There is a need to access remote computer systems in a secure manner. Some previous attempts to solve this problem involved integrating security modules as applications or operating system components. These approaches could not be trusted to work properly if a computer was infected by a virus or other malicious code. Other attempts to solve this problem involved the use of separate hardware devices. One or more of the separate hardware devices were often custom devices. Custom devices typically operate differently from commercial devices and require a user to learn new operating procedures. The user was often reluctant, or unable, to do this. Furthermore, the interface of a custom device was often tailored to a particular version of current commercial devices to which it communicated. If the commercial device changed due to an advance in technology then a design change to the custom device was required. If the design change was not made then the remote-access solution containing the custom device was made obsolete. Moreover, device specific approaches to secure remote access were often not interoperable with other equipment. Therefore, there is a need for secure remote-access to a computer system that does not quickly become obsolete as technology advances. In addition, users desire computers that work like the commercial computers to which they are accustomed.
The typical computer system includes hardware (e.g., processor, keyboard, hard disk, floppy-disk, etc.) and operating-system software that runs on the processor to control the components of the computer system. A virtual machine monitor (VMM) is another software program that runs on the processor of the computer system to create a user-definable number of computing platform environments.
There are two types of virtual machine monitors. A type-I VMM runs directly on the processor of the computer system and controls all of the components of the computer system and the computer processes created therein. A type-II VMM runs on top of the operating-system software (i.e., the host operating-system software) and allows the host operating-system software to control the components of the computer system. The type-II VMM is more relevant to the present invention than the type-I VMM. A commercial product by VMware is an example of a type-II VMM.
Each computing environment created by a VMM runs operating-system software (i.e., guest operating-system software) that is either the same or different from the host operating-system software. Each computing environment is configured in software to emulate a complete computer system. These computing environments are referred to as virtual machines because they appear to the software running in them and to the user as a real computer system. However, these computer environments only exist in the software, or electronic configuration, running on the computer system. Virtual machines are useful for running old operating-system software on computer systems built to run new operating-system software and for testing the operation of experimental operating-system software.
U.S. Pat. No. 5,504,814, entitled “EFFICIENT SECURITY KERNEL FOR THE 80960 EXTENDED ARCHITECTURE,” discloses a device for implementing the standards of “Department of Defense Trusted Computer System Evaluation Criteria,” DOD 5200.28-STD, December 1985. The device is a custom device that uses virtual machines to isolate security subjects and dedicated logical resources. The device uses a single processor computer system running a single operating system. The virtual machines in U.S. Pat. No. 5,504,814 communicate with one another so that total separation does not exist between the virtual machines. The device and method of the present invention is not disclosed in U.S. Pat. No. 5,504,814. U.S. Pat. No. 5,504,814 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 5,201,049, entitled “SYSTEM FOR EXECUTING APPLICATIONS PROGRAMS CONCURRENTLY/SERIALLY ON DIFFERENT VIRTUAL MACHINES,” discloses a device for and method of executing predefined segments concurrently on different assigned virtual machines at the host processor by having a virtual machine manager create a pool of virtual machines at the host processor that are either run ready or idle, letting the virtual machine pool manager decide whether or not to send a segment to a run ready virtual machine for processing or to an idle virtual machine. The device and method of the present invention is not disclosed in U.S. Pat. No. 5,201,049. U.S. Pat. No. 5,201,049 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 5,893,084, entitled “METHOD FOR CREATING SPECIFIC PURPOSE RULE-BASED N-BIT VIRTUAL MACHINES,” discloses a device for and a method of implementing a virtual machine to do one specific task such as data typing, encryption, compression, arbitrary precision arithmetic, pattern recognition, data conversion, artificial intelligence, device drivers, data storage, and retrieval and digital communications and using rule sets to receive an n-bit input and produce an n-bit output, where the input and the output do not have to agree in bit length. The device and method of the present invention is not disclosed in U.S. Pat. No. 5,893,084. U.S. Pat. No. 5,893,084 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 5,850,449, entitled “SECURE NETWORK PROTOCOL SYSTEM AND METHOD,” discloses a device for and a method of securely transmitting objects containing executable programs in place of conventional data packets. U.S. Pat. No. 5,850,449 implements its device and method by encrypting all transmissions, which the present invention does not. U.S. Pat. No. 5,850,449 uses a virtual machine module to execute platform independent programs (e.g., JAVA programs). The device and method of the present invention is not disclosed in U.S. Pat. No. 5,850,449. U.S. Pat. No. 5,850,449 is hereby incorporated by reference into the specification of the present invention.