US20200213355A1

US20200213355A1 - Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory

Info

Publication number: US20200213355A1
Application number: US16/265,986
Authority: US
Inventors: Ronald Taylor Ogan; Paul Edwin Watson; Marshall Duane Boyette
Original assignee: Snic Enterprises Ms Registration # 2018286128 LLC
Current assignee: Snic Enterprises Ms Registration # 2018286128 LLC
Priority date: 2018-12-31
Filing date: 2019-02-01
Publication date: 2020-07-02
Also published as: US11155975B2; US20220290397A1; US20200208420A1

Abstract

Data Input Output (I/O) processing interfaces such as the typical Network Interface Controller (NIC) do not prevent a hacker from accessing sensitive device memory data. The existing typical NIC establishes the cyber data handshake with no data security layer or discriminant response to the data traffic content while performing protocol specification IEEE 802.x. The Security Network Interface Controller SNIC embodiment, collocated with the existing the NIC interface circuit location, provides preprocessing/filtering of the incoming message packet data for malware and Hacker threats, to secure the network device memory and prevent serious damage or data loss. The Security Network Interface Controller (SNIC) embodiment method with autonomous response to the hacker ensures that the device memory is never breached, but the hacker will think they have gained access to the targeted device memory while intelligence on the Hacker is reported.

Description

CROSS REFERENCE

Provisional Utility patent application 62/7,863,288 filed on/or about 2018 Dec. 29

BACKGROUND OF THE INVENTION

This invention idea is applicable to receiving and responding to network data traffic originating from Hacker, defined as any unauthorized user attempting to gain access to client memory data information, damage to internet devices, or hold internet devices captive through data message traffic incoming to a client with memory to receive incoming data in which a typical Network Interface Controller (NIC) resides for porting the data traffic or a telecommunications device in which a Radio Frequency typical wireless virtual NIC (VNIC or WNIC) transceiver resides. Data Network message traffic may be received and transmitted by electronic interface circuit devices that use Ethernet cable, coax's, wireless RF or other network message I/O protocol IEEE 802.X or any authorized user of a Client device with memory that uses a typical NIC network cable portal interface(s) or Radio Frequency RF wireless WNIC interface(s) portal to protocol specification IEEE 802.3/X.
Cyber electronic circuit devices with memory use a Network Interface Controller NIC to process client device data flow to and from a cyber network and provide buffering and handshaking operations. A NIC electronic circuit device port operates in accordance but may not be limited to IEEE 802.3/11/14 or similar network specification without a security layer. It simply handles the protocol message traffic for input/output data based on the protocol TCP/IP specification format for the data message throughput. The frame data traffic is moved to the client device memory via interrupt processing from the NIC or WNIC MAC processor(s) to the client device processor in which to move the frame data over the client device data bus to the Client device memory without regard to message content or from where the sender is located. The format of the frame data is described in the IEEE 802.3/X Ethernet specification.
It is desirable to provide typical NIC a security data layer of a preprocessing embodiment architecture collocated with the typical NIC electronic circuit device by adding a microprocessor with embedded code for improved frame data handling processes to obtain a data security network interface controller (SNIC) comprised of an Artificial Intelligent (AI) sequencer that is synchronized with a discriminating comparator circuit and which recognizes frame data threats or malware contained within the network message data I/O traffic frame processes and in which the result is to give an autonomous option spoof response to the Hacker and when a data threat is discovered at the time of SNIC comparator process of threat filter compare process, electronically respond with a deceptive acknowledgement scheme while capturing intelligence on the unaware Hacker and to protect the Client device memory from threat intrusion or contamination of Hacker data by allowing only validated data of integrity to move into the Client device memory. Malware is undesirable and brought in through embedded data links or by attachments of executable files or imbedded links within incoming message data traffic that make it into the Client device memory. Denial of Service (DOS) attacks are launched to overwhelm network devices with NICs. Malware threats can be circumvented by the SNIC autonomously and all message traffic from the Hacker can be safely contained, quarantined and stored, to a write only device memory or retrieved off line for forensic analysis. Spoofing and deception of the Hacker is desirable in which the Hacker will think they got into the targeted site, but autonomously will be directed to an endless address and time out. Each instance of a threat discovery is time stamped, counted and reported from received frame data header of the message data header received and stored in SNIC memory, for reporting the incident to the
Network Operator. If no threat is detected or discovered, the frame data is routed as normal to the Client device memory from the SNIC memory buffer. Removing the data security defense program applications (such as Norton or Fire-shark) from the Client device program memory to the SNIC circuit device memory defensive custom program location, frees the Client device program memory for other application tasks and ensures by SNIC preprocessing, message data content of the Client device memory data base remains secure, safe and non-accessible by the cyber Hacker. Current defensive measures do not work against DOS attacks. The SNIC defeats DOS attacks by a three-tier method. These methods are software algorithms that are called for priority of sender ID and destination routines, hacker attempt to enter count, and spoofing response to the Hacker by the DNIC processor. This tiered method will defeat DOS attacks.

BRIEF SUMMARY OF THE INVENTION

The architecture of the existing typical Network Interface Controller (NIC) design is mature but archaic due to lack of a data security process layer or data checking means in the NIC design for integrity of the message sender or content data contained in the serial message format. If a threat from a Hacker is sent via the Network to a client device typical NIC interface, the typical NIC is not designed to respond to the Hacker threat autonomously. This SNIC electronic circuit invention adds design hardware and embedded Artificial Intelligence AI code to augment the existing NIC architecture to accomplish internet data traffic content integrity, threat discovery and provide autonomous response to the Hacker, which makes them think they were able to get a desired response from the target destination port address, when in reality, intelligence data is gathered and stored and reported about the Hacker, and reactive responses are generated by the SNIC embodiment, as described in this disclosure, to deceive the Hacker. Additionally, when any content of message received is found to be undesirable. undesirable threat message data is dumped to a SNIC embodiment security memory storage (SMS) device and threat data is deleted to protect the client device memory when 70% SMS capacity is attained. Distributed Denial of Service DDOS attacks are dealt with by the SNIC embodiment AI software using a priority of IP address list, an authorization list and spoofing techniques algorithms.
Currently, only a Firewall responds to a threat by blocking the port access to the network and the Hacker is denied a response from the destination client or server desired. If the NIC Card were designed to upload a known safe list of client addresses through ports to a buffer memory, with which the NIC embodiment could compare the list against the Hacker sender address and port for validity and integrity, then the typical NIC embodiment would have the needed method and processes to make the decision to respond deceptive to the Hacker sender, or redirect all of the senders message packet content data into a secured storage buffer for isolation and quarantine, or being a valid listed sender with acceptable data content, let the sender message packet data pass through the Network Firewall filter to the intended Network client device memory for processing and display.
The SNIC invention embodiment satisfies a network security response to threat or any harmful sender by preprocessing the incoming data message to determine if the message contains embedded links or attachments, then categorizing the threat type before routing the dangerous threat data to the SMS device memory storage and before it is completely validated and authorized to be sent to the client device memory. A timely comparison is made of an authorized users acceptable address from an uploaded list of targeted suspected threat addresses by the SNIC embodiment sequencer processes. Non-authorized address detected by, the SNIC sequencer coded module will return a deceptive ready to receive data acknowledgement header packet. The Hacker gets the response but loses the handshake to establish address contact and data transfer processing to the target contact over the network.
The SNIC provides a security layer that was originally designated in specification IEEE 802.3 in 1986 pre-release document but never implemented. The interface SNIC embodiment collocated with the NIC secures the network data routed to the targeted Client device memory by providing, content malware filtering and making output threat reports. The SNIC embodiment invention interface of preprocess filtering of message content data before Client device memory entry architecture method, can become a typical network device interface security option for a device memory requiring new strong security protection. A replacement of all existing nonsecure NIC interfaces with the SNIC invention embodiment will provide a means to capture the Hacker information and deceive the Hacker while capturing and storing the Hacker response header data for intelligence analysis and generate a status report on Hacker intelligence. All network protocols such as but not limited to, TCP/IP UDP, are handled by the SNIC processor. This disclosure invention idea does not require the Network firewall to block a port as is done when a denial of service (DOS) attack occurs. The SNIC allows all data traffic, but if it is an undesired IP address, the SNIC will deceive the sender to some dead zone while capturing the sender's information for analysis by the Network or Client device and generate a status report containing the header information, a time stamp count of Hacker attempts, and type of attack. The DOS response by the SNIC is determined autonomously as dependent on IP priority, destination IP priority, repetition of received IP, count of repetition and authorization infringement due to malware content.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustrative block diagram of a typical NIC cable interface non-secure data protocols or an RF wireless interface circuit used for non-secure data protocols handling of the type that may be provided with processes and methods in accordance with but not limited to an existing embodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 2 is an illustrative block diagram of a SNIC circuit installed with a typical SNIC interface circuit device and a SNIC embodiment circuit for preprocessing secure message data content in accordance with but not limited to an existing embodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 3 is an illustrative block diagram of a SNIC circuit cable interface of the type that is comprised of a NIC interface and connected to a SNIC embodiment for preprocessing message content data for malware and secure data content in accordance with but not limited to an existing embodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 4 is an illustrative block diagram of a SNIC RF WIFI interface circuit device of the type that is comprised of RF data input to a NIC type communications interface and interconnected to a SNIC embodiment for secure message data preprocessing before being sent to the Client device memory in accordance with but not limited to an existing embodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 5 is an illustrative block diagram of a SNIC Sequencer/Comparator process used to provide the threat processing and decision actions going on within the security SNIC architecture for threat data processing or nonthreat processing. The input source can be either ethernet cable or RF antenna and the output message data is bussed to a target device memory. If the SNIC detects undesired message data, then an output report is processed. No data is ever sent to the targeted client device memory when an incoming undesired message content data is discovered.

FIG. 6 is an illustrative block diagram comprising of a SNIC Sequencer/Comparator Functional View process used to provide the threat processing and decision actions going on within the security SNIC architecture. The input source can be either ethernet cable or RF antenna and the output message data is bussed to a target device memory. If the SNIC detects undesired message data, an output report is generated, and no message data is sent to the targeted device memory. The internal architecture components are comprised for decision making, report generation, status indicator intelligence program registers, and spoofing responses from a comparator circuit.

FIG. 7 is an illustrative table diagram of a SNIC Management Register used to provide message processing management communication to the SNIC processor controller software for the responses to decision making processes of the sequencer and comparator circuits during the time the data message and frame data are being processed in accordance with but not limited to an existing embodiment.

FIG. 8 is an illustrative table diagram of a SNIC Sequencer Threat Type Register used to provide message processing data threat type communication to the SNIC processor controller and for SNIC software for the responses to decision making processes of the sequencer and comparator circuits during the time the data message and frame data are being processed in accordance with but not limited to an existing embodiment.

FIG. 9 is an illustrative table diagram of a SNIC Sequencer/Comparator Status Register where status of threat processing can be indicated to the decision making SNIC processor which automates the threat response and acknowledges handshaking with the threat sender in accordance with but not limited to an existing embodiment.

FIG. 10 is an illustrative table diagram of a SNIC Interrupt Register diagram showing which bit when set, shall enable processing of message data to the client memory device or be processed to the SMS for undesired message data content in accordance with but not limited to an existing embodiment.

FIG. 11 an illustrative block diagram of Equipment for Network Cable or RF Signal Frame Data Processing and Storage and a SNIC interface circuit board installed as used on a typical computer mother board installation for processing secure and filtered message data which includes an internal SNIC embodiment SMS storage location for isolation and quarantine of malware. Equipment comprising of Client device memory, an upload port and output port for message processed status via a cable connection content in accordance with but not limited to an existing embodiment.

FIG. 12 an illustrative block diagram of a WIFI RF Signal Mobile Phone Frame Data Processing with SNIC IC Installed used on a typical mobile phone mother board installation for processing serial message data which includes an internal SMS storage location, mobile phone device memory, an upload port and output port for message processed status via a wireless or an antenna connection in accordance with but not limited to an existing embodiment.

FIG. 13 is an illustrative table diagram of a SNIC Output Status Report format. The report is comprised of SNIC register bit states, Time and Date register contents and TCP/IP or UDP frame Header data content in accordance with but not limited to an existing embodiment.

FIG. 14 is an illustrative table diagram of a SNIC Upload Threat/Priority/Authorization List format. The report is comprised of a four data section list in a 32 bit or 8 bit-byte structure for code reading purposes by the SNIC processor software program and the sequencer/comparator circuit. The three sections are a list of Hacker ID (IP address) and destination IP address, a list of Authorized IP addresses and destination IP address, a list of Hacker ID (IP address) priority of importance and destination IP address and a list of priority of importance Authorized IP addresses and destination IP address content in accordance with but not limited to an existing embodiment.

DETAILED DRAWING DESCRIPTIONS OF THE INVENTION

FIG. 1 100 is an illustrated block diagram view of a typical NIC process data flow for an existing cable connected typical nonsecure data NIC Network Interface Circuit 110. The ethernet cable NIC 100 receives network Manchester coded format data bits serially when addressed 101, reformats the data bits into binary bits 102, stores them in a Frame format internal NIC memory 103, converts the serial data to parallel or serial binary data 103 to be bused as parallel or serial data bits to a Client Device memory 104. Upon interrupt by the NIC Media Access Controller (MAC) 103 when the frame data is ready for transfer to the Client Device memory 104, the message data is sent to the client device memory 104 for programming display to a Client Device screen 104. The Client Device 104 responds to the received data message 101 and sends a response framed message of parallel or serial binary data bits to the NIC Memory 103 which outputs the binary data as serial data to the NIC reformat 102, then converts the serial data bits from binary to network transmission coded data bits 102 (Manchester Code) and transmits the Network Ethernet Data or RF code over an electronic cable or air to the desired destination address. Successive frames of data bits follow to create a package of frames to complete protocol packet of message content and when complete, the NIC 110 returns to idle to poll for a mark bit until the next time it is addressed.
FIG. 2 200 is an illustrated block diagram view of a data secure typical SNIC circuit embodiment installed as is shown in 210 with cable and RF interface capability. The antenna connected typical RF Transceiver 201 and 210 is a view of the NIC process flow electronic circuit interface with SNIC preprocessor embodiment 212. The typical RF WIFI convertor 201 receives network coded format RF data bits serially when addressed, reformats the analog data bits into binary bits 202, stores them in a Frame format internal NIC memory 203 (see point A 203), converts the serial data to parallel (see point B 204) depending on the Client device bus 205 where binary data (see point C) will be bused as parallel or serial to a Client device memory 205 (see point D 205). Upon interrupt by the NIC Media Access Controller (MAC) 204 and when the frame packet data is ready for transfer to the Client device memory 205, the frame packet data is sent to the client device memory 205 for programming display to a Client Device screen 205. The Client Device 205 responds to the received data message 201 and sends a response framed message of parallel or serial binary data bits to the NIC Memory 204 which out puts the binary data as serial data via NIC reformat 204, then converts the serial data bits from binary to RF network transmission coded data bits 204 transmits the Network RF data wireless to the desired destination address. Successive frames of data bits follow to create a package of frames to complete protocol packet of message specification 802.14. When complete, the NIC RF Transceiver 201 returns to idle until the next time it is addressed. The SNIC embodiment 212 preprocesses the data for malware or undesired addresses received to provide security and integrity of the received or transmitted data message content.
FIG. 3 300 is an illustrated block diagram of a Security NIC (SNIC) Circuit Cable Interface 305 designed of embedded firmware microcode code 303, a sequencer and comparator and device hardware 315 for filtering data message traffic content sent by a Hacker, a special decision making sequencer and frame data comparator 315 that works with the SNIC microprocessor 302 to sequence and to tag the undesired data address received as a threat 315, and sends an interrupt to the Client Device processor 318 of undesirable hacking threat data received, isolates and quarantines the received data contained in RAM memory 312 to the write only memory (WOM) 330 Security Memory Storage (SMS) 330. The client device 318 receives no data. The SNIC 300 receives network coded format data bits serially 306 when addressed, reformats the data bits into binary bits 306 and stores the data bits in a Frame format per IEEE802.X in the RAM memory interface 312. The SNIC gets the data frame from 312 memory, sends it to the comparator buffer 315 and makes a comparison for threat data or addresses of received frame data to the Input Data Threat list 321 and upload port SNIC Internal Memory Storage 324 and if a threat is found, frame data 312 is moved to security memory storage (SMS) 330 and the Output Data Status Report 327 is sent a time stamp of the threat occurrence, SNIC register threat status (see FIG. 14), and an optional custom status message can be sent by the SNIC processor to interrupt the Client device processor 318 to take the status data off bus to the Client device memory to be processed for programming display to an Operator screen 318. The Client Device 318 responds to the received data message 312 and sends a response framed message of parallel or serial binary data bits (bus dependent) to the NIC Memory 312 which outputs the binary reformatted serial data as serial Tx data 306. Successive frames of data bits follow to create a package of frames and when complete, the SNIC 301 and NIC 306 return to idle until the next time the NIC 306 is addressed or interrupt activated. The Network Operator receives a status report 327 of the threat incident from the SNIC processor 302 and SNIC Security sequencer processor 315 in the form of number of threats (count), timestamp, type of threat, IP information 327. The processor 302 is instructed by the custom operating and apps software at location 303 which has programmed AI and threat learning capabilities. The processor 302 is instructed by the custom operating and apps software at location 303 from redundant incidents and learned experiences. If no malware is found by the SNIC Security Sequencer/Comparator process 315, the message data content and header frames are transmitted from the Memory Interface 312 to Client device memory 318 by the SNIC processor 302 interrupt routine for end of frame occurrence as a normal message data content traffic handshake.
FIG. 4 400 is an illustrated block diagram of a Security NIC (SNIC) RF WIFI Interface Circuit 405 comprised of embedded SNIC embodiment 401, a typical WIFI RF transceiver 440, A Client Device interface 418, an input data threat list upload port 421 and SNIC internal memory storage 424, an output data report port 427 used to output a status report as directed by the SNIC processor 402. The SNIC embodiment circuit 401 is connected to the Transceiver 440 by a shared serial bus between RF memory 440 and the SNIC embodiment memory interface 412 to the client device 418 bus lines. The SNIC embodiment 401 microprocessor 402 runs on custom firmware microcode code 403 and custom AI software program 403, a sequencer and comparator and device hardware 415 is used for filtering data message traffic content from 440 to 412 to 415 received from a Hacker 400, if the received data is discovered as undesirable will move from 412 memory to the security memory storage (SMS) 430 for isolation and quarantine. The client device 418 receives no data if the data message content is undesirable as determined by the SNIC embodiment 401. The SNIC Interface circuit 405 receives wireless coded data serially 440 when addressed, reformats the data bits into binary bits 440 and stores the data bits in a Frame format 440 interrupts the SNIC processor 402 which moves the memory 440 content to SNIC memory interface 412. The SNIC processor 402 gets the data frame from 412 memory, sends it to the comparator buffer 415 and makes a comparison for threat data or addresses of received frame data to the Input Data Threat list upload 424 and if a threat is found, frame data 412 is moved to security memory storage (SMS) 430, then a special decision making sequencer and frame data comparator 415 works with the SNIC microprocessor 402 to sequence and to tag the undesired data address received as a threat 415. Output Data Status Report 427 is sent a time stamp of the threat occurrence and register threat status (see FIG. 14), A status message can optionally be sent by the SNIC processor 402 to interrupt the Client device processor 418 to take the status data off bus to the Client Device memory 418 to be processed for programming display to an Operator screen 418. The Client Device 418 responds to the received data message 412 and sends a response framed message of parallel binary data bits to the NIC Memory 412 which outputs the binary data as RF serial Tx data 440. Successive frames of data bits follow to create a package of frames and when End of Frame (EOF) occurs, the SNIC embodiment 401 processor 402 and Transceiver 440 return to idle until the next time the SNIC embodiment is addressed or interrupt activated. The Network Operator 427 receives a status report of the threat incident from the SNIC processor 402 and SNIC Security sequencer/comparator process 415 in the form of number of threats (count), timestamp, type of threat, IP information. The SNIC microprocessor 402 is instructed by the custom operating and apps software at location 403 which has programmed AI and learning capabilities. The processor 402 is instructed by the custom operating and apps software at location 403 from redundant incidents and learned experiences. If no malware is found by the SNIC Security Sequencer/Comparator process 415, the message data content and header frames are transmitted from the Memory Interface 412 to Client device memory 418 by the SNIC processor 402 interrupt routine for end of frame occurrence as a normal message data content traffic handshake.
FIG. 5 500 is an illustrated block diagram of a security SNIC Sequencer/Comparator Process 501 with supervised upload data 528 containing the threat data list 510. The known threat data is formatted 510 to look like the frame architecture as defined by ethernet specification IEEE 802.X for Ethernet transmission protocol or RF protocol and entered through the Upload Threat Port 528 by the Operator 528. The Boot load Prom 503 initializes the SNIC processor 504 registers 522, 524, 525, 526, memory Ram 506, 507, 508, 509 and 520. when power on occurs. The Boot Load code is used to set the health of the SNIC processor 504 to enable the NIC 502 to look for preamble and address coded data from the ethernet cable transmission connection 502 or RF converted digital data. The SNIC processor 504 is instructed by the custom operating and apps software at location 504 and Program Memory 530 when the NIC receives a frame of data or upon an interrupt from an embodiment device 505 or SNIC Sequencer Threat Type Register bit indicator settings 524 are set, the data is detected as malware and needs to be dumped to the SMS 520. When this happens, no data can go to the Device Memory 500 providing safe and secure Device Memory from attack. The NIC 502 or RF transceiver 502 receives a start bit and preamble code to sync the clock for data entry, stores the frame data and interrupts the processor 504 to move the frame data from 502 to RAM memory 506. The sequencer moves the data frame to RAM 507, 508, 509 where the data is compared 505 for type of threat. If the threat is one of a type and which compares as a threat identified by the Uploaded threat list 510, Management Register Bit 1 is set 525, a Status Register Bit is set 522 and the process for threat response begins. The entire threat data message is removed from the memory 506, 507, 508, 509 and sent to write only memory security memory storage (SMS) device 520 and the SNIC program sequencer 504 removes the hold on the processor 501 to process the next data frame. The four control registers 522, 524, 525, 526 are used by the microcode AI program to vector the necessary process operations in which to actively respond to a Hackers intrusion. The four control registers contents 522, 534, 525, 526 are copied to the Output Status Report 527 and I/O interface port 521. The formatted response to the Hacker is converted by the NIC I/O formatter 502 and transmitted 502 Tx Ethernet to the Network cable or wireless in the case of an antenna RF interface 502. If the comparison is a no fault found process 505, the SNIC processor 504 moves the received frame data 506-509 to the Client device memory 500 via interrupt control line. The process is the same for a WIFI interface embodiment 503 if interfaced with the SNIC processor 504. The Network Operator 527 receives threat data status generated from the result of the comparison process from the I/O Interface circuit 521 for each processed network frame of data. The processor 502 is instructed by the custom operating and apps software at location 514 which has programmed AI and learning capabilities. The SNIC processor 504 is instructed by the custom operating and apps software at location 514 from redundant incidents and learned experiences.
FIG. 6 600 is a block diagram of a security SNIC Processor Sequencer/Comparator Functional View 600 and SNIC embodiment 601 electronic circuit device comprising buffer memory 610 and 612 comprising a FIFO and RAM buffers coupled to the Client device bus for interrupt processing and movement of the frame data 610 or 612 for storage when ready as determined by the SNIC processor 604 and the sequencer comparator 630. The registers 644, 640, and 642 indicator bits give the SNIC processor 604 AI intelligence control over the SNIC malware detect processes required to determine type of threat 618, 619, hacker response 632, SNIC Status output report 622, 617, SMS memory storage 626, and if a match 616 is made by the comparator 630 what spoof response 632 is to be sent to the Hacker 620. If a threat is discovered during the comparison process 616, a decision is made by the processor AI code to autonomously spoof 632 the Hacker 620 and the spoof response is sent to the NIC 602 for transmission to the Hacker 600.
The SNIC threat data base is initialized by Operator Input 615 with preformatted threat data at port Upload Threat 618. This threat data is moved into RAM storage 619 for later comparison with NIC 602 incoming data RAM memory 614 as determined by the sequencer SNIC Management Register bit settings 644. If the message frame data 603 is clear of threats, the frame data message 603 is moved to Parallel Data Register 612 and serial FIFO Register 610, the SNIC processor 604 generates an interrupt to Client device processor 600 to take the data on the bus from 610 or 612 to the Client device memory bus dependent Client device architecture.
FIG. 7 700 is a table graph showing a table of bit assignments for the SNIC Management Register 710. This register is used by the SNIC microcode program to control the synchronizer and comparator circuits and input output processes by placing hold actions on the processor while the sequencer and comparator process for threat handling actions or responses and for AI coded response. The register is made up of 4 bytes for 32 bits wide word. Only the 1^st8 bits are fixed for program call to subroutine software instructions. The remaining bits, 8-31 are reserved for architecture security technique growth, learned responses to Hackers and upgrades to the software.
FIG. 8 800 is a table graph showing a table of bit assignments for the SNIC Sequencer Threat Type Register 810. This register is used by the SNIC microcode to control the comparison process by identifying threat types and placing hold actions on the SNIC processor while the sequencer and comparator process to identify threat types for AI coded response to a Hacker. The decisions made by the AI program are based on the indicators action to threat type and policy of SNIC response to hacker attempt to enter the client device memory. The register is made up of 4 bytes for 32 bits wide word. Only the 1^st8 bits are fixed for program call to subroutine software instructions. The remaining bits, 8-31 are reserved for architecture security technique growth, learned responses to Hackers and upgrades to the software.
FIG. 9 900 is a table graph showing a table of bit assignments for the SNIC Sequencer/Comparator Status Register 910. This register is used by the SNIC micro code to control the comparison by placing hold actions on the processor while the sequencer and comparator process to identify threat type and for AI coded response. The busy not busy indicators bits 0, 1, 2, 3 allow the AI microcode program to determine when to move the data from one process circuit to another. The bits 3, 4 allow the microcode program to know when a transfer of data is completed. The register is made up of 4 bytes for 32 bits wide word. Only the 1^st8 bits are fixed for program call to subroutine software instructions. The remaining bits, 8-31 are reserved for architecture security technique growth, learned responses to Hackers and upgrades to the software.
FIG. 10 1000 is a table graph showing a table of bit assignments for the Security NIC Interrupt Register 1010. This register is used by the SNIC AI microcode program to control the Network input message data movement by placing hold actions on the processor while the sequencer and comparator process to identify threat type for AI coded response. These bits represent an IRQ control hardwired program address to call a subroutine routine the AI microcode will vector to when enabled. The 32 bits of interrupt address at the microcode level gives the program flexible coding structure to control the flow of the data sequences and know where the message fame data is in its processes from start to finish. If the message is discovered to have undesirable contents, bit 6 is set to enable a dump of SNIC memory to the security memory storage (SMS). If the message data contained in memory content is acceptable, then all register bits are re-set and the processor sends an interrupt to the client device to take the content of the SNIC memory off the common interface bus. The 32 bits of interrupt addressing 1010 are used by the source programmer to achieve artificial intelligent (AI) methods for the decisions making of receiving data, processing the data, and sending the data via the bus to the target destinations. methods and processes. The register is made up of 4 bytes for 32 bits wide word. Only the 1^st8 bits are fixed for program call to subroutine software instructions. The remaining bits, 8-31 reserved for architecture security technique growth, learned responses to Hackers and upgrades to the software.
FIG. 11 1100 is an illustration of installed Equipment for Network Cable or RF Signal Frame Data Processing and Storage interfacing with the SNIC 1108 interface circuit board for IEEE 802.X TCP/IP or IDP type frame data interface processing, which includes an internal onboard SMS memory threat storage location 1118 used to quarantine message data discovered to be undesirable. The circuit board contains a typical NIC 1112 network interface to SNIC memory 1114 for message input and output and across the common parallel bus 1130. The SNIC CPU 1119 and the SNIC memory 1114 control the SNIC embodiment processes of comparison of the threat upload list 1110 to know threats from a Hacker. If the message content upon preprocessing completion is good, the SNIC CPU 1119 sends an interrupt to the Client Device CPU 1106 and memory data 1114 is moved over the common bus 1130 from SNIC memory 1114 to Client Device Memory 1104 located on the Client Device computer Mother Board 1102. The Client Device computer CPU 1106 can then display 1105 or react via keyboard 1120 to the data entered. If undesirable content in the memory SNIC 1114 is found, a status report is generated and sent to the SNIC Status I/O Port Device 1115 and the received data is dumped to the SMS 1118.The Client memory device 1104 is never bridged or receives any data memory, the Hacker is spoofed off to an IP destination where the Hacker thinks he got in, but the connection times out.
FIG. 12 1200 is an illustration of installed WIFI RF Signal Mobile Phone Frame Data Processing with a SNIC IC phone computer device 1205 interfacing with the SNIC IC interface circuit 1208 for frame data interface processing, which includes an internal SNIC embodiment memory threat storage location 1218 used to quarantine message data discovered to be undesirable. The phone computer device 1202 contains a typical RF WIFI Antenna Transceiver 1212 virtual network interface controller (VNIC or WNIC) to RF station for RF message input and output 1200. The SNIC CPU 1219 and the SNIC memory 1214 control the embodiment processes of comparison of the threat upload list 1210 to antenna traffic frame packet data 1200. If the received serial digitized message content after preprocessing completion is good, the SNIC CPU 1219 sends an interrupt to the Client Device computer CPU 1206 and memory data 1214 is moved over the common serial bus 1230 from SNIC memory 1214 to Client Device Memory 1204 located on the Client Device computer Mother Board 1202. The Client Device computer CPU 1206 can then display 1205 or react via keyboard 1220 to the data entered. If undesirable content in the SNIC memory 1214 by the SNIC embodiment comparator circuit 1208 is found, a status report is generated and sent to the SNIC Status I/O Port Device 1215 and the received data is dumped to the SMS 1218.The Client memory device 1204 is never bridged or receives any data memory, the Hacker is spoofed off to an IP destination where the Hacker thinks he got in, but the connection times out.
FIG. 13 1300 is an illustration of the Output Status Report format listing SNIC Management Register bit configuration, SNIC Sequencer Threat Type Register bit configuration, SNIC Sequencer/Comparator Status Register bit configuration and SNIC Interrupt register bit configuration 1310 at the time of SNIC Comparator discovery of malware or undesirable data IP; also comprising the report is the SNIC CPU Time and Date register contents 1315 at the time of SNIC Comparator discovery of malware or undesirable data IP and received Hacker frame header data of the Source Port IP and the Destination port IP addresses 1320. This status report enables the Network Operator to know immediately who the Hacker is and begin an analysis on the attacker. The meantime the SNIC selects a spoof algorithm and dumps the Hacker message data to the SMS for isolation and quarantine to provide security of the client memory.
FIG. 14 1400 is an illustration of the Upload Threat/Priority/Authorization List format comprising a listing of Hacker ID (IP) and Destination, Authorized ID (IP) and Destination, Hacker Priority ID and Destination and Authorized Priority ID and Destination. This information data is made up by the Network or Client Device Operator for upload to the SNIC embodiment Operator Threat Upload memory 510. This data entry upload is used by the SNIC sequencer and comparator to filter the message data as received by the SNIC memory 1114 from the source sender to look for a match during frame preprocessing.

Claims

What is claimed is:

1. The Security Network Interface Controller (SNIC) comprised of electronic circuit components, utilizes a typical Network Interface Controller (NIC) or RF Wireless Network Interface Controller (WNIC) connected to a collocated SNIC embodiment containing a processor and program memory, connected to a SNIC embodiment start up PROM for initialization of the SNIC embodiment components, connected to a SNIC embodiment Random Access Memory (RAM) buffer memory common to a Client buss, connected to a SNIC embodiment flash memory that stores the software security program, connected to a SNIC embodiment upload interface port and memory to store threat data lists and authorized data lists, connected to a SNIC embodiment threat status memory storage (SMS) as write only memory (WOM) component to capture isolate and quarantine Hacker malware that could have optional forensic analysis and retrieval, connected to a SNIC embodiment set of register indicators for CPU AI program vectoring, connected to a SNIC embodiment output port for reporting Hacker frame header data content by generating SNIC embodiment register status, time stamp and Hacker attempt counts, connected to a unique SNIC embodiment sequencer/comparator to filter incoming data for malware, connected to a SNIC embodiment autonomous action spoofing Hacker response circuit are the hardware/software invention component features of the SNIC embodiment circuit to accomplish preprocessing and gatekeeper methods and processes of network message data integrity, cyber data security, Hacker deception for data traffic to and from a Client device memory and to prevent all known hacker attempts to bridge entry of a targeted network device memory or product device memory or Client device memory from contamination of the data contents or from accessing data from the above device memories that utilize IEEE 802.X protocols for data transmission interactive connections. (See FIGS. 1, 2)

2. The SNIC embodiment electronic circuit device embodiment defined in claim 1 wherein the startup program read only memory (PROM) circuit device will be initialized for the device interface comprising of events cast for the environment in which it is installed in, that may be to include but is not limited to, wired or wireless interfaces or mounted platforms (See FIG. 5).

3. The SNIC embodiment electronic circuit device defined in claim 1 incorporates an AI sequencer/comparator decision making circuit that is a microprocessor driven software program that preprocesses and filters the incoming digitized data located between the NIC or VNIC or WNIC output and the Client Device Memory, automates the threat response and acknowledges handshaking with the threat sender with cyber defensive maneuvers and autonomous responses to a hacker from preprocessed message data content analytics and issues a spoof response to the Hacker when malware is discovered during the filtering process, but allows data through put to the Client device memory if no malware or Hacker threats are found and authorized (See FIGS. 3 and 4).

4. The SNIC embodiment electronic circuit device defined in claim 1 operates with multiple communication protocols but not limited to: Ethernet NIC, RF wireless telecommunications WNIC, custom application security software enabled with Artificial Intelligence (AI) for decision making responses to make the Hacker think entry of the device memory was bridged or obtained but in reality the Hacker was denied the targeted device memory by deception and spoofing AI algorithms, and custom user threat report log generation tailored to user capability and Hacker learning algorithms custom for the SNIC data sequencer program (See FIGS. 5, 6).

5. The SNIC embodiment electronic circuit device defined in claim 1 incorporates a protocol data frame search for threat content and executable software data code, to tag frames with a Management Register alarm bit if bad content data is discovered, to flag frames that have targeted words on incoming messages or threats designated for Client device memory, and set indicators that can be used to generate a status report of flagged data for display on the Network administrators display screen or client screen or printers, but not allowing the message data or data content to go into the targeted device memory of the addressed client device memory (See FIGS. 5, 6).

6. The SNIC electronic circuit device defined in claim 1 and claim 5 method and process claim is that if there are no threat contents in the message and the sender IP is recognized as authorized, then message data will be allowed to process as normal to the device memory and a status report output will show a verification of throughput to Client Device Memory (See FIGS. 3, 4, 5, 11, 12).

7. The SNIC embodiment electronic circuit device defined in claim 1 incorporates an input upload port and memory storage for a list of known Hacker ID and destination address information, known Authorized user ID and destination address and formatted in a priority sequence for each Hacker or Authorized user such that the SNIC sequencer and comparator circuits can filter the incoming data content for malware or dangerous threats to the Client device equipment or to the Client device memory(see FIG. 6).

8. The process and method of claim 7, wherein an authorization list further comprising priority of identification (ID) and destination IP address data code is uploaded to the SNIC embodiment Input Memory and whose content data will be compared to incoming frame data for validation to gain access to the Client Device Memory and if found to be a no match shall not be allowed to gain access to the Client Device Memory.

9. The process and method of claim 1, wherein a specific advantage of using a SNIC embodiment invention is that access to any SNIC embodiment connected Device Memory on a bus controlled by a Device CPU will have preprocessed, filtered and gatekeeper processes at the port of entry NIC or WNIC location which allows only validated data to pass to the Device Memory rather than from a software firewall (such as Wireshark or Norton) which are resident in the Device Memory and immediately bridged by a hacker because the Hacker data has to be in the Device Memory for these products to work.

10. The SNIC electronic circuit device defined in claim 1 negates the need for the Client device to have a need for a resident memory security firewall software program and this post interface processing task is now resident on the SNIC flash memory storage device in a unique algorithm for preprocessing and filtering methods and processes within custom embedded architecture and with Hacker response capability to preprocess and filter the message data to prevent the Client device memory from breach or contamination of data by the Hacker (See FIGS. 5 and 6).

11. The SNIC electronic circuit device defined in claim 1 will replace all typical nonsecure NIC interfaces with either a dongle box SNIC embodiment when a NIC mother board is involved or a drop in SNIC circuit board replacement for a home computer such as a PCI circuit board or as in the case of a portable device such as an I-Phone, Tablet, Laptop, shall be made to fit with the NIC or RF as an additional integrated circuit micro miniaturized collocated component to form a SNIC interface embodiment, the unique invention method and utility of memory security process being the same but not limited to fir (See FIGS. 2, 11, 12).

12. The SNIC embodiment electronic circuit device defined in claim 1, will defeat all known methods of hackers attempts to gain entry into a targeted device memory and adapt from learned experiences how to defeat future forms and methods of hack entry attacks while outputting a status report of such an occurrence and if an undesired occurrence by a Hacker is attempted, all message data will be dumped to a Secure Memory Storage (SMS) device as contaminated data for quarantine and isolation from the bus data traffic to the destination targeted Client device memory while preventing access to the device memory bus (See FIG. 5 520).

13. The process and method of claim 1 and claim 12, wherein a multiple of specific advantages of using a SNIC embodiment invention is that it doesn't give any feedback to the hacker while intelligence is gather on the Hacker, it has an embodiment memory isolation trap SMS where all harmful data is sent and quarantined, it spoofs the hacker and keeps them in the dark to its presence, it will learn and adapt to present and future attacks, it brings security to the beginning of the message process, and it can fit in any network device.

14. The process and method of claim 1 and claim 13, wherein a SNIC containing a typical NIC or WNIC can be architecturally sized for the environment such as a Laptop Computer requiring a dongle attachment to acquire the SNIC embodiment invention when a mother board containing an onboard NIC cannot be back fitted and security for the device memory is needed.