PanTaurus LLC v. Google, Inc.
Filing
1
COMPLAINT against Google, Inc. ( Filing fee $ 400 receipt number 0540-4626736.), filed by PanTaurus LLC. (Attachments: # 1 Exhibit A, # 2 Civil Cover Sheet)(Tadlock, Charles)
<![CDATA[
EXHIBIT A
United States Patent
No. 6,272,533
111111
1111111111111111111111111111111111111111111111111111111111111
US006272533Bl
United States Patent
(10)
Browne
(12)
(45)
(54)
SECURE COMPUTER SYSTEM AND
METHOD OF PROVIDING SECURE ACCESS
TO A COMPUTER SYSTEM INCLUDING A
STAND ALONE SWITCH OPERABLE TO
INHIBIT DATA CORRUPTION ON A
STORAGE DEVICE
(76)
Inventor:
Hendrik A. Browne, 6211 Florence
Way, Alexandria, VA (US) 22310
( *)
Notice:
Subject to any disclaimer, the term of this
patent is extended or adjusted under 35
U.S.c. 154(b) by 0 days.
(21)
Appl. No.: 09/250,277
(22)
Filed:
(51)
(52)
Int. CI? ...................................................... G06F 13/38
U.S. CI. .......................... 709/213; 710/128; 711/152;
711/100; 711/111; 711/154
Field of Search ..................................... 711/100, 111,
711/112, 154, 152; 360/60; 710/128, 131;
709/213
(58)
Feb. 16, 1999
(56)
References Cited
U.S. PATENT DOCUMENTS
Re. 33,328
4,750,111
5,166,939
5,268,960
5,765,034
5,920,893
5,991,829
*
*
*
*
*
*
*
9/1990
6/1988
11/1992
12/1993
6/1998
7/1999
11/1999
Director ............................. 360/60 X
Crosby, Jr. et al. ................... 710/58
Jaffe et al. ........................... 714/766
Hung et al. .............................. 380/4
Recio ............................... 710/131 X
Nakayama et al. .............. 709/213 X
Giorgio et al. .................. 709/213 X
FOREIGN PATENT DOCUMENTS
93/02419
* 2/1993 CWO).
OlliER PUBLICATIONS
Control Data Corporation CDC Fixed Storage, vol. 2, Hardware Maintenance Manual, pp. i, ii, 1-1, 1-2, 1-22 through
1-30 and 1-160 through 1-165; 1984.*
Micron Electronics, Inc., Micron System User's Guide for
Millennia and ClientPro Systems, 1998, pp. 4-19.
Patent No.:
US 6,272,533 BI
Date of Patent:
Aug. 7,2001
The RAID Advisory Board, Inc., The RAID Book, 6th ed.,
1997, p. 16.
lanah, Monua, "The Cost of Networking," Information
Week, Oct. 19, 1998, pp. 48 et seq.
Penenberg, Adam L., "We were long gone when he pulled
the plug," Forbes, Nov. 16, 1998, pp. 134 et seq. (More
legible copy of article taken from Forbes web site also
attached.).
The PC Technology Guide, Motherboards, updated Oct. 12,
1998, http://www.dircon.co.uk/pctechguide.
(List continued on next page.)
Primary Examiner-David L. Robertson
(74) Attorney, Agent, or Firm-Fulbright & laworski LLP
(57)
ABSTRACT
A computer system includes hardware for selectively disabling alteration of data residing on a mass storage device
which is subject to remote access. In one embodiment, a
hard disk drive is operated in a conventional manner including both read and write modes when the system is being
operated in a non-secure mode of operation, such as when
remote access is not allowed. In a secure mode of operation,
a locally operated switch is used to disable writing to the
hard disk drive to maintain data integrity on the drive. The
system may also include first and second electrically isolated
buses and corresponding processors. In this configuration,
the hard disk drive may be selectively connected to the first
bus and processor for the storage of data, or to the second
bus and processor when in a secure mode to provide for
read-only remote access to the information stored on the
hard drive. A write-only hard drive may also be included for
storage of confidential information provided by remote users
so that other remote users cannot access that information. In
a master/slave processor configuration, all system programming is resident in an isolated portion of the system inaccessible to remote users. The slave processor receives
instructions only from the master processor so that the
operation of the slave processor cannot be compromised by
viruses uploaded by remote users.
45 Claims, 9 Drawing Sheets
US 6,272,533 BI
Page 2
OlliER PUBLICATIONS
Intel Motherboard General FAQ, updated Aug. 31, 1998,
http://www.connectedpc.com. (Legal Information © 1998
Intel Corp.).
The PC Technology Guide, Processors, updated Oct. 6,
1998, http://www.dircon.co.uk/pctechguide.
PICMG®-PCI-ISA, 1998, http://www.picmg.com (©
1998 PICMG).
PICMG ISA/PCI Passive Backplane (source information
unavailable).
The PC Guide, System Bus Functions and Features, Site
Version 1.7.2-Version Date: Sep. 20, 1998, http://www.pcguide.com (© Copyright 1997-98, Charles M. Kozierok).
The PC Guide, Older Bus Types, Site Version 1.7.2Version Date: Sep. 20, 1998.http://www.pcguide.com (©
Copyright 1997-98, Charles M. Kozierok).
The PC Guide, Peripheral Component Interconnect (PCI)
Local Bus, Site Version 1.7.2-Version Date: Sep. 20, 1998,
http://www.pcguide.com(© Copyright 1997-98, Charles M.
Kozierok).
The PC Guide, System Buses, Site Version 1.7.2-Version
Date: Sep. 20, 1998.http://www.pcguide.com (© Copyright
1997-98, Charles M. Kozierok).
PC Webopaedia, bus, Last modified May 14, 1998,http://
www.webopedia.internet.com (© 1998 Mecklermedia Corporation.
PC Webopaedia, Industry Standard Architecture (ISA) bus,
Last modified May 15, 1998, http://www.webopedia.internet.com (© 1998 Mecklermedia Corporation).
PC Webopaedia, PCI, Last modified May 19, 1998,http://
www.webopedia.internet.com (© 1998 Mecklermedia Corporation).
PC Webopaedia, local bus, Last modified May 19, 1998,
http://www.webopedia.internet.com (© 1998 Mecklermedia
Corporation).
PC Webopaedia, expansion bus, Last modified Dec. 5,
1998.http://www.webopedia.internet.com (© 1998 Mecklermedia Corporation).
PC Webopaedia, external bus, Last modified Dec. 30, 1997,
http://www.webopedia.internet.com (© 1998 Mecklermedia
Corporation).
PC Webopaedia, SCSI, Last modified Oct. 1, 1998,http://
www.webopedia.internet.com (© 1998 Mecklermedia Corporation.
The PC Guide, Hard Disk General Interface Factors, Site
Version 1.7.2-Version Date: Sep. 20, 1998, http://www.pcguide.com (© Copyright 1997-98, Charles M. Kozierok).
Ogren, Joakim and Williams, Dan, Connector, IDE Internal
Connector,
http://www.margo.student.utwente.nl/stefan/
hwb/co_ldelnternal.
* cited by examiner-
d
•
rJl
•
~
~
.....
.....
~
106
)
MAIN
MEMORY
HARD DISK
DRIVE
"
]~
' '1
"
CENTRAl
PROCESSING ~
UNIT
104
4, ~
HARD DISK
DRIVE
~(
I
I
1
\,
"
HARD DISK
DRIVE
j
, 7
118
>-
VIDEO
108
~
'1
\.
120l.
114
~
({Q
r
~-..J
)124
'.i
N
C
C
'""'"
IDE
CONTROLlER
ETHERNET
~
'1 ~
/\
\'1
~J
I.
lOCAL SYSTEM BUS
I
?
SERIAl. PORT
~
~
Jr
V
'7
VIDEO
MONITOR
r-
/'
SCSI
CONTROLlER ~
--- ?
~
)
=
'JJ.
=-
~
~
.....
~l
'"
o"'"
....,
V
I
\C
102
100
FIG.l
PRIOR ART
e
rJ'l
-..CJ\
N
""-l
N
1J.
~
~
~
I--"
d
•
rJl
•
1:1
106b
INSTRUCTION
MEUORY
2
~DISK
HARD
CENTRAL
r
PR~~ING
~
=
DRIVE
t,/>
..t12
~'7
DATA
MEMORY
lJ U
~
~
.....
.....
HARD DISK
SWITCH
202S
1\
'-104
v
DRIVE
~~
S:6
VIDEO
MONITOR
4~
~'7
SCSI
CONTROUER ~ 108
1~
VIDEO
SERIAl PORT
l(
u
4}
_v.,
114
lOCAL SYSTEU BUS
r
102)
200
({Q
~-..J
HARD DISK
DRIVE
4~
~!T
~
1~
FIG.2
120
11
IDE
CONTROUER
4>
)(
{J
N
C
C
'""'"
L
l(
'JJ.
=-
~
~
.....
ETHERNET
N
o
....,
\C
1
e
rJ'l
0'1
N
""-l
N
1J.
~
~
~
I--"
DDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDD
1
J9
1
39
~
~
DDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDD
1
2
3
4
·5
6
7
8
9
10
11
12
13
14
15
NAME
/RESET
GNO
007 ~
008 <d
006 I~
009 <d
005 ~
0010 ~
DD4 <d
DOll ~
003 <d
0012 <d
002 <d
0013 ¢.)
·001 ~
i
DATA 8
DATA 6
DATA 9 I
DATA 5 I
DATA 3
DATA 12
DATA 2
DATA 13
DATA 1
I
¢
DA2
¢
/IDCCSO ¢
R£JD S1ROBE
38
IIDLCSI
Q
(lFO-1F1)
(3F6-3Fl)
GROUND
39
JACM
¢
LED DRIVER
R£JD S1ROOE
40
GND
DATA 14
<d
DATA 15
GND
I¢>
GROUND
--
DATA 0
KEY
KEY
N/e
NOT COtf(ClED
GND
GROUND
/IOW
GND
Q
/IOR
¢
GND
KLROY
AlE
DESCRIPTION
IROO
~
~
18
19
20
21 .
22
23
24
25
26
27
28
29
30
DIR.
31
32
33
34
35
36
37
0014
000
0015
17
DATA 7
DATA 11
=
NAUE
NAME
16
RESET
GROUND
DATA 10
DATA 4
~
PIN
OIR. DESCRIPTION
PIN
DlR. DESCRIPTION
¢
.....
.....
IDE PINOUT AT CABLE
40
2
: PIN
d
•
rJl
•
IDE PINOUT AT CONTROLLER AND PERIPHERAL
!
¢
/IOCS16
DA1
tDERR\Pr REQlISf
I/O alP SElECT
ADDRESS I
NOT C(H(ClB) I
Nle
OAO
~
({Q
~-..J
N
C
C
'""'"
, ADDRESS 0
ADORESS 2
'JJ.
=-
~
~
.....
~
o
....,
\C
GROUND
GROUND
¢
I/o ~tll.
Km£SS lATCH
¢
e
rJ'l
-..CJ\
NOT COtKClED
N/e
GNO
GROUND
--
--
-
FIG.3
N
""-l
N
1J.
~
~
~
I--"
d
214
DEVICE NUMBER
~
'01234567
2>
WRITE ONLY
210
•
rJl
•
ROO/WRrTE
(2
~
.....
.....
Q 0 0 0 0 0 212h
212d)
212e ~ (OUT SEo/RE
®
~
=
r~12~ ~( ,~VSU
~
READ ONLY
({Q
~-..J
2120
FIG.4A
212g
216
N
C
C
'""'"
'JJ.
=-
~
~
.....
~
o
....,
202
\C
~
210
e
rJ'l
-..CJ\
N
""-l
N
FIG.4B
1J.
~
~
~
I--"
u.s. Patent
Aug. 7,2001
Sheet 5 of 9
US 6,272,533 BI
NO
302
304
READ SWITCH POSmON
306
STORE NUMBERS OF SECURED
DEVICES AND CORRESPONDING
INHIBITED OPERATIONS
308
READ NUMBERS OF SECURED
DEVICES AND CORRESPONDING
INHIBITED OPERATIONS
310
NO
314
316
NO
INHIBIT CONTROL SIGNAL.
PROVIDE APPROPRIATE ERROR
MESSAGE
TRANSMIT CONTROL
SIGNAL TO DEVICE
318
FIG.S
d
110c
HARD DISK
122 ---I HARD DISK
116
VIDEO
UONITOR
DRIVE
•
rJl
•
~
DRIVE
1080
118b
120
SCSI
CONTROllER
SERIAL PORT
VIDEO
IDE
CONTROlLER
)(
~
.....
.....
~
=
124
SERIAL PORT
ETHERNET
~
j(
({Q
114
II
~-..J
'-1180
LOCAL SYSTEM BUS
N
C
C
LOCAL SYSTEM BUS
'""'"
1020
204
CENTRAL
PROCESSING
UNIT
SWITCH
CENTRAL
104b
UNIT
108b
=-
~
~
.....
PROCESSING
1040
'JJ.
0'1
o
....,
SWITCH
\C
106b
MAIN
UEUORY
UAlN
1060
MEMORY
2020
202b
e
rJ'l
0'1
FIG.6
1100
N
110b
""-l
N
1J.
~
~
~
I--"
d
11
?c.-I HARD DISK
\,./ 1
1080
VIDEO
MONITOR
DRIVE
I -116
1-/
U
SCSI
CONTROlLER
r--_----.,20
SERIAL PORT
~
~j
7
CENTRAL
PROCESSING
UNIT
114
II
~
il
(1180
1020
3
t-"- 1040
ETHERNET
It
J:
I02b7
1
LOCAL SYSTEM BUS
l1Bb J1 SERIAL PORT
'--
~
({Q
~-..J
.1
LOCAL SYSTEM BUS
Jl
~
lOBe
SCSI
CONTROLlER
SCSI
CONTROUER
=
~
SERIAL PORT
~:
.....
.....
~
L
IDE
CONTROU£R
Si
A
~
UAlN
MEUORY
~
DRIVE
1
VIDEO
Z~
n
122......-j HARD DISK
4~
.,
•
rJl
•
10Bd
.----lL.-----t
104b"
CENTRAL
PROCESSING
UNIT
N
C
C
'""'"
'JJ.
=-
~
~
.....
-..J
o
....,
\C
r
SWITCH
UAlN
MEMORY
2osT-:rr
t-"- 1060
HARD DISK 1-"1100
DRIVE
FIG.7
II
10~b
v--'
e
rJ'l
-..CJ\
N
""-l
I lIARD DISK
DRIVE
I
N
~110b
1J.
~
~
~
I--"
214, 0
STATUS
WRITE ONLY
'-0
d
•
rJl
•
DEVICE NUMBER
1234561
e1
(»
0 (} 0 0 0
~
~
.....
.....
212h
- 212e
~
=
lOC
READ/WRITF.
210
READ ONLY
212f
~
EXTERNAL
({Q
~-..J
2120
FIG.8A
N
C
C
.218
212g
'""'"
'JJ.
=-
~
~
.....
00
o
....,
\C
234
50
SER~
219
13
CONTROL PORT
1
e
rJ'l
0000000000000
000000_000
0'1
25
232
FIG.88
N
""-l
'- 236
N
1J.
~
~
~
I--"
d
1:.c
HARD DISK t--l1 Oc
VIDEO
MONITOR
DRIVE
SCSI
CONTROLLER
l
n
102a)
HARD DISK
120
VIDEO
SERIAL PORT
114
'V
CONTROLLER
SCSI CONTROLLER
108bS
I
lOCAL SYSTEU BUS
~
102b)
CENTRAl
1040 ~ PROCESSING
UNIT
~
=
r'- 202
S118b
~7
<!'T
IDE
1180
.....
.....
~
~
v
~
SWITCH
DRIVE
"
Il
~
LI
HARD DISK
DRIVE
~
DRIVE
12)
~6
HARD DISK
108°0
•
rJl
•
~
~
SERIAL PORT
\L
N
C
C
I,~
'i)
~-..J
ETHERNET
,,~
({Q
II
'""'"
LOCAl SYSTEM BUS
aCENTRAL
PROCESSING
UNIT
'JJ.
1
=-
~
~
.....
\C
o
....,
\C
I-/' 104b
e
rJ'l
MAIN
MAIN
1060 ~ MEMORY
MEMORY
FIG.9
~ 106b
0'1
N
""-l
N
1J.
~
~
~
I--"
US 6,272,533 Bl
1
2
includes an operating system, such as Windows NT or
Windows 98, together with various utilities and application
programs. At startup or initialization, central processing unit
104 executes "boot" code, identifies system assets, such as
5 IDE controller 120 and hard disk drive 122, and locates the
appropriate operating system. The operating system software from hard disk drive 122 is then transferred through
IDE controller 120 via local bus 102 to main memory 106.
BACKGROUND OF THE INVENTION
Central processing unit 104 then executes the operating
1. Field of the Invention
10 system, transferring instructions as needed from main
The present invention relates to computer system archimemory 106 into a "cache" or other local memory and
tecture and more particularly to an architecture for and
registers that are a part of the central processing unit 104.
method of limiting remote access to programs and data.
While this is happening, dedicated hardware and firmware
2. Description of the Related Technology
resident in video board 114 provide a visual display on video
The role of computers is rapidly changing from compu- 15 monitor 116 of system status and provide a video output for
tational machines to communication devices. The increasing
the operating system, utilities, and application programs. In
use of the Internet by the general public increases the
addition to the online data storage provided by hard disk
potential for hackers to break into sensitive computers.
drive 122, multiple hard disk drives are supported by SCSI
Computer hackers have successfully entered systems
controller 108. As depicted, both hard disk drives 110 and
believed to be secure, gained unauthorized access, corrupted 20 112 are interfaced to local system bus 102 through the SCSI
controller 108 providing additional non-volatile storage
data, and infected systems with viruses that continue to
capabilities.
cause havoc. While specialized software in the form of, for
example, firewalls, is often provided to prevent unauthorized
In addition to local access to computer system 100,
system access and to limit access so that unauthorized
remote access is provided by serial port 118 and Ethernet
personnel cannot easily corrupt data and program files or 25 card 124. For example, a modem (not shown) may be
otherwise cause damage to a computer system and loss of
attached to serial port 118 to interface computer system 100
data, hackers are continually finding ways around the softto other media such as the public switched telephone netware. For example, viruses can be used to infect a computer
work (PSTN), radio and fiber optic systems, etc., thereby
system through infected software, causing the system to
providing connectivity to remote users and systems. An
perform unauthorized functions and execute "rogue" code 30 appropriate communications utility or application running
jeopardizing the integrity of the system. Because all funcon central processing unit 104 together with serial port 118
tions performed by the computer system are controlled by
supports exchange of data with the remote users and sysinstructions stored in the computer's memory, providing any
tems. Similarly, Ethernet 124 is a specific embodiment of a
remote access to the system provides an avenue for hackers
network connectivity supporting, for example, a local area
to gain unauthorized access and do damage.
35 network (LAN), a wide area network (WAN), etc., with
multiple remote computer systems and other resources
A representative computer system according to the prior
attached. Using these remote access facilities, computer
art is shown in block diagram form in FIG. 1. A prior art
system 100 becomes accessible to authorized, and in many
computer system 100 includes a local system bus 102
cases, unauthorized users.
connecting major elements of the computer system. Thus,
local system bus 102 handles the transfer of instructions, 40
Although not shown, other peripherals may be included,
data, address and control signals, etc. between the elements
such as CD-ROMS (compact disk-read only memories),
of the computer system. As shown in the figure, central
CD-WORM (compact disk-write once read many) or
processing unit 104 has a direct connection to bus 102 and
CD-WO (compact disk-write once), CD-RW (compact
to a dedicated main memory 106. Main memory 106 is
disk-re-writeable), DVD-RAM (digital versatile disktypically a high speed, high bandwidth random access 45 RAM), DVD-ROM (digital versatile disk-ROM), various
memory storing data and instructions. Non-volatile mass
tape drives and traditional 3'12 inch floppy disk drives. These
storage is provided by hard disk drives 110 and 112 interdevices are particularly useful for the transport of data
facing via SCSI (small computer systems interface) device
between systems and backup purposes using removable
108 to local system bus 102 and hard disk drive 122
media. Conventionally, because of access speed and storage
interfacing through IDE (intelligent drive electronics) con- 50 space limitations, these devices are generally not relied upon
troller 120. Central processing unit 104 also has provisions
as substitutes for hard disk drives which continue to be used
for displaying data to a system operator by providing
as the primary media for non-volatile program and data mass
appropriate address, data and control signals to video interstorage. However, as computer systems have been made
face 114 whereby data is displayed on video monitor 116.
available to greater numbers of users, both locally and
Finally, remote access to peripheral devices and buses is 55 remotely, maintaining the integrity of programs and data
provided by serial port 118 and Ethernet interface 124, again
stored on computer systems has become an increasing
over local system bus 102. Although not shown, other
concern.
devices providing input and output to the system may be
Prior art systems implement various physical and softincluded, such as a keyboard, etc., which may include a
ware systems to control access to the system and provide
dedicated interface to local system bus 102 or might be 60 security. For example, computer systems handling classified
supported by serial port 118. Similarly, other output devices
information may require TEMPEST approval to avoid uninmay be included, such as a printer interfacing through serial
tended radiation of information, be located in a secure
port 118 or an equivalent parallel port type data connection
facility such as a limited access area to provide physical
(not shown).
security, and be operated in a stand alone configuration
In operation, computer programs consisting of executable 65 without provision for remote access to avoid remote hacker
access. Physical security, however, cannot address remote
code and data and other information on which the code
access users so that a variety of software is used to establish
operates, are stored in main memory 106. Typically, this
SECURE COMPUTER SYSTEM AND
METHOD OF PROVIDING SECURE ACCESS
TO A COMPUTER SYSTEM INCLUDING A
STAND ALONE SWITCH OPERABLE TO
INHIBIT DATA CORRUPTION ON A
STORAGE DEVICE
US 6,272,533 Bl
3
4
routed through a manually operable electrical switch which
varying authorization levels for remote system use and
can only be manipulated locally and cannot be operated or
access. For example, remote users may be required to
interface via a secure access or "firewall" system which
bypassed under computer control. In one configuration, the
requires a user to establish authorization to access a comappropriate write enabling conductor of the cable is physiputer system prior to providing a connection. A firewall may 5 cally interrupted by the mechanical switch when in a secure
further monitor use of facilities, limiting access and use
mode and, instead, the appropriate write disabling signal is
according to the user's authorization. Software on the comapplied to the hard disk drive. This basic configuration and
puter system itself further monitors access using, for
method can be applied to various computer system archiexample, passwords, personal identification numbers (pins),
tectures to support stand alone, multiuser and remote access
etc. to control access and use. Other software may be 10 capable computer systems.
implemented to protect, for example, certain area of memory
According to another aspect of the invention, a computer
such as the operating system from being altered or oversystem includes dual processor elements, one isolated from
written. Some operating systems, for example, further limit
remote access and having facilities for writing information
write operations to particular areas of memory containing
to a storage device. The other processor element, while
data used by a particular application and limit access to other 15 handling communications with remote devices, is connected
areas of memory or alteration of instructions stored in
so as to positively inhibit writing or altering data contained
memory. However, such software protections have often
in the storage device. To further protect system integrity,
proved inadequate to stop a determined hacker from gaining
another aspect of the invention configures the communicaunauthorized access and bypassing such safeguards. For
tions processing element as a slave, receiving and executing
example, a hacker might use another program to generate 20 instructions from the isolated processing element. The
and try thousands or millions of access code combinations to
invention further divides data storing and retrieval functions
break into a system. Alternatively, using a more convenbetween a pair of hard disk drives used to provide remote
tional approach, a hacker might rummage through discarded
access. Using this division, remote users may read from one
company documents to obtain access code information,
hard disk drive, but are incapable of altering the contents of
unlisted maintenance telephone numbers, ctc. Access may 25 the read only drive. Similarly, remote users can write to the
also be obtained by "back doors" into the system otherwise
other hard drive, but cannot read information stored by other
used for maintenance, billing, and other non-remote access
users and cannot target information for alteration or destrucpurposes. Hackers may also obtain access by implanting
tion.
computer viruses into the system, often embedded in innoAccording to an aspect of the invention, a digital comcent appearing host software. Once implanted, the virus can 30 puter system includes a processor, a storage device and a
damage the system directly or provide other methods of
manually operative switch. The storage device is responsive
access for the hacker.
to the processor for selectively operating in a read mode of
In addition to remote covert action, computer systems are
operation for reading previously stored data and in a write
also subject to local attacks by, for example, disgruntled
mode of operation for storing data. The manually operative
employees, etc. On a less sinister basis, computer systems 35 switch selectively disables the processor from causing the
are further subject to unintentional damage by human operastorage device to operate in the write mode of operation.
tor error inadvertently deleting or modifying files and by
According to a feature of the invention, the manually
program bugs in the system and applications having similar
operative switch is connected to interrupt the control signal
effects and results as that of intentional attacks on the
required to cause the storage device to operate in the write
system.
40 mode of operation. The manually operative switch may be in
For the foregoing reasons, there exists a need for a secure
direct electrical contact with the storage device and may be
computer system architecture and method for providing
in the form of a mechanical switch or may be an electronic
computer security which cannot be easily bypassed by
switch including control software and hardware compoinnocent or surreptitious means, either remotely or local to
nents.
the computer system. A further need exists for a computer 45
According to another feature of the invention, the prosystem and method of operating a computer system which
cessor includes a central processing unit, a controller which
preserves data and program integrity while providing for
is in direct electrical contact with the manually operative
remote access to users having only read access. A still
switch, and a bus which connects the central processing unit
further need exists for a computer system and method of 50 and the controller.
operating a computer system which prevents data and
According to another aspect of the invention, a digital
instruction corruption, modification and deletion by
computer system includes a storage device, first and second
improper operation of host applications or due to the intencentral processing units, and a first manually operative
tional actions of software viruses and other rogue executable
switch. The storage device is responsive to a control signal
code.
55 for selectively operating in a read mode of operation for
SUMMARY OF THE INVENTION
reading previously stored data and in a write mode of
operation for storing data. The first and second central
The present invention is directed to a computer system
processing units are each capable of providing this control
and method of operating a computer system which provides
signal. The switch then alternatively provides the control
enhanced data and program security. A system and method
according to the invention limit access to computer system 60 signal from either the first or second central processing unit
to the storage device. According to a feature of the invention,
storage media by providing a locally operable switch which
the system further includes a second manually operative
selectively prevents alteration to the local storage media.
switch selectively disabling the storage device from operThe switch may be a manually operable mechanical device
ating in the write mode of operation.
or may be electronic, so long as its operation is isolated from
According to another aspect of the invention, a digital
the system being protected, and may be entirely self- 65
contained. For example, the appropriate control lines
computer system includes a processor, a secure data storage
between a hard disk controller and the hard disk drive are
device and a manually operative switch. The secure data
US 6,272,533 Bl
5
6
device is responsive to a write control signal from the data
alternatively, a write inhibiting control signal. In response to
the signal received from the switch, the data storage device
processor for selectively storing data. The switch is manuselectively stores data or is inhibited from doing so.
ally selectable to enable and disable receipt by the secure
According to a feature of the invention, the storage device
data storage device of the write control signal.
to a feature of the invention, the manually 5 is responsive to the control signal transmitted by the manual
According
switch for selectively operating in read and write modes of
operative switch selectively applies a predetermined fixed
operation so that the write-inhibiting control signal causes
control signal to the secure data storage device instead of the
the data storage device to operate only in the read mode of
write control signal. The secure data device may be anonoperation and/or other modes protecting the integrity of the
volatile memory including a hard disk drive.
10 data (e.g., internal refresh only).
According to another feature of the invention, a bus
According to another feature of the invention, the proconnects the processor to the secure storage device for
cessor includes a first disk controller and the data storage
transmission of the control signal so that the manually
device is a first disk drive. According to another feature of
operative switch selectively enables and disables a transthe invention, a second disk drive may also be connected to
mission of the control signal along the bus.
the first disk controller or may be connected to its own,
According to another feature of the invention, the pro- 15 second disk controller.
cessor includes a central processing unit and a disk controlAccording to another aspect of the invention a digital
ler connected to each other by a system bus. The secure data
computer system includes a processor, a storage device and
device includes a disk drive electrically connected through
a switch. The storage device is responsive to the processor
the manually operative switch to the disk controller for
for selectively operating in a plurality of operating modes
receiving the control signal so that the manually operative 20 including a read mode of operation for retrieving previously
switch selectively enables and disables transmission of the
stored data and a write mode of operation for storing data.
control signal. Another disk drive may be included together
The switch is operable to selectively enable and disable at
with another disk controller connected to the system bus for
least one of the operating modes, the switch being controlselectively writing data to and reading data from the addilable by means distinct and separate from the processor so
tional disk drive in the form of, for example, an array of 25 that the processor is inhibited from controlling the operation
multiple hard disk drives (e.g., redundant array of indepenof the switch. According to a feature of the invention, the
dent disks, or "RAID"). These additional disk drives may be
switch may be manually operated to selectively make and
connected independent of the manually operative switch or
break an electrical conducting path connecting the processor
may be connected with a second manually operative switch
with the storage device.
to prevent writing to the additional disks.
30
Alternatively, the switch may include a controller, an
According to another feature of the invention, the digital
operation of which is independent of the processor for
computer system further includes first and second disk
selectively enabling and disabling at least one of the operating modes. At least one of the operating modes may be a
controllers connected to respective master and slave central
processing units by a system bus. The secure data storage 35 read mode of operation and, alternatively, may be a write
device includes a first disk drive electrically connected
mode of operation. According to a feature of the invention,
a second "master" processor is isolated from the first prothrough the manually operative switch to the first disk
controller for receiving a control signal from the master
cessor and both (i) controls the switch and (ii) reads and
central processing unit whereby the manually operative
writes to the storage device.
switch selectively enables and disables transmission of the 40
According to another feature of the invention, the storage
control signal to the first disk drive. The second disk drive
device may include a magnetic media and comprise a disk
is connected to the second disk controller and is accessible
drive or a magnetic tape. The storage device may alternaby the master and slave central processing units over the
tively include a non-volatile electronic memory device, such
system bus. Alternatively, the first and second disk controlas an EEPROM.
lers may be included on separate buses accessible only by 45
According to still a further feature, the storage device may
the respective master and slave central processing units.
include an optical storage device such as a CD-ROM or an
According to another feature of the invention, a second
electro-optical source device such as a CD-RW.
manually operative switch is interposed between the second
According to still another feature of the invention, the
disk drive and the second disk controller to selectively
digital computer includes a processor with a first memory
disable reading from or, in an alternate configuration, writ- 50 storing program instructions and a distinct and separate
ing to the second disk drive.
memory storing data. The first memory may be operable in
According to another feature in the invention, the comthe read only mode of operation in which the program
puter includes a third disk controller and disk drive with the
instructions are protected from alteration and erasure by the
disk drive operative to mirror data stored in the second disk
central processing unit.
drive.
55
According to another aspect of the invention, a method of
According to another feature in the invention, the comoperating a digital computer system includes the steps of
puter system includes a first program memory connected to
supplying a variable control signal to a disk drive and
and storing instructions executable by the master central
writing data to the disk drive in response to the variable
processing unit. A second program memory is connected to
control signal. A manual electrical switch is operated so as
and stores instructions executable by the slave processing 60 to disconnect the variable control signal from the disk drive
unit with a processor bus connecting the master and slave
and instead, connect a fixed control signal to the disk drive.
central processing units. A communications controller may
The disk drive is then operated in a mode other than a write
be connected to the system bus to provide for remote access.
mode of operation in response to the fixed control signal.
According to a feature of the method, remote access to the
According to another aspect of the invention, a computer
system includes a processor, a manual switch and a data 65 disk drive is provided only when operating in the mode other
than the write mode of operation, i.e., in the secure mode
storage device. The switch is connected to selectively transmit a control signal received from the processor and,
inhibiting changes to the hard disk drive.
US 6,272,533 Bl
7
These and other features, aspects and advantages of the
present invention will become better understood with regard
to the following description, claims and accompanying
drawings.
8
to selectively inhibit operation in the write (or read) mode so
that, effectively, hard disk drive 110 can be operated in either
a read/write mode, or in a read only or write only mode of
operation.
If switch 202 is included as part of SCSI controller lOS,
5
BRIEF DESCRIPTION OF THE DRAWINGS
then it is connected to inhibit write requests from CPU 104
(or other devices) from being sent to hard drive 110. If
FIG. 1 is a block diagram of a computer system according
switch 202 is instead incorporated into hard drive 110, it can
to the prior art.
be connected to inhibit operation of hardware used to
FIG. 2 is a block diagram of a computer system according 10 operate the disk drive's write heads. For example, the switch
to the invention including a switch for inhibiting a hard disk
202 can be configured to cut power to a write head's output
drive from operating in a write mode of operation and
circuitry. Preferably, hard disk drive 110 and/or SCSI consegmented main memory.
troller lOS provide the appropriate status and/or error mesFIG. 3 is a pin-out diagram and table for an IDE connecsages to CPU 104 when operating in a write inhibited or read
tor.
15 only mode of operation or when a write operation is
requested and the write mode has been disabled.
FIGS. 4a and 4b are front and rear views of a stand alone
Switch 202 may also be configured as an auxiliary, stand
switch device for insertion between a SCSI controller and
alone device mounted in a switch box enclosure with
one or more SCSI devices.
appropriate terminals for connecting controller lOS to hard
FIG. 5 is a flow diagram for a software implemented
switch for restricting operation of designated peripheral 20 disk drive 110. In this configuration, switch 202 is operative
in a first read/write position to pass signals from controller
devices to programmed modes of operation.
lOS to hard disk drive 110 without change. In a write inhibit
FIG. 6 is a block diagram of a computer system according
or read only mode of operation, switch 202 will not pass
to another embodiment of the invention including a switch
signals from controller lOS to hard disk drive 110 which
for connecting a storage unit to a stand alone processing unit
25 would cause hard disk drive 110 to be placed in a write mode
or to a processor providing for remote access.
of operation. For example, pin 50 of a SCSI interface may
FIG. 7 is a block diagram of a computer system according
be set to the appropriate logic level when a selected device
to another embodiment including isolated (i) secure local
is accessed so as to limit operation of the selected device to
and (ii) remote processing systems sharing common hard
either a read or write mode as appropriate. Alternatively,
disk facilities under the exclusive control of the secure local 30 switch 202 may be connected between IDE controller 120 an
processor.
hard disk drive 122 to selectively restrict access and control
FIGS. Sa and Sb are front and rear views of a switching
of the latter. Using an IDE interface, a pin-out diagram for
device for selectively connecting one of two SCSI controlwhich is shown in FIG. 3 of the drawings, write strobes from
lers to a plurality of SCSI devices and for limiting operation
the controller are transmitted to the hard drive on pin 23.
of those SCSI devices to programmed modes of operation 35 That is, the controller signals the hard drive that data
when connected to the second of the SCSI controllers.
supplied on pins 3-1S is ready to be written by driving a
FIG. 9 is a block diagram of a computer system according
control signal applied at pin 23 to a "low" logic level. Thus,
to the invention including a master/slave architecture.
in a secure mode of operation wherein writing to a hard drive
is to be inhibited, pin 23 is connected to a high level logic
DETAILED DESCRIPTION OF THE
40 signal source so that the hard disk drive does not receive the
PREFERRED EMBODIMENT
write strobe signal necessary to cause it to perform a write
operation.
Referring to FIG. 2 of the drawings, a computer system
200 includes conventional devices 102-124 as discussed in
Alternatively, switch 202 may include appropriate hardconnection with the prior art with the (i) addition of switch
ware and software to monitor signals transmitted by con202 interposed between SCSI controller lOS and hard disk 45 troller lOS to hard disk drive 110. Write (or other inhibited
drive 110 and (ii) partitioning of main memory into separate
actions such as read, erase, etc.) commands to one or more
instruction memory 106a and data memory 106b. Instrucdesignated devices would be recognized and intercepted,
tion memory 106a may include various forms and levels of
switch 202 generating an appropriate error message back to
protection. For example, instruction memory 106a may be
controller lOS. Permissible operations would be transmitted
implemented in the form of an EEPROM with a manual 50 through to disk drive 110 without impediment. In this
erase and programming feature. Thus, CPU 104 would have
software implementation of switch 202, predetermined porread-only access to instruction memory 106a unless and
tions of disk drive 202 may be designated as secure so that
until the associated EEPROM was manually provided with
write commands are selectively inhibited only to designated
the proper control signals to allow its programming. This
tracks, sectors, clusters, etc.
feature prevents unauthorized modification of programming 55
FIGS. 4a and 4b show a stand alone, programmable
and provides security against viruses attacking the program
embodiment of switch 202 which can accommodate eight
code. In contrast, data memory 106b is a conventional RAM
peripheral devices on a SCSI interface. Switch 202 is
for the temporary storage of data, including system and
mounted in enclosure 210 and includes panel mounted
application program parameters and variables.
programming switches 212a-212h associated with respecSwitch 202 may be configured as a part of SCSI controller 60 tive SCSI devices 0--7. Each of the programming switches is
lOS, hard disk drive 110, or as a separate auxiliary device.
selectable to designate a read only, read/write, or write only
Switch 202 may be exclusively manually operable to inhibit
mode of operation for the respective device. Once
programmed, the status of each device is indicated by a
a hard disk drive from altering or erasing data. Alternatively,
tricolor LED 214 associated with each switch, green, for
switch 202 may be an electronic switch controlled by a
control signal physically inaccessible to or by CPU 104. 65 example, indicating read/write capabilities, yellow that the
Typically, hard disk drive 110 is responsive to read and write
corresponding device can be operated in a read only mode
of operation (write-inhibited), and red indicating that the
requests from SCSI controller lOS. Switch 202 is effective
US 6,272,533 Bl
9
10
corresponding device is operable in a write only mode of
read only hard drives, each having a dedicated bus, local
memory and storage. A hard drive storage system is switoperation (i.e., read operations are inhibited). As shown in
chable between the processors. The hard drive storage
FIG. 4a, devices 0 and 1 are being operated in write only
system includes two disk drives, operable in a non-secure
modes (i.e., a "secure" mode), devices 2 and 4 in read only
modes (another "secure" mode), and devices 3,5, 6, and 7 5 normal mode of operation in which both drives are read/
in read/write modes (i.e., are not being operated as "secure"
write enabled, and in a protected mode wherein one drive is
operated in a read only mode and the other in a write only
devices).
mode of operation. In this configuration, the two processors
Akey switch 216 may be included to control the operation
are isolated from each other, one of the processors providing
of switch 202. In the "OUT" mode, the switch is functionally
inoperative so that the operations of all devices are unre- 10 for local system operation, the other providing remote
access to the mass storage devices including hard disk
stricted as would be indicated by green status lights 214. In
drives. In effect, the system is equivalent to two separate
the "SECURE" mode, the programmed mode limits would
independent systems on one motherboard when configured
be effective to limit read and write modes of operations. The
as a personal computer (PC). Both systems require software
"SET" mode is used to program switch 202 according to
to be loaded, and some system configuration to be perswitches 212a-212h. A corresponding key (not shown) is
removable from key switch 216 in the "OUT" and 15 formed. Communications between the processors is provided by the common hard drive storage system.
"SECURE" positions so that switch 202 can be left locked
Operator monitoring of the system performance and
and unattended. Preferably, the "SET" position of key
downloading of data acquired by the system is performed by
switch 216 is a temporary position with a spring returned to
the "SECURE" position upon completion of programming.
a primary CPU 104a connected to a first local system bus
When switch 216 is in the "SET" mode, the position of 20 102a. The second local data bus 102b supports a commuswitches 212a-212h are read and the corresponding mode
nications CPU 104b. Connected to both buses 102a and
limitations are stored in memory as would be indicated by
102b, switch 204 physically switches SCSI controller 108b
status indicators 214.
between the two buses. Hard disk drives 110a and 110b are
connected and controlled by SCSI controller 108b through
A rear view of switch 202 is presented in FIG. 4b
including panel mounted SCSI connectors 220 and 222 for 25 write mode disabling switch 202a and read mode disability
switch 202b, respectively. Switchable SCSI controller 108b
connecting the switch to a SCSI controller and to SCSI
would be switched to main local system bus 102a for
devices being controlled, respectively.
loading and configuration of software under control of main
The operation of switch 202 is shown in the flow diagram
CPU 104a. After loading and testing of software, SCSI
of FIG. 5. The program starts at entry point 300 with an
initial decision box 302 handling the set mode of operation 30 controller 108b would be switched to local system bus 102b
supporting communications with remote users over serial
for programming the device. If switch 202 is in the "SET"
port 118b and Ethernet 124. Hard disk drive 110a would be
mode, then the positions of switches 212a-212h are read at
then operated in a read only mode of operation by switch
process 304 and the corresponding limitations are stored in
202a. Conversely, hard disk drive 110b would be operated in
memory at process 306. If the SET operation has not been
a "write only" mode of operation so that, for example, any
activated, or upon completion of the programming, process- 35 uploaded data could be checked for viruses prior to that data
ing continues at step 308 where the numbers of the secure
becoming available to the system. Further, by placing hard
devices are read from memory together with the corresponddisk drive 110b in a "write only" mode of operation using
ing allowed modes or inhibited modes of operations, as
switch 202b, data uploaded to the drive by remote users of
appropriate. In response to receipt of a control signal at
the system cannot be accessed by other remote users thereby
decision 310, the program decides if the control signal is 40 enhancing system security. This feature is particularly useful
directed to a secure device, i.e., a device number previously
for e-commerce applications where confidential data
stored as being operated in a "SECURE" mode with either
received from remote user must be protected from unauthorized dissemination (e.g., credit card information, etc.).
read or write operations inhibited. If the control signal is
directed to a device which is not subject to read or write
In the configuration of FIG. 6, the primary CPU 104a and
limitations, such as devices 3, 5, 6, and 7 according to FIG. 45 associated first bus 102a are inaccessible to remote users.
4a, then the control signal is transmitted to that device at
Accordingly, switch 204 and switches 202a and 202b may
process 316. However, if the control signal is directed to a
be electronically controlled by primary CPU 104a without
device which is being operated in a secure mode of operation
jeopardizing the security of the system. This feature is
(devices 0, 1, 2, and 4 in this example), then the process
incorporated into the configuration shown in FIG. 7 wherein
determines at decision box 312 if the requested operation 50 SCSI controllers 108e and 108d are connected to respective
has been inhibited. For example, device numbers 0 and 1 are
first and second buses 102a and 102b. Switch 206 is
being operated in a read-inhibited mode while devices 2 and
controlled by CPU 104a via serial port 118b connected to
4 are being operated in a write-inhibited mode. Accordingly,
first bus 102a. Switch 206 selectively connects either SCSI
read requests directed to devices 0 or 1 and write requests
controller 108e or 108d to SCSI hard disk drives 110a and
directed to devices 2 and 4 would result in the left branch 55 110b.
being taken out of decision point 312 where the appropriate
In a local mode of operation, switch 206 provides unlimcontrol signal would be inhibited and an error message
ited access by local SCSI controller 108e to hard disk drives
generated back to the requesting controller. Conversely, if
110a and 110b. Thus, CPU 104a can both read from and
the operation requested has not been inhibited, the right
write to the drives. Upon being commanded to connect the
branch is taken out of decision box 312 and the request is 60 drives to second bus 102b to support remote access, switch
transmitted to the device address. In either case, process
206 disconnects SCSI controller 108e and connects SCSI
flow continues down to terminal 318. At this point, the
controller 108d to the drives subject to preprogrammed
process would conventionally loop back to Start 300 to
operating mode limitations. For example, when being
continuously detect and process programming requests and
accessed by SCSI controller 108d, hard disk drive 110a may
SCSI interface commands.
65 be write inhibited while hard disk drive 110b may be read
inhibited as described in connection with the configuration
Another embodiment of the invention is shown in FIG. 6
depicting a dual processor system, with both read/write and
of FIG. 6.
US 6,272,533 Bl
11
12
FIGS. 8a and 8b show an alternate implementation of a
a read only mode of operation. Hard disk drive 110b
supports storage of data by remote users, such as required
stand alone switch 210 suited to the dual processor system
for e-commerce, etc.
shown in FIG. 7. The output of SCSI controller 108c, which
According to the invention as illustrated by the embodiis connected to local system bus 102a, is provided to
connector 230 while SCSI controller 108d, which is con- 5 ments described, the capability of writing to and altering
data is disabled for remote users by disabling hard disk write
nected to local system bus 102b, is connected to connector
capabilities, limiting remote user access to a dedicated and
232. A serial connector 236 provides an interface for
segregated data processor and associated bus and data
optional computer control of the switch.
storage, and by isolating control of a communications proIn this configuration, switch 210 both switches hard disk
cessor so that instructions are only executed as received
drives 110a and 110b between the appropriate SCSI con- 10
from a secured master processor. The invention further
troller and selectively operates the hard disk drives in the
enhances security by segregating read and write functions to
pre-programmed restricted modes of operation. As shown,
different hard drives so that remote users cannot alter
key switch 218 has five positions including "EXTERNAL",
information previously stored on the system nor can they
"OFF", "LOCAL", "REMOTE", and "SET". In the "OFF"
read information stored by other remote users.
mode, neither of the SCSI controllers have access to periph- 15
Although the present invention has been described in
eral devices including the hard disk drives. In the "LOCAL"
considerable detail with reference to certain preferred
position, signals from and to connector 230 are passed
embodiments thereof, other embodiments or configurations
through without alteration to SCSI devices connected to
are possible. For example, the mode limiting switch is
connector 234. This mode is applicable to unrestricted
applicable to other storage devices and media and to other
operation of the peripheral devices when under control of 20 devices where selection and control of operating modes
primary CPU 104a which is inaccessible by remote users.
must be restricted. For example, a restricted user may be
When key switch 218 is placed in the "REMOTE"
limited by the switch to monitoring the output of a device
such as a video camera, while a local user may additionally
position, connector 232 provides access to SCSI devices
control the camera. Similarly, the switch may be used in-line
connected at connector 234 under the control and supervision of switch 210 to selectively inhibit predetermined 25 with a printer to allow limited printing capabilities for
certain users while providing full capabilities to local users
modes of operation according to stored programming and as
indicated by status indicator lights 214. As previously
of the system. Accordingly, the spirit and scope of the
described, a temporary, spring loaded "SET" position is
appended claims should not be limited to the description of
provided for programming switch 210 according to the
the preferred embodiments contained herein.
positions of switches 212a-212h.
30
What is claimed is:
1. A digital computer system comprising:
The "EXTERNAL" position allows a secure device, such
first and second electrically isolated buses;
as primary CPU 104a, to program and control switch 204 via
first and second independent central processing units
a serial RS-232 interface. Thus, so long as the security of
connected to a respective one of said first and second
primary CPU 104a is not breached, the operating integrity of 35
switch 202 is maintained.
buses;
a storage device connected to each of said buses for
Another embodiment in the invention including dual
selectively storing data; and
processors in a master/slave relationship is shown in the
block diagram of FIG. 9. According to this embodiment, one
a manually operative switch selectively controlling access
processor manages communications including, for example, 40
by said first central processing unit to inhibit storing
data to said storage device by said first central processresponding to requests from the Internet. However, the slave
ing unit without inhibiting storing data by said second
processor only accepts program instructions from the pricentral processing unit.
mary processor. This can be accomplished by appropriate
programming of the system firmware (e.g., BIOS) of the
2. The digital computer system according to claim 1
slave processor. Thus, the slave processor is controlled only 45 wherein said storage device is operable in (i) a read mode of
by the master processor and would not be accessible by a
operation for reading previously stored data and (ii) a write
remote computer hacker.
mode of operation for storing said data.
3. The digital computer system according to claim 2
Referring to FIG. 9, a master central processing unit 104a
wherein said manually operative switch is connected to both
is connected to dedicated main memory 106a including an
operating system. Master central processing unit 104a is 50 said first and second buses to selectively operate said storage
device in a write-only protected mode of operation.
connected via local system bus 102a to various devices
4. The digital computer system according to claim 1
including (1) hard disk drive 110a through SCSI controller
further comprising an interprocessor bus, said first central
108a; (2) video control board 114 and video monitor 116; (3)
processing unit comprising a master central processing unit
serial port 118a; and (4) hard disk drive 122 through IDE
controller 120. Slave central processing unit 104b provides 55 and said second central processing unit comprising a slave
central processing unit, said master and slave central proremote access functions and is connected to a local main
cessing units connected to each other by said interprocessor
memory 106b. Central processing unit 104b connects to
bus and connecting to respective ones of said first and
SCSI controller 108b, serial port 118b and Ethernet 124
second buses, said manually operative switch connected to
through local system bus 102b. In turn, SCSI controller 108b
connects to hard disk drive 110b and, via selectable "read 60 both said first and second buses and connected to selectively
transmit to said storage device a control signal requited to
only" switch 202, to hard disk drive 110c. As previously
cause said storage device to operate in said write mode of
mentioned, slave central processing unit 104b obtains operoperation.
ating instructions exclusively from master central process5. A digital computer system comprising:
ing unit 104a so that viruses or other changes cannot be
first and second independent local buses;
remotely made to its operating instructions or programming. 65
Critical data that is to be protected from change or deletion
first and second storage devices, each responsive to a
by remote users is stored in hard disk drive 110c operated in
control signal for selectively operating in (i) a read
US 6,272,533 Bl
13
14
mode of operation for reading previously stored data
15. The digital computer system according to claim 13
and (ii) a write mode of operation for storing data;
wherein said manually operative switch is operative to
selectively cause said data storage device to operate in a
first and second central processing units respectively
protected mode including a read-only and a write-only mode
connected to said first and second local buses, each of
said first and second central processing units capable of 5 of operation independent of a mode control signal provided
by one of said master and slave central processing units.
providing said control signal;
16. The digital computer system according to claim 13
a first manually operative switch alternatively providing
wherein said manually operative switch is operative to
said control signals from said first and second local
selectively cause said data storage device to operate in a data
buses to said first and second storage devices, said
switch further configured to selectively operate said 10 protected mode including one of a read-only and write-only
mode of operation independent of a mode control signal
first and second storage devices in a protected mode of
provided by one of said master and slave central processing
operation, said protected mode of operation including
units.
at least one of a write-only and read-only mode of
17. The digital computer system according to claim 13
operation.
further comprising a bus connecting one of said master and
6. The digital computer system according to claim 5
further comprising a second manually operative switch 15 slave central processing units to said data storage device for
transmission of said control signal wherein said manually
selectively disabling at least one of said first and second
operative switch selectively enables and disables a transstorage devices from operating in said write mode of operamission of said control signal along one of said first and
tion.
second buses.
7. The digital computer system according to claim 5
18. The digital computer system according to claim 17
farther comprising second and third switches, said second 20
wherein said data storage device comprises a hard disk
switch selectively inhibiting said first storage device from
operating in said write mode of operation, said third switch
drive.
selectively inhibiting said second storage device from oper19. A digital computer system comprising:
ating in said read mode of operation.
a first data processing unit including a first central pro8. The digital computer system according to claim 7 25
cessing unit and a first disk controller connected to each
further comprising a communications interface providing
other by a first system bus;
remote access to said second local bus.
a second data processing unit including a second central
9. The digital computer system according to claim 5
processing unit and a second disk controller connected
further comprising switching means having a first state
to each other by a second system bus, said second
wherein said first and second storage devices are operable in 30
system bus electrically independent of said first system
both said read and write modes of operation and a second
bus;
state inhibiting operation of said first storage device in said
a secure data storage device responsive to a write control
write mode and of said second storage device in said read
signal from each of said first and second data processmode.
ing units for selectively storing data, said secure data
10. The digital computer system according to claim 9
further comprising a communications interface providing 35
storage device comprising a first disk drive; and
remote access to said second central processing unit.
a manually operative switch selectively enabling and
11. The digital computer system according to claim 5
disabling receipt by said secure data storage device of
further comprising switching means having a first state
said write control signal.
wherein said first and second disk storage devices are 40
20. The digital computer system according to claim 19
operable in both said read and write modes and a second
wherein said first disk drive comprises an array of hard disk
state causing said first storage device to be operated only in
drives.
said read mode of operation and said second storage device
21. The digital computer system according to claim 19
only in said write mode of operation.
further comprising another disk drive connected to one of
12. The digital computer system according to claim 11
further comprising a communications interface providing 45 said first and second disk controllers independent of said
manually operative switch.
remote access to said second central processing unit.
22. The digital computer system according to claim 19
13. A digital computer system comprising:
wherein said first disk drive is electrically connected through
first and second system buses electrically independent of
said manually operative switch to said first disk controller
each other;
master and slave central processing units connected to 50 for receiving said control signal whereby said manually
operative switch selectively enables and disables a transrespective ones of said system buses;
mission of said control signal,
first and second controllers respectively connected to said
said digital computer system further comprising a second
master and slave central processing units by respective
disk drive; and a second disk controller connected to
ones of said system buses;
said second system bus and to said second disk drive
a data storage device responsive to a write control signal 55
for selectively writing data to and reading data from
from one of said master and slave processing units on
said second disk drive.
a respective one of said first and second system buses
23. A digital computer system comprising:
for selectively storing data said data storage device
master and slave central processing units;
including first and second storage devices; and
master and slave system buses electrically isolated from
a manually operative switch selectively enabling and 60
each other and respectively connected to said master
disabling receipt by said data storage device of said
and slave central processing units;
write control signal from said first and second system
a secure data storage device responsive to a write control
buses.
signal from each said master and slave central process14. The digital computer system according to claim 13
ing units for selectively storing data;
wherein said manually operative switch selectively connects 65
said data storage device to one of said first and second
a manually operative switch configured to selectively
controllers.
enable and disable receipt by said secure data storage
US 6,272,533 Bl
15
16
device of said write control signal so as to selectively
connected to selectively make and break an electrically
conducting path connecting of said first and second system
operate said secure data storage device in a read-only
base one processor and said data storage device.
mode of operation; and
31. The digital computer system according to claim 29
first and second disk controllers connected to said master
5 wherein said switch comprises a digital controller, an operaand slave system buses, said secure data storage device
tion of which is independent of said second processor for
including a first disk drive electrically connected
selectively enabling and disabling said at least one of said
through said manually operative switch to said first and
operating modes.
second disk controllers for receiving said write control
32. The digital computer system according to claim 29
signal from one of said master and slave central pro- 10 wherein said data storage device is operable in (i) a readcessing units whereby said manually operative switch
only mode of operation for retrieving previously stored data
selectively enables and disables transmission of said
and (ii) a write-only mode of operation for storing data.
write control signal.
33. The digital computer system according to claim 32
24. The digital computer system according to claim 23
wherein said at least one of said operating modes is said
further comprising a second disk drive connected to said
read-only mode of operation.
15
second disk controller.
34. The digital computer system according to claim 32
wherein said at least one of said operating modes is said
25. The digital computer system according to claim 23
write-only mode of operation.
further comprising:
35. The digital computer according to claim 32 wherein
a first program memory connected to and stoning instrucsaid data storage device comprises a magnetic media.
tions executable by said master central processing unit,
20
36. The digital computer according to claim 32 wherein
a second program memory connected to and storing
said data storage device comprises a disk drive.
instructions executable by said slave central processing
37. The digital computer according to claim 32 wherein
unit, and
said data storage device comprises a magnetic tape.
a processor bus connecting said master and slave central
38. The digital computer according to claim 32 wherein
25 said data storage device comprises a non-volatile electronic
processing units.
memory device.
26. The digital computer system according to claim 23
39. The digital computer according to claim 38 wherein
further comprising a communications controller connected
said electronic non-volatile electronic memory device comto said slave system bus.
prises an EEPROM.
27. A digital computer system comprising:
30
40. The digital computer according to claim 32 wherein
a first central processing unit;
said data storage device comprises an optical storage device.
a first system bus connected to said first central processing
41. The digital computer according to claim 32 wherein
unit;
said data storage device comprises an electro-optical storage
a second central processing unit;
device.
42. The digital computer according to claim 32 wherein
a second bus connected to said second central processing 35
unit and centrically isolated from said first system bus;
each of said first and second processors include a central
processing unit, a first memory storing program instructions
a disk controller;
and a second memory, separate and distinct from said first
a first manual switch selectively providing a conductive
memory, storing data.
path between said disk controller and, in a first position,
43. The digital computer according to claim 33 wherein at
said first system bus and, in a second position, said 40
least one of said first memories is operable in a read-only
second system bus; and
mode of operation in which said program instructions are
a hard disk drive connected to said disk controller and
protected from alteration and erasure by a corresponding one
responsive to a write control signal from said disk
of said central processing units.
controller for selectively storing information.
45
44. A method of accessing a digital storage device using
28. The digital computer system according to claim 27
a digital computer system, the digital computer system
further comprising a second manual switch interposed
including first and second independent local buses, first and
between said disk controller and said hard disk drive for
second central processing units respectively connected to
selectively transmitting said write control signal therebesaid first and second local buses, and a manually operative
tween so as to selectively permit an operation of said hard
50 switch, the method comprising the steps of:
drive in a read-only mode of operation.
transmitting control signals from said first and second
29. A digital computer system comprising:
central processing units to respective ones of said fist
a first system bus;
and second local buses;
a second system bus
operating said switch to alternatively provide ones of said
a first processor connected to said first system bus;
control signals from said first and second local buses to
55
a second processor connected to said second system bus;
the digital storage device and to select a protected mode
of operation thereof;
a data storage device connected to said first and second
system buses for selectively operating in a plurality of
selectively operating the digital storage device in said
operating modes so as to access said data storage
protected mode of operation, said protected mode of
device; and
operation including at least one of a write-only and
60
read-only mode of operation; and
a switch operable to selectively enable and disable at least
one of said operating modes, said switch controllable
selectively operating said digital storage device responby means distinct and separate from at least one of said
sive to said control signals in (i) a read mode of
operation for reading previously stored data and (ii) a
processors whereby said one processor is inhibited
65
write mode of operation for storing data.
from controlling said operation of said switch.
30. The digital computer system according to claim 29
45. A method of accessing a digital storage device using
wherein said switch comprises a manually operated switch
a digital computer system, the digital computer system
US 6,272,533 Bl
17
including first and second system buses electrically independent of each other, master and slave central processing
units connected to respective ones of said system buses, and
a manually operative switch, the method comprising the
5
steps of:
transmitting a write control signal from one of said master
and salve processing units;
18
selectively storing data on said data storage device
responsive to said write control signal; and
operating said switch to selectively enable and disable
receipt by the data storage device of said write control
signal from said first and second system buses.
* * * * *
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
