System and method for protecting a computer system from malicious software
Abstract
In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.
Claims
exact text as granted — not AI-modified1. A method of operating a computer system capable of exchanging data across a network of one or more computers and having at least a first and second electronic data processor capable of executing instructions using a common operating system, comprising the steps of:
executing instructions a first web browser process, capable of accessing data of a website via the network, in a first logical process within the common operating system using the first electronic data processor, wherein the first logical process is capable of accessing data contained in a first memory space and a second memory space;
executing instructions a second web browser process in a second logical process within the common operating system using the second electronic data processor, wherein the second logical process is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; and
displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein a video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the a display terminal;
wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical web browser process.
2. The method of claim 1 wherein the first memory space and the second memory space comprise separate regions of a common memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space;
a partition on a memory device;
random access memory (RAM); and
both volatile and nonvolatile memory.
3. The method of claim 1 wherein the second logical process is selected from the group consisting of; an electronic mail process, an instant messaging process, an internet browser process, an interactive gaming process, a virtual private network (VPN) process, and a reader application process first logical process is capable of accessing data contained in the second memory space.
4. The method of claim 1 wherein the first logical process receives user interface data, and passes the user interface data to the second logical process.
5. The method of claim 1 wherein the first and second electronic data processors are part of a multi-core electronic data processor.
6. The method of claim 1 and further comprising the step of restoring at least one corrupted data file residing on the second memory space from an a protected image residing on the first memory space.
7. The method of claim 1 and further comprising the step of automatically deleting at least one data file residing on the second memory space when the second logical process is terminated.
8. The method of claim 1 and further comprising the steps of:
encrypting data with the first logical process;
transferring the encrypted data from the first logical process to the second logical process; and
transferring the encrypted data from the second logical process to the network interface device.
9. The method of claim 8 and further comprising the steps of:
decrypting the data with the network interface device; and
transferring the decrypted data from the network interface device to the network.
10. A multi-processor computer system using a common operating system capable of exchanging data across a network of one or more computers via a network interface device, comprising:
a first electronic data processor capable of executing instructions a first web browser process using the common operating system and communicatively coupled to a first memory space and a second memory space, the first web browser process capable of accessing data of a website via the network;
a second electronic data processor capable of executing instructions a second web browser process using the common operating system and communicatively coupled to the a second memory space and to a network interface device, wherein the second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device; and
a video processor adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format;
wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing on the second electronic data processor as part of the second web browser process.
11. The computer system of claim 10 wherein the first memory space and the second memory space comprise separate regions of a common memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space;
a partition on a memory device;
random access memory (RAM); and
both volatile and nonvolatile memory.
12. The computer system of claim 10 wherein the first and second electronic data processors are part of a dual processor computer system.
13. The computer system of claim 10 wherein the second electronic data processor and the video processor are co-located on a circuit card, the circuit card being communicatively coupled to the first electronic data processor.
14. The computer system of claim 10 wherein the computer system is configured such that the first electronic data processor is protected from executing instructions initiated by a malware process downloaded from the network and executing on the second electronic data processor.
15. A multi-processor computer system using a common operating system capable of exchanging data across a network of one or more computers, comprising:
at least a first and second electronic data processor capable of executing instructions using the common operating system;
at least a first and second memory space; and
a video processor;
wherein the first and second electronic data processors, first and second memory space, and video processor are configured for performing the steps of: to:
executing instructionsexecute a first web browser process, capable of accessing data of a website via the network, in a first logical process with the first electronic data processor, wherein the first logical process is executing within the common operating system and is capable of accessing data contained in the first memory space and the second memory space;
executing instructionsexecute a second web browser process in a second logical process with the second electronic data processor, wherein the second logical process is executing within the common operating system and is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; and
displaying, in a windowed format on a display terminal,display data from the first logical process and the second logical process, wherein the video processor is adapted to combine data from the first and second logical processes and transmit the combined data to thea display terminal;
wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical web browser process.
16. The computer system of claim 15 wherein the computer system is further configured such that the first logical process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second logical process.
17. The computer system of claim 15 and further comprising: at least one network interface device capable of exchanging data with both the second logical process and with the network and with a logical process that comprises a process selected from the group consisting of:
the first logical process; and
the second logical process.
18. The computer system of claim 17 wherein the network interface device is capable of decrypting data received from the second logical process and transmitting the decrypted data to the network while preventing the second logical process from accessing the decrypted data.
19. The computer system of claim 15 wherein the at least one electronic data processor is comprises a processor selected from the group consisting of: a multi-core electronic data processor; dual electronic data processors; and multiple electronic data processors.
20. The computer system of claim 15 and further configured for performing the step of: restoring to restore at least one corrupted data file residing on the second memory space from an a protected image residing on the first memory space.
21. A portable computer capable of executing instructions using a common operating system, comprising:
a network interface device configured to exchange data across a network of one or more computers and access at least one website; at least a first memory space and a second memory space, the first memory space containing at least one system file; at least one electronic data processor communicatively coupled to the network interface device, the first and second memory space, and to a user interface, wherein the user interface is configured to receive input from a computer user; the at least one electronic data processor configured to execute a first web browser process, capable of accessing data of the at least one website via the network, in a first logical process within the common operating system, wherein the first logical process is capable of accessing data contained in the first memory space; the at least one electronic data processor further configured to execute a second web browser process in a second logical process within the common operating system, wherein the second logical process is capable of accessing data contained in the second memory space and is further capable of generating video data from the at least one website accessed via the network; and a video processor configured to process video data from the second web browser process for display; wherein the first web browser process is capable of opening the second web browser process and is further capable of passing data to the second web browser process; wherein further the portable computer is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing within the second web browser process.
22. The portable computer of claim 21 wherein the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
23. The portable computer of claim 22 wherein the first web browser process is capable of passing data downloaded from the network to the second web browser process.
24. The portable computer of claim 21 wherein the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
25. The portable computer of claim 21 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
26. The portable computer of claim 21 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
27. The portable computer of claim 21 configured such that at least one corrupted file required for a web browser process is capable of being restored from a protected image.
28. The portable computer of claim 27 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a nonvolatile memory disk.
29. The portable computer of claim 21 configured to close the second web browser process and automatically delete at least one file selected from the group consisting of a temporary internet file, a cookie and a corrupted file.
30. The portable computer of claim 21 configured such that the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
31. The portable computer of claim 21 wherein attempts by malware to record data entry by the computer user are effectively blocked.
32. A method of operating a portable computer capable of executing instructions using a common operating system and having at least one electronic data processor communicatively coupled to a first and second memory space and to a network interface device, comprising:
exchanging data across a network of one or more computers with the network interface device and accessing at least one website; storing at least one system file within the first memory space; executing a first web browser process, capable of accessing data of the at least one website via the network, in a first logical process within the common operating system using the at least one electronic data processor, wherein the first logical process is configured to access data contained in the first memory space; executing a second web browser process in a second logical process within the common operating system using the at least one electronic data processor, wherein the second logical process is configured to access data contained in the second memory space and is further configured to generate video data; opening the second web browser process on instruction from the first web browser process; passing data from the first web browser process to the second web browser process; and displaying website video data from the second web browser process; wherein the portable computer is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second web browser process.
33. The method of claim 32 wherein the portable computer is configured such that the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
34. The method of claim 33 and further comprising downloading data from the network and passing the data from the first web browser process to the second web browser process.
35. The method of claim 32 wherein the portable computer is configured such that the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
36. The method of claim 32 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
37. The method of claim 32 and further comprising—restoring at least one corrupted file from a protected image.
38. The method of claim 37 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a nonvolatile memory disk.
39. The method of claim 32 and further comprising—deleting at least one corrupted data file residing on the second memory space when the second logical process is terminated.
40. The method of claim 32 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
41. The method of claim 32 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
42. The method of claim 32 and further comprising displaying video data from the first web browser process.
43. The method of claim 32 wherein attempts by malware to record data entry by the computer user are effectively blocked.
44. A method of operating a portable computer capable of executing instructions using a common operating system and comprising a network interface device, at least a first memory space and a second memory space, and at least one electronic data processor communicatively coupled to the network interface device, the first and second memory space, and to a user interface, comprising:
exchanging data across a network of one or more computers with the network interface device and accessing at least one website; storing at least one system file in the first memory space; opening a first web browser process capable of accessing data of the at least one website via the network, wherein the first web browser process is capable of accessing data contained in the first memory space; opening a second web browser process, wherein the second web browser process is capable of accessing data contained in the second memory space, and is further capable of generating data for video display; and passing data from the first web browser process to the second web browser process; wherein the portable computer is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second web browser process.
45. The method of claim 44 wherein the first web browser process is capable of directly exchanging data with the network interface device and with the second web browser process.
46. The method of claim 45 and further comprising—downloading data from the network and passing the downloaded data from the first web browser process to the second web browser process.
47. The method of claim 46 and further comprising storing the downloaded data on the second memory space.
48. The method of claim 44 wherein the second web browser process is capable of directly exchanging data with the network interface device and with the first web browser process.
49. The method of claim 44 and further comprising—restoring at least one corrupted file from a protected image.
50. The method of claim 49 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a non-volatile memory disk.
51. The method of claim 44 further comprising closing the second web browser process and automatically deleting at least one file selected from the group consisting of a temporary internet file, a cookie and a corrupted file.
52. The method of claim 44 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
53. The method of claim 44 and further comprising the first web browser process instructing the second web browser process to open.
54. The method of claim 44 wherein attempts by malware to record data entry by a computer user are effectively blocked.
55. The method of claim 44 wherein the at least one electronic data processor comprises a processor selected from the group consisting of:
an Application Specific Integrated Circuit; a Field Programmable Gate Array; a plurality of electronic data processors; and a multi-core electronic data processor.
56. The method of claim 44 wherein the second memory space comprises memory selected from the group consisting of:
a memory zone within a physical memory common to the first memory space; a partition on a memory device; random access memory (RAM); and both volatile and nonvolatile memory.
57. The method of claim 44 and further comprising the first web browser process opening a plurality of second web browser processes.
58. The portable computer of claim 21 wherein the network interface device is capable of exchanging data with the network using a wireless connection.
59. The portable computer of claim 58 wherein the network comprises a cellular data carrier network.
60. The method of claim 32 wherein the network interface device is capable of exchanging data with the network using a wireless connection.
61. The method of claim 60 wherein the network comprises a cellular data carrier network.
62. The method of claim 44 wherein the network interface device is capable of exchanging data with the network using a wireless connection.
63. The method of claim 62 wherein the network comprises a cellular data carrier network.
64. A computer program product comprising a program code stored in a non-transitory computer readable medium operable on computer capable of executing instructions using a common operating system and having at least one electronic data processor communicatively coupled to a first and second memory space and to a network interface device configured to exchange data across a network of one or more computers and access at least one website, configured to:
store at least one system file within the first memory space; open a first web browser process, capable of accessing data of the at least one website via the network, in a first logical process, the first logical process being configured to access data contained in the first memory space; open a second web browser process in a second logical process, the second logical process being configured to access data contained in the second memory space; and pass data from the first web browser process to the second web browser process, wherein the at least one system file residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second web browser process.
65. The computer program product of claim 64 wherein the first web browser process is capable of opening the second web browser process and the program code stored in the non-transitory computer readable medium is further configured to pass data to the second web browser process.
66. The computer program product of claim 64 wherein the second logical process is configured to generate data for display and the program code stored in the non-transitory computer readable medium is further configured to process website video data from the second web browser process.
67. The computer program product of claim 64 wherein the first web browser process is capable of directly exchanging data with the network interface device and the second web browser process or the second web browser process is capable of directly exchanging data with the network interface device and the first web browser process.
68. The computer program product of claim 64 wherein at least one corrupted file for a web browser process is capable of being restored from a protected file.
69. The computer program product of claim 64 configured to close the second web browser process and automatically delete at least one file selected from the group consisting of a temporary internet file, a cookie and a corrupted file.
70. The computer program product of claim 64 wherein the first web browser process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second web browser process.
71. The computer program product of claim 64 wherein attempts by malware to record data entry by a computer user are effectively blocked.
72. The computer program product of claim 64 wherein the network interface device is capable of exchanging data with the network using a wireless connection.
73. The computer program product of claim 72 wherein the network comprises a cellular data carrier network.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.