| 发明名称 |
HACKING-RESISTANT COMPUTER DESIGN |
| 摘要 |
A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition through a bus or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing between computer executable code, critical data files, and data files read from the second partition. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition. |
| 申请公布号 |
US2017063877(A1) |
申请公布日期 |
2017.03.02 |
| 申请号 |
US201514841469 |
申请日期 |
2015.08.31 |
| 申请人 |
Newman Frank N.;Newman Dan |
发明人 |
Newman Frank N.;Newman Dan |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer system comprising:
a first partition comprising:
a first CPU,at least one memory module,at least one write module,at least one I/O module,at least one data store comprising at least one data file, anda memory addressing structure, comprising:
at least one program code address range,at least one first partition data address range, andat least one second partition data address range;at least one critical data file;computer executable code stored in the program code address range, wherein the computer executable code comprises an operating system;wherein the first CPU is configured to execute only the computer executable code stored in the program code address range; a bus, and a second partition comprising:
a second CPU,at least one data store comprising at least one data file, anda communication module coupled to a network; wherein the first partition is interconnected to the second partition through the bus; wherein the first partition is configured to execute a pull command to read data from the second partition and write the data to the at least one second partition data address range of the first partition; wherein the first partition is configured to execute a push command to write data to the second partition; wherein the first partition, by hardware limitation, cannot accept a push command from the second partition or a pull command from the second partition; and wherein the second partition is hardware-restricted from accessing the first CPU or the at least one memory module. |
| 地址 |
New York NY US |
