Electrical computers and digital processing systems: multicomput – Multicomputer data transferring via shared memory
Reexamination Certificate
1999-02-16
2001-08-07
Robertson, David L. (Department: 2187)
Electrical computers and digital processing systems: multicomput
Multicomputer data transferring via shared memory
C710S120000, C711S152000, C711S100000, C711S111000, C711S154000
Reexamination Certificate
active
06272533
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to computer system architecture and more particularly to an architecture for and method of limiting remote access to programs and data.
2. Description of the Related Technology
The role of computers is rapidly changing from computational machines to communication devices. The increasing use of the Internet by the general public increases the potential for hackers to break into sensitive computers. Computer hackers have successfully entered systems believed to be secure, gained unauthorized access, corrupted data, and infected systems with viruses that continue to cause havoc. While specialized software in the form of, for example, firewalls, is often provided to prevent unauthorized system access and to limit access so that unauthorized personnel cannot easily corrupt data and program files or otherwise cause damage to a computer system and loss of data, hackers are continually finding ways around the software. For example, viruses can be used to infect a computer system through infected software, causing the system to perform unauthorized functions and execute “rogue” code jeopardizing the integrity of the system. Because all functions performed by the computer system are controlled by instructions stored in the computer's memory, providing any remote access to the system provides an avenue for hackers to gain unauthorized access and do damage.
A representative computer system according to the prior art is shown in block diagram form in
FIG. 1. A
prior art computer system
100
includes a local system bus
102
connecting major elements of the computer system. Thus, local system bus
102
handles the transfer of instructions, data, address and control signals, etc. between the elements of the computer system. As shown in the figure, central processing unit
104
has a direct connection to bus
102
and to a dedicated main memory
106
. Main memory
106
is typically a high speed, high bandwidth random access memory storing data and instructions. Non-volatile mass storage is provided by hard disk drives
110
and
112
interfacing via SCSI (small computer systems interface) device
108
to local system bus
102
and hard disk drive
122
interfacing through IDE (intelligent drive electronics) controller
120
. Central processing unit
104
also has provisions for displaying data to a system operator by providing appropriate address, data and control signals to video interface
114
whereby data is displayed on video monitor
116
. Finally, remote access to peripheral devices and buses is provided by serial port
118
and Ethernet interface
124
, again over local system bus
102
. Although not shown, other devices providing input and output to the system may be included, such as a keyboard, etc., which may include a dedicated interface to local system bus
102
or might be supported by serial port
118
. Similarly, other output devices may be included, such as a printer interfacing through serial port
118
or an equivalent parallel port type data connection (not shown).
In operation, computer programs consisting of executable code and data and other information on which the code operates, are stored in main memory
106
. Typically, this includes an operating system, such as Windows NT or Windows 98, together with various utilities and application programs. At startup or initialization, central processing unit
104
executes “boot” code, identifies system assets, such as IDE controller
120
and hard disk drive
122
, and locates the appropriate operating system. The operating system software from hard disk drive
122
is then transferred through IDE controller
120
via local bus
102
to main memory
106
. Central processing unit
104
then executes the operating system, transferring instructions as needed from main memory
106
into a “cache” or other local memory and registers that are a part of the central processing unit
104
. While this is happening, dedicated hardware and firmware resident in video board
114
provide a visual display on video monitor
116
of system status and provide a video output for the operating system, utilities, and application programs. In addition to the online data storage provided by hard disk drive
122
, multiple hard disk drives are supported by SCSI controller
108
. As depicted, both hard disk drives
110
and
112
are interfaced to local system bus
102
through the SCSI controller
108
providing additional non-volatile storage capabilities.
In addition to local access to computer system
100
, remote access is provided by serial port
118
and Ethernet card
124
. For example, a modem (not shown) may be attached to serial port
118
to interface computer system
100
to other media such as the public switched telephone network (PSTN), radio and fiber optic systems, etc., thereby providing connectivity to remote users and systems. An appropriate communications utility or application running on central processing unit
104
together with serial port
118
supports exchange of data with the remote users and systems. Similarly, Ethernet
124
is a specific embodiment of a network connectivity supporting, for example, a local area network (LAN), a wide area network (WAN), etc., with multiple remote computer systems and other resources attached. Using these remote access facilities, computer system
100
becomes accessible to authorized, and in many cases, unauthorized users.
Although not shown, other peripherals may be included, such as CD-ROMS (compact disk—read only memories), CD-WORM (compact disk—write once read many) or CD-WO (compact disk—write once), CD-RW (compact disk—re-writeable), DVD-RAM (digital versatile disk—RAM), DVD-ROM (digital versatile disk—ROM), various tape drives and traditional 3½ inch floppy disk drives. These devices are particularly useful for the transport of data between systems and backup purposes using removable media. Conventionally, because of access speed and storage space limitations, these devices are generally not relied upon as substitutes for hard disk drives which continue to be used as the primary media for non-volatile program and data mass storage. However, as computer systems have been made available to greater numbers of users, both locally and remotely, maintaining the integrity of programs and data stored on computer systems has become an increasing concern.
Prior art systems implement various physical and software systems to control access to the system and provide security. For example, computer systems handling classified information may require TEMPEST approval to avoid unintended radiation of information, be located in a secure facility such as a limited access area to provide physical security, and be operated in a stand alone configuration without provision for remote access to avoid remote hacker access. Physical security, however, cannot address remote access users so that a variety of software is used to establish varying authorization levels for remote system use and access. For example, remote users may be required to interface via a secure access or “firewall” system which requires a user to establish authorization to access a computer system prior to providing a connection. A firewall may further monitor use of facilities, limiting access and use according to the user's authorization. Software on the computer system itself further monitors access using, for example, passwords, personal identification numbers (pins), etc. to control access and use. Other software may be implemented to protect, for example, certain area of memory such as the operating system from being altered or overwritten. Some operating systems, for example, further limit write operations to particular areas of memory containing data used by a particular application and limit access to other areas of memory or alteration of instructions stored in memory. However, such software protections have often proved inadequate to stop a determined hacker from gaining unauthorized access and bypassing such safeguard
Fulbright & Jaworski LLP
Robertson David L.
LandOfFree
Secure computer system and method of providing secure access... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure computer system and method of providing secure access..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure computer system and method of providing secure access... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2540408