System and method for protecting a computer system from malicious software
DCFirst Claim
1. A method of operating a computer system having at least a first and second electronic data processor capable of executing instructions using a common operating system, comprising the steps of:
- executing instructions in a first logical process within the common operating system using the first electronic data processor, wherein the first logical process is capable of accessing data contained in a first memory space and a second memory space;
executing instructions in a second logical process within the common operating system using the second electronic data processor, wherein the second logical process is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers;
displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein a video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal;
wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process.
3 Assignments
Litigations
2 Petitions
Reexamination
Accused Products
Abstract
In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.
115 Citations
65 Claims
-
1. A method of operating a computer system having at least a first and second electronic data processor capable of executing instructions using a common operating system, comprising the steps of:
-
executing instructions in a first logical process within the common operating system using the first electronic data processor, wherein the first logical process is capable of accessing data contained in a first memory space and a second memory space; executing instructions in a second logical process within the common operating system using the second electronic data processor, wherein the second logical process is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein a video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A multi-processor computer system using a common operating system, comprising:
-
a first electronic data processor capable of executing instructions using the common operating system and communicatively coupled to a first memory space and a second memory space; a second electronic data processor capable of executing instructions using the common operating system and communicatively coupled to the second memory space and to a network interface device, wherein the second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device; a video processor adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing on the second electronic data processor. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A multi-processor computer system using a common operating system, comprising:
-
at least a first and second electronic data processor capable of executing instructions using the common operating system; at least a first and second memory space; a video processor; wherein the first and second electronic data processors, first and second memory space, and video processor are configured for performing the steps of; executing instructions in a first logical process with the first electronic data processor, wherein the first logical process is executing within the common operating system and is capable of accessing data contained in the first memory space and the second memory space; executing instructions in a second logical process with the second electronic data processor, wherein the second logical process is executing within the common operating system and is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein the video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method of generating data for display of website content on a portable computer employing a common operating system in a secure manner, comprising:
-
distributing website content, via a network of one or more computers, to the portable computer capable of executing a secure web browser process, wherein the website content potentially contains malware; wherein the secure web browser process is capable of executing on at least one electronic data processor and comprises a first web browser process and at least one second protected web browser process, the first web browser process and the at least one second protected web browser process being configured to access the website content via the network of one or more computers, the at least one electronic data processor capable of being communicatively coupled to a first memory space and to a second protected memory space, the first memory space having at least one system file, the secure web browser process configured for; executing instructions in the first web browser process, wherein the first web browser process is configured to access data contained in the first memory space and to initialize the at least one second protected web browser process; passing data from the first web browser process to the at least one second protected web browser process; executing instructions in the at least one second protected web browser process, wherein the at least one second protected web browser process is configured to access data contained in the second protected memory space but is denied access to the first memory space; generating data for display of the distributed website content potentially containing malware; wherein the secure web browser process is configured such that the at least one system file residing on the first memory space is protected from corruption by the website content potentially containing malware executing in the at least one second protected web browser process. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of operating a portable computer based system employing a common operating system and configured with a first memory space and a second protected memory space and at least one electronic data processor, comprising:
-
storing at least one system file within the first memory space; downloading website content potentially containing malware from a network of one or more computers using a secure web browser process, wherein the secure web browser process is configured to execute on the at least one electronic data processor, and comprises a first web browser process and at least one second protected web browser process, the first web browser process and the at least one second protected web browser process being configured to access the website content via the network of one or more computers; executing instructions in the first web browser process, wherein the first web browser process is configured to access data contained in the first memory space and to initialize the at least one second protected web browser process; passing data from the first web browser process to the at least one second protected web browser process; executing instructions in the at least one second protected web browser process, wherein the at least one second protected web browser process is configured to access data contained in the second protected memory space and to execute instructions from the downloaded website content, wherein the downloaded website content is capable of accessing the second protected memory space but is denied access to the first memory space; displaying digital content generated by the secure web browser process; wherein the secure web browser process is configured such that the at least one system file residing on the first memory space is protected from corruption by website content potentially containing malware downloaded from the network and executing as part of the at least one second protected web browser process. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A portable computer based system employing a common operating system for protecting critical files from malicious software attacks via a network of one or more computers, comprising:
-
a first web browser process capable of executing instructions using at least one electronic data processor and further capable of accessing a first memory space, wherein the first memory space contains at least one critical file; and at least one second protected web browser process capable of executing instructions using the at least one electronic data processor and further capable of accessing a second protected memory space; the first web browser process configured to; accept data entry from a computer user; execute instructions to access website content from the network of one or more computers; initialize the at least one second protected web browser process; and pass data to the at least one second protected web browser process; the at least one second protected web browser process configured to; execute instructions for the display of the website content downloaded from the network of one or more computers, wherein the instructions for the display of the website content potentially contain malware; access data contained in the second protected memory space, wherein the instructions potentially containing malware are capable of accessing the second protected memory space but are denied access to the first memory space; and generate data for display of website content downloaded from the network of one or more computers; wherein the portable computer based system is configured such that the at least one critical file residing on the first memory space is protected from corruption by the instructions for the display of website content potentially containing malware downloaded from the network and executing as part of the at least one second protected web browser process; wherein the portable computer based system is configured such that the at least one second protected web browser process is initialized from clean system files. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
Specification