System and method for protecting a computer system from malicious software
Abstract
In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.
Claims
exact text as granted — not AI-modified1. A method of operating a computer system having at least a first and second electronic data processor capable of executing instructions using a common operating system, comprising the steps of:
executing instructions in a first logical process within the common operating system using the first electronic data processor, wherein the first logical process is capable of accessing data contained in a first memory space and a second memory space; executing instructions in a second logical process within the common operating system using the second electronic data processor, wherein the second logical process is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein a video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process.
2. The method of claim 1 wherein the first memory space and the second memory space comprise separate regions of a common memory space.
3. The method of claim 1 wherein the second logical process is selected from the group consisting of; an electronic mail process, an instant messaging process, an internet browser process, an interactive gaming process, a virtual private network (VPN) process, and a reader application process.
4. The method of claim 1 wherein the first logical process receives user interface data, and passes the user interface data to the second logical process.
5. The method of claim 1 wherein the first and second electronic data processors are part of a multi-core electronic data processor.
6. The method of claim 1 and further comprising the step of restoring at least one corrupted data file residing on the second memory space from an image residing on the first memory space.
7. The method of claim 1 and further comprising the step of automatically deleting at least one data file residing on the second memory space when the second logical process is terminated.
8. The method of claim 1 and further comprising the steps of:
encrypting data with the first logical process;
transferring the encrypted data from the first logical process to the second logical process;
transferring the encrypted data from the second logical process to the network interface device.
9. The method of claim 8 and further comprising the steps of:
decrypting the data with the network interface device;
transferring the decrypted data from the network interface device to the network.
10. A multi-processor computer system using a common operating system, comprising:
a first electronic data processor capable of executing instructions using the common operating system and communicatively coupled to a first memory space and a second memory space; a second electronic data processor capable of executing instructions using the common operating system and communicatively coupled to the second memory space and to a network interface device, wherein the second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device; a video processor adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing on the second electronic data processor.
11. The computer system of claim 10 wherein the first memory space and the second memory space comprise separate regions of a common memory space.
12. The computer system of claim 10 wherein the first and second electronic data processors are part of a dual processor computer system.
13. The computer system of claim 10 wherein the second electronic data processor and the video processor are colocated on a circuit card, the circuit card being communicatively coupled to the first electronic data processor.
14. The computer system of claim 10 wherein the computer system is configured such that the first electronic data processor is protected from executing instructions initiated by a malware process downloaded from the network and executing on the second electronic data processor.
15. A multi-processor computer system using a common operating system, comprising:
at least a first and second electronic data processor capable of executing instructions using the common operating system; at least a first and second memory space; a video processor; wherein the first and second electronic data processors, first and second memory space, and video processor are configured for performing the steps of: executing instructions in a first logical process with the first electronic data processor, wherein the first logical process is executing within the common operating system and is capable of accessing data contained in the first memory space and the second memory space; executing instructions in a second logical process with the second electronic data processor, wherein the second logical process is executing within the common operating system and is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein the video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process.
16. The computer system of claim 15 wherein the computer system is further configured such that the first logical process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second logical process.
17. The computer system of claim 15 and further comprising: at least one network interface device capable of exchanging data with both the second logical process and with the network.
18. The computer system of claim 17 wherein the network interface device is capable of decrypting data received from the second logical process and transmitting the decrypted data to the network while preventing the second logical process from accessing the decrypted data.
19. The computer system of claim 15 wherein the at least one electronic data processor is selected from the group consisting of: a multi-core electronic data processor; dual electronic data processors; and multiple electronic data processors.
20. The computer system of claim 15 and further configured for performing the step of: restoring at least one corrupted data file residing on the second memory space from an image residing on the first memory space.
21. A portable computing and communication device capable of executing instructions using a common operating system, comprising:
a network interface device configured to exchange data across a network of one or more computers using a wireless connection; an intelligent cellular telephone capability with a secure web browser including a first web browser process and a second web browser process; at least a first memory space and a second memory space, the first memory space containing at least one system file; and at least one electronic data processor communicatively coupled to the network interface device and to the first and second memory space; the at least one electronic data processor configured to execute the first web browser process within the common operating system, wherein the first web browser process is capable of accessing data of a website via the network, accessing data contained in the first memory space and is further capable of initializing the second web browser process; the at least one electronic data processor further configured to execute the second web browser process within the common operating system, wherein the second web browser process is capable of accessing data contained in the second memory space and is further capable of generating data; the at least one electronic data processor further configured to pass data from the first web browser process to the second web browser process; wherein the portable computing and communication device is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing within the second web browser process.
22. The portable computing and communication device of claim 21 wherein the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
23. The portable computing and communication device of claim 22 wherein the first web browser process is capable of passing data downloaded from the network to the second web browser process.
24. The portable computing and communication device of claim 21 wherein the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
25. The portable computing and communication device of claim 21 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
26. The portable computing and communication device of claim 21 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
27. The portable computing and communication device of claim 21 wherein at least one corrupted file is capable of being restored from a protected image.
28. The portable computing and communication device of claim 21 configured to close the second web browser process and automatically delete at least one file selected from the group consisting of a temporary internet file, a cookie and at least one corrupted file.
29. The portable computing and communication device of claim 21 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
30. A method of operating a portable computing and communication device capable of executing instructions using a common operating system, comprising:
exchanging data across a network of one or more computers with a network interface device using a wireless connection; providing an intelligent cellular telephone capability with a secure web browser including a first web browser process and a second web browser process; storing at least one system file within a first memory space; executing the first web browser process within the common operating system using at least one electronic data processor, wherein the first web browser process is configured to access data of a website via the network, access data contained in the first memory space and is further configured to initialize the second web browser process; executing the second web browser process within the common operating system using the at least one electronic data processor, wherein the second web browser process is configured to access data contained in the second memory space and is capable of generating data; passing data from the first web browser process to the second web browser process; and displaying data from the second web browser process; wherein the portable computing and communication device is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second web browser process.
31. The method of claim 30 wherein the portable computing and communication device is configured such that the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
32. The method of claim 31 further comprising downloading data from the network and passing the data from the first web browser process to the second web browser process.
33. The method of claim 30 wherein the portable computing and communication device is configured such that the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
34. The method of claim 30 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
35. The method of claim 30 further comprising restoring at least one corrupted data file from a protected image.
36. The method of claim 30 further comprising closing the second web browser process and automatically deleting at least one file selected from the group consisting of a temporary internet file, a cookie and at least one corrupted file.
37. The method of claim 30 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
38. The method of claim 30 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
39. The method of claim 30 further comprising displaying data from the first web browser process.
40. The method of claim 30 wherein attempts by malware to record data entry by a portable computing and communication device user are effectively blocked.
41. A computer program product comprising a program code stored in a non-transitory computer readable medium operable on a portable computer and communication device capable of executing instructions using a common operating system and having at least one electronic data processor communicatively coupled to a first memory space with at least one system file and a second memory space, the portable computer and communication device including a network interface device configured to exchange data across a network of one or more computers using a wireless connection, and an intelligent cellular telephone capability with a secure web browser including a first web browser process and a second web browser process, configured to:
open the first web browser process within the common operating system, wherein the first web browser process is capable of accessing data of a website via the network and accessing data contained in the first memory space; open the second web browser process within the common operating system on command from the first web browser process, wherein the second web browser process is capable of accessing data contained in the second memory space and is further capable of generating data; pass data from the first web browser process to the second web browser process; and process data from the second web browser process; wherein the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second web browser process.
42. The computer program product of claim 41 wherein the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
43. The computer program product of claim 42 wherein the program code stored in the non-transitory computer readable medium is further configured to download data from the network and pass the downloaded data from the first web browser process to the second web browser process.
44. The computer program product of claim 43 wherein the program code stored in the non-transitory computer readable medium is further configured to store the downloaded data on the second memory space.
45. The computer program product of claim 41 wherein the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
46. The computer program product of claim 41 wherein at least one corrupted file is capable of being restored from a protected image.
47. The computer program product of claim 46 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and volatile and nonvolatile memory.
48. The computer program product of claim 41 wherein the program code stored in the non-transitory computer readable medium is further configured to close the second web browser process and automatically delete at least one file selected from the group consisting of a temporary internet file, a cookie and at least one corrupted file.
49. The computer program product of claim 41 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
50. The computer program product of claim 41 wherein attempts by malware to record data entry by a user are effectively blocked.
51. The computer program product of claim 41 wherein the network comprises a cellular data carrier network.
52. The computer program product of claim 41 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
53. The computer program product of claim 41 wherein the second web browser process is capable of generating video data and the program code stored in the non-transitory computer readable medium is further configured to process the video data from the second web browser process.
54. The computer program product of claim 41 wherein the portable computing and communication device is a smart phone.
55. The computer program product of claim 41 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
56. The portable computing and communication device of claim 21 wherein the network comprises a cellular data carrier network.
57. The portable computing and communication device of claim 21 wherein the portable computing and communication device is a smart phone.
58. The method of claim 30 wherein the network comprises a cellular data carrier network.
59. The method of claim 30 wherein the portable computing and communication device is a smart phone.
60. The portable computing and communication device of claim 21 wherein the secure web browser is a built-in secure web browser.
61. The portable computing and communication device of claim 21 wherein the second web browser process is capable of executing a gaming process played interactively over the network.
62. The method of claim 30 wherein the secure web browser is a built-in secure web browser.
63. The method of claim 30 wherein the second web browser process is capable of executing a gaming process played interactively over the network.
64. The computer program product of claim 41 wherein the secure web browser is a built-in secure web browser.
65. The computer program product of claim 41 wherein the second web browser process is capable of executing a gaming process played interactively over the network.
66. The portable computing and communication device of claim 21 wherein the at least one electronic data processor is further configured to initialize a third web browser process with the first web browser process and pass data from the first web browser process to the third web browser process, the third web browser process being capable of accessing data contained in a third memory space and is further capable of generating data, wherein the portable computing and communication device is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing within the third web browser process.
67. The portable computing and communication device of claim 66 wherein the portable computing and communication device is configured to disallow the malware process downloaded from the network and executing within the second web browser process from initiating access to the third web browser process or to the third memory space.
68. The method of claim 30 further comprising initializing a third web browser process with the first web browser process and passing data from the first web browser process to the third web browser process, the third web browser process being configured to access data contained in a third memory space and is capable of generating data, wherein the portable computing and communication device is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the third web browser process.
69. The method of claim 68 wherein the portable computing and communication device is configured to disallow the malware process downloaded from the network and executing as part of the second web browser process from initiating access to the third web browser process or to the third memory space.
70. The computer program product of claim 41 wherein the program code stored in the non-transitory computer readable medium is further configured to pass data from the first web browser process to the third web browser process, the third web browser process being capable of accessing data contained in a third memory space and is further capable of generating data, wherein the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the third web browser process.
71. The computer program product of claim 70 wherein the program code stored in the non-transitory computer readable medium is further configured to disallow the malware process downloaded from the network and executing as part of the second web browser process from initiating access to the third web browser process or to the third memory space.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.