illustrates a particular embodiment of a system, apparatus, and architecture for performing temporal multiplexing for multiple processors in a physical or virtual processing environment having only one processor.

Figure 23 shows an embodiment of another system for maintaining a controlled degree of isolation between a plurality of processes of a computer.

The present invention generally relates to computers, information devices, mobile communication devices, cellular and mobile telephones, personal digital assistants (PDAs), music storage and players, data organizers, hybrid devices incorporating such functional elements, and the like. In particular, the present invention is limited and controlled in combination with a process for automatically generating multiple sequential or simultaneous and intermittent separate and / or limited computational environments to destroy malicious code located in computational environments and data storage devices. The use of such computational environments in conjunction with advanced moving and copying data methods relates to preventing viruses, malicious or other computer hacking, computer or device destruction and failure.

In the present invention, these needs are achieved by providing an operating method, system, structure for computing devices and other information devices. This new method makes it possible to provide computers and information devices that are inherently resistant to hacking and viruses and other malicious agents and code. In addition, unlike computers that allow a user to initiate a "repair" on demand by reverting to a previous backup of the software, the inventive structures, systems, and methods of the present invention may reset or reset memory and data storage devices prior to opening each file. Delete to maintain a known clean storage and processing environment. For example, by using this new technique, data storage devices can be automatically reformatted or deleted, and the computing environment may be exposed or exposed to untrusted or unknown code before moving or opening new files in the computing environment. After every possibility, the memory is erased or reset.

It is well understood through the structure, system, and method of the present invention that embodiments of the present invention provide intermittent sequential separation and / or communicationally limited computational environments that are created, operated, and interrupted by an automated control system. There will be. Different levels of isolation and / or security or immunity levels from malicious code can be implemented depending on the needs of the computing environment of the device incorporating or using the computing environment.

This section protects computers and computing devices from hacking, viruses, cyber-terrorism, and from spy software (spy-ware), keystroke records and damage from hacking, viruses, worms, Trojan horses, and similar threats. A computer program and a computer program product, structure, system, apparatus, and method are described. Cyber terrorism is an attempt to destroy a computational system, such as an attack created by unauthorized access attempts to user secret data. The present invention provides a solution to potential cyber-terrorism.

Conventional computer systems generally include a processor, memory, display, display controller, and input / output controller. The present invention provides a plurality of special purpose subsystems (physically or temporally separated) embedded within a computer system (or other device) housing or case. Such specific use subsystems generally perform limited functions and have limited interaction with other specific use systems.

General purpose or special purpose subsystems (also referred to as "separate processing units", "separate computing environments", or simply "computing environments" in some embodiments) store information, perform tasks, and communicate. It can be designed for a variety of purposes, including supporting connections.

Computing environments and components of such computing environments may be modular or contain entities such as CSCE or CCE computing environments until a faulty component or set of components, including the computing environment, is replaced or repaired in the work area. By controlling, specific fault components and / or computing environments can be dynamically implemented to be addressed. Optional diagnostic processing and testing and removal components of the attached components (eg, via one or more switches) may be performed to isolate and identify the problem.

Aspects of the computing environment are now described. This description is somewhat generalized because of the wide range of specific embodiments and physical implementations that can be realized. The computing environment executes one or more computer program instructions. One or more computing environments are combined with a computer system. The computing environment may be represented by physical representations, logical representations, and / or combinations of physical and logical representations. In the physical representation, the computing environment includes physical computer components such as a central processing unit (CPU), one or more memories, and one or more peripherals. In a logical computational environment representation, by using one or more common computational components, the first computational environment may coexist with other computational environments. The first computing environment is separated from other computing environments so that communication can be supported between the first computing environment and other computing environments that communicate with viruses, hackers, or other malicious code or data. For example, in one embodiment, there is only indirect communication of a limited set of information. In other embodiments, direct communication exists, but this communication is limited in a particular manner, allowing only authorized data types, such as window screen adjustment, mouse position adjustment, or any other data types further described herein further. Filters and limiters may be used to limit communication between the first communication environment and the second or other computing environments. In some embodiments, these filters and / or limiters are hardware circuits that cannot be destroyed by malicious code, and in other embodiments, software and / or firmware are used for such filtering or limiting, and in other embodiments In these, hybrid hardware-software / firmware filters and / or limiters may be used. Each computing environment typically performs various processing operations, including receiving input from one or more peripherals through an I / O switch system and sending output to one or more peripherals through an I / O switch system. Can be. This processing operation performed by one computing environment is generally independent of the processing operations of the other computing environment. According to one embodiment of the invention, potential malicious processing operations of one computing environment do not directly interfere with processing operations of another computing environment.

According to one embodiment, separate computing environments and other physical or logical computing environments exist in different address spaces corresponding to computer systems. As a result, each physical or logical computing environment is separate from the operation of each of the other logical computing environments. In addition, various configurations may be used to manage the creation and operation of multiple logical computing environments. In addition, operating systems (eg, Linux, Macintosh, Microsoft Windows®, and / or other operating systems) correspond to logical computing environments, physical computing environments, and / or combinations of logical and physical computing environments.

The control computing environment may be selected from computing environments for implementing and / or reimplementing the data storage switching system configuration and / or the I / O switching system configuration. The data storage switching system configuration supports communication between the control computing environment and the protected data storage device described above. According to one embodiment, the initial boot sequence identifies initial configuration information in computer CMOS data to identify a control computing environment, protected data storage device, and initiates implementation of a data storage switch configuration and / or an I / O switch system configuration. do.

One or more user computing environments are selected from the computing environments to perform computer processing separate from the control computing environments and other user computing environments. Data (eg, computer files) is received by the user computing environment through a data storage device communicatively coupled with the user computing environment. According to one embodiment, the control computing environment is communicatively coupled with a first data storage device comprising user information and a protected data storage device. The control computing environment is configured to support copying information between the protected data storage device and the first data storage device. After the control computing environment initializes the first data storage device, the first data storage device is communicatively de-attached from the control computing environment and connected to the user computing environment for independent use with other computing environments. do. After the user computing environment has completed an operation (eg, editing a file, receiving an email, etc.), the first data storage device is separated from the user computing environment and connected to the control computing environment. Again, the control computing environment is configured to support copying information between the protected data storage device and the first data storage device. As a result, the data can be stored independently of the processing operations of the user computing environment. Thus, malicious code processed within the user computing environment does not destroy data and / or other files stored on the protected data storage device.

In one embodiment, sophisticated processing power, such as processing power that can provide the ability to run malicious computer programs or software, is selectively or intermittently removed only in copy operations. This elaborate process itself is disabled in response to a signal from the controlling entity during the copy operation and is re-enabled when this operation is complete. This operation can be used, for example, during a file storage operation or when copying data or master templates to the computing environment.

In one embodiment, a storage subsystem or computing environment (or protected storage computing environment) can be designed to store data and retrieve data while allowing limited access to stored data. The working subsystem (or referred to as a separate processing unit computing environment) processes information to achieve the same results as a general purpose computer with a variety of applications, but at the same time protects the system as a whole and protects the user from loss or destruction. It is designed to protect your data. The communication subsystem (or control and switching computing environment) is designed to facilitate communication between other specific use subsystems or computing environments.

Each particular use subsystem or computing environment generally includes one, some, or some of the computing environment or processing application with processing functions, memory, logic, and other (internal or external) components, depending on the processing to be performed. Or both. The processing function may be some type of computer processing unit (CPU) or ASIC. The processing function may be a computer system CPU or a CPU shared by a number of special purpose subsystems. Thus, processing functionality associated with a particular use subsystem may be used by the computer system or other specific use subsystems.

Exemplary features and aspects of the invention are described to provide a schematic understanding of the structure, features, and advantages of the invention. This section is followed by a detailed description of several exemplary structures and structural topologies, through which the scope and particular structure and methodological implementation of the present invention may be understood.

Various embodiments of the present invention provide limitations to the processing of the computing environment, data storage and processing, and communication, and / or simultaneous and / or intermittent and sequential or temporal separation. In at least some embodiments, such separation or limitation may be a process or computer previously used prior to using a computational or processing environment for subsequent operations, such as, for example, before opening another file or data set for operation. Combined with deleting, reformatting, and resetting the environments.

In one embodiment, on a computer system or other device incorporating a function, deletion / reset and copying of some or all of the sequential and automatic master templates before a new file is opened to repair the computer or prevent failure. This provides a new type of self repair feature.

In one embodiment, user data is stored in one or more simultaneous or intermittent sequential separation and / or restriction data storage devices and / or intermittent separation and / or limited protection computing environments. Here, protected data storage device (s) or protected computing environment (s) may be referred to as protected data storage devices (PDS). The protected data storage device may store any data such as user data and files, application program code programs or applets, operating system or portions thereof, device drivers, status information, and the like.

Although the structure, organization, and stored content of a protected data storage device or more generally protected storage device may vary from system to system, some features (including some optional features) are described with reference to one embodiment. Protected data storage devices are used to store information in such a way that data (including user data, computer program code, email, web pages, instructions, operating system code, sets of binary bits, etc.) is not executed. Thus, such data is not exposed to a processing environment that generally performs processing or operations on stored data or information based on the content of stored information. This separation from exposure is applied equally during data and software copy operations, so that any malicious code contained therein is executed until the exposure to the run is in a separate computer environment that at most contaminates that particular computing environment. It doesn't work.

According to one embodiment, a user file (eg, a user word processing document, email, spreadsheet, Microsoft Outlook or other contact file, password, cellular phone number list, PDA stored data, or other user data or program) is Stored in a protected data storage device. In one embodiment, this protection is achieved by storing data in a protected storage device, which can cause the execution of malicious or binary sequences that may be present in viruses, robots, hacker code, or other malicious code. Access by structure or processing is not done. Ideally, user actions such as editing a corresponding job processing document or opening and reviewing an email message (and attached document) are independent of the original of the document stored on the protected data storage device and the computer (or PDA, cellular telephone). , Copying of the original data at a separate location within an analog or digital camera, or other information device. The separation (separation) of the storage and operation of the protected storage device of the original file or data set and the copy of the file or data set is described in detail below. From a processor capable of executing another malicious code or virus, such as a simple set of "0" and "1" bits that are moved or copied from one data storage device to another, or that do not cause problems when stored on the data storage device. Separation is understood.

One or more original data storage devices are used to define a protected data storage device. Multiple protected data storage devices are optionally defined, but generally not required. In one embodiment, the protected data storage device is user data or other files (eg, computer application programs, operating systems, and other non-user code or data) independent of a processing environment that can modify the user file. Can be used to store The master template can be one type of non-user data that can be stored in the form of protected storage. This may be referred to as a protected master template storage device.

In one embodiment of the present invention, the user's decision to edit the document causes the original of the document to be copied from the protected data storage device to the second data storage device. A user computing environment that can be combined with a second user data storage device for editing the original document is used to create a second version of the document. For example, an action by a user, such as storing a second version of a document, generates a series of instructions to copy the second version of the document back from the second storage device to the protected data storage device. Copying the second version of the document to the protected data storage device may be overwriting the original of the document.

Structures and processes for storing and retrieving binary data from protected data storage devices and / or protected master template storage devices, and without processing data including malicious code or data stored on the same storage device or within the same computer system. The method for operation of processing such protected information within a computer system is described in detail below.

With respect to the system of the present invention, the control computing environment protects against execution or processing of code that can generate unknown and potentially malicious code by separating or restricting communication with protected data storage devices simultaneously or intermittently as needed. The protection of the data storage device is achieved by switching communication. The directory of the protected data storage device may be created, for example, by a controlled computing environment or a protected storage computing environment (see other parts of this document), and such a directory may be, for example, a desktop computing environment (simultaneously or Intermittently) to communicate with a separate and / or limited computing environment. Such controlled computing environments, protected storage computing environments, desktop computing environments, and other computing environments are described in detail herein and in the figures. It should be noted that in one embodiment, this directory is created by a protected storage computing environment that includes limited processing capabilities. For example, this may include the ability to record and read ASCII and extended ASCII file names and directories, may include the ability to copy and move data, and the ability to create file directories. In general, it does not include other functionality or capabilities necessary to recognize or execute code or to execute other functions that are detrimental to the system, program, or data integrity. This information is collected by the control computing environment or transmitted to the controlled computing environment by the protected storage computing environment.

In at least one embodiment, a combination of one or more of the following structures and / or procedures may be combined into one computing environment configuration and / or process, which may be predetermined or dynamically determined and configured. ; (a) control environment, (b) protected storage, (c) desktop environment, (d) switching, (e) switching configuration, (f) reformatting / deletion environment, (g) video control environment, (h) ) Video processing, and a subset or combination thereof. Other optional structural and / or procedural elements can alternatively or in addition be implemented. Thus, for example, in one embodiment, the invention may include two computing environments, one of which includes all environments, switches, and switch configurations, but excludes the user computing environment, and the other. One is a computing environment that includes only the user environment.

To open the user data, the user selects a data representation, such as a file name, “shortcut,” or “alias” that is located or identified in or by the desktop computing environment. The actual file does not open or run in the desktop computing environment, and does not actually exist in that desktop computing environment. Instead, this file name and location information (see pointer or file or data set) is transferred to a control computing environment that is not separated from the desktop computing environment. In such an embodiment, the control computational environment may comprise a plurality of concurrent or intermittent separate and / or communicationsally limited computational environments (e.g., a file corresponding to a file name selected by the user (or other designated entity) from the protected data storage device. For example, copy to one of the user computing environments # 1). In this embodiment, the command is sent to user computing environment # 1 to open the file, and the command is sent to switch (s) to terminate unrestricted communication with user computing environment # 1. The structures, systems, and methods associated with this operation are described in detail throughout this specification.

When user data is "infected" with malicious code and executed, other user data or information within the protected device by running the malicious code is not damaged, except for damage to the original infected data file. Even if the application program computer code or operating system program code is contaminated or damaged, this contamination or damage does not affect the continuous operation of the system or device because only the copy is contaminated or damaged and the copy is not reused. .

In this example embodiment, the optional restricted communication path connects user computing environment # 1 to the control computing environment, which may be limited to any one or more paths. For example, such a communication path may be limited by an ASCII limiter or filter with very limited communication capabilities, such as allowing only a predetermined set of ASCII characters to pass through, and this set and command support executable instructions. It is known that it does not have a predetermined high probability or accuracy. This limiter compares, for example, the bits or characters with which communication is attempted to the allowed bits or characters set. In this embodiment, for example, it may be restricted to a limited number, such as a sequence of binary "0" or "1" bits, representing concepts such as, for example, "save file" and "delete / reset this computing environment." Includes only the functionality needed to communicate to the control environment, including, for example, a limitation on the amount of information that can be communicated in a time period or in response to event (s).

Alternatively or in addition, electrical or optical light pulses or other signals may be communicated to a receiver connected with the control environment, for example, one pulse means “file storage” and two consecutive pulses It means "delete / reset calculation environment". These are merely examples, and those skilled in the art will appreciate with reference to the present specification that other signaling schemes may be used that limit the amount or nature of the information, but provide other required actions.

After the data storage device and its computing environment are "exposed" to the user's document, and therefore potentially exposed to virus, spy software, or malware code, the data storage device is completely reformatted, erased, deleted, and reset. , Remove all data such as hidden parts, drivers, boot sections, hidden code, etc. The computing environment may be "re-set" in a manner that ensures there is no residual contamination before next use (e.g., cycled power or otherwise erased or reloaded power).

The switching and copying process described above (and in various alternative embodiments elsewhere herein) may be used to move data to and from securely separate computing environments and data storage devices or storage subsystems. have; This process can be controlled and organized by the control computing environment, associated software and connected switches. Master templates (described in more detail in various embodiments of the present invention, including clean and uncontaminated executable code in simplified terms) can be copied between data storage devices as needed.

Various switches, switching systems and means are described in connection with various embodiments. Again, this description is somewhat generalized because the architecture, systems and methods of the present invention may be widely applied to many different physical implementations and device types. In one embodiment, a generic switch system may, for example, name only two of the many examples that may be named, for example, between first and second storage devices or between a network interface card (NIC) and a computing environment. It can be used to connect one or more sources and one or more destinations to support communication between sources and destinations as in. The communication may support two-way or one-way communication between the source and the destination. A typical switch system may be connected with a switch configuration used to determine which sources should be connected to which destinations. The switch configuration may, for example, identify one or more logic circuits or circuits, data files, look-up tables and / or connections or validly enabled communication paths between the source (s) and destination (s). May include any other means for designation. In one embodiment, the switch configuration may identify communication paths that are not valid or not enabled, and in other embodiments, the switch configuration is invalid (not enabled) communication between possible sources and destinations. Both a path and a valid (enabled) communication path can be identified. A typical switch system can be implemented in hardware, software and / or a combination thereof.

According to one embodiment of the invention, a general switch system may be implemented in hardware as a physical switch. The source can be represented by an IDE device, and the destination can be represented by a computing environment. Each source can be connected to a typical switch system using an IDE cable. Each destination can also be connected to a typical switch system using an IDE cable. According to one embodiment of the invention, the switch configuration can be represented according to the physical functions of the switch and the IDE cables are physically connected to the switch. Physical manipulation and / or twisting of the physical switch may connect a given IDE cable corresponding to the source and a given second IDE cable corresponding to the destination to support communication between the source and destination. Communication between the source and the destination may support bidirectional communication. According to one embodiment of the present invention, the switch may be operated manually and / or by directing and / or controlling one or more computing environments.

According to one embodiment of the invention, a general switch system may be implemented in a combination of hardware and software, for example, through the use of a computer system connected with a general switch system. A computer system can execute one or more computer instructions and can be used to construct a general switch system. Various example instructions may include configuration instructions, communication instructions, and access instructions. Configuration instructions can be used to configure the communication to support the ability to enable or disable communication between a given source and destination. Communication commands may be used to receive, transmit and / or verify information related to one or more configurations. For example, communication commands can be used to receive information that can continue to be used by configuration commands. Access commands can be used to read and / or write information related to the switch configuration. However, it will be understood that other instructions and / or sets of instructions may be used.

The data storage switch system may include the functionality of a typical switch system, with a source representing a data storage device and a destination representing a computing environment. A general configuration can be used to identify which data storage devices are connected to which computing environments. As described above, IDE devices may represent an example of a data storage device that may be configured to support communication with one or more computing environments.

According to an embodiment of the present invention, the data storage switch system may be connected with a data storage switch system configuration which may extend the number and / or type of characteristics corresponding to the general configuration. Data storage switch system characteristics can also assist in configuring communication between a source and a destination.

I / O and / or other peripheral or device switch systems may include the functionality of a typical switch system, where a source may represent a peripheral device and a destination may represent a computing environment. A general configuration can be used to identify which data storage devices are connected to which computing environments. The keyboard device may represent one embodiment of a peripheral device that may be configured to support communication with one or more computing environments.

According to an embodiment of the present invention, the I / O system may be connected with an I / O system configuration that can extend the number and / or type of characteristics corresponding to the general configuration. I / O switch system characteristics support configuring communication between source and destination. In one embodiment, with respect to these switching and communication paths, a data storage switch communication path is used to connect the data storage switch and the computing environment. The data storage switch communication path is used to support communication with at least one data storage device in accordance with the data storage switch configuration, as described above. According to one embodiment, one of the data storage devices associated with the computing environment includes an operating system that can be used by the computing environment as a computer boot device.

In a similar manner, I / O switch communication paths are used to connect the I / O switch system with the computing environment. I / O switch communication paths may be used to connect one or more peripheral devices with one or more computing environments. The I / O switch system configuration can be used to deliver output from one or more computer environments to one output device. Similarly, an I / O switch system configuration can be used to deliver input from one peripheral computing device to one or more computing environments.

The I / O switch system configuration may be configured to deliver the received input (or output) to at least one computing environment based on the corresponding characteristic. In addition, the I / O switch system configuration may be configured to output the output generated by one or more computing environments based on the corresponding characteristic (see description of the characteristics in other parts of this specification). Or to some other component in the system.

Turning attention to other types of signals, in one embodiment, the video signal outputs from each separate computational environment may be corrupted when the malicious code can no longer be executed (e.g., the output is a graphical "primitive and And / or video signals are analog signals) at the time of processing such video signals. This prevents a window video signal representing a process occurring in separate computing environments from being used as a medium for cross contamination of different computing environments. Note that not all computational environments require or generate video output signals (especially because some processing of specialized devices may process data in a computing environment but does not provide a user-visible video display or signal). .)

In one embodiment, a so-called “separated global toolbar” may also be used for predetermined or dynamic (eg, context sensitive) instructions and / or other operations or functions. This separate global toolbar can appear on its own separate video layer or desktop computing environment to protect itself from malicious code. Preferably, a separate global toolbar is always on top or displayed in response to some user command or action, such that the user or other trusted control entity can control the action directly in one of the computing environments. For example, if the user sees some suspicious output represented in the window video portion of the display screen, the user accesses a separate global toolbar and terminates the processing that occurs in the computational environment, optionally saving or saving the file. You will take various options, such as not doing it. In one embodiment, this provides the user or operator with administrative control over operations of the entire system as well as operations that occur in any computing environment. The global toolbar may allow for any action or functionality, but in some embodiments the global toolbar will have a more limited set of administrative functions or actions. In some embodiments, the functions and operations that can be accessed through the global toolbar may be set according to system defaults, administrative priorities, user priorities or other rules or policies.

In one embodiment, these functions and operations may also or alternatively be performed in computer program software instructions. In other embodiments, there may be hardware components, and in other embodiments, there may be a combination of hardware and software. Thus, each environment can be separated in software, and switching and copying can be performed by software or the like.

Note that optional procedural steps may be truncated or omitted, and the functions of the computing environments described herein may be mixed and matched as desired. In some examples, the decision to include or exclude optional steps or procedures may be determined by a threatening environment, sensitivity of data and / or behavior, demand for speed, storage device attributes (eg, magnetic storage media versus electronics). RAM) and other factors. For example, the functions of the control computing environment may be combined with the desktop computing environment and / or switch configuration and / or switch and / or protected storage media.

The principles of the present invention are not affected by any particular computer operating system, application program, user interface or device type or characteristic. Essentially the architecture, systems, methods and procedures of the present invention apply to any electrical, electronic or optical device having a logic circuit that can use information (such as in the form of binary bits) to perform the intended logic or arithmetic operations It is then possible to change or corrupt by causing different or additional information to be generated, so that the intended operations are not performed or additional operations are performed. In modern devices such as computers, information appliances, cellular or other mobile phones, automotive electronics, home appliances, GPS receivers, PDAs, and the like, the logic may be a controller, processor, microprocessor or other programmable logic circuits. Or logic means; And the information used is computer program instructions and optional data. In the future, presently developing optical computing systems will become more commercial, and the present invention will be applicable to optical computing and information processing systems and optical processors.

While the description herein focuses on computers and computing environments, the present invention is applicable to all manner of devices and systems having logic for interpreting instructions and / or data, and thus viruses, hackers Are susceptible to accidental or intentional malicious attacks by agents, spyware, cyber-terrorism or other external agents.

Attention is now directed to some features of existing computer systems and to comparative aspects of various embodiments of the present invention. Since the present invention can be implemented in many different physical forms, various embodiments are described as examples of how typical systems may be implemented. Those skilled in the art will understand that these are merely additional embodiments of the invention that embody some or all of these features.

1 illustrates a typical laptop (or other) computer system 1900 according to the prior art. Such a computer system, as is known in the art, includes a CPU 1508-1, a data storage device 1502-1 (typically in the form of a rotating magnetic hard disk drive) and one or more peripheral devices 1541-1541-2. Electronic devices such as ..., 1541-N) and a case or housing in which any mechanical components are disposed. The housing or case 1904 also typically mounts or includes a pointing device, such as a display screen 1904, a keyboard, a mouse. Additional external peripheral devices may be attached or coupled to the computer system 1900 through various connection ports that are typically provided. In these existing computing systems, the data storage device 1502-1 and the peripherals 1504-N are, as is known in the art, typically have a CPU 1508-1 in a fixed topology over the system and peripheral buses. Is connected to. For example, data storage device 1502-1, which is typically a hard disk drive or some solid state memory (RAM), is always connected to the CPU unless it is physically removed from system 1900. Similarly, CPU-attached memory is always connected to the CPU unless it is removed, and in most existing computing systems, certain parts of this memory (such as on-chip caches) are always permanently connected to the CPU. It is. Similarly, peripheral devices such as CDROMs, DVD readers / writers, network interface cards (NICs), modems, floppy-disk drivers (FDD), air interface cards and other peripherals are connected to the system and fixed. Busses and interconnects are connected directly or indirectly to the CPU. Since these interconnections are always present, they may provide an opportunity for viruses or other malicious code to be delivered to the CPU, CPU related memory, BIOS or data storage device. Such malware can either run immediately or wait idle until a certain future time or event. Means for achieving immune levels from this vulnerability are further described in connection with embodiments of the present invention.

FIG. 2 illustrates exemplary desktop computer systems, laptop computer systems, notebook computer systems, PDAs, fixed or mobile wired or wireless communication devices (such as mobile phones, cellular phones, satellite phones, radio-frequency transmitters and / or receivers, etc.); Represents an information appliance. In general, the structures, methods, computer programs and computer program products of the present invention include or include at least one processing element such as a controller or microcontroller, a CPU, an ASIC, a microprocessor, a logic circuit or any other processing element. Applicable and applicable to any electronic device or system that can be adapted to do so. (Other embodiments of the present invention are described and they may use two or other plurality of such processing elements, including any combination of the processing element types mentioned.) Such systems may include, for example, some predetermined, Acquire pictures or images from digital cameras of mobile phones that incorporate digitally determined or other logic, calculation, word processing, email, network calculation, music processing, video processing, internet browsing, voice processing or coding or decoding, digital cameras, and It can be implemented to perform various operations such as processing, GPS signal receiving and processing, location navigation, entertainment. In accordance with the description provided herein, those skilled in the art will understand that many electronic devices and systems are in the applicable category of application. The present invention provides certain advantages, where both advantages can be achieved separately, anti-virus and anti-hacker protection is expected and also expected to handle multiple applications simultaneously.

In the illustrated embodiment having one computing environment, or more preferably in most embodiments of the system and method of the present invention, a plurality of multiple independent computing environments 1508-1, 1508-2, .. 1508-N). These computing environments 1508 have similar features to the specific purpose subsystems 1120 in the embodiments of FIGS. 7 and 8, with similarities after various embodiments of the present invention have been described in full detail. Will be more obvious. Independent computing environments may be used in any combination of hard-wired or programmable arithmetic and logic circuits, programmable micros, with supporting components such as, for example, technically known microprocessor memory, power, etc. It may be physically implemented using controllers, processors, microprocessors, CPUs, ASICs. At least certain embodiments may use central processing units (CPUs), microprocessors, microcontrollers, ASICs or some combination to provide a physical structure for creating computing (processing) environment 1508. In some examples, the complexity of processing and computational tasks will dictate the physical elements that will support the desired computational environment. In one embodiment, the elements that generate the computing environment are dynamically selectable and configurable. Such selection and configuration may be under the user's control or, more generally, depending on some predetermined or dynamically determined rules or policies, optionally the physical or logical state, environmental conditions, processing requests and some measured computing systems. Depending on the complexity, the size of the application program, and the size of the data set, this may be accomplished by automatic control of the computing system 2000. Spare components may also be switched so that preliminary components (such as CPU, memory, storage media, video processors, co-processors, modems, network or Ethernet processors, etc.) can be switched to replace failed components. Can be provided. Dynamic allocation and configuration also provides efficiency, and many computational environments must exist here because it is not necessary to provide all processing functions for all environments.

Computing environments 1508 are peripherals 1514-1,... 151-4 through optional I / O switch system 1510 in accordance with switching commands or I / O switch configuration data or logic 1512. N) or optionally connectable. Any needs for an optional I / O switch system 1510 in certain embodiments of the invention may depend on the characteristics of the particular peripherals and factors such as the required or desired degree of security and isolation. . In some embodiments, certain peripheral devices may be directly connected, permanently connected, not permanently connected, or switchably connected to one or selected computing environments. The computer system 2000 of FIG. 2 may include, for example, a display device 1904 attached and held to a case or frame 1902. Computer system 2000 will also generally include input devices such as keyboards and pointing devices, although many alternatives for input and output such as voice input, touch screens, voice or verbal computer generated voice, and the like are not required. LCD displays can also replace computer screens in devices such as cellular phones, PDAs, and digital cameras, among other devices.

As with the other switches and switching systems described herein, switching is any one, plurality, or that achieves the desired switching and maintains the desired, or desired, voltage, current, isolation, impedance, termination and / or electrical characteristics. It can be a number of mechanical, electrical, electronic, transistors, diodes, microprocessors, digital or analog. For example, a switch that connects and disconnects the CPU and hard disk drive will perform the connection and disconnection operations without damaging the CPU or hard disk drive. In some situations with several devices, switching is not by other means of interrupting or stopping the power line as is known in the art, but by turning off the device or part of the device or otherwise limiting the operating voltage and current, By stopping the clock for the device, it can be accomplished by interrupting the data line or communication path. As described elsewhere herein, in some examples, these switching operations are a guaranteed level of isolation between components of the computing system and other computing environments 1508-1,..., 1508 -N. It is intended to provide.

The plurality of computational environments (referred to as special purpose subsystems 1120 in the embodiment of FIGS. 7 and 8) may also be used in accordance with switching instructions or data storage switching configuration data or logic 1506 to store a data storage switch system ( It may be selectable or connectable to one or more data storage devices 1502 via data storage switch system 1504 via 1504. Data storage devices include rotating magnetic hard disk drives, rotating or non-rotating optical storage media, CDs, DVDs, holographic recording, nanotechnology based storage devices, solid state memory (RAM, ROM, EEPROM, CMOS, etc.), It can be any combination of technically known or developed storage devices, including but not limited to molecular and atomic storage devices, chemical memory or any other storage device or system. Individual logical storage elements 1502-1, 1502- 2,..., 1502-N can be configured or distributed on or within one physical device or any combination of physical devices, For example, for one logical storage device 1502-2, the storage capacity desired or required by a number of different physical devices, the rate at which data is copied to the device, the rate at which data is written to the storage device, erased and / or It can be used to obtain erase or overwrite speed and performance or other operating characteristics. For example, in one embodiment for a notebook computer, some data storage devices 1502 are implemented as logical partitions of one physical hard disk drive. In another embodiment, all data storage devices 1502 are implemented via solid state memory devices to provide high speed read, write and erase speed performance. Various kinds of multiply-port memory types and architectures are available and can be used. For example, Rambus memory may be used as well as more conventional memory chips. In another embodiment, multiple data storage devices 1502 are implemented as separate platters or disks on a multi-disk hard magnetic disk drive. Such drives may have one controller and a controlled set of read / write heads to ensure that the data paths are separated, or actuator arms and read / write heads that are selectively operable independently of individual controllers. As a result, malicious code (from viruses, robots, or computer hackers) cannot move from one computing environment to another and undermine the intended isolation and independence of various computing environments.

For physically small devices (eg, PDAs, mobile phones or other communication devices), low energy consumption, smaller size, lower heat generation, faster access speed, write / read speed And because of the erase speed, it is expected that it would be desirable to use only solid state memory as compared to memory having mechanical moving parts. Such solid state memory may be internal to a device (eg, a mobile phone) and may include (Microsoft Windows Operating System (OS) and PalmPilot OS based PDAs; PDA cell phone coupling; PDA, cell phone and digital camera coupling devices); Compact memory cards or modules available as basic or additional memory for digital cameras, cell phones, digital audio and / or video recorders and players, MP3 players, and other devices and memory systems known in the art, Sony SmartMedia By use) and externally pluggable via mechanical or electrical connectors or couplings. There are also small, inexpensive storage devices and subsystems that may not be used.

The comparison between the existing computer system 1900 of FIG. 1 and the embodiment 2000 of the present invention of FIG. 2 shows several differences. In existing systems, the data storage device 1502-1 is directly connected to the CPU 1508-1 via one or more buses or internal connections or to the CPU 1508-1 via some fixed and permanent connections. Connected. (Mechanical and manual disconnection may be possible for some device types in some examples, but program control while the computer is running as needed for a particular storage device, peripheral device or other system component at a time due to processing operations. In comparison with the existing system 1900, the various data storage devices 1502-1,..., 1502-N of the computer system 2000 are (data storage switch system 1504). A data storage switch system is coupled to a computing environment (e.g., a computing environment that includes some processing or computing functionality such as, but not limited to, a CPU). In general, any one of the data storage devices 1502 may be connected to any one of the computing environments, or may not be connected to any computing environment. More typically, any given data storage device may be intermittently coupled to the computing environment or connected to the computing environment if there is a need for such things as combining or connecting and storing specific data. Can be changed while the computing environment is present. A common default is to prevent such data storage devices and other devices from being combined or connected unless access is specifically desired by the controller or control computing environment and is required and allowed.

In addition, in embodiments of the present invention, paring and switching connections between a particular CPU and physical components such as a particular data storage device (e.g., a hard disk drive or a solid state memory chip) may have different processing operations. They can change dynamically (but not require dynamic change). Likewise, in at least some embodiments, including optional I / O switch system 1510 and optional I / O switch configuration 1512, computing environments 1508 can only utilize I / O switch system 1510. Only through the peripheral devices 1514. Switchable connections and couplings can be any of a variety of switching schemes, such as those that include changing one or more electrical connections, removing power from an interface or peripheral, and stopping the clock signal needed for operation of the peripheral. And other ways, structures, and methods known in the art to ensure that the peripheral device is not present or accessible to the computing environment.

The operations that enable, disable (or connect and disconnect) data storage devices 1502 and / or peripherals 1514 may include instructions that enable or disable an instruction by a user of the computer system. Or even a result of other work), which can occur automatically according to program control without human user intervention, and enablement or disabling is required per second for operation of the computer system 2000 of the present invention. It should be understood that this can occur many times. For example, a computer has interfaces or buses operating at 100 MHz, and data storage devices and peripherals are switchably coupled or uncoupled so that operations can be initiated, executed and completed via the interface or bus as needed. Can be. For example, switching can occur at rates of at least 1 Hz, 10 Hz, 100 Hz, 1KHz, 1 MHz and 10 MHz, as well as at higher and lower rates and at any intermediate rate. From this description, data storage switch system 1504 and (if present) I / O switch system 1510 enable or connect or disable or disconnect different CPUs to data storage devices and / or peripherals. Can be switched simultaneously.

In a typical existing computer system 1900, peripherals 1514 are directly connected to the CPU 1508 and are not switchably connected and disconnected (or enabled and disabled) during operation of the computer system. It will be appreciated that disconnection of data storage devices and peripheral devices may also make them available to other computing environments. In existing systems where some peripherals are hot-pluggable, plugging in peripherals is a manual task that requires human user interaction. Other differences between existing computational systems and methods and the system and method of the present invention will be more readily understood in the description of other embodiments of the present invention described herein.

3 shows a schematic diagram of an architecture and system 1500 for supporting a number of independent computing environments 1508-1,. Computer systems that can support a number of independent computing environments that can be preferably used to individualize and isolate specific processing operations to prevent contamination and attacks that damage user data. This computer system 1500 includes a plurality of data storage devices 1502, a data storage switch system 1504 (and an optional data storage switch configuration unit 1506, an optional I / O switch system and an I / O switch configuration). One or more computing environments 1508 and an I / O system including one or a plurality of peripheral devices 1514 that are connected to the computing environments 1508 through a unit.

One or more data storage devices 1502 may be coupled with a computer system. The data storage device 1502 represents a memory area. The data storage device may be implemented by any type of storage media, such as magnetic hard disk drives, optical storage media, solid state memory, other forms of data storage, or a combination of these data storage media types. The data storage device may represent a memory area corresponding to a disk drive and / or a portion of one or more disk drives, and / or combined or physical disk drives. According to one embodiment of the invention, the data storage device 1502 may include a copy of the master template. One embodiment of a method that may be used in connection with the system of the present invention is described in connection with FIG.

Embodiments of a method for using a computer system capable of supporting multiple independent computing environments

4, 5 and 6, attention is given to a description of aspects of methods and operations for the setup, initialization and operation of exemplary embodiments of a computer system according to the present invention. Exemplary methods and procedures are applicable to the architectures and systems shown in at least the embodiments of FIGS. 2 and 3, including but not limited to the embodiments shown and described with respect to FIGS. 9-17. It should be understood that appropriate modifications are made due to the somewhat different structure of other embodiments of the invention, which are not intended. The headings and subheadings provided in the specification through which certain aspects and embodiments of the invention are described in this section are intended as a reference for the convenience of the reader, and the aspects and embodiments of the invention are set forth in the specification, drawings and It is to be understood that the description, drawings and claims as a whole are to be considered in order to understand the invention as described through the claims.

In one embodiment of the invention, the creation and setting of the computing environment (s), initialization, switch configuration, process control, operation of one or more computing environments, performing user and / or control operations within the computing environments, of user processing The method and component procedures of the present invention for completion, file storage, and termination of processing in a computing environment are preferably stored on a computer program or physical media and a computer program for performing the methodological steps of the method and system of the present invention. It can be implemented as a computer program product containing instructions. Other embodiments may use a combination of hardware logic, firmware and / or software to perform some or all of these procedures.

Aspects of the present invention are now described. These and other aspects of the methods and procedures of the present invention, including specific optional procedures and steps of the embodiment, are described herein in connection with specific embodiments.

Initial system startup and calculation preferences

With reference to FIG. 4, in accordance with an embodiment of the method of the present invention, using multiple independent computing environments 1508 -N may include I / O at system startup 1602, 1604. Configuring switch system configurations 1512 and data storage switch configurations 1506, configuring I / O switch system 1510 to support communications, and data storage switch system 1504 to support communications. ), The control process may be performed in 1623 and the user process may be performed in 1631. Typically the control process may also include a control setup process at 1615 and a control store process at 1621.

Initiating a system setup at 1602 can include an initial boot sequence similar to known boot sequences of a computer system. The boot sequence may also include support for defining and / or modifying one or more switch configurations, such as, for example, data storage switch configuration and / or I / O switch configuration, at 1604. Initial configuration of each switching system may be initiated to establish one or more communication paths between one or more sources and one or more destinations in accordance with the corresponding switch configuration 1604. The configuration of the switches may also include procedures for configuring the data storage switch 1804 and configuring the I / O system switch 1806 with the procedure for initiating the computing environments as shown in FIG. 6. (Other embodiments of the present invention provide a combined procedure for configuring data storage and I / O switches when initially configuring or reconfiguring the computing environment.)

With reference to FIG. 5, which illustrates one embodiment of a procedure for initiating a computational environment, in accordance with one embodiment of the present invention, power is passed through a physical switch 1704 to initiate system startup during a startup operation 1702. Can be applied. In system startup, CMOS memory 1708 may be used to define one or more steps of an initial process and / or boot sequence. The boot sequence 1706 or some other initialization sequence or procedure may be used to set up the switch system configuration and then initialize the corresponding switch system to apply and / or modify the configuration for communicatively connecting sources and destinations. Information connected to the CMOS 1708 or other memory storage device may be used. One or more computing environments may also be initiated by system startup at 1602.

4, the process of setting up the computing environment at 1608 and 1622 includes configuring I / O switch system configurations and data storage switch configurations, configuring the I / O switch system to support communication, and communicating. It may include the process of configuring the data storage switch system to support the.

According to one embodiment, two data storage devices (eg, data storage devices 1502-1 and 1502-N) may be connected to a computing environment. The first data storage device can include an operating system for supporting processing tasks of the computing environment. The second data storage device can include various information that can be used or operated by the computing environment. The various information may include, for example, specific user information and / or configuration information. Specific user information may include documents that must be edited by the user. The configuration information may be used by the controlled computing environment to configure the data storage switch configuration and / or the I / O switch configuration.

Typically the control computing environment is set up at 1608 before any user computing environments are established. In some embodiments, the control calculation environment or equivalent can be established through initialization. The first control computing environment may be set by the boot sequence as described above. The first data storage device can support a computer operating system. The second data storage device can represent a protected data storage device. After the data storage devices are connected to the computing environment, the computing environment can be booted to allow the user to interact with the computing environment. User inputs may be received via an I / O switch system 1510 configured to deliver inputs corresponding to characteristics of the control computing environment (eg, local and computing environment identification characteristics) to the control computing environment. Similarly, outputs from the control computing environment may be sent to the peripheral device (eg, peripheral devices 1514-1,... 1151-N) based on characteristics corresponding to the control computing environment. have. Thus, the control computing environment can access a booted and protected data storage device from the first data storage device. As a result, the user can interact with the control computing environment.

Attention is now directed to options for using optional "characteristics" within embodiments of the architecture, system and method of the present invention. References to the properties are made in other parts of the specification and preferably optional features are used. In one embodiment, at least one characteristic, attribute, descriptor or characteristic may be used to indicate each source and destination (as well as to represent characteristics of other components of the system). Such a characteristic may indicate a physical identifier and / or a logical identifier. As described above, in accordance with an exemplary IDE disk drive storage device, each IDE cable may be identified by physical coupling with a physical switch. IDE drive information (such as, for example, master and / or slave destinations, drive sizes, etc.) may be used to identify the drive and / or data storage devices associated with the drive.

Similarly, at least one trait is used to represent each destination, such as a computing environment, ie CE. If the computing environment represents a separate physical computing environment, the computing environment may be distinguished by individual physical computing features, such as a unique interface combined with a general switch. In accordance with one embodiment of the present invention, a computing environment may be represented as a logical computing environment that shares some or all of the physical computing characteristics consistent with other computing environments. The logical computing environment can be identified in various ways, for example, via a unique process identifier.

One or more characteristics correspond to output devices such as, for example, computer monitors and / or computer graphics cards. According to one embodiment, one characteristic corresponds to a display area associated with a potential viewing area of the computer monitor. The display output from the source is located in accordance with the display area characteristic so that output from one computing environment is sent for display within the area associated with the area characteristic. The area characteristic includes a pair of x and y axes that define a rectangular display area associated with the potential viewing area of the computer monitor. Thus, the display output from a particular computing environment is represented according to one or more characteristics in the corresponding area rather than in another area.

One or more characteristics correspond to the input device. As mentioned above, the area characteristic associated with the potential viewing area is further extended to identify when the input is in communication with a particular computing environment. Mouse movements and mouse commands are also correlated with the rectangular display area such that input corresponding to the rectangular display area is sent to the corresponding computing environment. As a result, mouse movement within a region communicates with a computational environment that matches the same region. The use of the feature may generally extend to any device, subsystem, or peripheral that is used, associated with, or potentially available for use with, the system as needed or intermittently, The system can include an external device or system that can be arranged to communicate with it.

The computing environment property can be used to identify one or more outputs as originating from the computing environment. The computing environment property may be used to identify one or more inputs and corresponding computing environments that are designated destinations of the inputs. One or more computing environment properties may be used to identify the computing environment. The computing environment characteristic can be used to uniquely identify the computing environment. The characteristic can identify the computing environment through the corresponding physical attribute, logical attribute, or combination of attributes. For example, the characteristic can identify the physical address of one or more computing system elements. Alternatively, the property can identify a logical address corresponding to the logical computing environment. It is also to be understood that the characteristics can identify many of the characteristics of a given computing environment, and that the number and shape of the corresponding characteristics can vary in accordance with the present invention.

Features can be used to help organize and organize the elements of the system, for example, to perform one or a set of processing tasks. This configuration includes configuring various switches, switching systems, and switching means to provide the desired association with storage, input / output devices, and / or other peripherals.

Configure the switch and minimize user handling in the control environment

One form of computing environment that may constitute a switch system is a controlled computing environment (other embodiments of the present invention provide for combining different computing environments, and thus other variations thereof are possible as described elsewhere herein). ). The control computing environment can reconfigure switch system configurations such as data storage switch configurations and input / output switch configurations. The configuration of the corresponding switch system can be activated in a variety of ways, such as configuring or reconfiguring communications through the switch when any change to the support switch configuration is made and / or determined. In addition, the communication between the control computing environment and the switch system and / or switch system architecture is coded to help ensure that only the control computing environment can configure the switch system.

In one embodiment, the processing of unknown or untrusted data in the user data or control computing environment is disabled or not allowed, such as protected data storage where protected data or master templates are stored. Corresponding to the device, it eliminates the potential for corruption of data or other information (e.g., damage to user data files or computer program code residing or residing within its control computing environment). According to one embodiment of the present invention, if a user initiates a user action (e.g., email, word processing, etc.) such as an action that may typically be performed by the user, the user action may be processed in a separate computing environment. have. In embodiments of the invention that combine a user interface, a control operation, and / or protected storage with a single computing environment or subsystem, the configuration of this environment is such that the user data executes the control environment so that the control environment or system Such an environment does not support the processing of user data in such a way that it could compromise its performance. Processing operations such as copy operations may be supported but such copy operations will be executed in a manner that does not allow execution or infection of other system files by malicious code.

The control computing environment may receive user input to initiate user action. Computer mouse input is received by the input / output switch system and sent to the control computing environment according to the input / output switch system configuration. Other inputs from other peripherals may also be received by the control computing environment through the input / output switch system.

Initiate and execute user actions within the user computing environment

The user of the control computing environment can initiate the user action. In one embodiment, the user can double-click a particular icon displayed in the area of the monitor. Mouse actions are received by the control computing environment and result in initiation at 1612 of the individual computing environment to perform user processing at 1631, such as word processing. The control computing environment may initiate the creation of a separate processing environment to execute word processing consistent with existing and / or new documents. If this is an existing document, the control computation session needs to copy a copy of the document to a third data storage device for later use by the user computing environment. The input / output switch system may be configured to combine peripherals with a user computing environment, such as areas of the display may be combined with a user computing environment. The user computing environment may be initiated by signals or events generated by changes to one or more switch configurations. Various alternative approaches may be used to initiate the user computing environment.

As part of the beginning at 1606 of the user computing environment, the edited file may be launched after the user computing environment is booted. According to another embodiment, the existing user computing environment is combined with the corresponding data storage device to make the file available for processing within the user computing environment. According to one embodiment of the present invention, the file (s) to be edited may reside in a predefined location, such that the corresponding application is launched to open the corresponding files and / or support user actions. Control processing can be performed by controlling the computing environment, configuring one or more switch structures, initiating reconfiguration of one or more switch systems, and copying information between one data storage device and another data storage device. Copying information between the protected data storage device and another data storage device.

User processing involves the interaction between the computer environment under control and the user computer environment. Any process Any process generally associated with a function executed by a user may be configured for processing in an independent user computing environment. Thus, the user processing activity does not directly interface with the processing activity of the controlling computing environment and / or the processing activity of the other user computing environment. The information depends on whether the computer information needed to support a particular user processing activity (e.g., word processing activity) requires access to the user file to be edited, so that the information of the computer information from one data storage device to the other data storage device may vary. Copying can be made accessible to the user computing environment.

In general, the control computer process includes control setting processing at 1615 and control storage processing at 1628. Control settings are used to assist in establishing a user computing environment that will be used to perform at least one processing action, such as word processing action. Control save processing includes storing user information in a protected data storage device. Once the user processing action is completed, the information related to that user processing action is stored in the protected data storage device at 1618 without allowing the user computing environment to directly execute the storage function to the protected data storage device.

According to one embodiment of the invention, the control computing environment copies one or more files to a temporary data storage device. The control computing environment updates the data storage switch configuration at 1616 to allow user computing environment access to the temporary data storage device. According to one embodiment, the control computing environment may verify that the user computing environment is communicatively coupled with the temporary data storage device. The control computing environment then waits for processing corresponding to one or more user computing environments at 1614 to complete. While waiting for the user computing environment to complete, the controlling computer environment performs functions consistent with normal desktop functionality. Desktop functionality corresponds to managing data storage, configuring data storage, and copying computational information between data storage devices, for example, to remove one or more data storage devices of a computer virus. In general, functionality corresponding to desktop functionality is limited to reducing the possibility of compromising computational information stored on protected data storage devices.

Completion of User Processing

Upon completion of the user processing operation, the control computer environment may be announced in accordance with several different notification approaches. According to one such approach, the user computing environment is terminated so that termination is sensed by the corresponding switch system. The switch system informs the control computing environment that the data includes user information that must be placed in a protected data storage device.

In response to the completion of the user action, the control calculation environment combines the user data storage device with the control calculation environment so that the user information and / or files are protected data independent of any process that may have been executed by the user calculation environment. Can be copied to the device. Thus, other files stored on the protected data storage device will not be corrupted by the operation of an independent user computing environment.

According to one embodiment of the invention, the file save command is a triggering event that causes the control computing environment to save the user file to the protected data storage device independently of other operations executed within the context of the user computing environment. Can be used as According to one embodiment of the invention, the temporary data storage device is combined with both the user computing environment and the control computing environment, so that other files combined with the user computing environment control computing environment cannot be damaged. The user computing environment may store the file in a temporary data storage device, where the control computing environment includes the ability to copy the file to a protected data storage device and / or an intermediate data storage device. The intermediate data storage device is then used to store a file corresponding to the protected data storage device, eg when the user application is closed. The communication between the user computing environment is performed manually to help ensure that the user computing environment cannot damage the files stored on the protected data storage device.

The user file is stored in the temporary data storage device as a result of the file storage command. Following initiation of the save command, the data storage switch system verifies that the data storage device is associated with the stored file. If the file exists, a series of instructions are executed to copy the file from the temporary data storage device to the protected data storage device.

According to one embodiment of the invention, the control computing environment waits for the corresponding user computing environment to complete the user action (e.g., saving a file). The data storage switch is then configured to disassociate the temporary data storage device from the user computer environment. The temporary data storage device is then combined with the control computing environment. The protected data is also combined with the control calculation environment. The file is copied from the temporary data storage device to the protected data storage device independently of the user computing environment. The temporary data storage device is then decoupled from the control computing environment and recombined with the user computing environment.

According to an alternative embodiment of the invention, the storage process trips and / or sets a flag corresponding to the switching system in communication with the control computing environment. The presence of one or more files is verified. If the verification of the files indicates the existence of the files, a series of computer instructions are executed to copy one or more files from the temporary data storage device to the protected data storage device.

According to an alternative embodiment of the invention, keyboard commands (eg, Control-S) are used to store the file. The input / output switch system is configured to communicate a command sequence with both the user computing environment and the control computing environment. As a result, the control computing environment reconfigures the data storage switch and / or input / output switch system to support copying files stored in the user computing environment to the protected data storage device.

According to an alternative embodiment of the present invention, when the user computing environment is closed and / or shut down, the file may be transferred to the protected data storage device. One or more switch systems may detect closure and / or shutdown. According to an alternative embodiment of the invention, the closed user computing environment is verified by a data storage switch system with a changed power state corresponding to the data storage device that may have been supplied by the user computing environment.

According to an alternative embodiment of the present invention, a graphic area coinciding with the computer display monitor is used to identify when user input matching a particular computing environment has been received. User input is analyzed within the input / output switch system and / or within the control calculation environment depending on the particular implementation. According to one embodiment, a save command and / or a close command that matches the user computing environment is used to identify and / or identify the user information needs to be stored on a protected data storage device and / or to store protected data of computer information. Start storage on the device.

Closing the user computing environment includes turning off the power switch. The switching system can detect changes and / or interruptions in power consumption. If the user closes the application and the corresponding user computing environment, the control computing environment detects the transition and stores any corresponding user data on the protected data storage device. Prior to reconfiguring the data storage device, the corresponding switch system confirms that power to the data storage device containing the user data is disabled and / or off. The control computing environment then disassociates the data storage device containing the user information from the user control environment and copies the user information to the protected data storage device as described above.

According to one embodiment of the invention, the data storage device is cleaned after being combined with the user computing environment. The control computing environment is reformatted after the user computing environment uses the data source and / or frees one or more data storage devices. The master template data storage device may be used to initiate the data storage device prior to combining the data source with the user computing environment. According to another embodiment, the control computing environment initiates another user computing process configured to support reformatting and / or erasing one or more data storage devices.

Initialization and operational aspects have been described with respect to the embodiments of FIGS. 2 and 3, as well as the architectural topology and system architecture, as well as the methods and procedures of FIGS. 4, 5, and 6, but now such calculations Note the additional architectural, structural, and methodological aspects of the apparatus, information applications, and processing machines.

FIG. 7 is coupled with a number of peripherals 1108 including a particular use subsystem or computing environment 1120 (eg, 1120-1 and 1120-2), and a display 1140, a keyboard 1150, and a mouse 1160. An embodiment of the invention is shown that includes a common controller 1130 in a computer system 1110.

Although only two specific use subsystems are shown in the figures, the system may include one subsystem or computational environment or any plurality of such subsystems, including many but multiple active uses, but one specific It will be appreciated that only the use subsystem may be used or may include a number of specific use subsystems with different structural and / or operating characteristics. For example, many are 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, It may be 24, 32, 50, 64, 100, or more specific use processing systems, or any intermediate number depending on physical space, circuit density, heat generation, and other packaging and connection design issues as known in the art. .

In addition, in at least one embodiment, the present structures and methods may be implemented in hardware having a single, i.e., only one subsystem or computing environment, wherein the computing environment or subsystems are used sequentially for different processes. In one embodiment of this single computing environment system, separate logic is used to perform the storage and retrieval of the computing environment state so that the computing environment executes the intended processing operation and any of the initial state or any of the second or control processes. It is used to maintain the ability to restore any of the intermediate states.

Structural and / or processing features may include different amounts of processing capacity (eg, different numbers of operations per second, different amounts of processor-related memory, different processor architectures or instruction sets, or different operating systems) or different amounts of physical or logical allocation. Specific use subsystems having, but not limited to, mass storage or hard disk drives, optical storage media, or solid state storage.

The controller 1175 and associated memory storage 1176 associated therewith are coupled in both directions with selected or all of a plurality of special purpose subsystems (eg, with special purpose subsystems 1120-1 and 1120-2). )do. Either direction of bidirectional coupling to or from the particular use subsystem is intermittent and / or switchable to enable and disable. In addition, the connection between the controller 1175 and the memory storage 1176 is switchable to enable and disable.

As shown, an optional separate logic control device 1180 is coupled between the first and second specific use subsystem 1120. The common controller 1130 is coupled with the special purpose subsystem 1120-1 and the special purpose subsystem 1120-2 via the interface 1170. Embodiments of the invention provide that they are the same interface or separate interfaces. The optional interface 1170 is coupled between the specific use subsystems 1120-1 and 1120-2, and such coupling can be intermittent, enabled or disabled when not needed or desired. In this embodiment, the interface is shown to be bidirectional, but either unidirectional interface may be used individually, enabled, disabled independently or as a set. In addition, although a single line is shown in the figure for clarity, the interface may be implemented as multiple connection or communication paths (eg, interface multi-line bus interface; A display or display subsystem (eg, a conventional display subsystem including a video processor card or chipset, a driver, and a display screen) receives data from the common controller 1130 in the form of an electrical signal, and the common controller 1130. Will in turn receive its input from and as a result of the process executing in one or all of the specific use subsystems 1120-1 and / or 1120-2. Hardware, software, and firmware or combinations thereof, such as arithmetic and logic circuits within the display subsystem 1140, the common controller 1130, and / or the specific use subsystems 1120-1 and 1120-2 may be used, for example. Create the user's computing environment desktop and the desired graphical display that reflects the currently active and currently inactive windows.

Keyboard 1150 and mouse input 1160 are also typically unidirectional from the keyboard or mouse to a common controller if some feedback is not provided by electronic signals or voice, mechanical, or tactile feedback. The unidirectional nature of display screens, keyboards, and mouse devices means that they are generally immune from malicious computer attacks from outside the local computing environment.

FIG. 8 shows an alternative embodiment of the invention similar to the embodiment shown in FIG. 7 and described with respect to FIG. 7. This alternative embodiment is a common controller within computer system 1110 coupled with a number of peripherals 1108 including a specific use subsystem 1120 and a display 1140, a keyboard 1150, and a mouse 1160. 1130. As shown, the controller system is coupled between the first and second specific use subsystems 1120-1 and 1120-2, or as in the embodiment of FIG. 7, between any plurality of such specific use subsystems. You may be. In this embodiment, controller 1175 and associated and associated memory storage 1176 are executed using one of the special purpose subsystems 1120-3 operating as controller system 1177. Controller system 1177 (1120-3) is selectively coupled to one, one or more, or all of other special purpose subsystems 1120 and to common controller 1130 via interface 1170. The structure of an exemplary specific use subsystem and how they are configured to operate an application execution and processing unit or to take on various master control and / or monitoring functions (such as to operate as controller system 1170) are described in other portions of the figures. As described in other parts of this specification.

Attention is now directed to additional embodiments of the present architecture, systems, and methods for information applications, computers, or data processing devices. A plurality of data storage devices including at least one protected data storage device; A plurality of switching systems for communicatively combining (and uncombining) at least one source with a plurality of destinations, the plurality of switching systems comprising a data storage switch system wherein the source is a data storage source and an input / output switch system where the source is a peripheral device source. Switching system; Performs processing activities independently of other computing environments, and includes a number of computing environments (sometimes called shells) coupled between a data storage switch system and an input / output switch system, where the destination is a computing environment and the switching system is Communicatively couple with a source and the destination; At least one controlled computing environment communicatively coupled to a protected data storage device selected from a plurality of computing environments that configure the switch configuration in accordance with processing activity; And another embodiment of the information application or computer system of the present invention is described that includes at least one user computing environment selected from a plurality of computing environments, wherein processing activities are not performed on a protected data storage device.

In one embodiment of this information application and computing system, each computing environment is further defined to be distinguished by at least one characteristic selected from a plurality of characteristics, the switching system communicatively combining the source and the destination according to the characteristic and At least one control computing environment is selected from a number of computing environments that make up the switch configuration in accordance with processing activity and characteristics.

The embodiment of Figure 9 provides additional implementation and structural details that disclose additional aspects and features that are incorporated into the apparatus and system using the present invention. The similarity between this system architecture and the structure will be apparent from what has already been described with respect to FIGS. 2 and 3.

In this embodiment, five calculation environments 2108-1 through 2108-5 are specifically shown, although any number M of calculation environments can be provided statically or dynamically. It will be appreciated that at least some of these computing environments 2108-1 through 2108-5 appear to have somewhat different elements or internal structures. Indeed, in some embodiments of the present invention, the operation and structure of the computing environment may be different (and possibly significantly different), but in other embodiments may be the same, in another embodiment, the hardware may be the same. However, they may execute different operating systems or application programs and may have some other software structure differences. In some of these computing systems, the configuration of multiple computing environments is dynamically constructed of hardware, firmware, software, or any combination thereof.

In the system 2100 of FIG. 9, the two computing environments 2108-4 and 2108-5 have the same structural configuration (but they may still have different software and data) and the other three computing environments 2108. -1, 2108-2 and 2108-5) have different structures. The structure and operation of these different computing environments will now be described, optionally using a common structural computing environment module that can then be dynamically customized to provide such effective structures and operations as desired. It will be shown with respect to FIG. 10 that it may be advantageously implemented.

User Interface Compute Environment

First, a user interface computing environment (UICE) 2108-1 that includes a central processing unit (CPU) 21 that provides a user interface operation that is not a conventional user interface but typically includes a processor and processor coupled memory. Pay attention. The CPU may also include other chips or circuits commonly known in the art, called processor chipsets.

In one embodiment, it should be noted that a user may manipulate a file or data set that is somewhat obviously independent of the actual operation of the computer system and computing environment. For example, in one embodiment, from the user's point of view, he / she may simply place an icon or file name or other identification number from one location (eg, desktop, hard disk drive icon, or any other location) to any other location. Drag Indeed, for the desktop example, the control computing environment or user interface environment calculates the item (such as a file) dragged to / from an area corresponding to the coordinates of the desktop and creates an icon for the item in the desktop environment or other destination, The actual file is located on a protected storage device.

In the illustrated embodiment, the storage device 2121 is shown as having two storage portions, which are second template portions (STP) 2122 (storage of master templates herein) that store all or selected portions of the master template. And an optional temporary data storage portion (TDP) 2123 that stores user data files but can be removed because the need to provide storage in this environment is minimal in most embodiments. In a preferred embodiment of this computing environment 2108-1, there are no applications or real files in this environment and only references, links, or points to these programs or real files (other computing environments Note that they may have minimum temporary storage requirements as a result of their minimum disposal requirements). Computing environment 2108-1 is identified as a user interface computing environment (UICE) and provides an interface between a human user or operator 2129 and computing system 2100.

Typically, a user interface computing environment (UICE) 2108-1 is a second template portion that includes only operating system elements and an application required to provide the computing or data processing or control capabilities identified in the computing environment. Will have a program (if present). For example, UICE will first receive requests and commands from human user 2129 and process them to send signals to the control and switching computing environment, so that UICE will send email, network or internet browsing, to its stored second template 2122, Or there is no need to have other common or non-common application program. It is also possible to have an operating system that includes only code, code portions, libraries, or other features of the operating system in order to support a different operating system or its responsibility than other computing environments. This same principle of providing only operating system elements and application or application elements also applies the second template to other computing environments and, although not considered to be the preferred approach, requires full copies of the master template or minimum requirements in all circumstances. More than operating systems and application programs can be provided.

In another embodiment, in an embodiment of a computing environment created or configured to perform an image processing operation, for example, STP 2122 stores Microsoft Windows 2000 operating system code and Adobe Photoshop application software, and TDP 2123 is one. The above input digital image file, an intermediate file generated during execution of the Adobe Photoshop application software, and any output file generated are stored. The TDP 2123 may also store any other user or temporary system data, such as data copied to a file or clipboard to undo a previous edit.

In practical implementations, STP and TDP may be the same physical storage device, such as portions of solid state memory, magnetic disk drives, or any other storage medium, which may be different physical devices or even different types of devices. . In addition, using some of the dynamic switching configuration methods described herein, even STP and / or TDP may be multiple or similar, respectively, such as a combination of hard disk drive storage and solid state RAM, ROM, EEPROM, and the like. Data storage forms.

The storage device 2121 is selectively switchable to the CPU 2120. In the embodiment of FIG. 9, separate first and second switches 2124 and 2125 are shown for connecting or disconnecting the CPU 2120 to / from the STP 2122 and the TDP 2123. Although a simple icon for a switch is shown, it may be a simple wire that is not otherwise connected or disconnected from the perspective of the description provided herein, and more generally for interface buses and signals on that interface bus. It will be appreciated that there may be a pair of conductors, such as a signal conditioning circuit. Switching to connect the CPU to the storage device can be accomplished by any means that enables communication between the CPU and the storage device, and switching to release the CPU from the storage device is described elsewhere herein. As can be accomplished by any means that disables communication between the CPU and the storage device. More general storage 2222 to a CPU switch (not shown) that interacts with other structures and procedures to protect the operation of these STP-CPU and TDP-CPU switches 224, 225 or the integrity of computer system 2100. Will be described after other elements of the system 2100 are described in greater detail.

Peripheral switch 2157 is provided for connecting and disconnecting (or enabling and disabling) any one or combination of peripherals, input devices, output devices, and the like. For example, keyboards, mice, network interfaces or NICs, microphones, speakers, headsets, floppy disk drives (FDD), hard disk drives (HDDs), PC cards, memory cards, CDs, DVDs, serial or parallel interface devices, GPS The device, USB device, scanner, biometric reader, wireless interface, or any other peripheral of the device may be assigned to a particular computing environment. Although switch 221517 is shown as being part of the desktop and user interface computing environment (UICE) 2108-1, it may be considered or implemented as a separate standalone switch or switch subsystem controlled by a CSCE or other control computing environment. good. In other embodiments, the switch is controlled when needed and on an allowed basis and directly couples peripherals to other computing environments. In other embodiments, video output from the computing environment may be switched and / or processed through peripherals or input / output switching systems. This peripheral switching and connection capability may be combined with other switching systems 2150 for storage devices or may be controlled by CSCE 2108-2 as described elsewhere herein. Computing environment 2108-1 may also include additional elements that are not needed at that time or that are inactive with respect to special functions and operations of the computing environment. Such additional elements include, for example, ROM, RAM, ASIC (s), and / or additional circuitry and logic elements.

Protected storage and read / write control calculation environment

The protected storage computer environment (PSCE) 2108-3 stores the original or first master template (PMT) 2148 in the master template protected storage device 2142 and stores the first user data 2149 in user data. Configured to store in the protected storage device 2143. In one embodiment, the functions and operations executed by the protected storage computer environment (PSCE) 2108-3 may be combined with the functions and operations executed by the control and switching computing environment 2108-2. The same applies to the reverse.

The master template takes a variety of forms and contents and may be, for example, a copy of data (commands, instructions, data elements, etc.) representing the ideal state of a computer system or element of the computer system. The master template may be generated or otherwise generated, for example, by copying data from a working computer system or elements of a computer system. The computer system is in an ideal state before generating the master template. The ideal state of a computer system can be represented by data that can be connected to that computer system. Here, different second templates must be used in different computing environments, and there will be different master template portions or single master templates with portions that can be communicated separately with other computing environments 2108. Within this context, data can be stored in operating systems (e.g., Linux, Unix, Windows 98, Windows 2000, and enhancements and extensions to these operating systems), applications (e.g., WordPerfect, Microsoft Office). ), User data (eg, operating system preferences, wallpaper, generated documents), and element data (eg, BIOS, PRAM, EPROM). In some embodiments, the data may be any computer that includes local and remote data storage devices, and any data accessible to data in other databases, as long as the protection measures and procedures of the present invention are followed to maintain these other data elements. Information may also be included or alternatively included. For example, a master template for a computer system may include a Microsoft Windows 98 or 2000 operating system, a WordPerfect application, a Microsoft Word application, and documents created by a user. It may include all the information installed on the same computer. Information can be installed across one or multiple storage elements accessible to the computer system described above. In addition, the master template may include a copy or ideal state version of the BIOS settings, and may provide multiple BIOSs suitable for a particular computing environment.

In some embodiments, the master template may represent a snapshot of a newly purchased computer system. Such a system can typically be placed in an ideal state with an operating system and various preinstalled applications, thereby allowing a user to start using the computer system. For a particular user, the master template may represent an ideal state of a computer system, including, for example, an operating system, an application, and customization. For example, user customization may include user preference of a desktop background picture or ".jpg" image, such as a picture of a user pet.

Optionally, the master template may be formed from the first computer system and subsequently used as a master template for different computer systems. The first computer system may be a manufacturer computer system. Thus, the ideal state of the first computer system can be transferred to the second computer system or to any number of computer systems. In some implementations, the master template can be made in one computing environment and then appropriate safeguards are moved and stored as the master template. Embodiments of the present invention have the advantage of providing support for updating, patching, reinstalling, and replacing elements of a master template, so that these operations are substantially the same or the same user interaction. ) And thus may have substantially the same or identical operation results. The master template may alternatively be formed by an optional copy process. For example, depending on the particular OS used, the program interrogates the registry, determines which entries are associated with a particular program or application, and then only those files and the particular program or application. You can choose to selectively copy only the entries related to the master template.

In the illustrated embodiment of the protected storage and read / write computing environment of FIG. No connection exists. This isolation can be achieved by not physically providing this capability, such as a CPU, or by blocking or disconnecting such a CPU from protected storage. Such blocking or disconnection can be achieved using other known means for preventing the binary data-computer program code instructions or data-of the switches or protected storage devices mentioned elsewhere herein.

In this embodiment, the only processing operation allowed on the binary information stored in the master template protected storage 2142 or user data protected storage 2143 is a read operation, some examples (described elsewhere herein). Is a write operation. These operations are called copy operations for convenience.

The structures, systems, methods, procedures and computer program products of the present invention protect computers, computing devices, information appliances, PDAs, cell phones and other process combination devices from hacking, viruses, cyber-terrorism, Protect against potential damage or intrusions, such as spy software, keystroke recorders, and threats similar to those from hacking, viruses, worms, Trojan horses, and Or protects against vulnerability regardless of whether it was inadvertently introduced or exposed.

In one embodiment of the invention, the master template protection store 2142 stores one or more sets of computer program code sufficient to be in communication with other computing environments and provide operational capabilities for the intended operation of the computing environment. . In some embodiments, there is a single set of computer program code that allows any operation required by the trader or the system itself to be performed, and each computing environment is a copy of this complete master template at a time in the manner described herein. Receive a copy. In another embodiment, the master template protection store 2142 accommodates multiple different sets and only sets are set here that provide the operations that require a particular computing environment. This generally results in smaller and faster copy operations and lower individual and total storage requirements. Additional time savings are realized for smaller template sizes where deletion is required. Different secondary templates can be stored or created as needed, but storing secondary templates in a copy ready form exposes to low safety risks and large operating speeds.

In one embodiment of the present invention, user data protection store 2143 stores an original version (or copy) of user data or files, referred to as protected user data 2149. For example, such user data may include e-mails, any form of e-mail attachments, word processing documents, TIFF image files, JPEG image files, MP3 files, computer programs, stored versions of operating system or operating system files, stored versions of computer program applications. Programs, device drivers, and any form of computer data, files, or sets of data or files, such as a combination of "0" and / or "1" bits. Interestingly, the user data protection store may include computer viruses or files containing computer viruses, computer robots or bots, spyware, or other malicious computer program code consciously or unknowingly. The presence or storage of such viruses, bots, spyware, or other malicious computer program code in protected storage 2142, 2143 does not pose any threat and does not do anything by itself in storage. In one embodiment of the invention, the processor is decoupled from the protected storage device when no access to the stored data or computer program code is required. However, in another embodiment, the processor remains coupled to the protected code storage device, which is configured such that the processor is unable to execute data or computer program files and that the protected storage device, processor, or protected storage computing environment 2108-. This is because it cannot cause damage to 3). In some embodiments, the decision to maintain a continuous communication path between the protected storage device and the process within the protected storage computing environment 2108-3 depends on the set of functions or operations supported in the protected storage computing environment. These same considerations apply to embodiments of the present invention that combine a protected storage computing environment with a user interface computing environment and other computing environments (except user data isolated computing environments), such as control and switching environments. Can be.

As described, in one embodiment of the invention, a protected storage computing environment for initial loading or reloading of master templates or user data, compilation, virus scanning or detection, inspection, or other special operations. 2108-3 may include a decoupled or disabled processor, such as a CPU 2140 that may be switched to couple to a protected store via switches 2144, 2145. If a virus or other malicious computer program code is present and executed, allowing a connection between the CPU and the protected storage device is normally allowed only if precautions have been taken to prevent contamination of other data in the protected storage device. In embodiments in which only "dumb copy" operations are supported between the protected storage devices, the CPU or other processor may be kept coupled or coupled to the protected storage device. A simple copy is a copy that does not open or expose a file that is copied to computer program code that causes contamination or infection. Simple copy can be performed either by bit-by-bit, byte-by-bite, or software when a precaution is taken by a fixed hardware logic circuit or ASIC, for example. It may be another copy or bit replication operation, such as implemented using firmware or using a combination of hardware and software / firmware.

The protected storage computing environment 2108-3 includes other computing environments 2208-1, 2208-2, 2208-4, and 2208-5 (or any M computing environment), and an MTPS enable switch 2225. ), A copy from the UDPS enable switch 2252, and a write to the UDPS 2253.

In one embodiment of the invention, the command from the MTPS enable switch (SW1) 2251 is directed to a second template portion of the computing environment, such as, for example, STP 2122 of the computing environment 2108-1. Allow (or block) the appropriate master template portion to be accessed (or denied) or read or copied. The copy from the UDPS enable switch (SW2) 2252 is for example the appropriate user data or file to be accessed by the user data storage portion of the computing environment, such as TDP 2133 of the computing environment 2108-1, and / or Allow (or block) access to be denied or read or copied. Typically, instead of full sets of user data in protected storage 2143, only one file or set of files needed to perform an operation is copied. In other embodiments the entire user data is copied but this is inefficient and typically does not function for obvious benefit except in any case during maintenance, diagnostic and / or repair operations.

Writes to UDPS (SW3) 2253 allow (or block) appropriate user data or files to be accessed (or denied) to be read or copied from one of the other computing environments in which they are created or modified and the computing environment Allow writing back to UDPS 2143 of 2108-3. In some embodiments, a single switch provides bi-directional tolerance to allow user data storage 2143 to read and write, requiring only one switch (or set of switches). Since the second template copied and transmitted from the MTPS 2142 is not normally modified, there is typically no need to write it back to the MTPS 2142. Separate bi-directional handshake and control signals or levels can be used as signaling protocols for required events such as copy, wait for copy, copy complete, data reception, and the like. Although parity or other error detection and error correction may be implemented in accordance with aspects and features of the present invention as is known in the art to ascertain that it occurs without transmission errors, the advantages are optional.

In one embodiment of the invention, modifications to the master template (or other template that may be used in the system) are (i) copying and loading into one of the user-separated computing environments, and (ii) any necessary operating system, application program. Updating it using a compiler, debugging, linking, or other programming procedure known in the art, and (iii) copying and saving it again as a new master template to the protected storage device. The copied and saved version of the master template can be replaced with the original or saved as a new file or an updated version.

These switches or sets of switches may be components or sets of components of computing environment 2108-3, sets or separate components of external components of computing environment 2108-3, or some combination thereof. In one embodiment of the invention, the switch is provided in a hardware logic circuit, and in another embodiment, implemented by a micro-controller with a very limited set of processing capability, the switch does not allow sophisticated code to be executed. Sophisticated multiple components and multiple signal switching structures can be implemented. In another embodiment, the switching is implemented as an application specific integrated circuit (ASIC). In another embodiment, the switching is executed under the control of a micro-processor having a very limited set of instructions installed as the second template portion (STP) to execute or not allow malicious code to be executed.

As described herein, a protected storage device may be implemented on or within any form or combination of tongues or storage device or memory. In another embodiment, provision is made for an external portable protective storage device, for example, a user may be credit card sized (flash memory card, USB memory device, Sony MemoryStick, PC card based). It can hold a protective storage device on a storage device (such as a memory, or any other form of storage device), and can plug in to any one of the supporting computer or device. In one embodiment of the invention, the architecture, system, and method provide an optional hidden protected backup storage system.

Control & Switching Computation Environment

A control and switching computing environment (CSCE) 2108-2 is now described that is responsible for controlling and coordinating the operation of other computing environments of the system 2100 (in cooperation with the user interface computing environment 2108-1). I would like to. In somewhat simplified terms, a switch connects a source to a destination. In some embodiments for system 2100, data store switch system characteristics are supported and these characteristics may further support configuring a communication path between the selected source and destination. In at least some embodiments, it is noted that a CSCE or other controlled computing environment has the ability to switch and couple any peripheral to the computing environment.

The computing environment 2108-2 receives input from the user interface computing environment (UICE) 2108-1 and switches 2250 (eg, a set of switches) of the protected storage computing environment (PSCE) 2108-3. SW1 2251, SW2 2252, and SW3 2253 operate to interact with each other computing environment 2108 to process processors (e.g., CPUs) and storage devices (e.g., STP and TDP). Operate the switch to couple or uncouple (allow or disconnect) the connection or communication between the devices. Switch control may be somewhat direct through electrical connections and signal or voltage levels; Indirectly through a processor, CPU, ASIC, or other circuit or logic element within the computing environment that receives signals from the control and switching computing environment 2108-2; It may be a combination of these direct and indirect structures and methods.

As illustrated in the embodiment of the control and switching computing environment 2108-2, this includes a computer system 2100 that includes available computer resources, in response to user input and commands or system activities and events. A system switching controller unit 2138 is received that receives a command from the UICE 210801, taking into account the next current state and configuration of the. In some embodiments, scheduling and component prioritization and utilization control are also provided by the system switch controller 2138. Other information and data, as well as switch configuration and status, may be stored in the switch configuration information storage device 2139 operatively coupled to the system switch controller 2139 via one or more buses, interfaces, or communication circuits.

In this embodiment, CSCE 2108-2 receives one, typically more, signal sets 2180 from UICE 2108-1. These signals are generally capable of sufficiently communicating the user request input with the UICE 2108-1 so that other elements of the computer system 2100 are configured to perform the user request. For example, a user may anticipate the launch or instance of a Microsoft Word document-processing program and mouse click on the Microsoft Word icon on the ICE desktop. UICE 2108-1 provides external human user 2129 to UICE 2108-1 and its components (eg, CPU 2120 and storage 2121) for Windows 2000 operating system, Microsoft Word 2000, And may indicate that the user has installed a document to be edited, but in reality may not have them, merely pointers, links, aliases, or these operating systems, application programs, and other computing systems. You can provide another reference to the user data file in the element.

In particular, the Microsoft operating system and Microsoft Word application program exist as MT 2128 and are stored in the protected storage MTPS 2142 of the PSCE 2108-3. The user's word processing document may be stored and retrieved from the protected storage UDPS 2149 if it was not new and existed.

Some structural and operational characteristics of a control and switching computational environment (CSCE) called a system "brain" have been described, and in the following, a partial list of some functions and operations of some specific embodiments in which the CSCE participates do. All these functions need not be performed by the CSCE (or CCE in the embodiments to be described below). It will be appreciated that certain functions and operations will depend, as a whole, on the implementation of a computing system, CSCE (or CCE), and other computing environments.

In some embodiments of the present invention, the CSCE may start-up (or reset) to organize (some or all) the functions or operations allowed and supported by the rest of the system after loading its own operating system (OS). On). The structure, system, and invention of the present invention may be used as a neutral operating system, or other known operating systems may be used in different computing environments so that the computing system can operate different operating systems and suits of application programs suitable for these operating systems, if desired. Will be. In some embodiments of the invention, as long as computing system hardware can support the operating system and its intended operation, the operating system may be dynamically determined, for example, if a user separate from the computing environment is designated to perform a particular processing function or operation. Can be.

Some embodiments of the present invention will use different operating systems for different computing environments and these operating systems may be dynamically determined as a function of time or work, depending on the needs of the system, depending on user selected processing tasks, the nature of the data, or other factors. Can be predetermined. For example, any known or published Microsoft Windows operating system (e.g., Windows 98, Indo Woods NT, Indo Woods 2000, Indo Woods XP, and their improvements, enhancements, and extensions), Linux, Unix ( Unix, Apple operating systems, different disk operating systems (DOS), or other specialized or dedicated operating systems or control programs may be used in different computing environments, as long as they can support the intended operation and the device for that operation. have.

In some but not all of the inventions, the CSCE operating system or application program (or a combination of the two) serves to control or organize (part or all) the functions of the following partial list of parts: (i) data Storage device (DSD) connection switching; (ii) sending instructions to start a computer program application to a computing environment with an acknowledgment of an optional instruction and / or completion of the commanded operation (or a hardwired operation, if necessary); (iii) track the coordinates of clickable windows and / or code; (iv) perform repair and detection, removal, and / or eradication of viruses or other malicious code; (v) performing and controlling the switching, reformatting, deleting, copying, resetting, rebooting and other operations described in the template and / or master template; (vi) creation and display of an "isolated global taskbar" or equivalent user accessible user interaction tool (alternatively, this task bar or tool may be May be caused). These or other embodiments may also optionally provide one or more of the following functions: (vii) an "open" dialog screen; (viii) a "save" dialog screen; (ix) performing switching of network communications (eg, see description of “network” operations); (x) receive a security signal from the communication environment; (xi) tracking the order in which the communication environment is created and / or the current communication environment order or priority; (xii) perform switching of other input / outputs or peripherals to different computing environments; (xiv) coordinate email access and processing; And / or other combination of these functions.

In one embodiment of the invention, the CSCE is also responsible for the control, adjustment, and / or processing (including processing activities in the CSCE itself), or separate computations, of video signals associated with processing activities in various computer environments. Environmental or video processing units or logic circuits or other means can be used for this purpose. Where a separate video processor or controller is used, the CSCE generally has the responsibility of coordinating and organizing its operation with other system components, but in some embodiments, the video processor or controller is responsible for the CSCE or other system to participate in control. Can be.

Separating the user computing environment from the control computing environment as understood with reference to this detailed description is provided, but known clean data or computer programs as user interface, control and switching, protected storage, video processor and separate computing environment. The descriptions of the different operations and functions that operate the system are rather artificial and are used primarily for illustrative purposes. It should be noted that embodiments of the present invention provide for the separation of various non-user data control or processing environments from the embodiment in which these control functions are combined. While some combinations have been described in detail by way of example, it should be understood that any other combination of different control or management functions and operations may be supported consistent with the other principles of the present invention.

It should also be understood that different levels or degrees of isolation are required or allowed for different times or different computational or processing environments within a particular or set of processing or computing environments. For example, an unknown file or data set must be opened and processed in a computing environment in which a virus or hacker code is exposed to a processor or code capable of executing such code. "Separation between them is absolute and confined within the user-separated computing environment. This absolute separation exists between one user computing environment and another.

In other situations, the degree or level of separation is limited so that no harm exists, or an acceptable degree of harm set in the computer or user can be tolerated. This indicates that some policies or rules can be set that allow some users or administrators to override and allow the use of more permissive systems. For example, if a computing system is normally used in an enterprise computing environment on an intranet with current anti-virus software, firewalls, and other protection provided by the enterprise information and communications (IT) department, this may already be provided. Will allow you to prohibit special email processing. In other embodiments, all separations may be ignored if the network or computing environment is generally trusted. While this allowable override is not referenced in all embodiments, this demonstrates the flexibility that is acceptable by the structures, systems and methods of the present invention. Thus, different levels or degrees of separation may be provided and the present invention should not be construed as limited to structures, systems, methods or procedures that do not allow some degree of non-isolation or neglect.

Operations performed on processing video (digital or analog) from different computational environments are, for example, merged or otherwise rendered to several computational environments (e.g., signals 2187- for display on a monitor or display device). Combining, but not limited to, the output from 1, ..., 2187-5, ..., 2187-N) Any of various initial or default conditions may be implemented, but In one embodiment, the default setting on booting blocks or turns off the computing environment video signal, which causes any activity to be unallocated until some system or user-initiated activity is commanded. Alternatively, the CSCE (or other entity) turns on / off or allows the video signal. / Block.

In some embodiments, "processing" of video output from the computing environment is achieved to provide a "layering" effect, for example, on a single monitor. For example, the most recent active computing environment may be moved to the "top" (or "front") layer at all times or otherwise processed according to predetermined rules or policies. CSCE contributes to controlling and organizing these processes when they are not directly responsible for them. For example, the CSCE may send one or more commands to the video controller to help determine which "layer" to put on the "front" and how to merge video output from various computing environments. The CSCE has this information, which means that for other purposes, such as mouse clicks, the hierarchy, active computing environment, unassigned or inactive computing environment, window position, mouse or pointing device cursor coordinates, and data of information pertaining to position and switching This is because the base is maintained.

In some embodiments, such as embodiments in which a video graphics card or video subsystem continuously transmits a signal (even if it is for "black" or blank screen), the video signal is turned "on" in the video controller. ON / OFF "or" Allow / Block ". Alternatively, if such a computing environment is unassigned or inactive, the CSCE or video controller may be directed to simply "ignore" this signal from the particular computing environment. That is, the computing environment video card can optionally always "pump out" the video signal (whether it is a separate card or chip, or integrated with a processor or other logic circuit), or the video card is active. If in a processing environment, the CSCE or other video controller may be able to output such a video signal. This has the advantage of reducing power consumption and heat generation, and has the effect of increasing the life of the system and system components. The CSCE also tells the video controller or processor to inform the video controller or processor (if any) which video input from the computing environment to process, what information is used for each video input, and what information is to be ignored. You can send a signal. For example, part of the desktop for each computing environment may be suppressed if it is redundant or does not represent actual activity in the computing environment.

Separate processing unit calculation environment

System 2100 also stores one or a plurality of other Unassigned Separate Processing Units (IPU) Computing Environments (IPUCEs), or CPUs 2160 and 2170, STPs 2162 and 2172 and TDPs 2163 and 2173, respectively. 9, including devices 2161, 2171, interfaces 2169, 2179, and switches 2164, 2165, 2174, 2175 for engaging or disengaging (permit or disconnect communication) between the storage device and the CPU. Embodiments include shells such as CE 2108-4 and CE 2108-5.

These combinations of operating systems, application programs, user data files, and computing hardware for supporting and interacting with the operating system, application programs, and user data under the control of the CSCE 2108-2 through the UICE 2108-1 are user Enables protected and separate processing of data and selected Microsoft Word programs.

It is operable for the UICE to send information with any necessary data to the CSCE 2108-2 via signal 2108. The CSCE receives these signals in consideration of the current allocation of system 2100 resources and other rules or policies for system configuration, and selects an appropriate computing environment, such as computing environment 2108-4. Another embodiment of the present invention may be assembled as a computing element (such as a CPU and storage device) even if the computer is not physically connected at the time of computer manufacture and is not located in close proximity within the computer system 2100 hardware. Provides dynamic allocation of separate elements.

If the computing environment 2108-4 is selected by the CSCE 2108-2, more specifically by the rules or policies or algorithms in the system switch controller (SSC) 2138, the SSC is a Microsoft computer under the Microsoft Windows 2000 operating system. Send one or more signals 2186-4 to CE 2108-4 to communicate that the word processing program has been assigned to execute with the identified user document file. The CE 2108-4 selectively acknowledges that communication has been received under some handshake or other communication protocol, even if the communication protocol is as simple as a single logic voltage level. Thus, signal (s) 2186-4 may be unidirectional or bi-directional. SSC 2138 also communicates one or more switch control signals 2181 to switch 2250. For example, switch control signals 2181-1, 2182-2, and 2182-3 constitute one or more switches SW1, SW2, SW3 to allow for desired storage device access. These same switches optionally have the advantage of acknowledging communication from the SSC, and again indicating that the switches are in the proper configuration (eg open or closed, or allow / block) for the intended cooperation. ) Can be provided. Similarly, switch 2250 may send data transfer ready communication to a target destination, such as STP 2162 and / or TDP 2162 of storage device 2161, but they are preferably selectively switched 2250. The data reception ready status signal can be indicated again.

Specifically in this word processing embodiment, SW1 2251 allows communication of all or selected portions of a master template, including at least a Microsoft Word application program, with Microsoft Windows 2000. In some embodiments, it is noted that alternatively, the operating system and application programs may be provided separately from separate sources. In other embodiments, the operating system may be provided within a computing environment to be stored on STP 2162, in a combined ROM, or in other ways, and not need to be communicated at each time. However, it is noted that if the STP was written by malicious code if the SPT was not removed after use, there is a possibility of contamination, but if it was retrieved from read-only memory or ROM, then this problem would not exist.

STP 2162 receives the necessary computer program code in parallel (if the provided communication path is sufficient to support multiple access paths) or sequentially (if communication path 2187 is not sufficient to support multiple access paths). As soon as SW1 2251 is configured to connect MTPS 2142 to STP 2162. Similarly, SW2 2252 is configured to provide a communication path so that user document files identified from UDPS 2143 can be copied to TDP 2163. It is recalled that the accessible hardware / firmware / software is not sufficient to allow execution of any malicious code during the copy operation. For example, a hardware-only copy circuit adapted to copy bits from a source to a destination cannot be contaminated by viruses, hackers, or other malicious code, but simply captures (or reads) bits from the source and copies (or writes) to the destination. Can be done. The buffer between the source and the destination can optionally be used as a filter or limiter. Software and / or programmable hardware may also be used for the copying operation, but the advantage of this copying means is that it is protected from contamination of unintended modifications that compromise the system or computer environment immunity. Preferably, the copy operation is to copy only a binary bit or a set of bits without other interpretation. However, the present invention need not be limited to these conditions and other protective measures can be used to prevent possible execution of malicious code.

In one embodiment of the invention, the data copying process may be "dumb" or restrictive such that the copied data cannot be executed so that the data on the data storage device cannot be corrupted by malicious code. For example, in order to move or copy data, the data may be encoded, an ASIC with limited functionality may be used, or it may not allow data with some executable code of the bit sequence to be executed. Other methods of transferring or moving or copying data may be used. Optionally, the copy may be organized by a control system that is addressed or has access to a separate working system and a separate or protected storage system.

Selecting a file to open on the storage system initiates the process whereby the file is stored in a job accounting environment (such as STP 2166 of IPUCE 2108-4) from the storage system or from a source (such as UDP). The file may be copied, and after breaking the connection with the UDPS 2143 via the switch 2250, the data or file may be allowed to be opened or exposed to the CPU 2160. The process is initiated by storing a file in the job calculation environment whereby the file is copied to the storage system. The process is initiated by quitting a file into the job accounting environment, whereby a new or updated file or data set is copied or written to the destination storage system (such as UDP 2143) and (TDP 2161). Such as may be removed (preferably physically erased) from the source storage system. The term "copy" or "copies" or "copying" is used in the broadest sense and refers to algorithms, snapshots, compressed data, bit-by-bit, coding , Encoding, and the like, but are not limited thereto.

The separate computing environment also controls and switches the computing flag or other information or indicator 2191 that identifies the status and state of the separate computing environment (or some component within the ICE). (2108-2) or otherwise communicate. These states and states can be one or a combination of operational ready status, processing ready status, file copy or save ready status, reset status, and / or control environment. This may include other data or information needed or available.

The separate computing environment may also be stored in the window xy coordinates and optionally in the control environment 2108-2 and / or the desktop and user interface computing environment 2108-1 (or separate video graphics processor or video display unit controlled by CSCE). The window dimension 2192 for use by may be transmitted or otherwise communicated to a single display device (if such a single display device is desired) to combine or merge different computing environment windows. Communication lines or links 2191 and 2192 may also be shared on a single line or link. In addition, various traits described elsewhere herein may be communicated over the communication line or link.

Such communication paths and other communication paths, communication links, or single lines, as described elsewhere herein, may further reduce the likelihood of infection between one computational environment and another computational environment, in the form, sequence, number, or Can be fixed with filters or limiters that restrict the volume of information, data, binary bits, and so on. These filters and limiters are described in more detail in other embodiments of the present invention.

If an appropriate combination of operating system, application program, and user data is present in the CE 2108-4, the word processing operation can be initiated. The file may be stored in the TDP 2163 until there is a word processing program, or by using an intermediate store with a write operation to the UDPS 2143 by a suitably configured switch SW3 2253.

When any read or write operation is performed between MTDS 2142 or UDPS 2143 and storage (such as STP 2164 or TDP 2163), CPU 2160 is uncoupled from storage or Advantages in that it prevents the MTDS 2142 or UDPS 2143 from being exposed to the CPU 2160 in a manner that allows malicious code to execute and contaminate the protected storage MTDS 2142 or UDPS 2143. There is this.

When word processing is complete and a new, edited file is written back to the protected storage device, the contents of a single or state change or "flag" or other indicator, the next command from the CSCE, STP 2162 and TDP 2163 are removed. And are erased. This removal or deletion is the actual deletion, such as overwriting the storage media or formatting the master boot record or partition table, so that any malicious code that may exist in the last data set stored on another file or data set. It is good to prevent it from spreading This is different from the most conventional system, which simply updates the directory to remove references to the removed files instead of the actual removal. The desirability of erasing used storage space and preferably entire accessible storage space makes fast solid state memory preferred over slow electro-mechanical storage devices such as hard disk drive storage. This also allows to reduce the amount of storage space accessible in the computational environment considerations. It also dynamically allocates storage space in some embodiments of varying sizes, increases accessible memory as processes create a need for more memory, and stores solid state memory and large, inexpensive hard disk drives. It enables the ability to configure both devices.

Consideration of the present invention provided with respect to this aspect is that user data that was present in the protected storage UDPS 2143 contaminated by virus is transferred to the CE 2108-4 together with the virus and then in the CPU 2160 and the computing environment. Will expose you to operating systems that can support the execution of virus code.

If the virus is not running for some reason, such as when the OF virus has been exposed to the CPU and operating system but the virus has an unsatisfactory run date condition, the virus may be stored in the protected storage device UDPS 2143 or together with the file with the virus. Will be returned as a new, independent file for the. In this case both the specific computing environment 2108-4 and the system 2100 are not totally compromised by exposure by a virus (or other malware).

On the other hand, if a virus (or malicious code) runs for a while in computing environment 2108-4, it corrupts the CPU, CPU related RAM or other memory, and / or the STP 2162 or TDP 2163 storage device. Or if contaminated, its detrimental effect is limited to a separate computing environment 2108-4. Paths to the architecture and processing systems and methods ensure that viruses or other malware are removed from the rest of system 2100 and do not affect data and system 2100 within protected storage MTPS 2142 or UDPS 2143. Not provided. Although a virus-contaminated file is returned to protected storage MTPS 2142 or UDPS 2143, other computing systems, applications, or other data files may contain any bits that PSCE 2108-3 contains in the data. Since it does not contain a processor capable of executing the pattern, it cannot be contaminated and has "0" and "1" bits and does not have program meaning in the computing environment. Recall again that this is a simple copy operation by hardware, software and / or firmware that can only perform copying if only the operation in which the bits are published is required. If the virus is run in a PSCE and other computing environment 2108, the virus may damage or distort a copy of the file, and the original data or file of the PSCE remains intact. Clearly, once a virus or other malicious code is found to be present, it may be desirable to take steps to treat or remove the virus and replace the virus contaminated version with the cured version. Such virus or malware detection and / or repair operations may in fact be one of the processes performed in a separate computing environment for the copy of the file before the cured copy of the file is returned to the protected storage. Saving files as versions rather than writing is an alternative storage option.

When describing the structural and operational features of safely handling malicious contaminated files, it is beyond the scope of the present invention to describe a graphical or display screen presentation to human user 2129. For illustrative purposes, assume that computer system 2100 provides a window system in which each process can be displayed in a separate window of the display subsystem. Computing systems such as Microsoft Windows, Unit, Linux, Apple Macintosh OS, and other common computing systems support the windows and structures and technologies that provide a display for each process of individual windows of a common display. Thus, each computing environment provides a display screen or graphical output 2187 processed by video display subsystem 2192 to provide a window multi-task processing system similar to conventional multi-tasking window systems. Input / output, such as keyboard 2190 and mouse 2191 or other pointing device, are similarly provided by assigning a mouse button and keyboard button presses to an active process or window. In user 2129 or any environment, the system itself identifies the selected or active window, and keyboard and mouse actions are tracked and identified as the selected process. In essence, the keyboard, mouse or pointing device and display process are assigned to the active window or other identified active process via UICE 2108-1 and CSCE 2108-2.

In a similar manner, each other device or peripheral in the computing system may be a floppy-disk drive, USB ports, and any USB peripherals, modems, network interface circuits or cards (NIC) connected through these ports. Modems, SCSI interfaces and devices, PC card slots and interfaces and devices connected through these interfaces, CD readers / writers, DVD readers / writers, scanners, printers, audio systems , Microphones, speakers, serial or parallel interfaces and devices, cameras, recorders, and any other I / O or peripheral devices that can be connected to a computer or information equipment without limitation. Or one or more of the systems.

As such advanced structures, the system and method include computers, PDAs, mobile communication devices and telephones, cell phones, digital cameras, video recording devices, navigation and mapping systems, automotive engine management systems, aircraft navigation and It can be applied to various sets of devices and devices with a processor, such as, but not limited to, guidance systems, and also integrates the processor and is vulnerable to viruses, spyways, boats, computer hackers and other malware Applicable to all manner of electronic devices and systems. Unintentional problems associated with the execution of computer code that are not fully debugged are any defects in the code that adversely affect the rest of the system when the code is tested, debugged, or otherwise used in one of the separate computer environments. Recall that it can be adjusted in a way that prevents this. Thus, the set of possible input devices, output devices, input / output devices is a large and diverse set, and is not limited to devices associated with conventional desktop or mobile notebook computing. The peripheral device may for example be a motor vehicle or an aircraft controlled or monitored by an information system formed in accordance with the principles of the invention.

Although these other peripherals can be recognized in the desktop environment of the UICE 2108-1, the process of actually accessing these peripherals (in addition to the keyboard and mouse) may be used in other discrete processing environments that require access to the peripherals. Initiate a new process that interacts with a peripheral through data derived from, or preferably stored and shared via UDPS, providing data or interacting with a peripheral or subsystem.

Alternative embodiment combining functions of user interface, control & switching, and protected storage computing environments

These operations are combined when describing the structures and operations performed by the control & user interface computing environment 2108-1, the switching computing environment 2108-2, and the protected storage and read / write computing environment 2108-3. It can be appreciated that the embodiment of FIG. 10 can be performed in a single computing environment separate from a separate user computing environment, such as separate computing environments 2108-4 or 2108-5. In particular, these structures and system configurations perform the above operations by transferring or copying data or programs to a separate computing environment for execution without the combined block having the ability to execute user data and / or untrusted code. One may provide at least some of the advantages of advanced systems and methods so long as they are not open or executable. In some embodiments only reliable access to the control entity is allowed (whether distributed between multiple computing environments or combinations thereof). For example, according to rules and policies that may be enforced, keyboard and mouse input may be treated as a reliable input or interaction medium. Standard security procedures for booting and logging in to a computer or device, such as a password or biometric, can be implemented to provide confidence that the user accessing the system and possible input keyboard and mouse inputs is trustworthy.

Alternative Embodiments Using Dynamically Configurable System Components

Describing one particular multi-computation environment describing some of the operational, control, interface, and protection features, a common set of computational environments may include a user interface computing environment (UICE), control and switching computing environment (CSCE), and protected storage calculations. Attention is directed to the environment (PSCE) and other alternatives used to implement a particular set of other computing environments (CE) that may be configured to perform word processing, email, internet browsing or other operations.

10 illustrates an alternative embodiment of a system 2200 for processing data or other information. As in the embodiment 2100 just described in connection with FIG. 9, such a system and structure 2200 may comprise one or more processors, controllers, microprocessors, together with methods and procedures for configuring the system and operating the system. Or CPUs, ASICs, logic circuits, or other means for processing electronic data.

For ease of explanation, any elements such as various computing environments, peripherals, switches and control lines, and other signals are shown in the same or similar topology and are provided with the same reference numerals. There are many ways to implement the principles of the present invention and each of these details and figures (eg the embodiments and system configurations of FIGS. 9 and 10) is an exemplary way of implementing and operating a system in accordance with the present invention. Will be recognized.

System 2200 includes a desktop and user interface computing environment (UICE) 2108-1 processing unit, a control and switching computing environment 2108-2 processing unit, a protected storage computing environment 2108-3 processing unit, and two separate units. Processing unit calculation environment IPUCE # 1 (2108-3) and IPUCE # 2 (2108-5). In the embodiment of FIG. 9, typical processing unit elements will be described to achieve proper operation of specific processing units 2108-1,..., 2108-5,..., 2108 -N. In the embodiment of FIG. 10, a common component configuration is described that allows multiple modular units to dynamically perform the functions and operations necessary for initialization, configuration, and operation of system 2200. While the same or common components are not needed, there are advantages of using a common set of components that can be customized or made into software, firmware, and user or system data depending on the intended operation and processing functions.

The description focuses on implementation differences (if present) and / or details because there is a general agreement between computational environments 2108-1 through 2108-5.

With respect to the desktop and user interface computing environment (UICE) 2108-1 processing unit, the CPU 2120 now includes memory in the form of a processor (PR) and processor coupled RAM, and a known optional processor chip set and BIOS. Note that it is shown as. It will be appreciated that any form of processor, micro-processor, central processing unit, ASIC or other logic circuitry capable of performing the tasks of the control and switching computing environment 2108-2 may be used. A data top and user interface computing environment (UICE) 2108-1 processing unit for the entire system 2200 that may require a CPU capable of executing sophisticated computer program instructions and performing sophisticated and complex data processing. May be a very simple component.

Similar explanations may be made for the control and switching computing environment 2108-2 and the processing unit and the protected storage computing environment 2108-3 processing unit. Indeed, in some embodiments the functions of the control and switching computing environment 2108-2 processing unit and the protected storage computing environment 2108-3 processing unit may be performed by a single unit 2155, in other embodiments the master. Template copy switch 2151 and protective storage copy switch 2152 may be combined on a single unit 2156.

UICE 2108-1 receives signals 2184A from CSCE 2184A- 1, receives operating system (OS) and / or applications from the protection master template 2184A- 2, and protects storage ( 2184A-3). It can also send data back to protected storage 2184A-4. These four sets of signals are described as being in each of the computational environments even though not all connecting lines are shown for clarity. Not all signal lines are required or used for some processing operations.

The embodiment also illustrates the allocation function used in conjunction with UICE, CSCE, and PSCE to make other peripherals available for processing operations. In at least one embodiment, a keyboard and mouse (or other pointing or selecting device such as a touch screen, for example) are available directly to other computing environments and desktop and user interface computing environment processing units.

Optional ASIC 2126 is also described. In at least some embodiments, the CPU or ASIC (or other logic circuit) may be sufficient to provide the required interface processing capability, but is described herein in a modular fashion and general purpose.

With regard to the control and switching computing environment 2108-2 processing unit, the control and switching computing environment processing unit (CSCE) determines that the storage contents for the programs and data depend on the functions and operations provided by the computing environment. Although recognized, they are shown as a similar set of components. In the case of CSCE 2108-2, temporary storage 2149 is indicated to include I / O switch configuration data 2158 and data transfer or read / write configuration data 2159.

A set of similar components is described with respect to the protected storage computing environment 2108-3 processing unit. Protected storage for master templates and user data is described as part of this unit. Copying of multiple templates suitable for template copying of operating system and application program elements or other processing operations that may be required by the user in some embodiments is stored in the protected storage 2141. User and possible system files are stored in protected data storage UDPS 2143. Recall that protected storage is not disclosed to a processor or CPU capable of executing user data (or code instructions) that may be present to be disabled or separated from the protected memory if a processor or CPU is provided. Thus, switches 2144 and 2145 take other steps taken to disable the process, such as opening, removing the operating voltage, or suppressing the operating clock signal required for operation. This generally means that circuitry, such as an ASIC or other logic or processing circuitry 2146 that interacts with software and / or firmware, provides the processing power to write to and read from the protected memories and preserve their separation. something to do. The master template copy switch and the protected save copy switch or switches may be part of or separate from the PSCE but may communicate with it. Copy (read and / or write) may be performed by, for example, an ASIC or other logic or processing circuit 2146.

Computing environments IPUCE # 1 (2108-4) and IPUCE # 2 (2108-5) maintain this modular computing environment structure in connection with two separate processing units. These processing units may advantageously include a CPU that supports the full spectrum of processing operations that may be required to perform such as word processing, connection and interaction with the Internet, cellular telephone reception and voice coding and decoding, and the like.

Embodiments with Combined Control & User Separate Compute Environments

11 illustrates another alternative embodiment 2300 of the present invention having a combined control computing environment and one (or more than one) separate computing environment. The combined control calculation environment provides any necessary operations of the control & user interface calculation environment 2108-1, the switching calculation environment 2108-2, and the protected storage and read / write calculation environment 2108-3 described above. To adjust the operation of calculation system 2300. Separate computing environment 2304-1 includes storage 2380 in which the ICE is switchably coupled and separated from the processing logic and processing logic 2381 for executing a set of instructions intended for the ICE. Except to include, may take the form described in the initial embodiment and will not be described in more detail herein.

In any given embodiment, some features and procedural steps are optional and may not be required depending on the appropriate capabilities and / or appropriate security or immunity to implement. Some features and procedures may be executed dynamically, depending on the current state of the system and the intended computing environment behavior, among other factors. In either case, it will be appreciated that these control operations are performed in a separate (physical or temporal) computing environment from a separate user computing environment.

In this embodiment, the control processing or computing environment (CCE) 2302 is set up and operated to create, control, and terminate one or more separate computing environments 2302 -N. In this embodiment, only one separate computing environment 2304-1 is described for illustrative purposes only, but any number of separate computing environments (ICE) or subsystems for user processing may be flexibly or dynamically. Can be configured and operated.

CCE 2302 may be any logic circuit or other logic means 2320 (eg, controller, micro-controller, processor, microprocessor, central processing unit or CPU, ASIC, programmable logic unit, etc.), and one or more switches or Storage 2232 which can be switchably connected and disconnected to logic means 2320 via switching means 2325 and one or more communication links 2328. The switch or switching means 2325 may generally comprise a number of switches or switching elements suitable for connecting and disconnecting signals and data between the storage 2321 and the logic means 2320, such as a CPU. Known signal conditioning circuits may be included to connect and disconnect logic circuits and storage devices.

According to the type of logic circuit or logic means 2320, individual memories, such as in the form of ROM, RAM, registers, etc., can be switched or connected (disabled or disabled) via one or more memory switches 2326. Can be enabled). The switching may optionally perform one way (eg write or read) or two way communication or signaling to memory or storage. With respect to this embodiment and other embodiments of the invention, terms such as switches, switches, switching means, etc. may be interpreted as broadly as possible and may also physically or logically connect or disconnect signals from one location to another. Or any device, hardware or software capable of enabling or disabling the ability to communicate signals between the locations, whether or not there is an electrical or optical connection.

The type and capability of the logic circuit or logic means 2320 may generally depend on the logic or other processing operations to be performed by the CCE 2302. For example, processing operations to be performed as control for a general purpose notebook computer may differ from control operations to be performed at least in part with respect to a cellular phone or electronic camera since the operations to be performed by these other devices may generally be different. .

  In some embodiments, various switches (eg, switches 2350, 2360, 2325, 2326), and storage 2321, memory 2232, I / O or peripherals (eg, keyboard 2390). Switching capability to connect or disconnect signals or communication with storage (s) 2380 of mouse 2391, or network NIC 2392) and / or separate computing environments 2304 may be selected from logic circuit 2320. Or in other embodiments may be provided by separate switching logic devices, ie all or partly controlled by logic circuitry or logic means 2320. In these or other embodiments, a signal switch or A set of switches or multiple individual switches can be used to perform the appropriate switching operations.

While at least some of the switches may be at least partially controlled by CCE 2320, communication links, signal lines, buses or other connections do not pass through elements of CCE 2320 or CCE 2320. Accessible by elements of. For example, in at least one embodiment, the network NIC 2392 may be switchably connected or disconnected from the separate computing environment 2304-1, but data or bits received from the NIC do not pass through the CCE 2320. It only passes ICE 2304-1 to prevent exposure to malicious agents. In at least some embodiments, individual modem and / or network NIC devices and communication paths are provided to receive data from an external environment and to transmit data to an external environment to provide additional measures of immunity and system protection. When the received data is separated from the transmitted data, it provides a measure of protection to other computers or devices outside of the system 2300 because the opportunities for transmitting data that are contaminated or containing a malicious agent are reduced or eliminated. Storage 2321 may be implemented as a single physical device, a combination of two or more physical devices, or as one or part of one or more physical devices. For example, storage 2321 may have any type of magnetic memory, optical memory, solid state memory, or other memory types that may be known or developed.

In the described embodiment, storage 2231 is configured for switch to master template protected storage (MTPS) 2322, user data protected storage (UDPS) 2323, storage and / or I / O devices. In addition to providing information or data 2324, it also provides an operating portion for operating system elements and application programs 2325 that may be needed to support device interfaces with users and controls. Temporary work storage 2326 may also optionally be provided. In some embodiments, the type of storage for these other storage components may be advantageously selected to facilitate fast read and / or write access and / or erase of the components from the storage. In particular, the solid state or semiconductor memory may facilitate fast access, preparation and reliable erasure of the user computing environment after the user computing environment session is completed and terminated or blocked.

One or more separate computing environments 2304-1,..., 2304-N can be configured flexibly or dynamically. When multiple processors or other hardware have a tendency to limit multiple physical (eg, hardware) individual sessions, additional separate computing environments optionally use temporal separation but as intermittently described herein. It can be implemented by accessing hardware.

Each ICE 2304 may require access to read and / or write to protected storage (eg, MTPS 2322 and / or UDPS 2323) or other portions of storage 2321. Switchably advantageously connectable to storage (or portions of storage) 2321 via CCE control switch 2350. In the embodiment described in FIG. 11, data-in 2351, data-out 2352, and OS-Apps (operating system and applications) 2352 communication or signal paths are described. In other embodiments, a single communication or signals path (eg, wire, multi-wire bus or optical link) may be used with path assignment and arbitration circuitry or other logic means to assign and control communication over a single link. have. In addition, systems that can provide for any operating system and / or applications within the ICE 2304 need to provide a path between the storage 2321 in the CCE and the storage 2280 of the ICE 2304. There is no.

These or these same communication links 2351, 2352, 2353 communicate arbitrary flags 2355, window xy coordinates 2356, ICE video output 2357 and / or dedicated or temporarily shared intermittent Can be used to connect peripheral devices in a manner. Optionally, separate dedicated or shared communication links may be used for these signals or data.

Flags 2355 indicate "ICE to read master template", ICE to read user protected data "," Completed ICE processing "," ICE processing error occurred "," Request to save file to protected storage " CCE 2320 and ICE 2304 such as, but not limited to, "Completing file save operation", "CCE instruction to reset and erase ICE", and other instructions and status to support proper operation. Provide status and / or commands and controls. In some embodiments of the present invention, the nature and complexity of the flags are simple and short to reduce or eliminate any possibility that state or command and control flags may inadvertently communicate or transmit a virus or malware between ICE and CCE. (E.g., a few bits or bytes) remain intentionally.

As already described in connection with other embodiments, video or graphic related output signals or data 2357 may be provided on a display screen or other device 2393 for presentation or representation of an ICE user environment (eg, a word processing screen). Can be captured and displayed. In most embodiments, a single display device will be used but the present invention does not exclude multiple display devices or in fact multiple video or graphics processors. When operating in a windowing environment, the window xy or line-sample coordinates and window sizes or other descriptors for the ICE window indicate that multiple windows from different ICEs are generated by the CCE 2302 or the video display 2393. The CCE (or video processor 2392) is controlled by the CCE to enable a desktop (eg, Microsoft 2000 desktop) display to be coupled with each other and optionally but suitably.

Filters or limiters that limit the amount of data and / or data type communicated over the communication path are between CCE storage 2321 and ICE 2304, and / or between ICE 2304 and video display control unit 2392. And / or alternatively but advantageously may be provided between CCE and / or ICE 2304 for flags, window coordinates and dimensions, or other state or command and control signals.

For example, storage access limiter 2370 may be provided between storage 2321 and ICE storage 2380. In a similar manner, limiter 2331 may be placed in the video signal path between each ICE and CCE or video display control unit 2392.

In one embodiment the limiter is combined with switches (eg switches 2350, 2360), while in other embodiments the switches are separate switches. This filter or limiter function may be implemented as part of the CCE logic device, part of the ICE logic device, or both. Redundancy with respect to some verification between ICE and CCE elements may optionally be provided. In general, in this embodiment, some of these filtering or limiting operations will include a comparison between the attempted communication and the authorized communication set. If the attempted communication is allowed, the attempted communication will pass and if not allowed it will not. Various error messages and / or notifications may be selectively but suitably implemented according to rules or policies.

Embodiments with a Single Compute Environment Temporarily Separated for Controlled and Separate User Processing

Referring to FIG. 12, an embodiment is described in which FIG. 12 provides only a single physical computing environment but can support multiple logical or virtual computing environments using intermittent access and temporal or temporal separated access. This single physical computing environment may support the control of the CCE described in the previous embodiment and a separate processing computing environment of one or more user processing sessions. This type of intermittent access with temporal spacing may be used with other embodiments of the present invention that may have or support multiple physical computing environments.

In the described embodiment, a single processing logic element 2404 (eg, such as a processor, microprocessor, ASIC, controller, microcontroller or other logic or processing circuit means) is connected via a switch or switching means 2412 to storage ( 2406 may be communicatively connected.

In one embodiment, storage 2406 may be physically or logically partitioned or separated to provide separation between separate computing environment storage 2410 and control computing environment 2408, where, for example, master templates and protected users. In addition to data, any operating system and application can be stored without worrying about contamination. Separate compute environment storage is provided for storing working copies of user data, operating system and application components, and temporary storage during ICE execution. Sharing a common physical storage device ensures that execution of malicious code while operating in ICE mode does not reach, contaminate or infect protected data storage devices such as corruption of master templates, original protected user data files, etc. Control routines or procedures are advantageously involved.

Other embodiments of the present invention utilize memory separate storage or access control to prevent unintended access such as access that may allow hackers to attempt to overflow the allocated memory address range. to provide. Providing physical separate storage for control and protected storage with regard to the separation of computing environment work storage provides an additional level of isolation because it offers the possibility of complete physical separation, where communication lines or buses are contaminated Do not interconnect the two that do not occur (or they may be physically or logically switched or disabled). The use of other physical storage also benefits from the use of magnetic storage such as ROM or EEPROM for control environment storage portions, other storage devices such as RAM for ICE, and hard disks for storing any large data or programs. Provide them selectively but advantageously. One of the ICE or CCE requirements for storage makes it possible to use a number of different physical memories and / or memory types.

The switch or switching means 2412 combines and isolates a selected one of the computing environments and input / output or other peripheral devices (such as, but not limited to, the keyboard 2418 and the mouse 2418). can do. In embodiments where the same processing hardware is allocated in time to different computing environments, switching may be desirable to enable or disable the use of inputs, outputs or other peripherals so that proper isolation is maintained. For example, although the keyboard and mouse may be combined with a control and isolation computing environment that performs word processing applications, the network NIC card may or may not be combined with a separate computing environment that performs Internet network browsing sessions, rather than a control environment. It can be enabled into the computing environment.

In one embodiment, a reset mode is provided to initiate a boot or restart to a known initial state. Operating systems and applications for this initial state are stored in the non-volatile memory of control environment storage 2408 in a form that can be easily reset and reloaded. In one embodiment, it is stored in a high speed ROM. This mode allows the separation computation environment to perform processing operations that normally complete upon creation of one or more new files or data sets or creation of modified or new versions or versions of such files or data sets. In one embodiment, the reset mode procedure appears to be a specific storage range for any such new or modified files or data sets or adds or protects files to protected storage in accordance with defined rules or policies. Copy files from the storage device to the protected storage device for replacement. Since the reset mode procedure simply copies files or data sets but does not open or execute them, protection is maintained in the other embodiments described.

In another embodiment, time separation in which hardware resources are shared is performed by saving and restoring an intermediate logic device or processor 2402 state. By storing the processor 2404 and any other necessary state information or data, one process, such as a control process, can be interrupted so that a newly separate computational process can be performed (completely or partially), and the control processor state can be interrupted and Saved and restored when restarted. Multiple processing sessions may be performed in this manner using a minimal set of physical hardware. Structures and methods of storing and restoring processor state so that multiple processes can be regulated for a defined period of time are sometimes referred to as concurrent processing or multi-tasking. These known structures or methods will not be described in further detail. However, in the context of the present invention, registers or other memory storage devices may be provided to separately store processor 2404 state for multiple computing environments so that separation is maintained and malicious code cannot avoid separation. Note that there is. Thus, each temporally allocated individual segment of the processor (such as chips, RAM, storage, or some combination of these or other components or segments) may be reset or individually, in some groups or collectively. Can be treated.

In one embodiment, a separate reset logic device 2450 is a hardware or software reset that transitions between different computing environments, stores state when one process is interrupted, and provides isolation control to restore the state when the process is restarted. Is associated with a button or switch 2451. The reset logic device may be hard-wired or programmable and generates signals to the processor 2404 and the switch 2412 to save and restore the settings and state of the other device 2400. Control lines for device components are provided between the state storage registers 2453, the storage device 2406, the processor 2404, and the switch 2412 as needed. In some embodiments, the process in a separate computing environment can be completed so that generally only the control process can be stopped. In other embodiments, any process may be stopped and restarted.

It will be appreciated that some embodiments of this type may be particularly applicable to so-called thin computing devices such as cell phones. In such devices there may be a need to adjust the voice processing associated with a phone call and to receive electronic images or images or to find calendar items or phone numbers during a single use of the device. By easily performing multiple processes of this type using minimal hardware, the cost of the device can be reduced, as well as the device can be miniaturized and power consumption and heat generation can be reduced.

Alternative embodiment with a single, shared time computing environment for control and separate user processing

13 illustrates a generalized configuration for an architecture and system 2500 in accordance with aspects of the present invention. In this embodiment, the first computing environment 2501 is a desktop environment, control environment, functions and / or erasing / reformatting of the environment, switch or switches, switch configuration (s), protected storage (s), Network interfaces and connections or cards, ASICs with predetermined or dynamically determined capability-limited communication functions to provide or preserve isolation levels, video processing and / or video control, mouse and keyboard input, input / It may be configured to include or support the functions of output connections, peripheral connection and control, and combinations thereof as needed. This first computing environment 2501 is connected to a second or user computing environment 2502 via a switch 2503 (which may itself be optionally configured or implemented within the first computing environment). This second user computing environment has the same separation as described in easy embodiments of the present invention and is thus subject to contamination by viruses, hackers, cyber-terrorism, and accidental or intentional attacks or malicious computer program code. Provides the same immunity.

Typically, user computing environment 2502 will generate a video output signal that can be processed by user computing or through first control computing environment 2501 to be displayed by the display device. However, it will be appreciated that in some embodiments of the present invention all computing environments do not require a user's recognition or video output signal for which a separate computing environment should be generated. For example, in any cell phone, the computational environment created for processing or coding and decoding voice signals may simply generate the necessary signals without requiring any video output. This is merely an example of a situation where the output is a data set, in which the data set is generated and used in real time or near real time and is not stored. It will be apparent from the detailed description set forth herein that the inputs and outputs of any computing environment will vary depending on the processing task.

The switch or switching means 2503 is a data 2506 between the first computing environment 2501 and the user computing environment 2502 that controls control, interface, protection storage, switching and other functions for operating the system 2500. (Such as a copy of a user file or document) can be combined or separated. Additional optional limited communication link 2508, which may include communication lines and optional ASICs or other logic circuits or logic means, includes file storage, computing environment erasing, memory erasing, and storage disclosed herein. It may be provided to support operations such as erase, window and / or object coordinates and identification communication, mouse coordinate communication, and the like. These switching are optional and the communication path can be directed and any combination of signals (command, data, etc.) can be combined and multiplexed or communicated over a limited set of communication links. Such a communication link may be wires, buses, optical links, or other connection means known in the art.

As another embodiment disclosed herein, filters or limiters 2510 may be provided in any communication path to filter or limit the form, pattern, or number or amount of data or bits passing through the communication path. Can be. Another optionally specified dedicated communication path or link 2526 may be provided as another common shareable communication path or link.

PC Card Bus or Interface Card Embodiments and Conventional Computers

In some embodiments disclosed with respect to the systems, architectures, and methods of the present invention, the inventors of the present invention rely on an ISA bus, PCI, bus, USB bus, SCSI bus, PC card bus or other bus, or bandwidth suitable for the required level of performance. Systems, architectures, and methods of the present invention that are suitable for an attached card or other circuitry via an interface that provides In a similar manner, the present invention is directed to any card that can be retrofittable plugged into a system or peripheral bus, for example, ISA, PCI, SCSI, Firewire, USB or other buses or connections, Can be used with chips or chip sets.

PC Card implementations allow notebook computers and other information devices with PC card slots or cables that can be modified to provide anti-virus and anti-hacker performance without completely replacing notebook computers. This is especially useful.

With reference to FIG. 14, elements of a PC card coupled with a host computer processor and main processor memory are described. In a typical PC card interface, the PC card couples the computer's PCI local bus via PCI to the cardbus bridge as is known in the art. Finally, the PCI local bus is coupled to the host computer bus through a host-to-PCI bridge. This host bus is the same bus that is combined with a host computer processor or CPU. Access to all peripherals and host processors of the host computer provides a way to retrofit a PC card based auxiliary processing system with the advantages of the systems, architectures and methods of the present invention.

Referring to Fig. 14, a schematic diagram of a PC card version of the present invention is shown. Although a PC card is preferably used, the present invention can be implemented in other different devices and can be connected or combined with other information devices by a notebook computer or other interface existing or to be developed.

The PC card bus provides all the signals required to combine the notebook computer with the circuitry of the system of the present invention. In one embodiment, the circuitry of the host computer is used to provide a user interface computing environment, while in another embodiment only the processor of the PC card is used for processing. In one embodiment, the hard disk drive of the host computer is used, while in another embodiment, a solid state memory coupled to or on a PC card by a cable is used. Preferably if the computer has multiple PC card slots or connectors, one slot can be mounted and connected to the PC card having the processor system of the present invention, the second card being a hard disk, optical, solid state It may have a memory store or other memory storage device or a combination thereof. Storage may also be provided on processor PC cards and PC-based storage devices.

FIG. 15 illustrates a generalized architecture 2600 that couples the PC card 2602 to the PC-to-Cardbus bridge 2604 by coupling the bridge circuit to the PC local bus 2605. This PCI local bus is in turn coupled to a host-PCI bridge 2610 that provides access to the host bus 2612 and the host processor 2614. In addition, main memory 2616, such as DRAM, is coupled to host bus 2612 and PCI local bus 2605 via post-PCI bridge 2610. In this embodiment the PC card comprises the computing system of the present invention while the host processor 2614 is a processor mounted in a conventional notebook or desktop computer. For an ISA or PCI card, they can be connected directly to an ISA local bus or an ISA bus as is known in the art. PC card 2602 may preferably include the computing characteristics of storage, network interconnect cards (NICs), modems, graphics processors, wireless communications, and other devices and peripherals of the overall computer system.

Alternatively or additionally, PC card 2602 may include a connector that couples such devices to the card. In another embodiment, a second PC card 2602 is provided to enhance storage, communications, video processing, or other features and includes a PC card (or desktop type computer) that includes the processing and computing environment of the present invention. And another plug in the card). The ability to provide the computing and processing environment of the present invention in a retrofittable or pluggable package may include a mobile phone, an organiser, a personal data assistant, a satellite phone, an appliance, an entertainment system, or a plug. It can be extended to various hand-held and portable devices, such as in-cards, or other devices or systems with external interface capabilities.

16 is, but is not limited to, memory element (RAM or ROM) 2702, any form of storage device (magnetic hard disk drive or other storage system or device 2706, solid state memory 2708, optical storage device). 2709), video processing element 2704, signal processing element 2711, Ethernet interface 2712, network interface card 2713 or performance, modem 2714, wireless interface 2715, processor Individually configurable system components, such as 2705, switch or switching element 2730, communication path, wire and / or bus 2720, ASICS 2725 or other components disclosed in connection with the present invention. An embodiment 2700 of the present invention is shown. Only interconnect performance is shown in the figures and may be applied to any embodiment of any of the forms disclosed and described above that provides further architecture, topology, system and methodology. Dynamic configuration or reconfiguration takes place during initialization (even if other processing operations are in progress), or system reset. In some embodiments, an allocation table or data structure 2725 identifies and stores assignments of different parts and elements to different computing environments.

Dynamic configurability of some or all of these components has already been disclosed with respect to other embodiments of the architecture, system and method of the present invention. For example, the calculation environment and parts of the calculation may be modular, and may be associated with a particular defective part and / or CSCE or CCE calculation environment until a defective part or a set of parts comprising the calculation environment is replaced or repaired with a work part. It is dynamically configured such that the same computing environment can adopt the service by the controlling entity. In addition, some embodiments of the present invention may provide a physical structure that forms a dynamically assignable and configurable central processing unit (CPU), microprocessor, micro-controller, ASIC, or computing or processing environment of the type previously disclosed. Can be used in combination. This dynamic configuration also provides flexibility in selecting the properties of a part or element for a particular processing task when parts or elements having different properties are physically available within the system. In some instances, the complexity of the processing or computational task may be such as the requirement for very fast processors or large memory, or in other instances the requirement to minimize power consumption for adequate monitoring tasks that require less processing power or speed and minimal amount of memory. It appears in the physical element that supports the desired computational environment. Such selection and configuration is under environmental control, processing requests, under user control, in particular under automatic control of the computing system according to certain predetermined or dynamically determined rules or principles, and depending on the physical or logical state of the optional or predetermined measured computing system. And preferably, depending on complexity, application program size, and data set size. Yet another embodiment of the present invention provides for dynamic allocation of individual elements (such as CPUs and storage devices) that can be assembled as computational elements that are not physically connected at the time of manufacture of the computer and even not located closely within the computer system hardware. do. In some embodiments, dynamic assignment and configuration involves and utilizes external components or elements as configured via external ports via the switching system disclosed above. In some embodiments, the control computing environment (CSCE, CCE or other control computing environment disclosed herein) interacts with and / or switches or switching systems as described for peripheral devices, input / output devices, and / or storage devices. Or controllable to mount path communications, computational system element switches, and links and connections that provide the intended operation.

16 is a single schematic "line" in which each component is connected with other components by a wire, wire set, bus, or other communication link having appropriate electrical (or optical) characteristics and signaling protocols supporting the intended communication. Different types of parts connected to the " Such suitable properties are known in the art and are not described in detail herein. Some embodiments of the present invention provide a dynamic configuration of all the components and elements disclosed above (others are not specifically listed), while other embodiments dynamically configure different data storage devices in a dynamically or statically configured computing environment. It provides more limited dynamic configurability, such as the ability to do so.

FIG. 17 illustrates an embodiment representing multiple computing environments, each computing environment comprising a set of wire components, buses, or other interfaces that connect the computing environment components to different signal lines or buses via a switch "X". do. It is also shown that multiple data storage subsystems can be dynamically allocated to the entire computing system used by different computing environments (which can be included in multiple physical devices themselves or have different logic portions). In some embodiments, each computing environment may include certain data storage components and a dynamically assignable or switchable data storage device requires storage for storage or processing tasks (including, for example, temporary storage). Additional storage capacity is indicated when the capacity exceeds the amount of storage available within the limited computing environment.

18 illustrates a computational environment 2801 of the present invention that separates ICE's separate " sets " of the computational system or the entire computational environment 2801 of the present invention, and the video communication signal link 2806. A combination of multiple discrete "sets" of layered video via keyboard communication line or link 2807 (electrical cable or wireless link) and mouse communication line or link 2808 through multiple keyboards 2803 and It shows how the mice 2804 (or other input or pointing device) can be combined. The output is directed to a single monitor or individual monitors 2805 to form independent 'nodes' 2802-1, 2802-N, which are separated from each other and performed independently, rather than under the control of a single controller or control environment. Can be sent.

Embodiments Including Multiple Dynamically Configured Virtual Computing or Processing Environments

(Iii) the functions of the user interface, control & switching, and protected storage computing environment are combined (see the embodiments of FIGS. 9 and 10 and descriptions thereof); (Ii) system components are dynamically configurable (see the embodiment of FIG. 10 and description thereof); (Iii) there is a single, temporary separate computing environment for controlled and isolated user processing (see the embodiment of FIG. 12 and descriptions thereof); (Iii) there is a single temporary shared computing environment for controlled and separate user processing (see the embodiment of FIG. 13 and the description thereof); (Iii) there is a PC CardBus or other interface card embodiment and a conventional computer (see FIGS. 14 and 15 and their descriptions); (Iii) the system includes individually dynamically configurable system components that define the computing environment in accordance with the computing task or other basis; (Iii) a number of computing environments are defined, each having a different set of components and different interfaces for connecting different signal lines or buses and computing environment components via a predetermined set of components and wires, buses or switches, or multiplexers (ie, regulated sets of switches), or Various embodiments of the invention are disclosed, including embodiments, which are configured. Other embodiments of the present invention are also disclosed and these lists are intended to establish a basis for distinguishing other embodiments, rather than identifying all embodiments herein, and are considered virtual processing spaces and virtual processing environments.

As disclosed below, this embodiment is a physical system component (including aspects of selection, assignment and switching) with the expansion of temporal multiplexing (time or temporal dimensions) to any set of dimensions in a multi-dimensional virtual processing space. Integrate the dynamic configuration of the Embodiments also include other plug-in cards or modules, such as PCI card slot daughter boards, to replace the concept and dynamic configurability of a PC card bus or other interface, motherboard chip set replacement. Or in addition, and between conventional components, such as the interface of the present invention, which may be plugged (or matched) into the processor and motherboard of a conventional microprocessor (such as in the form of Intel, Advanced Micro Devices, Motorola, etc.). It may be extended to the concept of an interface that can be. In addition, the concepts of plug-in cards and interfaces may be combined. Embodiments of a virtual processing or computing space and a virtual processing or computing environment are described in more detail.

Of multi-dimension virtual processing space (VPS) including multiple multiplexed virtual processing environments (VPEs) Example

This embodiment and the embodiments disclosed above provide other malware harmful environments in which viruses, hackers, and each process remain separate from each other, or where virtual processing space may or may not exist. Process input from external and potentially contaminated sources is cleaned, dismantled, or reset to a known and trusted state before allowing a new process so that any contamination that may be induced by the previous process can be removed. It is processed through an input isolator as a separate processing environment within a virtual processing space. The processing environment then processes or executes the received external process and, upon completion, sends the process result or output to an external world, such as another processor or requesting processor, configured to receive the result via an output separator. The input and output separators may be the same physical separators or may be different, and the advantage of using different separators is that they can be adjusted and that the entering process partially overlaps with the outgoing process. If the processing environment detects a problem during processing, such as the execution or attempt to run a virus or other harmful or corrupt code (even code disguised as data), the process will not communicate with the outside world and flush the external process results. Can be. However, even when a virus or other harmful code is executed, the processing environment is cleaned, removed, reset or restored to a recognized and trusted state. In one embodiment, the recognized and trusted state is selectively restored from a trusted template or other protected storage device that is kept separate from the processing environment during processing tasks (including embedded templates of the present invention). The embodiment does not require the removal or resave). Trusted templates are a source for reloading operating systems, application programs, system parameters, and so on. In one embodiment, isolation is provided by providing a trusted template in read-only memory. In one embodiment, the separation from input to processor and from processor to output only performs bit or bit stream copy or transfer operations and cannot execute viral or other harmful code or be modified to perform other operations. Provided by hardware circuitry. An embodiment of a processing environment segregation scheme for two processing environments and two external processes is shown in FIG. 19.

Aspects of multi-process environment separation are disclosed, and a description of another embodiment of a single processing or computing environment, a multi-computing environment, and a temporarily multiplexed computing environment has already been disclosed. The description of how to maintain the separation state is applicable in the present embodiment, and discusses a multi-dimension processing space incorporating at least some of these features.

With reference to FIG. 20, an embodiment of a multidimensional virtual processing space for executing or processing at least one, but typically multiple or multiple processes is shown. Thus, the virtual processing space can be one, two, three, four or N-dimensional, where N is any positive integer. In principle, N is not limited and can be any positive integer, but a limited time period (or logic circuit, microprocessor, microcontroller, memory element and processing or computing hardware, etc.) on one or many physical hardware elements (or Due to the feasibility of configuring, assigning, controlling and / or operating multiple virtual processing environments within other operational limitations, in practice, the number of virtual processing environments may be any particular number between 1 and 10000, for example. Such as an integer, may be limited to numbers less than 1000, or less than 100, or less than 10, or less than 2, 3, 4, 5, 6, 7, 8, 9 or 10.

Because of the complexity involved in describing the structure and operation of three or more virtual processing spaces, an exemplary processing space in three dimensions is described herein. As used herein, the term "virtual" is used at least in part because multi-dimension processing spaces may be formed within a single physical processor that is discussed in either one or three dimensions, depending on their respective dimensions. do. Even if the time-based or temporal sequence of processor events is considered, dimensionality can be considered as either two dimensions (processor space chess plus time) or four dimensions (three processor space dimensions plus time). When multiple processors are configured, they can be further extended or multiplexed. In fact, the structures, devices and methods of the present invention provide a larger dimension such that the N-dimensional virtual processing space is created less than the N number and time of physical processors.

The embodiment of FIG. 20 shows "number of processors" (or number of processors), "processing time segment" (which may be interpreted as collection of one or processor clock cycles or other time intervals), and "process type" (in one embodiment). Dimensions of a resource) that can be interpreted in relation to a resource or set of resources within one of the physical processors. The processor type disclosed in FIG. 20 is not limited, but may be, for example, limited, floating-point operation, graphics rendering operation, communication operation, and computation, information processing, signal processing, communication, gaming, animation, speech processing. , Digital signal processing, and any other instruction, code, or any other mired of different operating forms associated with known forms of operation in computational or information processing techniques.

Specified processors are provided in accordance with the present invention that distinguish elements of a conventional processor to be integrated, or specified processors may perform other operations during a period of time in which elements that are not used for one form of processing operation are commonly or partially overlapped. Processor elements may be individually accessed or provided addressable. The invention also provides that a copy or multiple instances of processor elements are provided in a single processor such that all structures within the processor do not overlap. In the embodiment of FIG. 20, five virtual processing environments are defined within the virtual product space, as described in Table 1 below, which illustrates an exemplary virtual processing environment and multiplexed separate states or individual parameters.

An example provided by the virtual processing space can be analyzed with the multiplexing operation used to select one of the multiple inputs of the multiplexer as a single output of the multiplexer, such as when selecting an input signal such that the logic circuit is provided to a sequential circuit in the electrical system. have.

Table 1. Example Virtual Processing Environments and Multiplexed Separation or Separation Parameters

process Multiplexed parameters provide separation and separation from other processes Process or number Process / command type Time segment Etc One One Floating Point Behavior 50 ... 2 One Floating Point Behavior 70 ... 3 One Communication operation 50 ... 4 2 Floating Point Behavior 50 ... 5 One Graphic rendering behavior 100 ...

In the systems, devices, and methods of the present invention, external processors (or instructions, instructions, and data defining them) are selectively routed or multiplexed to a specific set of resources (referred to as a virtual processing environment) within the virtual processor space. . The virtual processing environment may be limited to physical or logical switches, switching element sets, or switches and switching element sets (eg, multiplexers or multiplexing sets).

20 illustrates an embodiment in which the N-dimensional virtual processing space 2950 defines a number of virtual processing or computing environments including VPE1 2951, VPE2 2952, VPE3 2953, and VPE4 2954. Some of these virtual processing or computing environments may correspond to physical processing or computing environments. Virtual Processing Space (VPS) and Virtual Processor Environment (VPE) Configuration, Allocation, and Control Unit (CACU) 2960 may include, for example, processor (s), memory, cache, I / O devices, keyboards, displays, Physical processing resources such as CD ROM, and any other components or peripherals required may be configured. In this embodiment, the VPS 2950 is defined in accordance with the physical processor identification dimension axis 2955, the processing time segment dimension axis 2956, and the instruction or process type dimension axis 2955. In this embodiment, the identified instruction or process type is a floating-point type, a graphics rendering type, and a communication type. Other types can also be identified. In one embodiment, an instruction or process type may be identified and used for various aspects of processing system resources. Further, as disclosed in connection with the dynamically configurable and switchable components in FIGS. 16 and 17, the processing system can provide the required set of configurable resources, and these physical elements can be assigned to a particular process. The ability to define a particular virtual processing embodiment may be limited depending on the physical processing resources, and the ability to limit the physical processing space supporting the desired virtual (or physical) processing or computing environment may be related to the physical resource presence. Variants such as physical resource expansion allow for an extension of the order of the VPS. If redundant resources are provided in a particular configuration, VPS 2950 may provide a copy or multiple instances of a particular VPE.

It also stores the recognized purification and function versions and any operating system, program application, driver software, system or program parameters and data, or other software elements that may or may be required to adjust a particular processing operation. Or in communication with a trusted template source 2958 that generates. The manners and instructions for protecting a template from alteration or contamination and using it as a trusted source of processing code are disclosed throughout the specification of the relevant patent application incorporated herein and by reference and are not repeated herein.

Isolated storage allocation control logic 2962 may be configured to provide a particular isolated storage lock (ISL) 2943 (eg, ISL ₁ 2944-1, ISL ₂ 2944-2). .., P _K (2942-K) to the process unit 2941 (processor inputs P ₁ (2942-1), P ₂ (2942-2), ...., P _K (2942-K)) You can connect. The separate storage allocation controller 2962 operates to switch the connection of the web or fabric of the possible connections so that a particular process is exclusively routed and connected to the available ISL 2943. These ISLs are connected to the appropriate virtual processing environment that is in contact with the physical resources. Operation related to processor output via input separation (or input ISL) (such as a physical representation of a VPE) and processor input connection output separation (or output ISL) is described with reference to the method of FIG. 21. Also disclosed are operations for dynamic switching and configuration and are not repeated here. Dynamic input of the ISL is not required and can be fixed among the input processes, but such dynamic configuration and assignment is desirable for further flexibility such as providing the dynamic configuration and assignment.

A three dimensional virtual processing space has been disclosed for the number of processors, time segments and process types in the embodiment of FIG. 20, but the order is not limited to only three dimensions. For example, properly configured physical structures, instruction sets and formats, data sets and formats, orders can be extended to other processing parameters, variables, conditions, and the like. In addition, the description so far is a personal computer, a notebook computer, a server, a router, a personal information device, a personal digital assistant, an information device, a cellular telephone, a TV, a home device, automotive electrical, industrial control and automation, a robot, aviation control and Although related to digital calculations currently commonly used in other calculations and information processing systems and devices, the present invention is not so limited. For example, the present invention can be applied to digital calculations and data processing as well as analog calculations and signal processing, and hybrid digital-analog devices and systems. The invention is also applicable to optical calculations in which additional dimensions such as frequency, wavelength, propagation mode, and other optical device and system parameters can be selected and multiplexed. Optical, digital, and / or analog elements may be arbitrarily combined to enable control, configuration, and allocation of a number of virtual processing environments and virtual processing spaces defined therein. Configuration, assignment and control may be fixed when manufactured and set by dynamic setting or programming operation by the control element during operation in accordance with the manner of operation.

Embodiments of the systems, devices, and methods of the present invention may use any of various forms of switching, interconnection, multiplexing, selection, configuration, and / or multiplexing to achieve the required structure for the task to be processed, Different forms may be used simultaneously in a single treatment system to suit the structure and procedure. Various switches and switching and control schemes and methods may be used in conjunction with other embodiments, and these methods and methods may also be used in the above embodiments.

Multiple forms or types of multiplexing are known in the art and other forms and types will be developed in the future, any or all of which may be used in connection with the systems, devices, and methods of the present invention. The following list shows, but is not limited to, exemplary methods: address multiplexing, burst time division multiplexing, code-division multiplexing, demultiplexing, differential multiplexing, separate multiplexing, multi-user multiplexing, multi-user spatial multiplexing , Orthogonal frequency division multiplexing, polarization division multiplexing, space-division multiplexing, spatial multiplexing, subcarrier multiplexing, statistical multiplexing, time division multiplexing, wavelength division multiplexing, secure virtualization, individual or secure processing or computational environment methods, and // Or any other technique, process, or method of data segmentation or multiplexing, data, or computer processing. In addition, any one or any combination of the multiplexing method, the virtualization method, or the partitioning method may be used.

Embodiments of a virtual processing space (VPS) and multiple virtual processing or computing environments are disclosed, and processes and methods for operating each virtual processing environment within the virtual processing space are now discussed. The order of steps is exemplary and different orders may be used to achieve equivalent or similar results and certain steps may be performed in parallel without conflict with respect to resources. In process 2970 each major step is listed and exemplary substeps within each major step are indicated by letters. Method embodiments are shown in the flowchart of FIG. 21.

1. Create, configure, or allocate an external process identification and trusted virtual processing or computing environment (and optionally freezing separate storage devices) to run the identified external processes (step 2971)

(a) identifying a first external process input (EP1in) to be executed among a number of possible external process inputs (EP1in, EP2in, ..., EPKin), where K is an integer for a positive number range (step 2971a) . For simplicity and naming, the external process input (EP1in) and the external process output (EP1out) are not only considered input and output processes, respectively, but also the content (operating system requirements) required to execute the processes resulting from the execution of these processes. And / or parameters, application programs and / or parameters, instructions, instructions, data, or other elements required to define or execute a process.

(b) setting up a first recognized and trusted virtual processing environment (VPE1) among a number of possible virtual processing environments (VPE1, VPE2, VPE3, ..., VPEM) within the N-dimensional virtual processing space (VPS), where N Is an integer in the positive range (step 2971b). The virtual processing environment may also be considered to be a virtual computing environment if the performed process is a computing process, or a simpler computing environment. Because these processing or computing environments are separate from each other and external processes and are one of a virtual or physical subsystem or unit, they may also be used for any purpose, whether it is user application processing, system control, or any other operation or processing task. May be considered as a separate processing unit computing environment. For example, these virtual processing environments include control & switching computing environments, protected storage computing environments, read / write control computing environments, user interface computing environments, user computing environments, control computing environments, separate processing unit computing environments, and users. It can be configured to be operative with an interface computing environment, or other computing or processing environment. These virtual computing or processing environments may be determined statically but are preferably dynamically defined and configurable with existing system components. Such system components may be distributed locally or locally.

(c) Optionally, in this step, separate storage device locks (see ISL1in and ISL1out below) are identified, configured and / or assigned so that they are available if required as described below (step 2971c). A separate storage device can store instructions, data, or other information or content, but cannot collect any bits that may be viral or other malicious code. The term "lock" in securing a separate storage device refers to an environment or other pressure or pollution prevention chamber that prevents the environment on one side of the spacecraft and airlock from directly contacting or being affected by the environment on the other side of the airlock. It is used similarly to the term lock, which is used as "air lock" in.

2. Stable Mounting of External Process Input to a Trusted Virtual Processing Environment (Step 2972)

(a) Setting up a first recognized and trusted (removed) isolated storage device lock (ISL1in) to store the input components needed to run EP1in (step 2972a).

(b) ISL1in and EP1in connection (combination) (step 2972b). (Combination and teardown can be determined or fixed dynamically and can be physical or logical or virtual).

(c) EP1in attached to ISL1in. (Mounting or moving between any source and any destination is desirable using a copy operation and hardware or copy device that is unable to execute any content bits copied as it is copied (e.g. EP1in or EP1out). (Step 2972c). In addition, separate storage locks (ISL1in and ISL1out) are preferably not capable of executing any number of content bits stored therein. Also, the coupling between external processes and virtual processing environments is never desirable, and (i) external process input copies are communicated with the virtual processing environment through input-separated storage pinning, and (ii) copying of external process outputs is virtual processing It is communicated to external processes (or other designated processes) via a storage device that is externally isolated from the environment.

(d) Separation of EP1in and ISL1in (logically or physically) (step 2972d).

(e) VPE1 and ISL1in connection (step 2972e).

(f) Transfer / mount / copy EP1in from ISL1in to VPE1 (step 2972f).

(g) ISL1in separation (disassembly) from VPE1 (step 2972g).

3. Running External Processes in a Separate Virtual Processing Environment (Step 2973)

(a) EP1in input processing using VPE1 to generate EP1out output results (step 2973a).

4. Stably dismantle external process results with initial external process (step 29 74)

(a) A first recognized and trusted (removed) separate storage device fixed (ISL1out) setting for storing output components caused by the execution of EL1in by VPE1 (in some embodiments, ISL1in is the same as ISL1out while other In the examples) (step 2974a).

(b) VPE1 and ISL1out connection (combination) (step 2974b).

(c) Transfer / mount / copy EP1out to ISL1out (step 2974c).

(d) VPE1 detachment (disassembly) from ISL1out (step 2974d).

(e) ISL1out and EP1out connection (combination) (output result EP1out may be a different process or the same process or different process or the same process as input process EP1in) (step 2974e).

(f) Transfer / mount / copy EP1out to EP1 (step 2974f).

(g) VPE1 detachment (disassembly) from ISL1out (step 2974g).

5. Trusted  Allocation of virtual processing environment laxative (de-allocate) and free the allocated virtual processing space resources (step 2975).

(a) Release and deallocate the virtual processing environment or virtual process space leveler assigned to VPE1in or VPE1out (step 2975). The resources may optionally be released and deallocated at any time when they are no longer needed for processing. 2975a) For example, resources are planned to be used by a process after being identified to the process but need not be excluded from the pool of available resources for other external or internal processes until needed.

The described process is merely one embodiment for performing the degree of isolation required or required. Other methods and procedures for achieving separation may be used, and the order of the steps of the described embodiments may be reversed and the same result may be obtained.

Multiple processes within a single computer Of stream  temporary On multiplexing  Example

In one embodiment of the present invention, individual process or processing streams are kept separate and separated by control circuitry of other control logic. Processing streams may be used in which the completion of a complex or multi-part process requires the execution of one or more processes. Separation of this content means that the execution of the computer operating system and / or application program instructions (if necessary) can be performed in isolation from other processes within the processing logic. Processing logic can be a microprocessor, processor, controller, micro-controller, special purpose coprocessor, digital signal processor, optical computer, analog computer, or other device or system that performs processing operations. Although this description has been made with respect to a single processor having a single processor core, this architecture and method may be applied to each or a selection of multiprocessor systems or to multiple cores of a single processor. The invention may also be applied to a computer having multiple processors on a single board and / or multiple processors that are distributed between different boards or different machines but coupled to communicate with each other or coupled to some other master control logic.

Multiple processes may be distinguished or separated based on the multidimensional virtual processing space described herein or based on any one or combination of physical processing space variables. Some specially available variables include multiplexing or time distribution processing operations within at least a partial shared set of temporary or time based switching or processing resources. An example of such a processing situation is that multiple processes are processed in a transient multiplexed fashion on a computer with a single processor with one or more caches or other very fast intermediate memory between the processor logic and the memory subsystem. In some temporary computers, the fast intermediate memory is one or more so-called level 1 (L1) and / or level 2 (L2) cache memory and the memory subsystem is random access memory (RAM); This name is not limited to these configurations and may not require intermediate memory such as cache memory. Such a computer may also include one (or more) mass storage device, typically a hard disk drive, for storing the operating system, application programs, and operating system, application programs, and user data. In the future, other mass storage nonvolatile storage systems are expected to replace or increase some of these hard disks.

Separation of another process from one process typically results in an impact on another process or process stream, for example, in one process or process stream, or an operating system, application program, system or program data, or user data. It is desirable to prevent deformation due to another process. These problems are caused by computer viruses, computer hacker code, computer spyware or robots (so-called "spy-bots"), or other malicious code. They can also cause bugs or coding errors of computer operating systems or application programs or some mismatched computational machine settings, device errors, or device driver problems. Memory or memory subsystems such as, for example, in a cache or other intermediate memory (such as level 1 and / or level 2 cache memory) or memory subsystems (such as processor-related RAM memory, etc.) between one program process and another program process. Memory overflow often causes program failure or corruption.

Separation of user data and / or program or operating system components may disrupt operation by logically separating, memory address management based separation, or switching all or part of a communication or power path that may be capable of operating a device or subsystem. It may be accomplished in a variety of ways, such as, but not necessarily limited to, physical separation such as making it unusable, or operation in which a particular device, system, or subsystem is not disclosed to one or more processes. The methods and means for separation may be temporary for short periods of time or for long periods of time. Some processes may not reference or access the device or subsystem.

Memory management is very important when dealing with multiple processes or process streams of any shared processing resource, such as in a single computer having only one physical processor and shared physical memory. Processor execution and mass storage management are also valuable tools to prevent malicious activity of computing or processing systems. For example, if the presence of other program items, data items, files, user data, etc. can be hidden from other processes, in some embodiments spying information about other processes or data residing in a computer or computational or processing environment. It is unlikely to remove the ability of one process to gain or gain).

On the other hand, in some cases, a trusted user, such as an administrator with sufficient authorization and safeguard, determines the operational status of the processing system, monitors the system's activity, and / or It may be desirable to run a trusted program to perform or maintain and manage system operations. Accordingly, embodiments of the present invention are provided for selected separation or non-separation on a process-to-process.

Attempts have been made to provide some degree of software-based separation to address some of these issues, but could not ensure separation when needed and enable, thereby resulting in entry points, Achilles. Opportunities for exploitation by Achilles-Heal, or elaborate and sophisticated hackers and viruses, were possible. In particular, operating systems such as versions of Microsoft Windows (Windows 98, 98SE, NT, 2000, XP, etc.) were targeted because they had application programs for these operating systems. Other operating systems, such as Apple computer products, various personal data assistants, cellular phones, and other operating systems for information devices, have also been targeted and vulnerable.

The instantaneous multiplexing of the invention described herein may be performed by a single physical computing machine, a multiprocessor computing machine, a single processor with a so-called dual-core or multi-core processor, or (but not limited to, the virtual computing machine and virtual described herein). May be used with any virtual computing machine (such as a computing space), in this configuration there may be additional multiplexing or processing dimensions in addition to time, and / or there is a real time or temporal sequence with respect to the process May or may not exist. The systems, devices, architectures, and methods of the present invention include, for example, optical calculation machines, digital calculation machines, analog calculation machines, biological or neurobiological based calculation machines or systems, and / or hybrid calculation machines, and combinations thereof. In other words, it can be applied to computing machines independent of these techniques. The invention also applies to a variety of non-computing machines including computing components such as televisions, environmental systems and devices, video processors, automotive and aircraft simulation and / or control systems, and / or other devices or systems with processors or processing logic. Can be.

So as not to obscure how the individual processes are held independently of description is limited to the calculation machine having a single processor, processing three input streams _{A 1 ..A l, B 1 ...} B J, and C ₁ ... called A, B, C with members of C _K , where I, J, K are positive integers. The invention described in connection with this embodiment can be readily extended to other physical and virtual computing and processing systems independent of type or application.

In addition to enabling temporary sharing of processing resources or devices or circuits in a physical or logical or virtual computing machine, such as in a virtual processing or computing environment, the systems and methods of the present invention maintain separation and exist in the computing environment. Allow different processes to be protected from contamination. This is at least partly achieved by allowing only view or access to portions of memory and other parts of the processing environment that have the right to view or access by memory visibility and / or individual control of access by each process. Further, where possible, visibility and / or access may enable both partial or complete read and / or partial or complete write operations or read only access. Finally, even when the device or circuit is visible, visibility may be limited such that only some of the device, device feature, or other device capabilities are observed. In one example, different exclusive portions of the memory device may view or perform read / write access to two different processes, and the management process may only read the entire memory.

It is well known that computer hackers or viruses interfere with the operation of a computer, causing an overflow of memory or buffers. Memory control of such machines is important under software control, and such software resides in the BIOS, operating system, application programs, or some combination of things. Since they are all typically accessed by hackers or viral or other malicious code, they can be accessed and modified without user awareness or permission.

The present invention maintains the configuration and control of the processing environment, including memory configuration and control in its original environment, so that unwanted malicious or malicious hackers or viral code can access and modify such configuration or control to enable the computing system or data or other within the computing system. Prevents you from compromising your information. Thus, contamination of other processes or data belonging to these processes is protected. Generally, even if malicious code is present in the computational system, access agents (such as all or some circuitry within the processor such as a central processing unit or CPU or other logic processing unit or circuit) and other programs and / or data to be corrupted Should be. If only an execution agent is present, the malicious code can be executed but cannot contaminate another data or program element. If the malicious code is not simply separated and stored with another program or data (such as a common hard disk drive) to access the program execution agent at the same time, the malware cannot contaminate these other programs or data items. The data also includes or includes program information such as executable code, which is why files that appear as simply executable code from an extension of a file type are suspect. Separation may be physical, logical, virtual or other means, or a combination of these means.

Embodiments of the present invention provide both of these features. In one particular embodiment, memory configuration and control is maintained in trusted read-only memory (ROM) that cannot be modified or written by a running program. Certain trusted procedures are provided to make the necessary changes in a safe and reliable manner. In another embodiment, memory configuration and control is maintained using a hardware ASIC. In another embodiment, memory configuration and control is modified but maintained using a hardware ASIC with firmware rather than any process originating from an untrusted source, such as a process running on a computer processor. Memory configuration and control can be set to a fixed size of a single physical memory allocated to a particular process, or a user profile that suggests the use of statistical monitoring or the number of environments that are processed concurrently and the memory or other resource conditions of the processes that are expected to run. It can be determined dynamically as though

Embodiments of the present invention eliminate or simplify the computational environment repair process after competing processing or computational tasks (successfully or unsuccessfully), for example, by using built-in master templates that are original, reliable and stable. In this example, the processing environment can be restored without the need for both flush or clear. For example, embodiments of the present invention may include a read-only memory that stores a Microsoft Windows XP operating system (or other operating system software) and other application programs needed for the processing environment. Different processing environments may provide different embedded or stored operating systems and / or application programs. In addition, some methods can incorporate some components and load others when flexibility is needed while increasing speed and yield. For example, in one embodiment the operating system may be embedded and an application program loaded into a recordable memory. In this embodiment, the embedded operating system does not require flushing and recovery, but the memory storing the application program which may have been corrupted is flushed and restored to its known state after the processing operation is completed.

Referring to FIG. 22, an architecture and construction scenario for transient multiplex operation of three processes A, B, and C is described for a single processor and memory. For convenience of explanation, it is assumed that three processes ("A", "B", "C") wait for processor availability and start at the same time. Conventional members, such as computer systems, processors, memories, and the like, which are known to those skilled in the art, are not shown to clarify the invention.

Computing system 3002 includes processor 3004 with Level 1 (L1) cache 3006, one or more input bus ports 3008 for receiving one or more input streams from input source 3010, and one or more output streams. One or more output bus ports 3012 for communicating with the receiver 3014, and ports or pins for communicating with the status 30116 and the control 3018. The processor also includes a bus or other means for communicating with on-chip, on-board, or other memory, such as Nerep 2 (L2) cache 3020 and random access memory (RAM) 3022. The processor may be a conventional processor or a microprocessor or a specially designed processor. The architecture of the present invention includes an input bus port 3032 for receiving an input or input set 3036 and an output bus port 3034 for communicating with an output or output set 3038. TACS) logic 3030. In such an embodiment, TACS logic 3030 is connected to receive input 3036 for processor 3004 and receive processor output 3042 and process them to generate output 3038, such as input 3040. It is.

TACS logic receives the input stream 3036 serializer logic or the input process stream 3036 (which is the three input processes A, B, C in this embodiment) and those to be selectively interpreted or processed. Other input process stream serializing means 3044 that identifies the components therein. The term serializer has the broadest possible meaning and is not limited to processing the input stream in a bit-to-bit, byte-to-byte, word-to-word or other special way, but rather as an input stream characteristic. Or one or more combinations of input stream (s) having a combination thereof, and process each stream according to a finite set of policies or logic that generates an output. (Deserializers similarly receive and deserialize one input or combination thereof that produces an output.) Optionally, although other elements of the processor have a great advantage when individually assigned to one process or another, The components of the processor to be used by each process during a particular processing cycle can be identified. For example, these components can be a single instruction, a single instruction with data, several instructions or other sets of instructions, instructions, data, etc. as are present in conventional computing machines and methods. In this example, the serializer 3044 takes one component of A (eg, A ₁ ) and then takes one component of B (eg, B ₁ ) until each ends, and then of C Take one component (such as C ₁ ), then repeat A (such as A ₁ ), B (such as B ₁ ), C (such as C ₁ ) until each end, followed by additional process streams To deal with. Another example may be selected from an atmospheric processing stream at input 3032 in accordance with preset or dynamically determined rules. There is no limit to the number of input streams, but in this embodiment, the TACS logic 3030 and processor 3004 wait until they readily accept them for processing. Typically one of A, B, C is of different lengths and terminates first, but there is no reason to wait for the termination of the others before interpreting and serializing the next process stream (D). In practice, the processes run completely independently of each other. Other schemes may be implemented, for example, if processor stream B has a high priority, then the multiple components of B may be A and C, for example, such as serialized stream "A ₁ B ₁ B ₂ B ₃ C ₁ ". It can be interspersed between single components of.

Embodiments of processes in which processor memory such as L1 3006 or L2 3020 cache memory or other buffer memory on processor chip 3004 or external memory such as RAM 3022 are controlled to maintain absolute independence of the processes are now described. do. An alternative to providing internal memory isolation is to provide a separate physical memory chip for caching other fast intermediate memory or for other memory subsystems such as RAM memory, but this is undesirable due to cost, interconnection and other considerations. You may not. It may be more convenient if multiple processors or multiple processor cores with independent physical memory devices or chips are outdated. In addition, some embodiments may provide multiple processor cores and fast memory associated with each core, thus eliminating the need for a separate memory subsystem (such as external RAM).

However, not all embodiments require or have the advantage of absolute independence or separation of processes, and in some embodiments a trusted monitoring process may be provided that allows an authorized and trusted administrator to monitor the operation of the computer. Other processors may also operate without absolute separation, where there is a limited level of confidence between them. In addition, multiple processes can be processed together without trust as long as multiple inputs and outputs are grouped together and processed at the isolation level described. For example, the processing environment may be created to perform word processing operations and photo editing processes using two different application programs. The input and output of such a processing environment may be text documents and photo files, but the present invention is operable because it does not require attention to what is the character or content of the input or output from the processing or computing environment.

In this embodiment, serialized stream 3050 is generated by trusted TACS logic 3030 and the TACS logic modifies the apparent process environment configuration (in simple terms, the physical or logical configuration of the computer) according to the process component being processed. do. In an embodiment where the components of the streams A, B, and C are serialized in the manner described, the timing control circuitry operates to read and apply different configurations for each component received. TACS logic is effectively assigned to A for each time slice dedicated to process A by validly reading different configuration records (such as BIOS configurations from trusted ROM) at every moment in time. Only memory or other computer environment elements identified as process A are seen, including the inability to inadvertently access other memory outside the memory (address) range imparted to "A".

In one embodiment, such memory management and control is achieved by having a processor 3004 that writes and reads into address ranges (or other identified portions) of L1 and L2 caches and RAM. This can be done by address remapping schemes where only one area of each memory (e.g., L1, L2, RAM, and mass storage disk drive) is visible to the processor and these areas are mapped or identified to different address ranges of each memory. may be achieved using a remapping scheme. In other words, when the processing process "A" actually writes to or reads from the address range (ADDR2) 3062 associated with the process "A", the processor actually processes the address range ADDR3 with respect to the process "B". When writing or reading to 3303 and processing process "C" actually writes to or reads from address range ADDR4 3064 associated with process "C", the first L1 cache address range ADDR1 ( 3061). Similar mapping or identification occurs in hard disk drive storage, level 2 cache, and other storage devices such as RAM. In a similar manner, other devices may be mapped or identified exclusively to a particular process to maintain independence. That is, in an embodiment of the present invention, mapping or exclusive identification or assignment is not a simple actuation system or software reassignment, but is a trusted way of redefining the configuration or components of the computational system such that one process does not see or recognize the other. Control.

In the illustrated embodiment, the TACS 3030 may be configured to include a signal to the L1 cache 3065, a signal to the L2 cache 3066, a signal to the RAM 3066, and optionally a signal to mass storage or other device 3068. Memory address control must be controlled through control (and optional status).

It does not matter if one of the processes (A, B, C) contains and runs a virus or other malicious code. Common process environment elements that may be contaminated are not shared in elements of the process environment that need to be deleted, reset, recovered, or retained before being used by another process. Thus, when process B executes a virus, the effect of this execution is only visible in the memory allocated to process B. Once the B process finishes by completion or error, B allocated to the memory is reset and contamination does not proceed to other processes. In general, however, internal components of the processor (except contents stored in cache memory, for example) are the next process (such as an indication of an instruction or related data) that do not carry residual elements of another process or such residual elements themselves. It does not harm or operate to introduce pollution. If code transitions to a processor element (such as a register), such code is not relevant as if it does not hold and the following code does not clean up the remaining elements effectively, but if storage exists then the element is flushed, reset or notified and trusted Return to its original state. In the case of conventional processor architectures and apparatus that are used in conjunction with the features of the present invention and have detrimental residual features, the elements may be removed or reset. This may take into account timing address control and switching logic. For example, a removal instruction or code can be introduced after a potentially harmful instruction or process, and if such a solution is not foreseen before, a delete or reset process can be introduced between all processes dominated by another process. have. For processor architectures to be developed in the future, a delete or reset feature is configured inside the processor architecture to improve process yield without the need to insert a remove or reset process into the input stream.

Once processor 3004 generates output 3052, they are received by input port 3070 next to the processor and processed by TACS logic to deserialize the combined output stream 3052 and provide appropriate output instructions. . Although the output stream 3038 is illustrated as having instructions to match the instructions of the input stream 3036, the matching instructions are utilized to identify tags or other process identifiers and are processed to maintain a particular output.

Although specific embodiments of how specific timing, address control, and switching logic (TACS logic) 3030 are used, those skilled in the art will recognize that alternative structures and methods may be used to implement alternative embodiments of the invention. will be. This alternative is shown in FIG. 23, which shows an alternative embodiment of a system for maintaining a degree of control of the separation between multiple processes in a computer using address range control. Processor logic 3080, which may be logic for processing computer program instructions or other instructions, such as a processor, controller, or central processing unit, includes some internal address control logic 3081. Various forms of processor address control logic are known and are not described in detail herein. Independent address control and separation logic 3082 is provided or features of the address separation and control logic of the present invention are included in or included in the processor's address control logic. Address Separation and Control Logic (AICL) 3082 passes control and status signals by address control logic 3081 and, as needed, the processor and addressable memory / cache / storage subsystem (s). Addressable memory / cache / storage device 3085 may be, but is not limited to, RAM, ROM, cache memory, hard disk drive, or any other storage device or memory mapped input / output device. The input is processed to generate a predetermined control signal 3083 that is received by AICL 3082 and can communicate with address control logic 3081 and addressable memory 3085. Optionally, AICL 3082 generates a predetermined control signal 3083 that can communicate with address control logic 3081 and the address control logic generates additional control signals 3089 (optionally by receiving a status signal). Communicate with the addressable memory 3085. The structure of the AICL 3082 generally depends on the characteristics of the input 3086 to be processed and can be statistically defined or dynamically determined based on the input. The output 3087 is generated for the corresponding input of a conventional processor, except that abnormal processing situations such as the execution of viruses or other malicious code are selectively suppressed and no error or exception condition (or system failure) has occurred. Can be the same output.

Referring again to the embodiment of FIG. 22, emphasis has been placed on transient multiplexing, and independent process or processing streams have been kept independent and separated by control circuitry of other control logic. Multiple processes may be divided or separated based on physical processing space variables and combinations thereof or based on the multidimensional virtual processing space described herein. The advantages and reasons for the degree of complete separation or controlled separation are not repeated as described herein but have become a multidimensional processing space that can be defined for independent variables or parameter sets.

In one embodiment, the control environment executed during one time slice or period receives a request for an operation filed or left by an uncontrolled process during a previous time slice or period. Requests are made or filed in such a way that they cannot be polluted, even if they are shared with another process. For example, a single bit or a small number of bits that cannot execute executable code are stored in one or several registers in a processor or other logic. The control environment views or queries these registers and uses flags or other indicators (such as one bit or a small number of registers) to recognize an operation or request made by another process. Denying or acknowledging access or permission to allow the operation or capability to be made available to the next request process when using the computing environment. An operation or capability may be an operation or ability in which the computing environment may provide clues that do not allow an operation or condition in which the control environment may expose other processes or data to contamination. Allowed actions or capabilities may be defined, for example, in sets or rules, rules, tables, logic or other ways. In some embodiments, granting permission or granting an explicit computing configuration may include storage devices such as hard disk drives or other mass storage devices, all or some processor-related memory subsystems such as random access memory, one or more processors such as cache memory. Change some or all of the relevant fast intermediate memory to be visible and accessible, use or hide input or output ports, use or hide network interfaces, and / or use in devices, circuits, logic, operations, hardware or request processes Hide, limit, open, close or make elements of the software set available or unavailable. Granting permission or access to one element or capability may necessarily require that the control process restricts or denies permission or access to other processes so that an appropriate degree of separation is maintained. Granting or denying permission or access forms a physical change, such as a closure, or a switch or set of switches that creates a physical path or powers a device or circuit, or a logical change that changes the physical hardware logic or software or firmware within the computing environment. Or any other way of modifying or creating different virtual, logical or physical processing or computing environments. These combinations can be set according to rules, rules, tables, logic or any other manner, but are set to be protected from modification by uncontrolled processes and in some embodiments may require specific administrator privileges. As described herein, some of these modifications to the computational environment can be set using the features of the dynamic switching and configuration structure and the methods disclosed herein or using other structures and methods.

Devices that need to be shared are memory subsystems (typically RAM) and high speed memory intermediate between the processor and the memory subsystem (typically one or more cache memories on a processor chip or chip set). Different portions of these memories can be made visible to different processes using address control logic and known techniques for constructing and controlling address allocation, master, data and indication bus availability, description tables, etc., as well as the methods disclosed above. have. In one embodiment of the present invention, a description table, such as may be stored in a data structure in a memory or register, is generally hidden from other processes and is only visible to the control process. In another embodiment, a portion of the description table remains hidden while other portions are optionally visible to one or more processes, while in other embodiments visibility is a specific indication of a process or when control is visible. It is optionally available to processes that are only transitioning to some. Typically, these description tables are visible and accessible to all processes, and this visibility and accessibility provide an opportunity for malicious code to alter the contents of these description tables to alter and corrupt the computational environment. Separation, hiding or denying access to the description table with respect to memory addresses or other components of the computing environment except the control process is another way in which the computing or processing environment can be protected. In at least one environment, the configuration information is maintained in read-only memory and in some embodiments of the control process the operating system or application program provided to the uncontrolled process cannot manipulate this stored configuration information.

These and / or other embodiments of the invention control various buses, input / output ports or devices in a processing environment, application program software loaded into the environment, operating systems or operating system elements within the processing environment, or combinations thereof or other combinations. May be visibility and / or access. In at least some embodiments, the presence of the selected hardware or software component (and thus denial of access) is guaranteed to be undetectable to the working system. In some embodiments, this is preferably ensured by modification of the work system (including the embedding of a trusted read-only version of the work system) and / or configuration control at the hardware and / or firmware level. In some embodiments, a physical or logical independent BIOS is provided that configures or reconfigures each processing environment on a dynamic basis. In another embodiment, the basic BIOS configuration is set and changes in configuration to add specific capabilities set dynamically.

For example, in certain embodiments, address locations or ranges may be statistically or dynamically defined at a predetermined level or layer below the operating system layer, such as a Microsoft Windows, Linux, Apple computer, or other operating system. Change this definition or make no impact and only the operating system sees what the operating system sees. For example, a low level program or process may be a program or process that is inaccessible by an operating system, an application program or the like and that is inaccessible to data that may potentially contain malicious code. In some embodiments, the low level definition is implemented by the address control logic (when the hidden element is a memory address location), by the TACS control, even by the main processor itself, or by being included in or communicating with the processor and as an independent logic element. It can be achieved using a BIOS protected by other logic in operation. When TACS control is included, it is possible to generate a full description that defines a particular address range that can be used exclusively for, for example, time separated multiplexed events. Alternative controllers may define address separation based on non-transitory defined separation and the like available to other N-dimensional virtual processing spaces.

In one embodiment, the table defines memory address range availability for each different process and this definition may be logical or physical. In one embodiment, the BIOS maintains a table-like mapping. For example, if there is 1 gigabyte of total RAM memory available to the hardware of the computing or processing system, the lower level control process causes the operating system to see only a predetermined or dynamically set amount of memory, such as 256 megabytes, for example. . The low level program or control is different and different amounts available for different instances of the operating system, such as the first Microsoft Windows operating system with respect to the first process and the second Microsoft Windows operating system with respect to the second process. It may have a memory address range.

Conventional systems and methods typically have a single "sandbox" that interacts with all processes but does not interact unless program code is properly designed and exposes different processes and data to contamination if malicious, hacker, or viral code is introduced. (sand box) or "bowl of soup." One advantage of the systems and methods of the present invention is that each process uses its own sand box or clean empty bowl, thereby allowing malicious, hacker, or viral code to be executed or attempted to run in a processing or computational environment. If present, no contamination can occur.

Using the techniques described above, including limited messages passing between the control process and another process (except for conditions, status, flags, or other indicators left in the processor), the control process does not exist in the process, but other processes Even if is executed, the control process can effectively control another process. The controlling process may delete, flush, reset or reset the original processing environment after another process has used the processing resources to which it has been granted access.

As described, the ability to selectively hide portions of memory by controlling a range of memory addresses can be applied to memory mapped devices or subsystems within or outside the computing or processing environment. The systems and methods of the present invention can selectively similarly hide other devices, circuits, software, and the like that can exert other advantages. For example, embodiments of the present invention may provide user data prior to exposing data for a given processing element that may cause certain malicious code hidden in the data (or program) to run and cause contamination of the computational and processing environment. A need or desire has been described for moving user data from a first storage location (such as a hard disk drive nonvolatile storage means) to another separate storage location (often referred to as an explosion room). However, in embodiments of the invention that provide guaranteed controlled separation of portions of memory, storage, or logic, copying or moving data to such separate storage is not required, thereby eliminating time-consuming steps. You must understand that. Essentially, this embodiment of the present invention constitutes a processing environment such that the data item itself is separated in place, and optionally some additional memory or other storage device is required or needed for temporary work storage or for a particular process. It may be limited for other purposes that may be. The copying step for safe storage before processing and the recopy step from safe storage are finally eliminated. Copying of the data may be done before execution to ensure that if there is a problem with the process, the original data item is maintained and not further corrupted. Maintaining such a copy may, for example, allow the item to be examined and / or removed for possible contamination or virus.

Another embodiment of the present invention may provide a memory or storage device that may be dynamically switched to and from a computing environment, or to and from a specific example of the computing environment. This eliminates the need for copying, and / or provides an alternative mechanism that allows one of a number of erased memories to be exchanged while other memories may be erased or erased by individual processes that may be contaminated from exposure to earlier processes. Allows a temporary exchange while flushing. Other embodiments of the invention may logically provide breaking or segmenting memory to other parts, each having a different master template so that different memory address ranges are stored entirely for processing tasks in a processing or computing environment. Have the original master template.

In other embodiments, the computing environment may be created by generating or generating an operating system or template in one address range within the same area of different physical devices, and user data in another address area. In fact, a number of computing environments with master or other templates and data may be created in this state. Each is a completely logically separate environment because low level configurations or other controls do not guarantee any interaction outside the defined memory address area. Supervisor control defined in hardware, firmware, software or any combination thereof may provide a hyper-visor to control each processing environment, switch to external components, and manage multiple processing environments such that no contamination occurs. . In one embodiment, such supervisor control or hyper-visor cannot ignore or change the low level configuration to prevent contamination. An external management process may be provided such that certain software or firmware components are loaded, updated or erased as needed.

It will be understood in the present description that various methods may be used to create or copy trusted portions of software or code to memory, storage, or processors. In one embodiment of the invention, this is referred to as a template and a master template. Various protected copy schemes may be used as described herein. These characteristics are used to operate systems and processors that support some of the energy conservation standby, hibernation, resave, and wake-up features that store system state from processes and / or from volatile RAM memory to non-volatile memory (such as hard disks). May be used to create a template, which is pre-stored to record a trusted template from storage to memory or a processor. In this way, the template is in the form of and compatible with current operating systems and hardware that support this feature.

Various embodiments of system configurations and operating scenarios are described herein. For example, embodiments are described, where there are a number of physical processors, each with an assigned computing or processing environment. The embodiment described in connection with FIG. 9 identified a user interface computing environment, a control and switching computing environment, a protected storage computing environment, and at least one user computing environment. In the embodiment of Figure 10, the system included a desktop and user interface computing environment processing unit, a control and switching computing environment processing unit, a separate processing unit computing environment, a protected storage computing environment, and a separate processing unit computing environment. . A single (or small set) of processors is used in a multiplexed manner, allowing more sets of processors to be executed using a smaller set of physical hardware and / or software components. While it has been emphasized that the flexibility and adaptability of the systems and methods of the present invention with respect to certain processes, and that the specifically described processes are illustrative, the function and operation of some of the specifically discussed or identified processes may be retained while maintaining the required separation. It is worth stressing that they can also be grouped to run in the same process. The combination or grouping of processes may have specific utilities for certain trusted control or supervisor operations, such as desktop and user interface processing environments, video processing environments, and control and switching environments, but from one or more user data processing environments Or maintain separation of grouped processing environments.

The advantages of such process definition or grouping provide some efficiency that is not exclusive to the multiplexed embodiment of the present invention, and even to the temporary multiplexed embodiment. As the number of individual processes decreases, the complexity of switching between different processes is reduced, and the time that may be consumed by storing and reloading the state and / or by removing the loading template and / or processing environment may be reduced. . In one embodiment, all non-user data processes are defined and limited in a single control process, and the user data related processing environment is executed and maintained separately from the control environment.

For all other multiplexed processing scenarios and these embodiments, the specific processing resource (such as a specific port, digital signal processor (DSP), or some other resource), or the amount of time allocated to the process (processor clock cycles or instructions It is apparent that the priority of execution may be assigned to different processes so that the priority for access to the cycle can be adjusted. The adjustment may be set statically or dynamically. The default may be set and then changed if a high priority process is executed. High priority processes may include, for example, real-time or pseudo real-time processing applications such as video image capture, computer games, and other processes, where detectable delays may be denied to the user. Standard or lower priority processing applications may include word processing applications, where very low processing power is required to maintain user typed text. Obviously, different systems may be set to different processing priorities depending on the goals of the user and environment in which the computing system is deployed.

The approach already described emphasizes how multiple processes may be grouped, synthesized, or integrated into larger or more complex processes. Other approaches may take what is considered a single process and may use multiple system resources for execution. For example, in a system configuration that provides multiple physical processors, multiple memories coupleable with such processors, and / or multiple other copies of available resources, the processing needs of a single process may be distributed among them so that the process Make it run faster with the desired output. In general, a process in which multiple processors are used may comprise a large number of data or many parallel processing, or easily definable subtasks that may be distributed between different processors and their results combined in a predetermined manner to produce a final result. It can be a relatively complex processing task with a simple processing task that has multiple processing tasks, so that the multiple processors you use can complete the entire task faster. Although the fundamental processing is fundamentally different from the processing described herein, the SETI processing task is a prominent example of a single larger processing task partitioned among multiple processors.

Certain processing tasks may be divided, redefined, and / or distributed in this manner. In view of the flexible switching and system configuration described in connection with the embodiment of FIG. 16 and other portions of this specification and / or the aforementioned virtual processing space and temporary or other non-temporary multiplexing embodiments, the present invention provides a number of system resources. Provided are systems and methods that are statically or dynamically configured and dismantled that extend beyond a single processor configuration. For example, in a temporarily multiplexed embodiment, different processes may be configured to have only part of a processor (processors are allocated in some way), dedicated to a process, dedicated to multiple processors, or partial access to multiple processors. It may be. When assigned processor access is implemented, this assignment allows for matching the security and protection features already described for the present invention. This switchable allocation of processor, CPU, or other processing or computational logic for a process may be applied to some other system resource.

This feature of the present invention may have certain advantages and utilities when applied to grid computation, clustering, parallel processing, highly parallel processing, symmetric processing, and / or other processing scenarios, where some degree of parallelism, distribution, or cooperative processing may be employed. It is advantageous.

Limited rules, such as multiprocessor or CPU, multiple memory, or even multiple system temperature (SOC), at least in part, because multiple system resources may be combined or used in logically or physically multiplexed or parallel computational configurations. There are multiple or multiple processing resource physical computing systems that can be configured automatically (or manually) and dynamically according to the current set of processing required to execute one or a set of processing tasks in some optimal manner in accordance with policy or logic. It can also be built. Optimization parameters may include, for example, maximum output, fastest execution, minimum power consumption, greatest error reduction, minimum heat generation, or some other data or operation priority or requirement. Embodiments of the present invention that incorporate these features may optionally use relatively low execution processors or CPUs or other system configurations to minimize hardware costs, but do not affect performance due to the ability to dynamically combine these resources. Do not.

In view of the description herein, embodiments of the invention are physical or virtual to include (or remove) certain resources available, either statically or dynamically (through the use of one of the multiplexing schemes already described). It is also possible to configure the computational system or environment of the system interchangeably. For example, in addition to a processor, memory element, hard disk drive, or other storage subsystem, embodiments of the system may include a modem, a network interface card (NIC) or other network interface, a sniffer or read-only NIC, video display or processing. Card or logic circuit, graphics card or processing logic circuit, universal serial bus (USB) port and interface, firewall or IEEE 1394 interface and port, serial port, parallel port, PC card port and interface, PCI interface, memory interface, microphone and It may include speaker input and output ports, digital signal processors and logic, printer ports, CD and DVD interfaces, audio and video processor logic, wireless interfaces, and some other hardware, hardware executable software or firmware, and for external devices. It may include to the extent that the ports that interface may enable or disable external devices and systems.

In one embodiment, one of the executed processes is a network interface, such as a network interface card (NIC) type process. The NIC has a buffer or other storage means for storing data received from an external source or process. Once received and stored, the multiplexed processing scenario may read the buffer and adjust the received data in a manner similar to other protected processing schemes. In other words, while external resources are more relevant in terms of contamination (such as email, spam, viruses, spybots, or spyware loading websites, etc.) than internal data sets, the systems and inventions of the present invention provide The protection means provides the same high level of protection as other user data sets. This same benefit is provided regardless of whether the external connection is through a modem, floppy disk, USB memory device, input / output port, wireless connection, or some other interface. Means are provided for separating the input data such that the input data cannot contaminate other user data or stored trusted versions of application programs and operating systems.

The use of the switching and control features of the present invention may include any buffer, cache, data storage device, and / or which may be present in any embedded computing system, application program software code, or processing or computing system including embedded data. Or applicable to memory systems and subsystems, but is not limited to such. As described in connection with hard disk storage, the switch or switching logic may be configured to identify certain buffers, caches, data storage devices, and / or memory systems or subsystems from a computer system in a static, dynamic, or temporary or multiplexed manner. May be used to physically or logically add and / or remove. In addition, the switching and control features of the present invention are applicable to system resources that are not typically associated with data storage functions such as video or graphics controllers or processors, printers, sound cards, or any other system or computer resource. Memory address range mapping, power on / off, BIOS infrastructure and decommissioning, and other means of hiding or making such system resources visible are described throughout this specification and are not specifically repeated herein.

In particular reference to a computing system, an application program, and / or a system having a storage device or memory having other executable or non-executable code or data stored therein, these embedded elements may be switched to a processing environment (e.g., Or may be switched (eg, deleted) from the processing environment to provide the required or required computing system, application program, or other code and data needed to execute the processing task. For example, built-in stored versions of data, such as micro Windows XP (or some other computing system), micro Outlook, Adobe Photoshop, and / or embedded screen image graphics, may have different physical or logically separate memories or storage. It may be embedded in the means. These may be, for example, logically separate portions of a common physical device separated by different memory chips, address mapping and control described above, or through other means. They are then added to the processing environment when the need is identified and removed from the processing environment when the need no longer exists, thereby freeing resources for other processes. A control environment or other control element in the system anticipates or retrieves specific embedded (and non-embedded) code or data and configures the embedded element in a processing environment utilizing the aforementioned switching and configuration features of the present invention. The search may be any other search means such as a request or program call. The control environment or other control element is also responsible for anticipation or retrieval when the request for an embedded element is terminated and the element is removed from the configuration of the processing environment and made available for other processing request requests.

The control environment (and optionally including software and / or firmware) and / or hardware switching environment may be read-only, write-only, or read-only by some addressable memory, internal storage, or the like, such that the nature of the access is controlled or limited. It may be made accessible as a recording memory. Such access type control (read only, write only, read-write) may typically be useful to rely on processing tasks manually. Specific memory or storage that holds the template in read-only mode for standard access to ensure that the template is not contaminated or jeopardized by the write operation, but that the template is updated (to a new version) by a user or process with sufficient access privileges. Provide procedures for maintaining the device.

In the context of maintaining physical or logical separation of storage devices, hard disk drives or other rotating storage media having multiple platters or surfaces may be separated by operating separate read / write heads for each platter surface. Typically, a hard disk drive with two platters and four surfaces will be operated by a single disk drive controller and by an actuator moving a plurality of coordinated read / write heads. Embodiments of the present invention are directed to read / write heads in an independent manner such that one controller recognizes its single (or set of) surfaces and read / write heads, but not other surfaces or heads within the same hard disk drive. Provide individual controllers that at least control access. In other embodiments, individual actuators may be provided such that the actuator arm and read / write head operate independently for each surface or set of surfaces. The dynamic configuration features of the present invention may be applied to hard disk drives to make some surfaces available and to make them read-only, write-only, or read-write.

In one embodiment of the invention, features of the invention are provided on a logic board in or attached to a hard disk drive or in a disk drive controller. Logical or physically separate hard disk drive platter surfaces may be used for separate storage devices. In one embodiment, these elements and characteristics are combined such that a hard disk drive having control characteristics provides a network application having the protection and security characteristics of the present invention without the need for a separate computer or an external processor. Accordingly, the present invention also provides a network or network device having the protection and security features of the present invention.

Other Optional Features That Can Be Used in Embodiments of the Invention

Although several different embodiments of computer and information application structures, system structures, and methods and procedures for creating and operating computers, information application devices, and other devices have been described, other features that may now be provided in certain embodiments may be described. Including optional features). This description also provides some indication of the type of application that may be controlled in various computing environments, and what specific sensitivity to viruses, hacker code, Trojan horses, and other malicious code may provide security or immune issues. Some indications are provided as to how such issues are addressed using the structures, systems, methods and procedures of the present invention. In the context of this description, a computational environment called CE is defined as a variety of computational environments, separate computational environments, or computational or discrete subsystems as described herein, and as described with reference to related applications and references. It is intended to include environments and subsystems.

Data may be moved between specific destination subsystems or computing environments using individual logic control devices, such as ASICs or logic control devices using direct memory access. The process of moving data advantageously does not cause the data to run, which can slow hacking, viruses, and other malicious code. In addition, data may be encoded, compressed or encoded to prevent execution of the data.

Repair and recovery of the computing environment may be done if necessary. The computing environment CE may be repaired or returned to the idle state using an automated repair process. This repair may be done “on the fly”, or after each transaction or without reboot. The master template typically represents the idle state of a particular destination subsystem and may be stored in a storage system. The transaction may include reading an e-mail, where each individual e-mail message represents an individual transaction. Optionally, one or more items can be ignored during the repair process. For example, if an e-mail is opened, the repair process may ignore the open e-mail, search for and repair the problem, and then the user may respond to the e-mail without stopping it. In other embodiments, all downloads and e-mails may be immediately stored in the storage system before opening a download or e-mail in the work subsystem.

In one embodiment, the logic of the CE may trigger an event related to the repair process. The repair process may perform a comparison between the master template of the working system and the state of the current working system. Any difference between them can trigger a continuous repair process in which some or all of the different data is retrieved from the working system. In addition, data may be copied from the master template by a repair process when needed. In one embodiment, the repair process may cause the work system to conform to the master template.

In one embodiment, the repair process may be executed, for example, after one or more e-commerce or after surfing one or more web pages. Thus all known and unknown viruses and Trojans can be rendered helpless before other transactions. This process does not remove viruses, worms, and Trojan horses from the computer (they may be stored in a storage system), but keeps them inactive. The repair process may repair volatile and nonvolatile memory, erase volatile memory, or set volatile memory to an idle state.

In one embodiment, if the user selects one or more e-mails to be opened, two or more e-mails can be copied to the work system and opened at the same time. Optionally, each e-mail can be copied, opened, viewed and worked individually on its own individual separate work system. If the user needs to copy data from one separate e-mail to another separate e-mail, a copy process can be used that prevents the code from running.

In one embodiment, the web commerce software, or e-mail software, or certain software is modified such that the individual records or copies of records specifically needed for a transaction are copied to a storage system and used to copy back to a database of the storage system. And repairs can be made after each such transaction. Optionally, for example, in a transaction where data interacts with one or more databases or CGIs, the transaction is split into individual segments, separate storage systems and data or work systems copied therefrom, if necessary, It may be performed between segments or between certain segments of a transaction. Optionally, the software may include instructions to define which type of data includes a transaction that limits the copying process to copy-only data that meets certain criteria.

In one embodiment, to accelerate the repair process, the mast template of the work system and the software of the work system may each be loaded into their own individual separate volatile memory regions or cells to speed up the repair process. Thus, if data of the working system is in volatile memory and the master template is in volatile memory, the repair can be done at a higher speed. Alternatively, new work systems can be used, eliminating the need for repairs. For example, a user can open an e-mail, read an e-mail using one cell, and a second cell can be used for the response if he wants to respond to the e-mail. Optionally, the first cell or computing environment can check for viruses, but the user records the response to the e-mail using the second cell, and additional cells or computing environments can be prepared for use.

In other embodiments, the data may be downloaded directly to the storage system using coding or compression or other copying methods that prevent the execution of the data. Optionally, a separate hidden backup or retention system may be used with the present invention, which may make the hidden backup or retention system or working system into volatile or nonvolatile memory / memory or data as needed, which is time stamped. do. Copying data to such a backup or preservation system may also use the techniques described to prevent the execution and corruption of files on the data on the backup system.

Regarding the file save operation, in one embodiment, whenever a save is made at the working system, a copy may be made to the storage system. Optionally, a virus or Trojan can optionally impose a limit on how often a file can be stored, in order to prevent destruction by executing millions of stores stored on the storage system, or other restrictions on the working system. It may also be done for the process of stored data. Optionally, it may be part of a ROM or copy, archive, store or other program.

Individual processors with limited functionality may be used for process data in separate work systems, or limited functionality may be given to the main processor. This can be done with multiple data storage devices, or one data storage device with separate parts.

In one embodiment of the systems and methods of the present invention, data is passed between one or more computing environments in a manner that eliminates the possibility of delivering malicious code, or between one or more second computing environments. In one embodiment, such a methodological procedure is for example provided by an ASIC or other logic circuit or logic means having the ability to transmit and / or receive ASCII or extended ASCII connected to a data line leading to a second computing environment. It includes use in 1 computing environment. In certain embodiments, the performance of the ASIC or logic means is specifically limited such that no further processing can occur. Optionally, the second computing environment may directly receive ASCII data, or instead the data may be received by a second ASIC having the ability to receive and / or transmit ASCII or extended ASCII data. Such ASICS may, for example, limit the amount of data, ASCII characteristics, and / or requests that may be made (eg, within a time period) to prevent buffer overruns.

In one embodiment, some optional adjustments to ASCII filtered or stripped files or content may be provided. For example, if a file, data set, or Internet or World Wide Web content was not ASCII stripped or filtered, files from the outside world and files transferred from them (from their descendants or children) are "unsafe". While marked or identified as a file or content, the filtered or stripped file or content may be identified as "safe" only to include certain authorized ASCII characteristics. This type of marking may be used for other scheduled files or content other than ASCII. Thus, typically, a file is treated as safe if it is known that it is not exposed to an infection, malicious, or simply unknown code that may optionally cause a problem; If it is known that it is not exposed, it may be marked as safe.

In one embodiment, for example, a repair process may consist of or include one or more of the following steps: (a) generate software in a CE that matches and / or partially matches all or part of the master template (b A) erase and / or repair a portion of a computing environment, such as a computing environment or computing environment storage device ("explosion room"), and / or switch to a secondary CE; (c) one or more data storage devices, master boot records, partition tables. (D) execute one and / or other repair processes or (e) perform any combination thereof. The repair process may be executed each time a user "ends" a document (and / or other criteria may be used for when the document is executed). Thus, each new document may be opened in an erased environment, which does not contain any virus and / or hacker software or other malicious code.

In one embodiment, the master template may be stored on a data storage device that may optionally be hidden, and / or may not normally be visible to the user, and may be referred to as a protected master template, and / or master template. It may be. Optionally, the master template is “read only”, and / or locked, and / or turned off, and / or disabled, and / or disconnected, and / or inactive, and / or master template until needed. Communication with may be terminated and / or deactivated. These (and other) techniques can be used to protect the protected master template from malicious code.

In one embodiment, the data storage device and / or portion may be used to temporarily store a user's personal data (documents, e-mails, address books, book markers, favorites, database components, etc. made by the user). This data storage area may be referred to as a temporary storage device. For example, when a user saves a document, it may be stored in a temporary storage device. When a user stores a database, for example, the database (and possibly related documents) may be stored in temporary storage. When a user downloads an e-mail, it may be stored in a temporary storage device. When items are created, such as bookmarks and favorites, they may be created and / or saved to a temporary storage device when the application is stopped. When a document is requested from a protected storage device (described elsewhere in the specification), it may once be copied to a temporary storage device. For example, if a user wants to open an internet browser, favorites / bookmarks, and other user information may be copied from the protected storage device to the temporary storage device. It is to be understood that this is an optional step that is not essential to this process but is necessary in certain embodiments.

The repair process repairs the temporary storage device, or replaces it with a fresh copy prepared earlier. For example, in one embodiment, multiple temporary storage areas may be prepared separately. Then, as they are needed, the old temporary storage device is deleted and replaced with one or more new devices, which may be created using, for example, RAM, RAM disks, cells, and the like.

In one embodiment, for example, the protected storage device may be a storage area separate from the explosion room when the user's personal data is after repair or when the explosion process is stopped. Temporary storage may be (optionally) a data storage area that may be used (optionally) when data is "returned" from protected storage to temporary storage, and after a document has been worked on, from the temporary storage back to protected storage. have. The temporary storage device may in one embodiment always be accessible to the computing environment (referred to as the explosion room in this application and certain earlier applications). In this example, the user may keep the data on temporary storage during work, but upon interruption, the document (or other file or data set) is copied from the temporary storage to the protected storage device.

Regarding files and backups, optionally in one embodiment, a backup system or archive may be used to maintain a continuous backup of all of the user's personal data, such as, for example, documents, email, favorites, and the like. Optionally, if the file is corrupted by a virus or corruption, the user can copy the latest version from the backup system. Consecutive backups and / or retentions can be time / data stamped so that a user can easily determine when the backup was taken. The frequency of backups may be scheduled by default by the manufacturer but may be changeable by the user. Optionally, the backup system may be generally hidden from the user. In one embodiment, if a backup system is available to the user, it remains in "read only" mode, so that it cannot be flexibly changed by the user. Optionally the backup resides in a separate data storage device (partition in some embodiments) and / or in other cases, for example, located on a network. This is an optional step that is not essential to this process but may be necessary in some embodiments.

With respect to the indicator that a problem or error has occurred in the computational environment, various steps of return and repair may be made. In one embodiment, the processor may be allowed to complete processing and / or may be "erased" or reset, the RAM may be erased or reset, and (optionally, optionally unavailable and / or inactive) A second separate RAM that may be made may become available, for example, while communication with the RAM may be established, and / or achieved and utilized, while the first RAM is erased, but the use of the second RAM. Is not required) and / or RAM may be used in the repair process. Although many alternative processes and / or different processes and / or RAMs or other memory or storage devices may be used, one embodiment of a repair process for an explosion room or separate processing environment is described. In one embodiment, repair of a CE may also be limited by replacing the CE with another CE. One way to preserve this is to delete the first CE and to preserve communication with the second CE. Alternatively, the first explosion room can be repaired while the second CE is in use.

In-box and out-box e-mails or E-mails are typically stored in large files that contain many individual messages. For example, one "in box" may include all messages sent to the user. Thus, if one E-mail is read or sent, the entire E-mail file may be at risk from viruses or hackers. According to one embodiment of the present invention, the E-mail software may be modified so that one E-mail at a time may be copied to a temporary storage device or to a separate computing environment to be opened for use. This will protect other E-mails from contamination. Repair may be performed before opening another E-mail. In one embodiment, address books and / or other E-mail components may be stored in protected storage and specific addresses, and user selections may be copied from the protected storage to the work area for use. Thus, the virus will not have access to the user's global address book. Optionally, updating the address book is limited, causing the repair process to take place first, thus protecting the address book from contamination.

Optionally, databases and other software may store multiple files in one large file or database, just as most E-mail programs treat individual E-mails as one file. Such software can be modified to allow individual files and / or discrete records to be copied to temporary storage and to be worked on by the user one at a time, resulting in the entire database not at risk. Repairs may then be made before opening the next file or record. For example, in an E-mail in a box, each E-mail can be stored in a separate file. Alternatively, the location of the data may enter a directory and / or database, and only that data may be copied to a temporary repository without opening any file on the protected storage device. In one embodiment, computer program code may prevent user data from being opened on a protected storage device. In one embodiment, the e-mail and / or database may be copied from the protected storage area to the CE and / or other storage device, with one (or more in some cases) e-mail or file open for work. Can lose. Only one E-mail (or database file) can be opened and worked on, and the rest of the E-mail and / or database can be deleted (since it still resides in a protected storage means). In one embodiment, users and web sites utilize the techniques and methods of the present invention. For example, in one embodiment, a system or device user decides to conduct an e-commerce on a web site. Instead of entering data on the website in the usual way, the user indicates that he wants to do e-commerce, which causes the website software to pick up the user's public coding key (or let the user software automatically provide it). ). The website moves the user's key to a separate computing environment, which the user codes using standard standalone application programs or procedures that can be used to enter their transactions or database information. The coded file may then be moved to a separate computer environment, which may be connected, connected or coupled to a network, such as the Internet, or the network may be connected to a separate computing environment, where standard standalone applications are coded. The coded application is then sent to the user. The user's computer receives the application, moves it to a separate computer environment, and decodes the application in a separate computing environment. The user then enters his user data into the application. The application may create a database of user input, which is then coded, and then built into a coded database where the network connection is moved to a separate computing environment or a new separate computing environment. The coded data is sent back to the commerce site, moved to a new separate computing environment, and decoded. Databases and e-commerce decoded in this manner are never exposed to the network.

In one embodiment, the Ethernet cable (or other network connection communication link) may communicate in one direction rather than in both directions, with each of the receive and transmit cables switched to communicate with each of the computing environment. In this embodiment, each line or direction (or other network connection communication link) of Ethernet is individually switched with each communication link combined with a separate computing environment. One computing environment transmits and the other computing environment receives, and their activities are controlled by a control computing environment such as CSCE or CCE. In another embodiment, a pair or network interface card or capability (NIC) or modem is configured for transmit only or receive only in a pair providing transmit / receive capabilities. By providing only receive-only capabilities in one computing environment and only send-only capabilities in another computing environment, even if a hacker or virus has access to a receiving computing environment, the hacker or virus can obtain from or communicate with the computing environment for transmission only. Can not.

In one embodiment, an internal DHCP router or other router may optionally be provided such that the computing environment may have multiple network transactions, multiple NIC cards, or multiple I / O devices. In one embodiment, the predetermined number of peripherals are exclusively combined with the predetermined number of computing environments in a separate manner. Such devices may be, for example, USB devices, firewall devices, SCSI devices, serial devices, or any other device type as known in the art.

In one embodiment, instead of replacing the previously saved version of the file, the older file is kept. For example, if updated Netscape bookmarks and user data have been copied to a protected storage device, they may not replace earlier versions of Netscape Bookmarks and History. Thus, after the data is used, if the data is corrupted and does not operate properly, the control method and / or the user may perform repairs and switch back using the previous version of the data.

In one embodiment, optionally two or more CEs can be generated, for example one with a complete master template and the other including only an abbreviated set of applications and operating systems that are often used, for example. Optionally, when software is required, if the CE does not include the software, the required software can be included in the CE by copying it from a master template that contains the entire set of user software and optionally may include an operating system. have.

In one embodiment, prior to selectively enabling network communication, some or all E-mail to be sent may be coded using a method of protecting E-mail by executing coding in a separate computing environment prior to transmission. Copies the mail to a second, separate computing environment where it is sent (and exposed to potential hackers). After receipt, the coded E-mail is moved to a separate computing environment before being decoded. Thus, email is never exposed to the Internet in uncoded form. Our software automatically triggers the coding and / or decoding process without user intervention. Optionally, a user public key can be automatically provided to each email.

Optionally, in one embodiment, the protected storage device may be read only and / or locked until the CSCE or CCE or other control environment receives a command to move data to the CE. Thus, in this example, if the user selects the document of the protected storage device to open, the code (which may be a command of the ROM and / or operating system, for example) may instruct the CSCE to perform the repair. . After repairing, the CSCE may then switch the protected storage device to read-write and / or unlock. Data can be copied from protected storage to temporary storage and / or explosion rooms. Such events may occur in a different order, may include additional and / or other steps, and / or may include some of these steps.

Optionally, multiple CEs can operate at the same time, so that if one CE “collides” and / or fails and / or shuts off and / or is no longer needed, it is ready to take over for the other CE that was in use. For example, the CSCE may be switched to the second CE and / or activate communication with the second CE.

In one embodiment, code associated with protected storage may not allow execution of data and / or may not support execution of data in protected storage. Thus, in this embodiment, no user data can be executed in the protected storage device. Optionally, communication with the protected storage device can never be made by the CE before repair, before a new network connection with the CE, and / or before opening any user documents. Thus, the protected storage device is not compromised in the execution of hacking and viruses.

In one embodiment, the computing environments (also known as x-rooms or explosive chambers) may each be identical to each other, and / or may differ from each other, and / or serve as a "time delay" mirror. In one embodiment, the second CE may be the same, but key presses and / or inputs may be sent to multiple CEs in a delayed manner. Therefore, some CEs can be time-delayed, so if a CE crashes, the control system can switch to a time-delayed CE. In one embodiment, the control method may use a process monitor and / or a collision detection system to determine whether to switch to the second system CE, and optionally analyze the problem to avoid problems in successive transitions to the previous CE. .

In one embodiment, the data in volatile memory may be copied and / or stored prior to execution of the instruction and / or backed up to other memory regions and / or logical devices. Consecutive backups of data prior to execution of the command may be stored. And if a problem such as a hang occurs when a command is executed, a new second memory system and / or a second self repair user workspace may be used, and / or optionally a backup of volatile memory may be loaded into volatile memory. . This can provide a good copy of inactive memory for use. If another problem or hang occurs again, the previous version of the stored inactive memory can be used. Optionally, the user (s) may be informed of the problem and asked to change what they entered and / or how they enter data and / or other behavior. Optionally, process monitors and / or error detection systems can be used to recognize the problem. Optionally, when the second CE is used, the control method may be selected to use a previous backup of the inactive memory to avoid conflicts and / or instruct the second system to process the data differently.

Another way of doing the repair is to prepare a number of CEs separately, for example. These CEs may be in the form of RAM disks, RAM, shells, volatile memory, or other data storage, may have associated RAM, and / or processing, and / or operations, and may include copies of all or part of one or more master templates. Can be. For example, separation may be formed by enabling and / or deactivating communication to switch the CE from the separate backup to the current CE.

Optionally, in one embodiment where one or more nonparticipating and / or non-confirmed files appear in temporary storage (e.g., information relating to what the data should be in temporary storage does not appear in the protected database). Above files), for example, control methods and / or operating systems, and / or code in a ROM may draw user attention to such files. The user may be given the option of destroying and / or storing the file (s), and / or indicating that the file (s) are in any suspicious manner and / or require further inspection and / or confirmation. You may. In another embodiment, the unidentified file may be deleted and / or stored on a data storage device and / or displayed for further inspection, and / or somewhere for further investigation, for example a network administrator and / or virus scan. It may be sent automatically and / or manually to the entity.

In one embodiment, the one or more data magnetic device (s) are hardware and / or switched between read only and read / write modes and / or lock and / or release modes, and / or accessible and / or inaccessible modes. May be software. In one example, a user opens a file from a read-only data storage device, works with the file, and is stored in a temporary storage area when the user saves the file. Optionally, when closing some or all of the files, the control logic and / or method may perform one or more of the following steps, may erase and / or reset the RAM, erase / reset the processor, And / or release and / or lock one or more data storage devices and / or make them read / write and / or read-only, move data from temporary storage to data storage, or store one or more data You can close / lock / read-only the device (s), optionally erase / reset the temporary storage area (optionally run the repair process), and wait for the next user command. In one embodiment, temporary storage may be comprised of volatile and / or nonvolatile memory. In one example, random access memory and / or flash ROM, and / or other data storage may be used. In one embodiment, for copying data between documents, the data to be copied may be loaded to one or more specific address (es) of RAM and / or volatile memory. Upon receipt of the paste command, the data may be delivered using a copying process that makes the data inoperable. For example, data can be simplified to only transmit ASCII text that cannot be executed.

In one embodiment, the file cannot be opened in a protected storage, but as long as it is performed from a "secure" interface, such as a controlled environment, for example, but not limited to, copy, move, delete, flag, backup, archive and other functions You can also do

In one embodiment, a control environment that may have its own user interface software, for example, to execute commands such as changing priorities, modifying master templates, deleting backups, providing other management events to the control environment, and the like. Management should take place in a secure environment. The term separation may be used to convey the concept of separation at a point in time that is described, and not at other specific points in time described herein. For example, the CE may be separated until the repair process is executed while the user data is being executed. Then, for example, communication with the read-only master template may be established to execute the repair process, and after repair is made, communication with the CE may be established, such as with the network. Isolation is used as needed and when needed to prevent hacking and virus outbreaks.

Referring to the master template, a "disposable copy" of the master template used for CE can be created using various criteria in various ways. In one embodiment, various master templates of the CE may be generated. Generation criteria of the master template may be established. For example, one criterion may be based on the selection of a program commonly used for computers / computing devices. For example, computer users most commonly use (1) word processing programs, (2) e-mail programs, (3) two Internet browsers and pop-up prevention utilities, and online auction tracking programs, to a lesser extent Assume using games, utilities, and / or other programs. Using this example, the master template (s) can be created using each of those needed as criteria. Thus, some master templates may include an operating system and a word processing program, and other master templates may include an operating system and an email program. Another master template may include an operating system, two internet browsers and a pop-up blocker utility, an online auction tracking program, and another master template may include all of the user software.

In another embodiment, one (or more) master template may be created, and only a portion of the master template needed to meet the criteria may be copied to generate one or more CE (s). For example, there can be one master template, but it can be used to create part of a master template in one or more CEs. For example, using the criteria described above, some master templates can be used to create a CE prepared for possible use by the user.

In one embodiment, the user may select the CE (s) to use / open and copy data to the CE (s). Optionally, the selection of CE and / or a copy of the master template to use may occur automatically or may be organized by code. For example, if the user selects a word processing document to open, the code may perform a search of the CE containing the appropriate word processing software when the document is selected, and / or a database and / or to locate the appropriate software. The directory may be examined and / or other means may be used to identify the correct software and / or CE to use.

In some embodiments of the invention, data from one, several, or all computing environments is displayed on a single display device (or less set of display devices than in a running computing environment, sharing the display device and subsystems without contamination). There is a preference.

In one embodiment, the control environment may use multiple modes of operation. For example, in the first mode of operation the control environment does not allow copying between user computing environments except for ASCII and extended ASCII, and / or does not allow file sharing on the network. In the second mode of operation, the control environment may allow copying of unknown executable code and / or allow file sharing on a network. The first mode may be classified as "immune against hacking and viruses" while the second mode of operation may be classified as "resistance against hacking and viruses" or "non-secure". Documents created in the second mode of operation may be labeled, for example, "non-secure" document. Additional modes of operation may be used. For example, the switching mode may be made by the control environment and / or the user and / or the administrator. The switchover may be automatic and / or triggered by a manual switchover process or by any state detected.

There are many other possible modes that can be implemented by embodiments of the invention. For example, there can be various management modes. In one example of a management mode, a user may need to use a key or password, or any means of verifying identity or authorization, to perform repairs and / or maintenance on one or more computing environments, such as a protected storage or control environment. have. In a second example of managed mode and / or repair mode, the protected storage device (s), control environment (s) may be automatically stored on one or more data storage devices, reformatted / reset / deleted, It can also be reloaded as needed to recreate the state in the original way. Master templates in various environments, such as the control environment, may be used, and other environments may perform repairs to the control environment during the maintenance process with proper approval and conversion. In one embodiment, this transition may occur as scheduled and / or may be triggered by the user.

In another environment, the control environment may label each file stored on the secondary storage device. If the file is unknown or unreliable, the file may be labeled "untrusted", for example, whereas if the file could be created in the original environment, the control environment may label the file as "trusted". Can be. In one example, in the “immune against hacking and viruses” mode, the control environment may enable copying of reliable data from the first user computing environment to the second user computing environment, but the “ You can disable copying of "unreliable" data. Switching to the "less secure" mode may cause the control environment to copy untrusted code from the first user computing environment to the second user computing environment, and the resulting file may be labeled "untrusted".

In other embodiments, data linked to two or more computing environments in some modes may be copied directly between these environments. In other embodiments, trusted linked data groups may be copied or moved to the user environment, data may be copied between them, and / or cross linked if all data is reliable. Thus, the entire database and set of linked data may be moved or copied into a user computing environment, and various documents and / or operations may be manipulated by cross copying and linking data between databases. If all data is reliable, the data can be manipulated together in a mode one user computing environment. The user computing environment (or in one or more environments, such as the second and third environments) may communicate directly with the first computing environment because all code is reliable. In other unreliable modes of operation, unreliable data may be merged with reliable or unreliable data and become unreliable data and thus labeled. In this way, the entire database of linked data and databases can be maintained and shared in a trusted environment.

In another embodiment, a computer-configured network using this new technology may share and mix reliable data, databases, and linked data documents delivered over a trusted / secure communication line.

In one embodiment, the control computing environment can never enable mixing of, for example, files that are trusted and files that are labeled as untrusted. This method allows the entire computer network granted by a trusted / secure network connection to advantageously share and mix together trusted files, databases and linked data, while having unreliable files on the computer You can have the ability to use these untrusted files without putting them at risk.

In one embodiment, the server is in the technology described herein, where the client nodes can be connected by a secure / reliable network connection, and the client nodes can be configured as computers of the prior art. In this example, the server comprises the following steps: (1) reformatting the client computer hard drive and erasing the memory; (2) providing a user computer with access to the desktop environment after the user selects the file in the desktop environment; (3) providing the requested file to the user's environment and limiting communication with the desktop environment to, for example, 1 bit and 1 bit or more, meaning file "save", thereby saving the file and removing the computing environment Can be performed. In addition, (4) in order to store a file in such a way that it is not placed in the control environment in a dangerous state, the user file is copied from the client computer to the server by the user computing environment and then stored in the user computing environment. There are steps that can be stored in a manner. Then, (5) when the client does so, the client computer can be reformatted and reset by the server. Optionally, the client can operate as a "thin client" so that little or no data needs to be copied back to the client computer.

In one embodiment, files marked as untrusted may be made reliable by, for example, a "striping" process that removes any potentially executable code from a word processing document. For example, untrusted file data may be copied to the secure environment as ASCII characters and classified as trusted. In one embodiment, the protective storage device may be external and / or portable and / or hot-swappable and / or portable media. In one embodiment, software and / or physical buttons and / or switches and / or combinations may be used to trigger events such as reset / repair of the computing environment.

Internal or external backup systems, which may or may not be concealed, may be switched by the control environment, for example, to back up the protected storage, master template, copy of the control environment, and the like.

Attention is now directed to the description of how data from any selected one computing environment or set of computing environments can be displayed and used. Such data is not limited to, but is not limited to, video output and representation of data or activations occurring in the computational environment, as well as actual input, output, and intermediate data sets or files used or generated by or within the computational environment during processing episodes. It may include.

In one embodiment, including a window-based user interface, all (or selected) sizes, shapes, and position coordinates for all (or selected) windows, icons (and names of data or application programs that these icons represent), and other related Control entities in the system, generally from a computing environment (generally referred to as "explosion chambers" or "x-rooms" because the data and / or means of identification include arbitrary code explosions and are not harmful externally), generally Is sent to a control calculation environment (also called "brain" in some embodiments), such as the CSCE or CCE calculation environment described above. Such information may be provided to the control computing environment, for example, using a procedure of the invention using computer program software instructions executing in one or more of the various computing environments or in a temporarily separated manner when a single concurrent computing environment operation is supported. Can be. Alternatively, all or some of these may be generated by or within the control calculation environment.

Such data stored and tracked by the control computing environment is referred to herein as "computing environment data" or "x-room data".

In addition, the control calculation environment or alternatively, for example, control data or other data called "brain data" such as data representing the order in which each "layer" or "process" was created and the order in which each window was created. You can also track. Information may also be maintained about optional or active windows or processes.

A control computing environment, such as CSCE or CCE, also described in some embodiments and in relation to other embodiments, the system “brain,” may track the position of the mouse cursor or other pointing device and / or keyboard or other user input activity. In this way, the control calculation environment can determine the position of the mouse cursor (when a mouse or pointing device click occurs) with respect to the positions of open windows, icons, etc. generated by each calculation environment. Although the present disclosure primarily discloses human user interaction using keyboard and mouse commands, in fact, the systems and methods of the invention are not limited thereto, but touch screen interactions and commands, voice interactions and commands, drop-down menus, hot Applicable to a variety of known user interactions, such as spot selection interactions and commands, function button presses, pen stylus interactions and commands, and various other user inputs and interaction methods and devices, or may be expected to be developed. It is recognized.

Thus, by calculating the mouse position "click" (or other "selection") and comparing the window position (and which window is "forward" or "activated") of the assigned computing environment, the CSCE specifically selects which window (or icon) , Or an item or computational environment process) will be selected and can receive its "click" input.

Thus, when the mouse button is clicked, the control calculation environment is based on the information collected by the control calculation environment, for example which layer is "active and forward" in the conventional window terms, or which application is started, Or in which direction the mouse and keyboard signals are retransmitted.

A direct connection to the CSCE in the ("CE") computational environment is not limited to, for example, using a first (possibly dedicated) ASIC from the computational environment to a second (possibly dedicated) ASIC in the CSCE (or filter). Unintended activity or progress can be prevented. This unintended consequence can be any code execution that causes a buffer or memory overrun, for example, intended for inappropriate placement or spreading of code. The ASIC is just one example of logic circuitry that provides filtering or limiting operations such that only predetermined predetermined processing can occur. For example, logic in ASIC form or otherwise implemented and operating as a "receiver" may only understand or interpret the communication received as a "x, y" or "line, sample" state. Note that in some embodiments, a single ASIC or other logic placed in the communication path between the computing environment and the CSCE may be sufficient to provide the desired limiting or filtering operation in the intended communication. Such ASIC or logic circuitry (optionally using software and / or firmware) may be controlled to safely and safely select one function from a valid set of possible allowed functions or operations, or to achieve such a selection (protection or other By downloading code from a secure storage device or by sending a control signal or signals).

Examples of "x-room data" or user-calculated environment data that may be included in the data provided to the controlled computing environment include, but are not limited to, window position and size (wire-framed); Names of icons and what they represent; It may or may not include any one or more of a file size, file location, and file or data set reference or identifier. As a further example, they may include B-trees, master directories, desktop databases, and the like. In addition, or in the alternative, a list or other data structure or index in which an application program, driver, or operating system component is “associated” or intended to “interconnect” or have a file or file type or processing capacity having a device or device type It may include.

Examples of control data or "brain data" include data identifying the order in which layers, windows and / or processors are created, and the current order or priority of such layers, windows and / or processes; It may or may not include any one or more of a mouse or pointing device absolute, screen relative, window relative cursor position, and / or a combination of these or other data. In some embodiments, multiple computing environments may have similar or identical attributes, and some of this data or information may be generated once, and then for each computing environment for subsequent updates, if there is a change related to each computing environment. It may need to be modified or modified.

While various embodiments of the invention have been described that include a number of optional features, it is evident that other forms and features of the invention may be used in combination or may be used separately. In this section, attention is made to certain example embodiments with specific combinations of features. This description is exemplary only and does not limit the scope or spirit of the invention in any way. Many aspects and features of the invention described in the specification are not described in the following paragraphs.

In one aspect, the invention provides an information means. In one embodiment of the information means, the information means has a first storage device of the program and the data and the processor logic and is of a type for executing computer program instructions for performing a task comprising user data, the information means being a separate control process. Environments and user processing environments are created and maintained so that (1) user data with unknown or untrusted content is not exposed to computer program code capable of executing any computer program code instructions embedded in user data in a control processor logic environment. And (2) user data having unknown or untrusted content is only exposed to temporary storage other than the first storage device when separated from the first storage device in the user processor logic environment. In another embodiment of the information means, the information means may be or include a personal data assistance means. In another embodiment of the information means, the information means comprises or is a computer.

In another aspect, the invention provides an apparatus comprising: at least one processing logic device for executing at least one instruction; A first storage device including at least one command and storing first data and first program code comprising user data; A second storage device for storing second data; A switch for selectively and independently coupling processing logic devices to the first storage device and / or the second storage device under automatic control, and receiving at least one control signal from the processing logic device to select a state of the switch system; Providing a means of information comprising the system, wherein the processing logic device operates with the control structure and the user data structure under the following conditions: (i) The processing logic device may have untrusted content or be within a known control environment. Can be combined with the first storage device when loaded by a program instruction that cannot execute the data item that has not occurred; (Ii) the processing logic device does not combine with the first storage device to convey known information when the processing logic is loaded by program instructions capable of executing data items that have unreliable content or that do not occur within a known control environment. Only limited combinations can be made; (Iii) the processing logic device is capable of associating with the second storage device when the processing logic is loaded by a program instruction that has unreliable content or cannot execute a data item that does not occur within a known control environment; (Iii) the processing logic device is the first storage device when the processing logic is loaded by a program instruction capable of copying data items only from the first storage device to the second storage device or from the second storage device to the first storage device. And a second storage device.

In one embodiment of the information means described above, the switch system may combine or disconnect the processing logic device with the first storage device and the second storage device in at least the following manner: (i) the processing logic device is for the first storage device only. (Ii) the processing logic device couples only to the second storage device, (i) the processing logic device jointly couples to the first and second storage devices, and (i) the processing logic device comprises the first storage device. Nor do they couple to the second storage device. In another embodiment of the information means described above, the processing logic device comprises a microprocessor. In another embodiment of the information means described above, the processing logic device is selected from a processing logic circuit set consisting of a microprocessor, a central processing unit (CPU), a controller, a microcontroller, an ASIC, a logic circuit, a programmable logic circuit, and a combination thereof. do. In another embodiment of the information means described above, the information means may be a computer, a notebook computer, a personal data assistant, a personal data organizer, a cellular phone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, an embedded computer, an aircraft. Information means consisting of built-in computer, navigation device, home appliance, printing device, scanning device, camera, electronic camera, television receiver, broadcast control system, electronic device, medical monitoring device, security device, environmental control system, electronic device and combinations thereof Is selected from the set. In another embodiment of the information means described above, the first data storage device and the second data storage device comprise a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a chemical memory, a magnetic memory. And are individually selectable and selected from a set of storage devices consisting of a molecular memory, a micro drive, a flash memory, a small flash card memory, a RAM memory, a ROM memory, and a combination thereof.

In another embodiment of the information means described above, the at least one processing logic device comprises a plurality of processing logic devices. In another embodiment of this information means, at least one of the plurality of processing logic devices comprises at least one microprocessor, wherein the at least one instruction is a plurality of computer program code segments from an operating system and a plurality of computers from an application program. And a program code segment, wherein the switch system is coupled to a microprocessor that receives switch control instructions for changing a switching configuration to selectively couple and detach the microprocessor to first and second storage devices. In another embodiment of this information means, the plurality of processing logic devices are intermittently separated from one another by an automatic control system executing one of the processing logic devices and limited by communication. In another embodiment of the information means, the second storage device is configured to perform as a temporary storage device during a processing operation when connected to the processing logic device, and automatically after each processing occurs individually if the processing is completed in error state or without error state. Error state may include detection of a virus or other invalid code execution. In another embodiment of the information means, the plurality of processing logic devices and at least the first and second storage devices may be dynamically configured to create a computing environment in which the features have been determined. In another embodiment of the information means, the first storage device stores a protected copy of the user data and a master template file having operating system and program components.

In another aspect, the invention provides at least one processing logic device for executing at least one instruction, a first storage device for storing first data and first program code, the first data comprising at least one instruction and comprising user data, and A method is provided for operating an information means of a type having a second storage device for storing second data, said method under automatic control upon receipt of at least one control signal from a processing logic device for selecting a state of a switch system. Selectively and independently switching to couple and detach the processing logic device to the first storage device and / or the second storage device; Operating the processing logic device into a control structure and a user data structure according to the following conditions: (i) the processing logic is loaded by a program instruction that has unreliable content or cannot execute a data item that does not occur within a known control environment. Allow coupling of the processing logic device with the first storage device when such; (Ii) combining the processing logic device with the first storage device to convey known information when the processing logic is loaded by program instructions capable of executing data items that have unreliable content or that do not occur within a known control environment. Not allowed or only limited; (Iii) allow coupling of the processing logic device with the second storage device when the processing logic is loaded by a program instruction that has untrusted content or cannot execute a data item that does not occur within a known control environment; (Iii) the processing logic device and the first storage device when the processing logic is loaded by a program instruction capable of copying data items only from the first storage device to the second storage device or from the second storage device to the first storage device. And a combination with the second storage device.

In another embodiment of the method of operating information means, the method further comprises the step of any processing logic device deleting the second storage device after processing the user data using the second storage device.

In another embodiment of the method of operation of the information means, the information means is a computer, a notebook computer, personal data assistant, personal data organizer, cellular phone, mobile phone, wireless receiver, radio transmitter, GPS receiver, satellite phone, auto embedded computer, aircraft Information means consisting of built-in computer, navigation device, home appliance, printing device, scanning device, camera, electronic camera, television receiver, broadcast control system, electronic device, medical monitoring device, security device, environmental control system, electronic device and combinations thereof It is selected from the set.

In another embodiment of the method of operating information means, the at least one processing logic device comprises a plurality of processing logic devices. In another embodiment of a method of operating information means, at least one of the plurality of processing logic devices comprises at least one microprocessor, and the at least one instruction includes a plurality of computer program code segments from an operating system and a plurality of applications from an application program. And a computer program code segment, the switch system being coupled to a microprocessor that receives switch control instructions for changing a switching configuration to selectively couple and detach the microprocessor to first and second storage devices.

In another aspect, the invention provides a housing having a form factor of a computer PC card and a plurality of PCCardBus interface connections, a plurality of processors disposed within the housing; A plurality of data storage devices disposed within or connected to the housing; A protected data storage device selected from the plurality of data storage devices for storing at least user data; A data storage switch system coupled to a plurality of data storage devices, the data storage switch system being coupled to a data storage switch configuration to configure communication with one or more data storage devices disposed within the housing; An I / O switch system coupled to at least one peripheral device, the I / O switch system coupled to an I / O system including a plurality of features for configuring communication with a peripheral device disposed within the housing; And an information processing apparatus comprising a plurality of computing environments, each computing environment comprising at least one processor and identified by at least one feature selected from a plurality of features, including: a data storage switch A data storage switch communication path coupled to the at least one data storage device according to the data storage switch configuration; An I / O switch communication path coupled to the I / O switch system and coupling peripherals to the computing environment in accordance with the I / O switch system configuration; The computing environment may perform processing activities including receiving input from the I / O switch system and sending output to the I / O switch system, the processing activities being performed separately from the processing activities of other computing environments; The control computing environment is selected from a plurality of computing environments that make up the data storage switch structure and the I / O switch system structure, and the data storage switch configuration supports communication between the control computing environment and the protected data storage device, at least One user is separated from a selected computing environment from a plurality of computing environments; The I / O switch system configuration is configured to deliver receive inputs to at least one of the computing environments, and the I / O switch system configuration is configured to deliver outputs generated by one or more of the plurality of computing environments to peripherals.

In other embodiments of the information processing apparatus, the plurality of processors are individually from a set of processing logic circuits consisting of microprocessors, central processing units (CPUs), controllers, microcontrollers, ASICs, logic circuits, programmable logic circuits, and combinations thereof. Multiple data storage devices are selected, rotating magnetic hard disk drive, rotating magnetic floppy disk drive, CD, DVD, semiconductor memory, solid state memory, chemical memory, magnetic memory, molecular memory, micro drive, flash memory, compact flash card Individually selectable and selected from a set of storage devices consisting of memory, RAM memory, ROM memory and combinations thereof.

In another aspect, the present invention provides a computer of the type having a first storage device of program and data and processor logic and executing computer program instructions for performing a task comprising user data, the computer having a separate control process. Environments and user processing environments are created and maintained so that (1) user data with unknown or untrusted content is not exposed to computer program code capable of executing any computer program code instructions embedded in user data in a control processor logic environment. And (2) user data having unknown or untrusted content is only exposed to temporary storage other than the first storage device when separated from the first storage device in the user processor logic environment.

In another aspect, the invention provides an apparatus comprising: at least one processing logic device for executing at least one instruction; A first storage device including at least one command and storing first data and first program code comprising user data; A second storage device for storing second data; A switch for selectively and independently coupling processing logic devices to the first storage device and / or the second storage device under automatic control, and receiving at least one control signal from the processing logic device to select a state of the switch system; A computer system comprising a system is provided, wherein the processing logic device operates with a control structure and a user data structure according to the following conditions: (i) The processing logic device may have content with unreliable content or within a known control environment. Can be combined with the first storage device when loaded by a program instruction that cannot execute the data item that has not occurred; (Ii) the processing logic device does not combine with the first storage device to convey known information when the processing logic is loaded by program instructions capable of executing data items that have unreliable content or that do not occur within a known control environment. Only limited combinations can be made; (Iii) the processing logic device is capable of associating with the second storage device when the processing logic is loaded by a program instruction that has unreliable content or cannot execute a data item that does not occur within a known control environment; (Iii) the processing logic device is the first storage device when the processing logic is loaded by a program instruction capable of copying data items only from the first storage device to the second storage device or from the second storage device to the first storage device. And a second storage device.

In another aspect, the present invention provides a computer system of the type having a first storage device and at least one processor, wherein the computer system creates and maintains separate control processing environments and user processing environments within the at least one storage device and processor. So that (1) the identified data is not exposed to a processor capable of executing instructions inserted into the data, and (2) the processor is stored in a temporary storage device different from the first storage device when the identified data is separated from the first storage device. It is characterized in that only exposed.

The foregoing descriptions of specific embodiments and best modes of the invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. Embodiments have been selected and described in order to best explain the principles and practical applications of the invention, which enable those skilled in the art to best utilize the invention and various embodiments by various modifications suitable for the particular use envisioned. It is intended that the scope of the invention be defined by the claims appended hereto and their equivalents.

Claims (30)

A method of preventing contamination of first data by execution of second data, Inserting a first separation device between the source and the processing logic and a second separation device between the processing logic and the receiver, wherein the first and second separation devices are respectively the source, the receiver, or the processing logic. Cannot execute any instruction input from the device to the separation device, prevent access to the processing logic and execution of any instructions on the source or receiver side by the processing logic, Communicating the second data from the source to the processing logic via the first separation device; Processing the second data within the processing logic to generate a first result; And Communicating the first result from the processing logic to the receiver via the second separation device. 2. The method of claim 1 wherein the first and second separators are unable to execute the arbitrary instructions because they perform a copy operation on binary bits or a plurality of binary bits. 2. The method of claim 1, wherein said copy operation is performed outside said processing logic. The method of claim 2 wherein the first and second separation devices are the same device. 3. The method of claim 2 wherein the first and second separation devices are different devices from each other. A method of preventing contamination of first data by execution of second data, Separating the source from the processing logic and the receiver, wherein the separated source and the separated receiver are unable to execute any instructions input to the isolated source from the receiver or the processing logic, and to the processing logic. Execution of any instructions at the source or receiver side by a connection and the processing logic, and Communicating the second data from the source to the processing logic in a detach mode; Processing the second data within the processing logic to generate a first result; And Communicating the first result from the processing logic to the receiver in the detach mode. 7. The method of claim 6, wherein said separation is a logical separation. 7. The method of claim 6, wherein said separation is a physical separation. 7. The method of claim 6, wherein the source and receiver are storage locations and the separation is performed using an address control procedure. 10. The method of claim 9, wherein the address control procedure comprises performing a level of control within a computer of an operating system that hides specific memory locations and executes other memory locations available to the process. An information device having a first storage device and processing logic for programs and data and executing computer program instructions to perform a task comprising user data, the information device comprising: (1) user data having unknown or untrusted content is not exposed to computer program code capable of executing any computer program code instructions contained within the user data in a control processing logic environment, and (2) unknown or Individual control processing environments and user processing environments are created and stored such that user data with untrusted content is exposed to a temporary storage device different from the first storage device when separated from the first storage device in a user processing logic environment. Information device. At least one processing logic device for executing at least one instruction; A first storage device storing first data and first program code including the at least one command and including user data; A second storage device for storing second data; And And a switching system for selectively and independently coupling and decoupling the first storage device and / or the second storage device and the processing logic device under automatic control, the switching system selecting a condition of the switching system. Receive at least one control signal from the processing logic device to: The processing logic device operates in a user data configuration and control configuration according to the following conditions, wherein the conditions are: (i) the processing logic device may be associated with the first storage device when a program instruction having untrusted content in the processing logic or a program instruction that is unable to execute a data item that does not occur within a known control environment is loaded. And (ii) when the processing logic device is loaded with program information that has untrusted content in the processing logic or that is capable of executing a data item that does not occur within a known control environment. Can be unjoined or constrained to communicate, (iii) the processing logic device may be coupled with the second storage device when a program instruction having content that is not trusted in the processing logic or a program instruction capable of executing a data item that does not occur within a known control environment is loaded; , And (iv) said processing logic device is said first storage device when said processing logic is loaded with a program capable of copying a data item from said first device to said second device or from said second device to said first device. And be coupled to the second storage device. 13. The system of claim 12, wherein the switching system is capable of coupling or uncombining the processing logic device with the first storage device and the second storage device in at least the following manners, the schemes comprising: (i) the processing logic; A device is coupled only with the first storage device, (ii) the processing logic device is coupled only with the second storage device, and (iii) the processing logic device is simultaneously coupled with the first and second storage devices, and (iv) the processing logic device is not coupled with either the first storage device or the second storage device. 13. The information device of claim 12, wherein said processing logic device comprises a microprocessor. 13. The system of claim 12 wherein the processing logic device is from a set of processing logic circuits including a microprocessor, a central processing unit (CPU), a controller, a micro-controller, an ASIC, a logic circuit, a programmable logic circuit, and a combination thereof. And an information device, wherein the information device is selected. 13. The information device of claim 12, wherein the information device is a computer, a notebook computer, a personal digital assistant, a personal data organizer, a cellular telephone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, a vehicle-mounted computer, an onboard aircraft. Type computer, navigation device, household device, printing device, scanning device, camera, electronic camera, television receiver, broadcast control system, electronic device, medical monitor device, security device, environmental control system, electronic device, network device and combinations thereof And an information device selected from the set of information devices. 13. The apparatus of claim 12, wherein the first data storage device and the second data storage device are independently selectable, and include a magnetic rotating hard disk drive, a magnetic rotating floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state. An information device selected from a set of storage devices including memory, chemical memory, magnetic memory, molecular memory, micro-drive, flash memory, small flash card memory, RAM memory, ROM memory, and combinations thereof. 13. The information apparatus of claim 12, wherein the at least one processing logic device comprises a plurality of processing logic devices. 19. The computer-readable medium of claim 18, wherein at least one of the plurality of processing logic devices comprises at least one microprocessor, wherein the at least one instruction comprises a plurality of computer program code segments from an operating system and a plurality of applications from an application program. Computer program code segments, the switching system receiving the microprocessor to receive switch control instructions for changing the switching configuration to selectively couple and uncouple the microprocessor with the first and second storage devices. An information device, characterized in that it is coupled to. 20. An information apparatus as claimed in claim 19 wherein the plurality of processing logic devices are intermittently sequentially separated and limited in communication by an automatic control system executing one of the processing logic devices. 20. The apparatus of claim 19, wherein the second storage device is configured to perform as a temporary storage device during a processing operation when connected to the processing logic device, and wherein each processing is completed by an error condition or without an error condition. Automatically removed after being generated regardless of whether the error condition may include virus detection or other malicious code execution. 21. The information apparatus of claim 20, wherein the plurality of processing logic devices and at least the first and second storage devices are dynamically configurable to generate computational environments having determined characteristics. 12. The information device of claim 11, wherein the first storage device comprises a master template file having operating system and application program components and a protected copy of user data. At least one processing logic device for executing at least one instruction, a first storage device including the at least one command and a first program code, and a first storage device including user data, and a second data store A method of operating an information device of a type comprising a second storage device, Selectively and independently connect and connect the first storage device and / or the second storage device and the processing logic device under automatic control upon receipt of at least one control signal from the processing logic device to select a condition of a switching system. Switching to release; Operating the processing logic device in a user data configuration and a control configuration in accordance with the following conditions, wherein the conditions include: (i) connecting the processing logic device with the first storage device when a program instruction having untrusted content in the processing logic or a program instruction that is unable to execute a data item that does not occur within a known control environment is loaded. Allow, (ii) when the program logic is loaded with program content capable of executing data items that have untrusted content in the processing logic or that do not occur within a known control environment, the processing logic device to communicate the first known information to the first processing logic device. Disallow to connect with a storage device or restrictively connect the processing logic device with the first storage device, (iii) connecting the processing logic device with the second storage device when a program instruction having content that is not trusted in the processing logic or capable of executing a data item that does not occur within a known control environment is loaded. Allow, and (iv) when the program is loaded into the processing logic capable of copying a data item from the first device to the second device or from the second device to the first device, storing the processing logic device in the first storage. Allowing access to the device and the second storage device. 25. The method of claim 24, further comprising removing the second storage device after any processing logic device uses the second storage device to process user data. 25. The device of claim 24, wherein the information device is a computer, a notebook computer, a personal digital assistant, a personal data organizer, a cellular telephone, a mobile phone, a wireless receiver, a wireless transmitter, a GPS receiver, a satellite phone, a vehicle-mounted computer, an onboard aircraft. Type computer, navigation device, household device, printing device, scanning device, camera, electronic camera, television receiver, broadcast control system, electronic device, medical monitor device, security device, environmental control system, electronic device, network device and combinations thereof And from a set of information devices comprising a. 25. The method of claim 24, wherein the at least one processing logic device comprises a plurality of processing logic devices. 28. The computer-readable medium of claim 27, wherein at least one of the plurality of processing logic devices comprises at least one microprocessor, wherein the at least one instruction is comprised of a plurality of computer program code segments from an operating system and a plurality of applications from an application program. Computer program code segments, the switching system receiving the microprocessor to receive switch control instructions for changing the switching configuration to selectively couple and uncouple the microprocessor with the first and second storage devices. And bindable to. A housing in the form of a computer PC card and a plurality of PC card bus interface connections; A plurality of processors disposed in the housing; A plurality of data storage devices disposed within or coupled to the housing; A protected data storage portion selected from said plurality of data storage devices for storing at least one user data; A data storage switch system coupled with the plurality of data storage devices, the data storage switch system coupled with a data storage switch configuration to form communication with one or more data storage devices disposed within the housing; An I / O switch system coupled with at least one peripheral device, the I / O switch system coupled with an I / O system configuration having multiple characteristics to form communication with the peripheral device disposed within the housing; A plurality of computing environments each having at least one processor and identified by at least one characteristic selected from the plurality of characteristics, the computing environment comprising: A data storage switch communication path coupled with the data storage switch to combine at least one data storage device with the computing environment in accordance with the data storage switch configuration; and An I / O switch communication path coupled with the I / O switch system to couple the peripheral device with the computing environment in accordance with the I / O switching system configuration, wherein the computing environment is from the I / O switch system. Perform a processing activity comprising receiving an input and sending an output to the I / O switch system, the processing activity being performed independently of the processing activity of another computing environment; And form a control computing environment selected from the plurality of computing environments to form the data storage switch configuration and to form the I / O switch system configuration, wherein the data storage switch configuration comprises the control computing environment and the protection. Support communication between data storage devices; And At least one user separated computing environment selected from the plurality of computing environments, The I / O switch system configuration is configured to send a received input to at least one of the computing environments and to transmit the output generated by one or more of the plurality of computing environments to the peripheral device. Device. The method of claim 29, The plurality of processors are independently selected from a set of processing logic circuits including a microprocessor, a central processing unit (CPU), a controller, a micro-controller, an ASIC, a logic circuit, a programmable logic circuit, and a combination thereof, The plurality of data storage devices are independently selectable and include a magnetic rotating hard disk drive, a magnetic rotating floppy disk drive, CD, DVD, semiconductor memory, solid state memory, chemical memory, magnetic memory, molecular memory, micro An information processing device, characterized in that it is selected from a set of storage devices comprising a drive, a flash memory, a small flash card memory, a RAM memory, a ROM memory and a combination thereof.

Images