Patent Application
20200272757
The present invention generally relates to protecting a primary computing device from receiving unsafe digital content. More specifically the present invention is directed to evaluating digital content before it is provided to a primary computing device.
One of the greatest threats to privacy and to secure computer data are various sorts of undesired content that can compromise computer data. For example computer malware, computer viruses, and eavesdropping software have been used to steal sensitive information, destroy computer data, and hold computer data for ransom. Another problem that affects computing devices is the dissemination of undesired advertisements and messages. Damage from such “spam” messages or malware are not limited to time lost sorting through these undesired messages, yet also can include “phishing” attacks that can steal personal information or attacks like the “I Love You” virus that spawn excessive email traffic with the intent to crash a computer network.
Generally malware can be any software program that includes code that executes without the knowledge or authorization of an owner or user of a computing device. Malware is typically distributed by parties with nefarious intent. Malware is commonly used steal or destroy computer data or to snoop or spy the actions of a user when the user operates a computer. Malware is also frequently used to damage a computer or to damage computer data. For example malware may be used to steal personal or financial information, blackmail computer users by denying access to their own data unless or until a fee is paid, or to damage infected computers by damaging data stored on those infected computers.
Malware broadly refers to malicious software designed to infiltrate and/or damage a computer system and/or network without the informed, or knowledge of an owner of a computer or computer network.
Recently, computing devices have begun to act as digital wallets that perform transactions with other computing devices that may reside in a store. For example, individuals may use their cell phone to interact and make purchases with a kiosk at a store using wireless transmissions. These digital wallets, however, are at risk from hackers that may use devices to surreptitiously access data stored at a digital wallet using wireless communications.
Because of the threats posed to computing devise in general and to digital wallets, new methods and apparatus are needed to secure these computing devices and digital wallets from exploitation by various forms of undesired content.
The presently claimed invention relates to a method, a non-transitory computer readable storage medium, or an apparatus/system that performs functions consistent with the present disclosure. A method consistent with the present disclosure may receive data sent to a primary computing environment, perform a test on that received data, identify that the received data can be provided to the primary computing environment based on a test result from the test, and provide the data to the primary computing environment via an intelligent switch that is configured to send communications between the intelligent switch and the primary computing environment.
When the method of the presently claimed invention is performed by a non-transitory computer readable storage medium, a processor executing instructions out of a memory may also receive data sent to a primary computing environment, perform a test on that received data, identify that the received data can be provided to the primary computing environment based on a test result from the test, and provide the data to the primary computing environment via an intelligent switch that is configured send communications between the intelligent switch and the primary computing environment.
A system consistent with the present disclosure may include a primary computing environment, a secondary computing environment and an intelligent switch. In such a system, the intelligent switch may receive data sent to a primary computing environment, perform a test on that received data, identify that the received data can be provided to the primary computing environment based on a test result from the test, and provide the data to the primary computing environment via an intelligent switch that is configured send communications between the intelligent switch and the primary computing environment.
The present disclosure is directed to protecting a primary computing environment from receiving undesired content by communicatively disabling communication signals and by controllably enabling specific communication signals. Methods and apparatus consistent with the present disclosure may communicatively isolate a primary computing environment from a secondary computing environment when test are performed on data received via the secondary computing environment are received. This secure protocol may only pass tested computer data to the primary computing environment. Secure protocols consistent with the present disclosure may communicatively isolating a primary computing environment at a particular computing device from data received via another computing environment at that particular computing device. Methods and apparatus consistent with the present disclosure may isolate different portions of a computing device in different ways. This may be accomplished by opening physical electrical connections using switches or may be accomplished by disabling wireless communications between elements of an apparatus.
In certain instances, electrical signals that can communicate computer data are physically opened to prevent data from being transmitted from one part of a computing device to another part of that computing device. Alternatively or additionally, communicative coupling between different parts of a computing system may be interrupted by disabling one or more wireless communication channels of a computer system such that one part of a computing device is communicatively isolated from another part of that computing device.
Methods and apparatus consistent with the present disclosure may protect a computing device by using a physical barrier that prevents malware, viruses, or spam from being received by a particular operating environment within the computing device. In such an instance, such a primary computing environment may include logic that is isolated from another environment at that computing device by a set of switches. As such, apparatus and methods consistent with the present disclosure may include an intelligent switch that isolates a primary environment from being directly accessed by a second operating environment. Intelligent switches consistent with the present disclosure may include hardware logic, hardware processors, or combinations of hardware logic and hardware processors. Such intelligent switches may include three different switch configurations that may be referred to as a “left position,” a “neutral position,” and “right position.”
Apparatus consistent with the present disclosure may include a primary computing device that forms the primary environment, the intelligent switch, and a secondary device that forms the secondary environment. In certain instances, the primary environment or the secondary environment may also include hardware logic, hardware processors, or combinations of hardware logic and hardware processors. The secondary device may be configured to receive communications from computing devices via a computer network or may be configured to receive data from a connectable memory, such as a universal serial bus (USB) connectable memory stick.
Functions that may be performed by apparatus and methods consistent with the present disclosure may provide an “air-gap” that isolates such a primary environment from a secondary environment, where computer data cannot be passed to the primary environment until it has been tested by logic/processing logic at an intelligent switch. The analysis of received computer data may be performed at the intelligent switch when the intelligent switch is disconnected from both the primary environment and the secondary environment. The intelligent switch may include physical switches that controllably connect the intelligent switch to the secondary environment, to the primary environment, or to neither the primary or the secondary environment. These physical switches may be implemented using one or more sets of field effect transistors (FETS), each set of FETS may connect one or more signals to the intelligent switch. Switches consistent with the present disclosure may include a control input that causes a first set or a second set of switches to be connected to logic/processing logic at the intelligent switch. Signals switched by such an intelligent switch may include interconnections associated with any type of standard or non-standard electrical interface, including parallel interfaces or serial interfaces known in the art. In certain instances, proprietary communication techniques may be used. Communications between an intelligent switch and a primary or a secondary environment may also be encoded. For example, communication techniques such as modified frequency modulation (MFM) encoding, run length limited (RLL) encoding may be used, hashing data according to a hash function, or encrypting data using various techniques.
Next in determination step 140, the intelligent switch may identify whether the received computer includes malicious content. The determination performed in step 140 may be performed by an analysis that detects undesired content, spam or malware. Such an identification may be performed using pattern matching, deep packet inspection, or any other technique known in the art. Determination step 140 may also filter received content using blacklists or whitelists, where computer data from senders in a blacklist are blocked or where computer data from senders in a whitelist are allowed to be passed.
When determination step 140 identifies that the received computer data includes undesired content or malware, program flow may move to step 150 where the computer data may be dropped or quarantined. When determination step 150 identifies that the received computer data does not include the undesired content or malware, program flow may move to step 160 where the intelligent switch is switched to a position that connects the intelligent switch to secondary position that connects the intelligent switch to the primary environment. After step 160, program flow may move to step 170 where the computer data may be passed to the primary environment. Although not illustrated in
Switches or intelligent switches consistent with the present disclosure may frequently be isolated from other computing environments in what may be referred to as a neutral position or configuration. Such switches in this neutral position or configuration may isolate components that perform tests on computer data, where these tests are performed by digital logic or are performed by a processor that executes instructions out of a memory. Functionality associated with intelligent switches may be fixed after intelligent an intelligent switch is fabricated. As such, the functionality of an intelligent switch may be programmed one (using a one-time programmable memory/read only memory), may be set using a mask read only memory (ROM), may be implemented by digital logic associated with a field programmable gate array (FPGA) coupled to a one-time only memory/ROM, or may be implemented by other forms of digital logic known in the art. Furthermore, an intelligent switch consistent with the present disclosure may spend most of its time in the neutral position and may be an only path (vector) through which received data may be passed to a preferred environment.
While methods and systems consistent with the present disclosure may use direct electrical interconnections, other embodiments may use wireless communication interfaces that may be turned off. In such instances, these wireless communication interfaces may be disabled by a switch, for example by a switch that turns off power to electronics associated with a wireless transmitter or receiver could disable reception or transmission of wireless signals. Alternatively a wireless transmission device or antenna may simply be switched out of a circuit when an communication pathway is disabled.
When intelligent switch 210B and secondary environment 220B are communicatively connected via interconnect 225B, intelligent switch 210B may receive the computer data from secondary environment 220B. After this point in time, intelligent switch 210B may test the received computer data to see if it contains undesired content. Intelligent switch 210B may perform tests that include pattern matching, whitelist/blacklist comparisons, and or other tests capable of detecting malware, viruses, or spam. Tests performed by Intelligent switch 210B may be performed in the neutral configuration illustrated in
In an instance when the tests performed by an intelligent switch identify that computer data received from a secondary environment do not include undesired content, that switch may be communicatively coupled to a primary environment in a configuration illustrated in
In an instance where an intelligent switch can sometimes receive communications from a secondary environment via a secondary communication mechanism, that secondary communication mechanism may be disabled (e.g. switched out of the circuit or turned off) when the intelligent switch is communicatively coupled to the primary environment such as the configuration shown in
Control signal CS1 may be used to close the switches of switch set 1330 to communicatively connect the intelligent switch 310 to the secondary environment 320. Control signal CS2 may be used to close the switches of switch set 2350 to connect the intelligent switch 310 to primary environment 340. Control signal CS1 may be used to connect the intelligent switch 310 to the secondary environment 320 after data control signal DTA-RCD informs the intelligent switch that computer data has been received by secondary environment 320. Once the switches of switch set 1330 are closed, communication connections are made such that secondary environment 320 may provide received computer data to intelligent switch 310. At this time primary environment 340 may be protected from hacking, screen-scraping, or key-logging because it is physically isolated from the secondary computing environment and from any external communication path.
After intelligent switch 310 receives the computer data from secondary environment 320, intelligent switch 310 may open the switches of switch set 1330 and may test the received computer data for undesired content. When intelligent switch 310 identifies that the received computer data does not include undesired content, it may close the switches of switch set 2350 using control signal CS2. After the switches of switch set 2350 are closed, intelligent switch 310 may provide the received computer data to primary environment 340. Preferably, switches associated with switch set 1330 and switch set 2350 will never be closed at the same time.
In certain instances, logic or processors at a secondary environment may perform a first set of initial tests on received computer data. The secondary environment may be configured to only transmit computer data to an intelligent switch only after this first set of initial test pass.
Various environments consistent with the present disclosure may include different forms of functionality. For example, secondary environments discussed in respect to
Primary environments and secondary environments consistent with the present disclosure may never be physically connected together at any time. A user associated with the primary environment may communicate securely with a second user device operated by a second user. After a message is received in the secondary environment from the second user device, an intelligent switch may be communicatively coupled to the secondary environment after which content included in the received message may be tested an provided to the primary environment securely according to the switching configurations and testing discussed in respect to
The functionality of a secondary environment and an intelligent switch may be combined, when desired. In such instances, a switch set may isolate functions of an intelligent switch from the secondary environment via switches. While the ability to isolate an intelligent switch from a secondary environment and from a primary environment may be preferred, alternative embodiments may couple the secondary environment to the intelligent switch without switches. This may include coupling the secondary environment to the intelligent switch via a proprietary communication interface or by using a proprietary communication technique. In such instances, the primary environment may only receive computer data after it has been tested and after a connection has been formed via operation of the intelligent switch that allows the primary environment to receive the tested computer data.
After the intelligent switch connects the primary environment to the intelligent switch in step 410, information from the primary environment may be received by the intelligent switch at step 420 of
After step 440, the secondary environment may be allowed to access data from an external computing device. For example, a URL provided with a request received from the primary environment in step 420 may be accessed by the secondary environment. The actions illustrated in
As such, intelligent switches consistent with the present disclosure may selectively connect to either a primary or to a secondary computing environment based on a protocol that may include periodic switching, secondary communications, or proprietary communications that can cause the primary computing environment to always be disconnected/isolated from the secondary computing environment. By doing this, method and apparatus consistent with present disclosure constitute a new form of “air-gapping” specific parts of an overall computing system when performing a security function.
The components shown in
Mass storage device 530, which may be implemented with a magnetic disk drive or an optical disk drive, is a non-volatile storage device for storing data and instructions for use by processor unit 510. Mass storage device 530 can store the system software for implementing embodiments of the present invention for purposes of loading that software into main memory 520.
Portable storage device 540 operates in conjunction with a portable non-volatile storage medium, such as a FLASH memory, compact disk or Digital video disc, to input and output data and code to and from the computer system 500 of
Input devices 560 provide a portion of a user interface. Input devices 560 may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, or a pointing device, such as a mouse, a trackball, stylus, or cursor direction keys. Additionally, the system 500 as shown in
Display system 570 may include a liquid crystal display (LCD), a plasma display, an organic light-emitting diode (OLED) display, an electronic ink display, a projector-based display, a holographic display, or another suitable display device. Display system 570 receives textual and graphical information, and processes the information for output to the display device. The display system 570 may include multiple-touch touchscreen input capabilities, such as capacitive touch detection, resistive touch detection, surface acoustic wave touch detection, or infrared touch detection. Such touchscreen input capabilities may or may not allow for variable pressure or force detection.
Peripherals 580 may include any type of computer support device to add additional functionality to the computer system. For example, peripheral device(s) 580 may include a modem or a router.
Network interface 595 may include any form of computer interface of a computer, whether that be a wired network or a wireless interface. As such, network interface 595 may be an Ethernet network interface, a BlueTooth™ wireless interface, an 802.11 interface, or a cellular phone interface.
The components contained in the computer system 500 of
The present invention may be implemented in an application that may be operable using a variety of devices. Non-transitory computer-readable storage media refer to any medium or media that participate in providing instructions to a central processing unit (CPU) for execution. Such media can take many forms, including, but not limited to, non-volatile and volatile media such as optical or magnetic disks and dynamic memory, respectively. Common forms of non-transitory computer-readable media include, for example, FLASH memory, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, RAM, PROM, EPROM, a FLASH EPROM, and any other memory chip or cartridge.
The present invention may be implemented in an application that may be operable using a variety of devices. Non-transitory computer-readable storage media refer to any medium or media that participate in providing instructions to a central processing unit (CPU) for execution. Such media can take many forms, including, but not limited to, non-volatile and volatile media such as optical or magnetic disks and dynamic memory, respectively. Common forms of non-transitory computer-readable media include, for example, a floppy disk, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, RAM, PROM, EPROM, a FLASH EPROM, and any other memory chip or cartridge.
While various flow diagrams provided and described above may show a particular order of operations performed by certain embodiments of the invention, it should be understood that such order is exemplary (e.g., alternative embodiments can perform the operations in a different order, combine certain operations, overlap certain operations, etc.).
The foregoing detailed description of the technology herein has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the technology to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. The described embodiments were chosen in order to best explain the principles of the technology and its practical application to thereby enable others skilled in the art to best utilize the technology in various embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the technology be defined by the claim.
