Story of an Invention
It all started with a successful hacker attack: The one, of which security firm RSA was the victim in spring of 2011. It resulted in the theft of the algorithm, which produced the six-digit-numbers, which were displayed of their security tokens to be used as second source identification to secure the virtual private network of the company I worked for at that time. It costed us about three weeks during which our German subsidiary of an American company had tremendous difficulties to communicate with their transatlantic partners.
This event made me, who once had studied chemistry, to remember my expertise in analysis and synthesis: I analysed computer systems with respect to their vulnerability concerning hacker attacks, and the preventive countermeasures. The result was sobering: Virtually all systems available in the market had exactly the same week point! Hackers exploit that eagerly – and the countermeasures are exclusively based upon software, following the strategy to identify the malware and some when later react to it. But this path is very long:
1. An attack needs to be recognized.
2. The malware has to be identified.
3. A countermeasure – which is another piece of software again – needs to be programmed.
4. The countermeasure has to be installed and run on the affected computers.
Chances are high that hackers laugh up their sleeves, because they have attained the wanted information for long time already.
What needs to be done? Throw the old hardware architecture over board! As this is the particular reason which makes this whole mess possible. And it does so by not recognizing differences between data categories within their memories, working storage as well as permanent storage! This missing differentiation makes it easy for hackers to disguise malware – especially the executable parts thereof – as data, and inject it into those memories.
Inevitably, a new hardware architecture needs to be developed. The same I have “synthesized” the way that different data categories are stored in separated memory units, each having its own access attributes. This makes it impossible that bit combinations input as data – no matter by what means – may be interpreted as executable code.
Even the latest most successful trick of the hackers, which renders established anti-virus-software helpless by injecting malware by unrecognizable chunks, is no challenge for my architecture, because malware does not need to be recognized any longer to inhibit the effects thereof.
This new architecture does not need virus scanners anymore, neither the recurring updates of those tools.
A new hardware architecture necessarily requires adjustments to the software to be run on it. If the same processors and same operating systems are used as before, this is mainly a matter of sorting for data categories.
This hardware architecture is patented and succeeded in the hardware category of competition „INNOVATION PRIZE – IT 2015“. IT security „Made in Germany“.
January 2016