TwinBoards mobile computing system

Abstract

The invention comprises a mobile device with two circuit boards and certain shared resources, in order to provide the security of physically separate devices, yet do so in a single device using shared resources that do not affect security. Specifically, the invention has two boards connected via input/output switch, each having its own System-on-a-Chip (SoC), Memory (RAM), Storage and Radio Module (SIM(s)/Bluetooth/Wi-Fi), and may include one or more SIM cards. Touchscreen, battery, physical buttons and other peripherals are shared between boards. Each shared peripheral hardware module will be used by a single board only (the active in-use board being the “Foreground Board”); another board (the inactive “Background Board”) uses an emulated version of the same hardware module. At any moment, a user can switch between Boards and the Background Board becomes the active Foreground Board and vice versa.

Claims

1. A mobile device computing system comprising: a shared peripheral hardware; a foreground computing environment comprising a first System-on-a-Chip (SoC), a first memory, a first storage, a first radio module and a first Operating System (OS) connected to the shared peripheral hardware; a background computing environment comprising a second System-on-a-Chip (SoC), a second memory, a second storage, a second radio module and a second OS disconnected from the shared peripheral hardware and using a hardware emulation mode; and an I/O switch circuit board is configured to connect the shared peripheral hardware to the foreground computing environment, and upon request, to connect the shared peripheral hardware to the background computing environment and to disconnect the foreground computing environment from the shared peripheral hardware, wherein the foreground computing environment, the background computing environment and the I/O switch are disposed in a single physical device, wherein the I/O switch is configured to switch from the foreground computing environment to the background computing environment by sending a “switch to sleep mode” event to the foreground computing environment and the first OS handles the “switch to sleep mode” event, and wherein the first OS, upon receiving “switch to sleep mode” event, completes a pending operation of the shared peripheral hardware, suspends a shared peripheral hardware driver before the I/O switch circuit board sets the foreground computing environment as the background computing environment.

2. The mobile device computing system of claim 1, wherein the background computing environment is configured to detect a new event, the background computing environment is configured to notify the I/O switch upon event detection, and the I/O switch is configured to notify the foreground computing environment of the new event.

3. The mobile device computing system of claim 2, wherein the foreground computing environment is configured to notify a user of the new event from the background computing environment.

4. The mobile device computing system of claim 2, wherein the new event received by the foreground computing environment comprises an incoming call and the foreground computing environment is configured to initiate a switch from the foreground computing environment to the background computing environment.

5. The mobile device computing system of claim 1, wherein, after suspending, the first OS uses the hardware emulation mode for the shared peripheral hardware and the second OS does not use the hardware emulation mode for the shared peripheral hardware.

6. The mobile device computing system of claim 1, wherein, after suspending, the first OS temporarily disables the shared peripheral hardware.

7. The mobile device computing system of claim 5, wherein, during switching the background computing environment with the foreground computing environment, the I/O switch circuit board is configured to disconnect the shared peripheral hardware from the foreground computing environment, and connect the shared peripheral hardware to the background computing environment.

8. A mobile device computing system comprising: a shared peripheral hardware; a foreground computing environment comprising a first System-on-a-Chip (SoC), a first memory, a first storage, a first radio module and a first Operating System (OS) connected to the shared peripheral hardware; a background computing environment comprising a second System-on-a-Chip (SoC), a second memory, a second storage, a second radio module and a second OS disconnected from the shared peripheral hardware and using a hardware emulation mode; and an I/O switch circuit board is configured to connect the shared peripheral hardware to the foreground computing environment, and upon request, to connect the shared peripheral hardware to the background computing environment and to disconnect the foreground computing environment from the shared peripheral hardware, wherein the foreground computing environment, the background computing environment and the I/O switch are disposed in a single physical device, wherein the I/O switch is configured to switch from the foreground computing environment to the background computing environment by sending a “switch to sleep mode” event to the foreground computing environment and the first OS handles the “switch to sleep mode” event, and wherein, during the switching, the second OS is configured to clear a shared hardware state, resume a hardware driver for the shared peripheral hardware, enable access to the shared peripheral hardware from an application of the second OS, and designate the foreground computing environment as the background computing environment and vice-versa.

9. The mobile device computing system of claim 1, wherein the shared peripheral hardware comprises a shared extended storage partitioned and managed by the I/O switch.

10. The mobile device computing system of claim 1, wherein, during a device start, the I/O switch is configured to initiate a parallel start of the first OS and the second OS, and activating one of the foreground computing environment or the second computing environment upon completion.

11. The mobile device computing system of claim 1, wherein, during a device start, the I/O switch is configured to initiate a sequential start of the first OS and the second OS and activating one of the foreground computing environment or the second computing environment upon completion.

12. The mobile device computing system of claim 1, wherein, during a device shutdown, the I/O switch is configured to initiate a shutdown of the first OS and the second OS, and shutting off the mobile device computing system upon completion.

13. The mobile device computing system of claim 1, wherein the shared peripheral hardware comprises a first shared hardware and a second shared hardware, the background computing environment is granted exclusive access to the first shared hardware, and the foreground computing environment is granted exclusive access to the second shared hardware.

14. The mobile device computing system of claim 1, wherein the I/O switch circuit board prevents switching between the foreground computing environment and the background computing environment based on one or more of a device location, a device state, a security policy, an authenticated user.

15. The mobile device computing system of claim 1, wherein the I/O switch's isolating between the foreground computing environment and the background computing environment allows for a limited and controlled communication between the foreground computing environment and the background computing environment.

16. The mobile device computing system of claim 1, wherein the mobile device computing system comprises one or more of a smartphone, a tablet, a phablet, an Internet of Things (IoT) device, a wireless communication device, or a wearable device.

17. The mobile device computing system of claim 1, wherein the foreground computing environment, the background computing environment and the I/O switch are disposed on a single printed circuit board.

18. The mobile device computing system of claim 1, wherein the shared peripheral hardware comprises one or more of a touchscreen, a physical button, a control, a case, an extended storage or a power source.

19. The mobile device computing system of claim 1, wherein the first OS and the second OS are configured to run at a same time fully isolated from each other at a hardware level.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 depicts a high-level model of the invention.

(2) FIG. 2 presents a logical model of the main boards (i.e., the interchangeable Foreground and Background Boards.)

(3) FIG. 3 illustrates a shared board logical model.

(4) FIG. 4 depicts a parallel method of the start process.

(5) FIG. 5 presents a sequential method of the start process.

(6) FIG. 6 illustrates a switching process.

(7) FIG. 7 depicts a notification process in wired mode.

(8) FIG. 8 presents a notification process in wireless mode.

(9) FIG. 9 illustrates a parallel method of the shutdown process.

(10) FIG. 10 depicts a sequential method of the shutdown process.

(11) FIG. 11 presents a Background Board's incoming call processing.

DETAILED DESCRIPTION

(12) Preferred embodiments of the present invention describe a mobile computing system comprising two separate boards connected via input/output switch (I/O switch). The boards use both dedicated (SoC, Memory, Storage, Radio) and shared (touchscreen, battery/power source, physical buttons, optional extended storage) hardware. Shared hardware can be used by a single board only (Foreground Board); and a separate board (Background Board) uses emulated peripherals. Switching between real and emulated, shared hardware modules is initiated by the user, is performed in I/O switch, and is transparent for Boards. Embodiments of the present invention do not require any modification to the mobile OS or applications.

(13) In contrast to the prior art referenced as [1] and [2], preferred embodiments of the present invention use two boards to run OS's and do not share main hardware components such as CPU, memory, main storage, or radio module. The OS's on both Boards can run at the same time fully isolated from each other at the hardware level.

(14) In the other referenced inventions, such as [1], a lightweight, small and verifiable switching mechanism without the overhead of full system virtualization is described. In [1] only a single OS is active at any given time and all OS's run on the same physical hardware. The approach of [2] presents a special type of Type-1 bare-metal hypervisor adapted for mobile devices, where all virtual machines run on the same physical hardware as in [1]. In contrast to [1], preferred embodiments of [2] allow parallel execution of the OS's in different virtual machines.

(15) The prior art referenced as [3] describes a different approach compared to [1] and [2]. Two fully functional mobile devices are mechanically connected. While this approach provides a strong isolation, it has a usability, weight and cost limitations. Two touchscreens, batteries, cases and controls increase the cost and weight of a device, which are undesirable given the preference for continually smaller, lighter and less costly mobile devices.

(16) As will be apparent to one having ordinary skill in the art, the present invention provides a secure and efficient architecture for what in effect is a true “2-in-1” mobile device. Unlike inventions referenced above, it combines security benefits of separate and dedicated hardware Boards each having certain critical components (CPU/memory/storage/radio), while at the same time providing the efficiency and usability of other components (touchscreen, buttons, battery and casing) which do not lessen the security benefits provided by the separate Boards.

(17) FIG. 1 depicts a high-level model of the invention. Preferred embodiments of the present invention combine two separate Boards 101 and 109 in a single mobile computing system using I/O switch 100. Shared hardware 105 can be used by one of the Boards only, except the battery/power source (see FIG. 3, 303) which can be used by both Boards any time.

(18) Each Board has its own SoC 102/110, Memory/Storage 103/111 and peripherals 104/112. Touchscreen 106, physical elements 107 (buttons and connectors) and other peripherals 108 are shared between Boards.

(19) The microphone and speakers can be either dedicated (each Board has a pair of microphone/speakers) or shared.

(20) FIG. 2 presents a logical model of the main Boards. The Foreground and Background Boards 201 are connected to the I/O switch 200. Each Board has its own SoC 202, Memory 203, SIM/Radio 204, GPS/Sensors 205 and Storage 206. Each Board runs its own OS such as Android, iOS, Windows, etc. The OS's contain two additional software modules responsible for: (1) Board switch software—Foreground to Background and vice versa, depicted on FIG. 6; and (2) notification exchange software between Boards depicted on FIGS. 7 and 8.

(21) In the preferred embodiments of the present invention the OS on both Boards will be protected using digital signatures and full security capabilities of the hardware platform.

(22) FIG. 3 illustrates a shared board (“Shared Board”) logical model. The Shared Board 301 is connected to the I/O switch 300 and is comprised of the touchscreen 302, battery/power 303, physical buttons 304, physical connectors 305, optional extended storage 306 and peripherals 307.

(23) FIG. 4 depicts a parallel method of the start process. First, the I/O switch 401 is started. Next, both Boards 402 and 403 start loading in parallel. The Foreground Board is started while connected to the shared hardware, and the Background Board uses emulated shared hardware.

(24) Upon successful loading of both Boards, the I/O switch activates the Foreground Board 404. Next, normal operation of the device is started 405.

(25) In the preferred embodiments of the present invention, the boot process on both Boards is protected using secure boot and creates a “chain of trust” to ensure the validity of the loaded software.

(26) FIG. 5 presents a sequential method of the start process. First, the I/O switch starts the Foreground Board 501. Next, the I/O switch switches to the Background Board and starts it 502. Each Board uses a Shared Board's hardware while loading.

(27) Upon successful loading of both Boards, the I/O switch activates the Foreground Board 503. Next, normal operation of the device is started 504.

(28) The sequential boot process on both Boards is protected using a secure boot and creates a “chain of trust” to ensure the validity of the loaded software.

(29) FIG. 6 illustrates a switching process.

(30) Switching between Foreground and Background Boards is initiated by user action only. To switch Boards the user may use a software method (an application in the Foreground Board) or a physical button connected to the I/O switch board. All methods initiate the same switching sequence described below.

(31) A notification from the Background Board displayed on the Foreground Board may offer the user to switch Boards to handle the event. The scenario depicted on FIG. 11 (answering an incoming call in the Background Board) is an example of such approach.

(32) First, a user initiates switching 604 in the Foreground Board 601. Next, the Board switches 605 to the sleep state. All pending operations with the shared hardware should be completed in the Foreground Board before the next step. It prevents possible conflicts and potential data leakage from the Board.

(33) All hardware located on the Foreground Board is not affected by the switching process.

(34) At the next step 605, the I/O switch 603 detaches shared hardware 606 from the Board #1. The Foreground Board 601 starts to use emulated shared hardware. Switching between real and emulated shared hardware is performed in I/O switch and is transparent to the Boards.

(35) Using the approach described above, all switching between Boards in the present invention is performed instantly and does not involve any state backup/restore operations on Boards.

(36) The only difference between Foreground and Background Boards is access to the shared hardware at any given time.

(37) Next, the I/O switch 603 clears the hardware state, attaches shared hardware 607 to Board #2 and activates it.

(38) The internal hardware state of the Boards is isolated from each other. To prevent data exchange between Boards, which therefore might cause cross-contamination from an infected one to a clean one, critically, the I/O switch does not allow data exchange between Boards unless it is explicitly allowed by the security settings. This allows user and enterprise IT administration flexibility in determining desirability of cross-Board communication, i.e., the invention contemplates that users will want to prevent cross-Board communication, but the invention does allow such communication if desired.

(39) Now the Board 602 is ready to work with hardware. As a final step of the Board switching process, the Board 602 starts operating normally 609.

(40) As is apparent to one having ordinary skill in the art, the process described above is completely different from the sleep/resume, hibernate/restore or hypervisor instant switch processes known in the prior art and is well suited for mobile devices where users typically expect instant access and switching between data and phone calls.

(41) FIG. 7 depicts a notification process in wired mode. Background Board 701 receives an event 704 during normal operations. Next, the event is transformed 705 into a notification.

(42) With this process, for security purposes, there is no direct data exchange between Boards. Notifications are sent via I/O switch 703 which can perform an extensive independent validation, filtering and transformation of the notifications. To prevent data leakage, the original event's data is never sent to the Foreground Board directly. Depending on the security settings (policy), the Foreground Board can be notified that an event is detected in the Foreground Board without any details except as predetermined, e.g., “you have a new email”, or other information as desired.

(43) Both the Background Board and I/O switch can control the amount of information transmitted to the Foreground Board with the decision priority of I/O switch.

(44) Upon successful transformation, the notification is delivered to the I/O switch 703. The I/O switch transmits 707 the notification to the Foreground board 702. The Foreground Board receives 708 and displays 709 the notification.

(45) FIG. 8 presents a notification process in wireless mode. Background Board 801 receives an event 803 during normal operations. Next, the event is transformed 804 to a notification.

(46) In the wireless mode, direct notifications exchange between Boards is allowed by the security settings.

(47) The I/O switch is not involved in the notifications delivery process in the wireless mode. Instead, the Background Board controls the amount of information transmitted to the Foreground Board.

(48) Upon successful transformation, the notification is sent 805 to the Foreground Board 802. The Foreground Board receives 807 the notification and displays 808 it to a user.

(49) FIG. 9 illustrates a parallel method of the shutdown process.

(50) First, a normal sleep/shutdown process of the device is initialized 901. The shutdown process can be started in Foreground Board, or automatically by a system response to an event.

(51) Both Boards perform shutdown 902 and 903 in parallel. The Foreground Board uses real shared hardware during the shutdown while Background Board uses emulated shared hardware only.

(52) Upon successful shutdown of both Boards, the I/O switch shuts down 904. Next, the device is switched to the sleep mode or switched off 905.

(53) FIG. 10 depicts a sequential method of the shutdown process.

(54) First, a normal sleep/shutdown process of the device is initialized 1001. The shutdown process can be started in the Foreground Board by a user, or can be a system response to an event. Next, the I/O switch switches to the Background Board and shuts down it 1002. Each Board uses real shared hardware while shutting down.

(55) Upon successful shutdown of both Boards I/O switch shuts down 1003. Next, the device is switched to sleep mode or switched off 1004.

(56) FIG. 11 presents a Background Board's incoming call processing. First, an incoming call is detected 1104 in the Background Board 1101. Next, the Background Board sends 1105 a notification to the Foreground Board 1103 using I/O switch 1102 transport 1106.

(57) The amount of information included in the notification depends on the security settings (policy).

(58) Next, the Foreground Board receives 1107 the notification and displays 1108 it to a user. The user can either accept or reject the call 1109. If the user decides to reject the call, no additional steps are performed. Otherwise the control is passed to the I/O switch and it switches 1110 the Boards using the process and depicted on FIG. 6.

(59) After switching to the Background Board, the user may answer the incoming call. Optionally, the incoming call can be automatically accepted after successful completion of the switching process.