Presentation of graphical user interface in system with highly protected execution medium

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to computer security. In the system, according to the invention, a basic operating system is used together with a highly reliable operating system. The basic operating system is at least a certain part of infrastructure of the highly reliable system. Occlusion of elements of the graphical user interface, related to the highly reliable operating system, is prevented. Also part of the secret information, which upon command can be displayed by elements of the graphical user interface, related to the highly reliable system, is stored. Coordination of defined components of images of all elements of the graphical user interface, related to the highly reliable operating system, also enables identification of valid elements. In the system for managing windows of the basic operating system there is public heading information for window identification, belonging to the process operating under control of the highly reliable operating system. Information of the secret heading, related to same window, is used only in the highly reliable operating system.

EFFECT: invention increases security of computer systems from hacking.

30 cl, 9 dwg

 

The technical field to which the invention relates.

The present invention in General relates to the field of computer security. In particular, it relates to the use of multiple Executive environments (e.g. operating systems) on a single computing device with a graphical user interface that allows you to use its elements to the processes in each of these several Executive environments.

The level of technology

In modern computing systems, many tasks that can be executed on a computer, require the provision of some level of security. To ensure a certain level of security, there are several options. One of them is the safe execution of all applications on the computer, which is fully insulated from any possibly unsafe elements, or the use of a virtual machine monitor (VMM) to ensure complete separation of the two Executive environments (e.g. operating systems)running on one computer system. However, this might not be feasible. For reasons of cost or convenience may require sharing of resources safe Executive environment and applications with guaranteed security, resulting in these applications and these resources to megalogistika vulnerable when carrying out illegal actions. In addition, when using the virtual machine monitor, as it requires full virtualization of the machine and all its devices (which then requires that the virtual machine monitor provided for all possible devices of its own device driver), the virtual machine monitor is not well suited for machines with open architecture, which means that it can add an almost unlimited variety of devices.

One way to provide opportunities for the sharing of resources two execution environments is the provision of a computer system in which there is one "main" operating system that controls most of the processes and devices of the machine, and where also there is a second operating system. This second operating system is a small operating system limited purpose button next to the host operating system and perform specific limited tasks. One way to make the operating system a "small" or having a "limited purpose" is to allow the system to borrow on a certain infrastructure (e.g. planning tool, the memory Manager, device drivers, etc) in the "main" operating system. Because the monitor virtual is selected machines effectively isolates one operating system from another, such infrastructure sharing in its application is not feasible.

There are some other technologies that allow operating systems to exist side by side on one machine without the use of a virtual machine monitor. One such technology is to make one operating system to work as a host for another operating system. (Operating system, which manages the "owner", sometimes called "guest"). In this case, the underlying operating system provides guest resources such as memory and processor time. Another such technology is the use of "ecoagro". Ecoagro control specific devices (e.g., processor and memory), and also controls certain types of interaction between operating systems, despite the fact that ecoagro, in contrast to the virtual machine monitor, does not virtualize the entire machine. Even when using ecoagro a situation may arise when a single operating system (for example, "main" operating system) provides another system a significant part of the infrastructure, in this case, the primary operating system can still be called "master", and lower the operating system is a "guest". As the governance model and the model ecoagro makes possible useful types is shimodate between operating systems supporting infrastructure sharing.

Thus, these technologies can be used to provide the computer system, at least two Executive environments. One of them can be "hardened" operating system, here called "nexus". Hardened operating system is one that provides some level of protection from the point of view of its functioning. For example, the nexus could be used to work with secret information (for example, encryption keys etc), and should not be disclosed, through provision of a hidden memory that is guaranteed against leakage of information in the external relative to the nexus environment, and by allowing only certain certified applications running nexus and refer to this hidden memory.

In a computer system with two execution environments, one of which is the nexus, you may want the nexus was the guest operating system and the second operating system (which does not require the same level of protection from the point of view of its functioning) was the underlying operating system. This allows the nexus to be, to the extent possible, small. Small nexus allows a higher level'm sure is nasty protection provided by nexus. In the operating system functions are performed by the underlying operating system.

One such operating system capable of running basic operating system is a windowing system. When using a windowing system, the screen of the user's monitor will be filled Windows, areas on the screen that display information from the application. An application can have one or more Windows.

When the windowing system is running on the underlying operating system, not the nexus, it is vulnerable to abuse. One such possible misconduct is known as substitution. A substitution is the act by which a user is forced to believe that some of the equipment, system software, application or agent software, or the window is credible, even if it is not. The attacker replaces a credible object. It can be used to steal user credentials or capture other data sensitive nature that the user has entered, thinking that he uses an object with a high degree of protection.

For example, in a system in which the nexus does the Bank who led the program, with the registration screen, an attacker could write a program that is running on the underlying operating system and displays a window that looks just like the registration screen of the banking program. If the user is fooled by this window substitution, it will enter information in this window. This information is stolen by an attacker, and may then be used without the user's knowledge.

The windowing system is also vulnerable to illegal actions, known as a fraud. When the deception, the attacker changes the image on the user's monitor so that the user thought that the system is safe when it is not. For example, a computer system may provide the user with the ability to block or allow to put the computer into hibernate or standby mode. In this case referred to the deception will simulate the image that is displayed when you lock the system, its finding is in sleep or hibernation mode. When the user is distracted into believing that the system is inactive and secure, the attacker executes unauthorized use of this system.

In the General case, the program engaged in misconduct and located on the side of the host, can simulate any combination of pixels that can be created on the monitor is a legit program, located on the side of the nexus, or operating system. However, in order to maintain high security nexus, the user must be able to distinguish a legitimate element of the graphical user interface on the side of the nexus from the false.

From the point of view of the foregoing there is a need for a system that addresses the shortcomings of the current level of technology.

DISCLOSURE of INVENTIONS

In one embodiment, the implementation of the present invention the data displayed on the monitor screen for a system containing a secure execution environment (nexus) and a second execution environment (the owner)made secure using a combination of several technologies. The elements of the graphical user interface, such as Windows that are associated with the process running the nexus, appear, not overlapping each other in other elements of the graphical user interface.

In addition, there is a secret user of nexus, which is displayed in the element of the graphical user interface. This mapping can be permanent or among the other alternatives can be made on request. In addition to this framing of Windows can be consistent in color or display graphical information to the mind of the user to link together is the safe open, and, thus, more clearly to distinguish the fake window. These frames can be changed at certain intervals of time upon request, or if the system event causes this change.

If appropriate boxes used nexus accompanying the window, to open the nexus can be used secret information of the header, while in the companion window applies a public header. This allows the process of nexus, which sets the headers to choose the information that will be possibly unsafe accompanying box.

The following are other distinctive features of the present invention.

BRIEF DESCRIPTION of DRAWINGS

The above General description, as well as the subsequent detailed description of the preferred variants of realization of the present invention, is better understood when read using the enclosed drawings. In order to illustrate the invention the drawings depicts an exemplary implementation, however, this invention is not limited to the described specific ways and means. In the drawings:

Figure 1 - structural diagram of an exemplary computing environment that can be implemented aspects of the present invention;

Figure 2 - structural diagram of two exemplary Executive environments, which carry n is the interaction with each other and maintain a degree of isolation from each other;

Figure 3(a) - structural diagram of the image;

Figure 3(b) - structural diagram of the image according to one of the variants of realization of the present invention;

4 is a block diagram of a method of maintaining the security of the data displayed on the monitor screen;

5 is a block diagram of a method of maintaining the security of the data displayed on the monitor screen;

6 is a block diagram of the image according to one of the variants of realization of the present invention;

7 is a block diagram of a method of maintaining the security of the data displayed on the monitor screen;

Fig is a block diagram of a method of maintaining the security of the data displayed on the monitor screen.

The IMPLEMENTATION of the INVENTION

Review

When two Executive environment, such as operating systems, working side by side on one machine, with one of these environments is highly protected by the Executive environment that is maintained in accordance with defined standards of safety for the user can be important to be able to recognize which the display elements of the graphical user interface associated with the processes running under the control of a highly secure operating system. As discussed above, the attacker outputs a picture element of the graphical user interface using the runtime, R is sporogenous on the side of the "owner" (not hardened), may try to convince the user that the element of the graphical user interface is an element that occurs when running a highly secure process. To prevent such misconduct, the present invention provides methods that allow the user to recognize which elements of the graphical user interface is created in a highly secure operating system.

Exemplary computing environment

In Fig. 1 shows an example computing environment that can be implemented in this invention. Computing environment 100 is only one example of a suitable computing environment and does not imply any limitation of the scope of use or functionality of the present invention. In addition, the computing environment 100 should not be construed as dependent on any one of the depicted components or combinations thereof, or as requiring their presence.

This invention can be used with many other computing environments or configurations of the computing system General or special purpose. Examples of well known computing systems, environments and/or configurations that may be suitable for use with the present invention include Persian is based computers, servers, handheld or laptop devices, multiprocessor systems, microprocessor-based, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe, embedded systems, distributed computing environments that include any of the above systems or devices, and the like, but are not limited to the aforementioned.

The present invention may be described in the General context of executable computer instructions, such as program modules, executed by the computer. Basically the software modules include procedures, programs, objects, components, data structures, etc. that perform particular tasks or using a particular abstract data types. The present invention may also be implemented in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network or other data transmission medium. In a distributed computing environment, program modules and other data are in the computer means for storing both local and remote computer including a storage device.

As shown in Fig. 1, an exemplary system that implements the invention in practice, includes a computing device for General purposes in the form of a computer 110. To the components of computer 110 may include a processor 120, system memory 130, and a system bus 121 that connects various system components including the system memory to the processor 120, but are not limited to those mentioned. The processor 120 may be represented as a set of logical processors, for example, included in a processor of a multi-threaded processing. The system bus 121 may be any of several types of bus architectures, including a memory bus or memory controller, a peripheral bus devices and the local bus on the basis of any of a variety of bus architectures. As an example, without implying limitation, such architectures include the ISA bus (industry standard architecture), MCA (microchannel architecture)bus EISA (extended industry standard architecture), VESA local bus (standard high-speed local videochina) and the PCI bus (local bus for motherboards), also known as Mezzanine bus. The system bus 121 may be implemented as a connection point-to-point, fabric, or the like, from among the communication devices.

The computer 110 typically includes a variety of computer-readable media. Machine-readable media can be any existing media, which can be handled by computer 110 and includes both volatile and nonvolatile media, removable and is shemnue media. As an example, without implying limitation, computer-readable media may include computer storage media and communication environment. Computer storage media include volatile and nonvolatile, removable and non-removable media, using any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media include RAM (random access memory), ROM (permanent memory), an EEPROM (electrically erasable programmable permanent memory), flash memory or other memory ROM in the CD-ROM (CD-ROM), digital versatile disks (DVD) or other optical disks, tapes, magnetic tape, magnetic tape, magnetic disks or other magnetic storage devices, or any other medium that can be used to store the desired information and which can accessed computer 110. Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any medium of information delivery. The term "modelirovanie the first data signal" means a signal, one or more characteristics which are set or changed in such a manner as to encode information in the signal. As an example, without implying limitation, communication media includes wired environment, such as a wired network or direct connection, and the wireless environment, such as acoustic, RF, infrared and other wireless environment. Combinations of any of the above also constitute machine-readable medium.

The system memory 130 includes computer storage medium in the form of volatile and/or nonvolatile memory, such as ROM, RAM 131 and 132. The system basic input/output 133 (BIOS), containing the basic procedures for helping items of computer 110 to communicate, for example, during startup, typically stored in ROM 131. RAM 132 typically contains data and/or program modules that are immediately accessible to the processor 120 and/or used them at the moment. As an example, without implying limitation, figure 1 shows the operating system 134, application programs 135, other program modules 136, and program data 137.

The computer 110 may also include other removable/non-removable, volatile/nonvolatile computer storage media. Only as an example in Fig. 1 shows n is the drive 141 on the hard disk, reading information from the removable non-volatile magnetic media or recording information on it, the drive 151 on magnetic disks, read information from the removable nonvolatile magnetic disk 152 or recording information on it, and drive optical disk drive 155 that reads information from the removable nonvolatile optical disk 156 such as a CD-ROM or other optical media, and writes information on it. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include cassettes, magnetic tape, flash memory cards, digital versatile disks, tapes to digital video, solid state RAM, solid state ROM, and the like, but are not limited to those mentioned. Drive 141 on the hard disk typically connected to the system bus 121 via an interface of the non-removable storage devices such as interface 140, and the drive 151 on magnetic disks and actuator 155 optical disks typically connected to the system bus 121 via an interface, removable storage devices, such as interface 150.

Discussed above and depicted in Fig. 1 drives and the corresponding computer storage media provide storage of computer-readable the instructions data structures, program modules and other data for the computer 110. For example, in figure 1 the drive 141 on the hard disk shows as a means of storing operating system 144, application programs 145, other program modules 146, and program data 147. Note that these components may be identical to or different from operating system 134, application programs 135, other program modules 136, and program data 137. Operating system 144, application programs 145, other program modules 146, and program data 147 are different numbers here to illustrate that they represent, at least, the other copies. The user can enter commands and information into the computer 110 through input devices such as a keyboard 162 and pointing device 161, typically a mouse, trackball or touch pad. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processor 120 via the interface 160 of the user connected to the system bus, but may be connected by other interfaces and tires for a different architecture, such as a parallel port, game port or a universal serial bus (USB). With system bus art interface, such as a video interface 190 also connected the monitor 191 or other display device information. In addition to the monitor, computers may also include other peripheral output devices such as speakers 197 and printer 196, which may be connected through the interface 195 peripheral output devices.

The computer 110 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 180. The remote computer 180 may be a personal computer, a server, a router, a network PC, a device that is connected via peer-to-peer network, or other common network node, and typically includes many or all of the elements described above in relation to computer 110, although figure 1 shows only the memory device 181. The logical connections depicted in figure 1 include a local area network (LAN) 171 and a wide area network (WAN) 173, but may also include other networks. Such networking environments are office servers, computer network enterprises, intranets and the Internet.

When using in a network environment LAN computer 110 connected to the LAN 171 through a network interface or adapter 170. When using in a network environment DHW computer 110 typically includes a modem 172 or other means for the formation of the connection in the WAN 173, for example, the Internet. The modem 172, which may be internal or external, can be connected to the system bus 121 via an interface 160 user input or other suitable device. In a networked environment, program modules described in relation to the computer 110, or portions thereof may be stored in a remote storage device. As an example, without implying limitation, figure 1 is a remote application programs 185 is depicted as being in storage device 181. It is clear that the illustrated network connections are exemplary and may be used other means of establishing a communication channel between computers.

Multiple computing environments on the same machine

As described previously, in the art it is known that the two operating systems can work in a single computing device. One of the problems whose solution can be used in the present invention, is the provision of some level of separation of the two operating systems while maintaining some level of interaction between them.

In Fig. 2 depicts a system in which two operating systems 134(1) and 134(2) work on the same computer 110. Between these operating systems there is some type of logical division 202, while between the Opera is ion systems allowed some degree of interaction 204 while maintaining protection at least one of the operating systems from events that occur outside of the operating system. In the example shown in Fig. 2, the operating system 134(1) is the underlying operating system and the operating system 134(2) is the guest operating system, such as described above, the "nexus". As noted earlier, if the operating system 134(2) represents the nexus, it is desirable to create such a division 202, so that this operating system can interact with the operating system 134(1) for the purpose of borrowing at the time of its infrastructure, while preserving it for the operating system 134(2) opportunities to protect themselves against the actions (either malicious or harmless)occurring in the operating system 134(1) and may make the operating system 134(2) to operate with violation given to her specifications. (It should be understood that the invention is not limited to the case when the operating system 134(2) represents the nexus.)

Division 202 between operating systems 134(1) and 134(2) may alternatively be enhanced by using the security monitor. The security monitor is a component that is external to both operating systems 134(1) and 134(2), and provides some security services that can be used to protect the s operating system 134(2) from the operating system 134(1). For example, the security monitor can control access to specific equipment, you can manage the memory usage (in order to provide the operating system 134(2) the right to the exclusive use of certain areas of memory) or can promote the transfer of data from operating system 134(1) the operating system 134(2) secure manner. It should be noted that the use of the security monitor is one of the models of how the operating system 134(2) can be protected from the operating system 134(1), and using security monitor is not required. As another example, the operating system 134(2) could have all the functionality necessary for protection of the operating system 134(1).

It should be noted that in Fig. 2, the operating system 134(1) is shown as "owner", and the operating system 134(2) as "guest". In General, this implies that in these examples, the operating system 134(1) provides certain system infrastructure, which is used both operating systems 134(1) and 134(2) (e.g., device drivers, scheduling, etc), and the operating system 134(2) is a "guest" in the sense that it is in the preferred case, the lack of such infrastructure and uses the infrastructure of erational system 134(1). However, it should be noted that the parameters of what makes the operating system a "host" or "guest"are flexible. Moreover, it should be noted that the traditional concept of "basic" and "guest" operating systems assume that the owner is required to protect themselves from the actions of the guest. However, in the example shown in figure 2, it is assumed that the guest operating system 134(2) is a highly secure operating system that you want to protect yourself from the underlying operating system 134(1). In subsequent examples we will mainly be called the operating system 134(1) "owner" and the operating system 134(2) "guest" or "nexus"in order to distinguish them. You must understand that the methods described here may be applicable to the interaction of any two or more operating systems running on the same machine (or even the same group of related machines).

Providing a graphical user interface in the case of multiple computing environments on the same machine

When the user works with the program in a computer system containing a highly secure operating system, it does this by using the user input device, such as a mouse 161 or keyboard 162 (shown in figure 1). As discussed above, the resolution of the windowing system, operating under the control of the host operating system 134(1), to control the destination of the stream of input events can make it possible illegal actions using compromise the underlying operating system or application. Window or other element of the graphical user interface may be displayed to a user process running on the side of the owner, who may try to simulate legal process that runs on the nexus and running the guest operating system 134(2) (nexus). Therefore, according to one implementation variants of the present invention is applied several different ways to protect the integrity and identifiability legitimate Windows and other elements of the graphical user interface on the side of the owner. In various embodiments of the present invention are used together with any of these methods or all methods.

The block and proglyadyvanie

If both processes are running on the side of the owner, and the processes running on the side of the nexus, can display on the monitor screen of the graphical objects such as Windows and other user interface elements, misconduct may be performed by zamorajivanie all or part of a legal graphics process that runs on the nexus, graphics process that runs on the host. Phi is .3(a) is a block diagram of the image. Figure 3(a), the image 300 includes a graphical object 310 nexus, which are graphics processes running under the control of the guest operating system 134(2) (nexus). Graphics 320 owner's graphics are processes running under the control of the host operating system 134(1). As shown in Figure 3(a), if Pets displaying graphical objects 320 master on top of the graphical objects of the nexus, graphics nexus can out of the city graphics 320 owner. In this case, illegal actions may be taken by zamorajivanie some or all of the graphical object 310 nexus graphical object 320 of the owner. In addition, if the graphical object 310 nexus is superimposed on the graphical object 320 of the host, but this is partially transparent, then the graphical object 320 of the host can be used to change the appearance of the graphical object 310 nexus in such a way as to mislead.

In one embodiment, the implementation of the present invention such illegal actions are prevented by preventing zamorajivanie all graphical objects 310 nexus, and by prohibiting any proglatyvanija through a graphical object 310 nexus. Thus, for the case shown in Fig. 3(a), will not be Atsa blocking these graphical objects 310 nexus. Figure 3(b) is an illustration of the ban zamorajivanie graphical object 310 nexus. In Fig. 3(b) each of the two graphical objects 310 nexus is fully visible, and cannot overlap of the graphical object 320 of the host on the graphical object 310 nexus. In addition, in one embodiment, the implementation of the present invention for a graphical object 310 nexus is not allowed transparency (either full or partial).

In one embodiment, the implementation of the present invention to prevent such unlawful actions of one process executed on the side of the nexus, in relation to another process running on the side of the nexus, not Pets overlay of graphical objects 310 nexus. In the windowing system on one of the options for implementing the present invention may be one exception - the mouse cursor (which can be drawn process that runs on the nexus, on top of the graphical object 310 nexus when you display this cursor can be resolved overlay on the graphical object 310 nexus.

In another implementation of the present invention if one process executed on the side of the nexus, belongs to two or more elements of the graphical user interface, for example, two Windows, a window and a dialog box when resolving collisions is not who the hiccups security problems. Therefore, one element of the graphical user interface that are in public ownership, are allowed to overlap another element of the graphical user interface that are in public ownership, which belongs to the process performed by the nexus. In the following implementation of the present invention does not overlap elements of the graphical user interface of the upper level, which are in common ownership, but the top-level element can be mapped element, a child of this element at the top level. For example, in this embodiment, a dialog window that is a child of the top-level window that can be superimposed on this window.

In one embodiment, the implementation of the present invention to check whether any of the elements of the graphical user interface elements are related to the side of the nexus, there laid a user action, which removes all the elements of the graphical user interface, not related to the side of the nexus. Laid the user action is an action of the user, which in the context of a computer system always leads to specific consequences. So when is mortgaged user action related to security with monitoring the Ohm, for example, the keystroke combination that clears the entire screen, except for the elements of the graphical user interface related to the side of the nexus.

Fig. 4 is a block diagram of this method. At step 400 stored image related to the nexus element of the graphical user interface that is associated with a process running under the control of a secure runtime environment (agent nexus). At step 410, the image related to the nexus element of the graphical user interface is completely visible, not obscured by any user interface elements related to the owner. In other embodiments of the present invention, any of the elements of the graphical user interface (related to the owner or user), in addition to associated with this process, can not block the element of the graphical user interface related to the nexus.

Sharing secret

In one embodiment, the implementation of the present invention to prevent the above-described wrongful acts involving substitution appears the secret that is hidden from the owner. None of the processes running on the side of the host does not have access to the secret, and, therefore, if a window or other element of the graphical user interface is La can display the secret, this element of the graphical user interface related to the side of the nexus (Primperan).

In one embodiment, the implementation of the present invention the secret communicated to the nexus by the user. This secret user of nexus may be communicated to the nexus at the start trusting phases, for example when a user-defined passwords. The element of the graphical user interface can display the secret user of nexus permanently or withdraw this secret on demand.

The display elements of the graphical user interface processes executing on the side of the nexus, nexus manages the trusted administrator window. This trusted administrator window are also responsible for the window frames, for example their borders and headers. In one embodiment, the implementation of the present invention secret user of nexus not necessarily shared by the processes of the nexus. However, it appears a trusted administrator Windows in the window frames. In another implementation of the present invention secret user of nexus appears only if the user requests it from the window. This request can be made the active window by using laid a user action. For example, laid the user action may be persons of whom I am a combination of keystrokes, which causes the active window to display the secret user of nexus. Otherwise, the window may contain a drop-down menu or activate selected with the mouse or keystrokes leads to reliable graphical object 310 nexus displays the secret user of the nexus.

Secret user of nexus can be an image or phrase. Useful secret may be the image, as the images are easily identified by the user and difficult to describe. If the image selected by the user for use as a secret, is, for example, a photo of the dog user in front of his house, this picture can be described by an attacker who sees the image on the user's screen, however, even with this information, the attacker will be difficult to recreate the image or find a copy.

Fig. 5 is a block diagram of this method. At step 500 is kept secret user of nexus associated with the nexus. At step 510, the image of the secret user of nexus is displayed as part related to the nexus element of the graphical user interface.

The constant change of the secret

As described above, in one embodiment, the implementation of the present invention trusted administrator Windows is the mediator, with the help of which all the processes running on the side of the nexus, display their elements of the graphical user interface, and a trusted administrator window is solely responsible for the framing of Windows, such as borders, for elements of the graphical user interface. In one embodiment, the implementation of the present invention window frames includes a constantly updated short-term secret. This continuously updated secret inaccessible Windows, not related to the nexus, and, therefore, can be used to identify the window, not related to the owner.

For example, if the boundary of each related to the nexus element of the graphical user interface has a certain color and the color changes every 15 seconds, the user will notice that the window is not related to the nexus element of the graphical user interface, if the border of this window does not correspond to the boundaries of other related to the nexus of elements of the graphical user interface. Other possible constantly updated secrets may contain a small graphic image, a combination of icons, glyphs or characters displayed in the frame of a window or chain numbers or hexadecimal numbers. Can be used any information that the user quite easily check the address on the presence of dissimilarity.

In one embodiment, the implementation of the present invention when displaying a graphical object 310 nexus in the image 300 is always present area of the user interface of the nexus system. This area of the user interface contains information relating to the displayed graphical objects 310 nexus. For example, this field may contain the number of displayed graphical objects 310 nexus or the names of the displayed graphical objects 310 nexus (for example, the window titles). The shared secret, which is framed by a graphical object 310 nexus, is also displayed in the user interface of the nexus system. 6 is a block diagram of an image according to one of the options for implementing the present invention. Figure 6 framed window 610 of each graphical object 310 nexus is available in the image 300 is displayed sequence consisting of three glyphs(). In addition, the displayed region 600 of the user interface nexus-system containing the same set of three glyphs. It is easy to confirm to the user that the window shows a process performed on the side of the nexus.

Although changing the secret may occur on a temporary basis (for example, colored border, Esmerelda the camping every 15 seconds as described above, in other embodiments of the present invention secret is changed at the user's request by using laid the actions of the user or when a system event occurs, such as changing the active window.

Fig. 7 is a block diagram of this method. At step 700 are accepted, at least two related to the nexus element of the graphical data. In the windowing system these elements together with the frames of the Windows will make the image window. At step 710 displays two related to the nexus element of the graphical user interface (e.g., Windows), each of which contains one of the mentioned elements of the graphical data in addition to framing, which is the same for all Windows.

The window titles - public and secret

As described above, a trusted administrator Windows can be used as an intermediary by which all the processes running on the side of the nexus, display their elements of the graphical user interface. The administrator of Windows running on the side of the host, can be used to control the display of elements of the graphical user interface for processes running on the side of the owner. In one embodiment, the implementation of the present invention for each element g is officescape user interface, related to the nexus (for example, a graphical object 310 nexus), the administrator of Windows running on the side of the owner, supported by appropriate accompanying element of the graphical user interface. This allows the administrator of Windows running on the side of the owner, to recognize that certain areas of the image 300 are used graphical objects 310 nexus. When the ban zamorajivanie and proglatyvanija described above, this information may be useful for your window Manager running on the side of the host, resulting window, which should be visible, not placed in these areas. However, only limited information about graphic objects 310 nexus should be available on the side of the host.

Thus, in one embodiment, the implementation of the present invention trusted administrator window allows the agent nexus (process, running nexus) to specify the title for each window or other element of the graphical user interface. One title, the secret, is transmitted to an authorized administrator of Windows and is used for windowing, and for displaying in a graphical object 310 nexus. This secret header is not used by a trusted administrator window, together with any% is same, performed on the side of the owner or processes executing on the side of the nexus, except the agent of the nexus, which owns this window (or another element).

In addition to the classified title agent nexus can also set a public header. This is a public header can also be used and the base side, including the administrator of Windows running on the side of the owner. Public header may be used by an administrator of Windows running on the side of the host, as the caption for the accompanying box. In this case, the administrator of Windows can access the window using a public header selected in such a way as to be understandable to the user without the inclusion of information that may violate confidentiality. Thus, if working on the side of the master administrator window allows the user to choose the window that should be active, list boxes, selection options and is a public header associated with an accompanying box. When selected the accompanying box, to activate the corresponding reliable window and the agent nexus associated with this respective trusted window will become active for user input.

Fig is a block diagram of this is on the way. At step 800 for related to the nexus element of the graphical user interface that is associated with the agent nexus, stores the information of the public and private headers. At step 810, the secret information of the header is used by a trusted administrator window for windowing. At step 820 public information header is provided to the owner for use on the side of the host.

Conclusion

Note that the above examples are given merely to explain and in any case should not be construed as limiting the present invention. Although the present invention is described with reference to the different ways of its implementation, it is necessary to understand that this text is a text intended to describe and illustrate, not to limit. In addition, although the invention is described herein with reference to particular means, materials and embodiments, does not imply a limitation of these specifics, rather, it covers all functionally equivalent devices, methods and applications, not beyond the scope of paragraphs appended claims. Experts in the art, using this description, can make numerous modifications and these MEAs is in will not go beyond the extent and nature of the present invention.

1. The way to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and this method contains
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes other operating system;
save the image, at least one related to the nexus element of the graphical user interface that is associated with the first process running mentioned secure runtime environment; and
display mentioned related to the nexus element of the graphical user interface on said monitor screen completely, resulting mentioned on the monitor screen no part of this element can't be blocked up element of the graphical user interface associated with said second actuating environment.

2. The method according to claim 1, wherein the step of displaying the mentioned related to the nexus element of the graphical user interface contains
ensuring that these are related to the nexus element of the graphical user interface does not contain transparent areas.

3. The method according to claim 1, wherein the step of displaying the UE is mentioned related to the nexus element of the graphical user interface contains
display mentioned related to the nexus element of the graphical user interface so that no part of this element can't be blocked up element of the graphical user interface associated with the second process, running mentioned safe runtime.

4. The method according to claim 1, additionally containing
display only the above-mentioned elements of the graphical user interface on said screen when receiving from a user instructions on safe display.

5. The way to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and this method contains
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
saving secret user of nexus associated with said secure Executive environment; and
display related to the nexus element of the graphical user interface containing the above-mentioned secret user of nexus, on said monitor screen, while related to the NEX is soo element of the graphical user interface associated with the process, running mentioned safe runtime.

6. The method according to claim 5, in which the phase of the display related to the nexus element of the graphical user interface containing the above-mentioned secret user of nexus, the screen contains
receiving from a user instructions about how to display the above-mentioned secret user of nexus; and
the display of the above-mentioned secret user of the nexus.

7. The way to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and this method contains
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
welcome to display on said monitor screen, at least two related to the nexus of elements of image data, each of which is associated with the process running the aforementioned secure runtime environment; and
displaying at least two related to the nexus of elements of the graphical user interface, each of which contains one of the mentioned related to the Nexa the elements of graphic data and the frame, typical elements of the graphical user interface.

8. The method according to claim 7, in which the said frame, typical elements of the graphical user interface contains a colored border.

9. The method according to claim 7, in which the said frame, typical elements of the graphical user interface includes one or more images selected randomly.

10. The method according to claim 7, additionally comprising
the change mentioned framing, typical elements of the graphical user interface after a predetermined period of time.

11. The method according to claim 7, additionally comprising
the change mentioned framing, typical elements of the graphical user interface, when receiving from a user instructions to change the frame.

12. The way to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and this method contains
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
retention of information publicly available header information and the secret of the CSOs header for related to the nexus element of the graphical user interface, associated with the process running the aforementioned secure runtime environment;
the use of the aforementioned information secret title for windowing in the above-mentioned safe Executive environment when displaying the mentioned related to the nexus element of the graphical user interface; and
the provision of the aforementioned information public header for use in the above-mentioned second Executive environment.

13. The method according to item 12, in which the above-mentioned second Executive environment contains basic administrator Windows, designed to control the elements of the graphical user interface on said monitor screen, and the base administrator Windows creates the companion element of the graphical user interface for the mentioned related to the nexus element of the graphical user interface, and referred to a public header is mentioned base administrator window.

14. The method according to item 12, further comprising
displaying each of the above-mentioned related to the nexus of elements of the graphical user interface on said monitor screen completely so that on said monitor screen no part mentioned related to the nexus of the graphical element in the of erface user can't be blocked up element of the graphical user interface, associated with said second actuating medium, with each of the above-mentioned related to the nexus of elements of the graphical user interface includes framing, typical elements of the graphical user interface;
saving secret user of nexus associated with said secure Executive environment; and
displaying on said monitor screen related to the nexus element of the graphical user interface containing the above-mentioned secret user of the nexus.

15. Machine-readable media containing executable computer instructions that are designed to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and these executable computer instructions designed to perform actions, comprising
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
save the image, at least one related to the nexus element of the graphical user interface that is associated with the first process p is d management mentioned the secure runtime environment; and
display mentioned related to the nexus element of the graphical user interface on said monitor screen completely, resulting mentioned on the monitor screen no part of this element can't be blocked up element of the graphical user interface associated with said second actuating environment.

16. A machine-readable medium of clause 15, in which the said action display related to the nexus element of the graphical user interface on the monitor screen contains
ensuring that these are related to the nexus element of the graphical user interface does not contain transparent areas.

17. A machine-readable medium of clause 15, in which the said action display related to the nexus element of the graphical user interface on the monitor screen contains
display mentioned related to the nexus element of the graphical user interface so that no part of this element can't be blocked up element of the graphical user interface associated with the second process, running mentioned safe runtime.

18. A machine-readable medium of clause 15, in which executable computer instructions implemented with the ability to perform actions, further what about the containing
display only the above-mentioned elements of the graphical user interface on said screen when receiving from a user instructions on safe display.

19. Machine-readable media containing executable computer instructions that are designed to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and these executable computer instructions designed to perform actions, comprising
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
saving secret user of nexus associated with said secure Executive environment; and
display related to the nexus element of the graphical user interface containing the above-mentioned secret user of nexus, on said monitor screen, while related to the nexus element of the graphical user interface associated with a process running mentioned safe runtime.

20. Machine-readable medium according to claim 19, in which the mentioned dei is a journey of display related to the nexus element of the graphical user interface, containing the above-mentioned secret user of nexus, the screen contains
receiving from a user instructions about how to display the above-mentioned secret user of nexus; and
the display of the above-mentioned secret user of the nexus.

21. Machine-readable media containing executable computer instructions that are designed to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and these executable computer instructions designed to perform actions, comprising
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
welcome to display on said monitor screen, at least two related to the nexus of elements of image data, each of which is associated with the process running the aforementioned secure runtime environment; and
displaying at least two related to the nexus of elements of the graphical user interface, each of which contains one of the mentioned related to the nexus of elements of the graphical data of the frame, typical elements of the graphical user interface.

22. Machine-readable medium according to item 21, in which the said frame, typical elements of the graphical user interface contains a colored border.

23. Machine-readable medium according to item 21, in which the said frame, typical elements of the graphical user interface includes one or more images selected randomly.

24. Machine-readable medium according to item 21, in which executable computer instructions implemented with the ability to perform actions, further comprising
the change mentioned framing, typical elements of the graphical user interface after a predetermined period of time.

25. Machine-readable medium according to item 21, in which executable computer instructions implemented with the ability to perform actions, further comprising
the change mentioned frame, identical to the elements of the graphical user interface, when receiving from a user instructions to change the frame.

26. Machine-readable media containing executable computer instructions that are designed to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and a second execution environment, and this is performed by computer instructions designed to perform actions, contains
the implementation of the operation of the second executing environment simultaneously with the operation of the secure runtime environment, and safe Executive environment includes nexus, and the second Executive environment includes other operating system;
retention of information publicly available header information secret title for related to the nexus element of the graphical user interface that is associated with the process running the aforementioned secure runtime environment;
the use of the aforementioned information secret title for windowing in the above-mentioned safe Executive environment when displaying the mentioned related to the nexus element of the graphical user interface; and
the provision of the aforementioned information public header for use in the above-mentioned second Executive environment.

27. Machine-readable media on p, in which the above-mentioned second Executive environment contains basic administrator Windows, designed to control the elements of the graphical user interface on said monitor screen, and the base administrator Windows creates the companion element of the graphical user interface for the mentioned related to sexualmente graphical user interface, and referred to the public header is mentioned base administrator window.

28. Machine-readable media on p in which executable computer instructions implemented with the ability to perform actions, further comprising
displaying each of the above-mentioned related to the nexus of elements of the graphical user interface on said monitor screen completely, resulting mentioned on the monitor screen no part mentioned related to the nexus element of the graphical user interface can't be blocked up element of the graphical user interface associated with said second actuating medium, with each of the above-mentioned related to the nexus of elements of the graphical user interface includes framing, typical elements of the graphical user interface;
saving secret user of nexus associated with said secure Executive environment; and
displaying on said monitor screen related to the nexus element of the graphical user interface containing the above-mentioned secret user of the nexus.

29. The system is designed to maintain the security of the data displayed on the monitor screen, for a system containing a secure execution environment and the second run is inuu Wednesday, moreover, this system contains
secure Executive environment and a second execution environment, which are mentioned in the system simultaneously, and secure Executive environment includes nexus, and the second Executive environment includes other operating system;
the storage medium secure runtime environment that is designed to store information secret title for related to the nexus element of the graphical user interface that is associated with the process running the aforementioned safe Executive protection, and storage of secret user of nexus associated with said secure Executive environment;
the storage medium of the second runtime environment, designed to store information in a public header for the mentioned related to the nexus element of the graphical user interface; and
trusted administrator window for displaying each of the above-mentioned related to the nexus of elements of the graphical user interface on said monitor screen completely, resulting mentioned on the monitor screen no part mentioned related to the nexus element of the graphical user interface can't be blocked up element of the graphical user interface is the user, associated with said second actuating medium, with each of the above-mentioned related to the nexus of elements of the graphical user interface includes framing, typical elements of the graphical user interface, and the secret information of the header.

30. The system of clause 29, which referred to a trusted administrator window displays on said screen related to the nexus element of the graphical user interface containing the above-mentioned secret user of nexus.



 

Same patents:

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to a method of entering information, specifically to a new method of entering information which prevents disclosure of the entered information to observers. In accordance with the present invention, information is entered using a secret information input unit, which has a group of active characters, a group of inactive characters and a group of control apparatus. Users enter the required information, executing an operation for moving, canceling and increasing (decreasing) value of a character. Despite that observers see the information input process, the proposed method of entering information prevents disclosure of the entered information since it prevents recognition by observers of the entered information during the entering process.

EFFECT: prevention of recognition of entered information by outside observers of the entering process.

11 cl, 19 dwg

Data selector // 2371755

FIELD: information technologies.

SUBSTANCE: user controls how the contact information is provided to one or more applications by using the interface object of "persons" corresponding to "persons" and contact information, and interface of the information selector. Interface of "persons" identifies available "persons", at that, each "person" has various contact information. User can choose "person" to use in response to the information requested by the application. "Persons" can be changed and developed by means of the information selector interface which can also be used to inform the user what information is requested and how it will be used.

EFFECT: invention allows users to perform informative control of what kind of information from their contact information is provided to the application.

32 cl, 5 dwg

FIELD: physics.

SUBSTANCE: invention relates to means of three-dimensional displaying a data collection based on attribute. A time scale is proposed for displaying files and folders. The time scale can include a focus group which displays detailed information on its content for the user. The remaining elements on the time scale are displayed in less detail and can be placed in such a way that, they seem far from the user. A histogram can be provided as part of this presentation, which enables the user to easily navigate on the time scale while looking for a file or folder.

EFFECT: increased efficiency of a method of organising and displaying files with increased number of files.

40 cl, 18 dwg

FIELD: radio engineering.

SUBSTANCE: invention relates to radio engineering, particularly to methods and devices for inputting information into computers and game consoles. Electromagnetic waves are emitted using the main antenna of a transmitter built into the manipulator. These electromagnetic waves are received using at least three spaced antennae of a receiver - if the manipulator moves in a plane, and using at least four spaced antennae of the receiver - if the manipulator moves in space. Phase difference of signals is measured on different pairs of antennae of the receiver and from the ratios of phase differences, coordinates of the manipulator in the plane or space are calculated. The device for determining coordinates of a "mouse" or "electronic pen" type manipulator has a transmitter with a main antenna built into the manipulator and a reception device, which includes at least three spaced antennae if the manipulator moves in a plane and at least four spaced antennae if the manipulator moves in space.

EFFECT: wider functional capabilities and field of use of the "mouse" or "electronic pen" type manipulator.

4 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to the field of computer engineering, namely to module comprising television card and remote control station. Besides television card of ExpressCard 34 mm standard has long side and short side, moreover, length of television card short side makes 34 mm, and remote control station for television card control has long side and short side, length of which does not exceed 20 mm, and is connected to television card through connection structure that provides for connection between long side of television card and long side of remote control station. Produced module that comprises television card and remote control station is made with the possibility to be inserted into ExpressCard 54 mm standard notebook slot.

EFFECT: development of module from television card and remote control station, which may be inserted into ExpressCard 54 mm standard slot, as a result, remote control station carrying is facilitated, space is found for its placement, and probability of its loss is lowered.

10 cl, 5 dwg

FIELD: communication devices.

SUBSTANCE: present invention relates to a mobile communication terminal with a graphical user interface and to a user interface control method. For this purpose, the mobile communication terminal has a display with an application domain on it. The application domain is divided into at least two parts of different sizes. The size assigned to corresponding parts of the application domain is dynamically controlled in response to user input.

EFFECT: provision for the user with better browsing and easier navigation between entries in a telephone or address book.

51 cl, 10 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to a keyboard of a processor device and particularly to a display unit with a keyboard, situated above a computer display. The technical outcome is achieved due to that, the display unit keyboard, meant for putting on top of a screen, contains an array to be put on top of the screen, and a group of transparent keys, fitted into the array. Each transparent key rectangular shaped and can be pressed on any of its edges to close a switch corresponding to that edge, which is fitted on each edge of each window of the array.

EFFECT: more functional capabilities due to provision for giving several different commands when one key is pressed as well as when several different keys are pressed, located above characters, illuminated on any screen, including non-touch screens.

12 cl, 5 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to multi-planar user interfaces of data processing devices of computer systems. The technical outcome is achieved due to that, a user operates a computer using a remote control device instead of the traditional user interface, where a user operates a computer using a keyboard and a mouse directly connected to the computer. The user interface, according to the invention, uses three-dimensional space and animation to provide the user with clearer display necessary for navigation and selecting items on the user interface. Use of three-dimensional space also increases space on the screen, accessible for items with content, and allows the media user interface to display unselected items from the main field of vision of the user. The user interface can animate movements in three-dimensional space, making easier conceptual navigation by the user on the user interface.

EFFECT: convenient and easier use while interacting with the user.

36 cl, 33 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to methods of processing graphic and other video information for display in computer systems. The technical outcome is achieved due that, the medium integration level, which includes an application program interface (API) and an object model, allows for coordinated interaction between programmers and the data structure of scene graph for graph outuputting. Through interfaces, the program code adds child visual objects and other visual objects for construction of hierarchal scene graph, records a command list, for example geometry data, image data, animation data and other data for outputting and can specify conversion, clipping and non-transparency properties on visual objects. Medium integration level and API allow programmers to achieve composite effects in their applications directly, while enhancing the graph processing unit such that there is no adverse effect on normal output of applications. The multilevel system incorporates the possibility of combining different types of media (for example, two-dimensional graphs, three-dimensional graphs, video, audio, text and imaging) and their smooth and seamless animation.

EFFECT: improvement of graphic model, which allows for using numerous features and possibilities of graph processing and efficient output of complex graphic and audio-visual data.

66 cl, 42 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention relates to methods of substitution, done after caching. The method of inserting dynamic content into cache content when cache content is being transferred to a client in a system which has a server, which, in response to client requests, transfers content from the cache content, involves the following: a request for content is received from a client; a response buffer sequence is extracted from the cache, which comprises a substitution unit with a delegate-element; the response buffer sequence corresponds to content requested for by the client; the substitution unit extracted from the response cache is a filler for dynamic, non-cached content, which should be formed each time the given content is requested for; and the delegate-element associated with the substitution unit is activated, which forms dynamic content, which is included in the response buffer sequence, provided for in response to a client request.

EFFECT: cutting on response time to a client request.

29 cl, 6 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to architecture and a method of permitting display of digital content with the corresponding digital license, associated with a specific computer device. Transmitting and receiving computer devices are connected to each other over a network. A transmitting device transmits protected digital content to a receiving device such that, the receiving device can access that content even if the content is directly licensed to the transmitting device and not to the receiving device.

EFFECT: coordinated access to content between computer devices on a network.

20 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: inventions are related to computer systems and methods for provision of protected access to database. System comprises memory device for protection descriptors, which store information about protection, related to at least one line of database, besides database contains at least one table that includes at least one line and two columns, in one of columns there is a protection descriptor stored, being related to line, information stored in protection descriptor comprises data about which type of access and to which principal is permitted or prohibited; database processor that issues response to query of database, based at least partially on information about protection stored in protection descriptor, which is assessed on the basis of information stored in database, and context of user that makes query; query component that contains optimiser of queries, which defines optimal route for response provision to query.

EFFECT: improved protection of access to database.

20 cl, 9 dwg, 2 tbl

FIELD: information technologies.

SUBSTANCE: there chosen is domain identifier and connection of at least one user (P1, P2, …, PN1), at least one device (D1, D2, …, DM) and at least one information element (C1, C2, …, CN2) to Authorised Domain (AD) specified with domain identifier (Domain_ID). By means of that there have been obtained many checked devices (D1, D2, …, DM) and many checked personalities (P1, P2, …, PN1), which is authorised for access to information element of the above Authorised Domain (100). Thus, access of user who controls the device to information element of authorised domain is obtained either by checking the fact that information element and user are connected to one and the same domain or by checking the fact that device and information element are connected to one and the same domain.

EFFECT: ensuring method and system for providing Authorised Domain structure based both on personalities and on devices.

12 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: checking method of certificate validity, which includes the key connected to network devices, involves the step of receiving the encoded content and validity index connected to that content in the network. Certificate validity is evaluated from the time index included in the certificate where the time index has the value corresponding to the certificate issuing date, and from validity index connected to the above encoded content.

EFFECT: simplifying the checking process of certificate validity, which provides access to data without reducing data access security.

20 cl, 12 dwg

FIELD: information technologies.

SUBSTANCE: method and device for determining authenticity of the system user is based on comparing coordinates of peculiar features of papillary patterns of fingers at double finger touch of the receiving scanner surface. During the first registration there obtained are pictures of at least two fingerprints, and during the second registration there obtained is the picture of at least one fingerprint, at that, the second registration is performed upon "request-answer" protocol command. Authenticity is considered confirmed in case of non-linear dependence of coordinate offsets of peculiar features of the first and the second pictures. Device for implementing the method consists of a scanner, picture processing unit, database, comparing unit, protocol forming unit connected to the scanner, and comparing unit. Protocol forming unit display panel is located on the scanner front surface.

EFFECT: ensuring high accuracy of authenticity and excluding the access of occasional persons to the protected system.

3 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: first initial value is known both to the keyboard and the component. Keyboard and component exchange time values. Both the keyboard and the component compute the second initial value and the third initial value on the basis of time values and the first initial value. Both the keyboard and the component make one and the same computation so that both the keyboard and the component have one and the same second and third initial values. The keyboard encodes keystrokes meant for the component by using CBC-3DES method on the basis of the key and the second initial component, as well as creates message authentication code for each keystroke by using CBC-3DESMAC on the basis of the key and the third initial value. The component encodes and verifies keystrokes by using the key and the second and the third initial values.

EFFECT: providing safety connection between two components, such as a keyboard or a related device, and software component via an unsafe communication channel.

26 cl, 6 dwg

FIELD: instrument making.

SUBSTANCE: invention is related to the field of machine access, in particular to identification and authentication of object, user or principal with authenticator for logical entry into local and/or remote machine with operating system. Authenticators are transformed by means of one of multiple different modules of authenticator provides, every of which transforms according different type of authenticators into common protocol. Transformed authenticators are sent through application programming interface (API) to user interface module (UI) of logical entry to operating system (OS) of local machine, which is called by UI module of logical entry for authentication of transformed authenticators according to database of authenticators. User identified with transformed authenticator realises a logical entry for access to local machine in case of successful authentication.

EFFECT: possibility of safe joint application of multiple interacting modules that are fully compatible with operating system of local machine.

18 cl, 22 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to computer engineering, in particular to system for control of access to resources of Internet network depending on category of requested resources and accepted safety policy. System comprises module of selection of site reference addresses in server database, module of electronic document addresses identification in access list, module of identification of time cycles of addresses selection from access list, module for generation of signals of server database entries selection control, module of selection of access to electronic documents.

EFFECT: improved efficiency of system by localisation of addresses of server database access list records searching by identifiers of electronic documents.

8 dwg, 6 tbl

FIELD: physics; computer engineering.

SUBSTANCE: method of transferring accumulated measured data from a client to a measurement service, where each set of measured data is indexed in the measured data base of the client in accordance with a measurement identifier (MID) and further indexed in the measurement data base in accordance with an identifier, associated with content (KID). To increase effectiveness of protecting the data base from unauthorised access, the client chooses a specific MID, chooses at least part of measured data in the measurement data base, containing the chosen MID, where the chosen measured data are arranged in accordance with KID. The client generates a request based on the chosen measured data and sends the request to the measurement service. The measurement service receives measured data from the request, stores them and generates a response, which should be returned to the client based on the request. The client receives the response from the measurement service, which includes a list of KID of chosen measured data in the request, confirms that the response corresponds to the request, and generates a list of KID in response, for each KID, by deleting measured data from the measurement data base, containing the chosen MID and KID.

EFFECT: more effective protection of data base from unauthorised access.

20 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: invention relates to computer engineering, and generally to computer security. The method of providing for protected input comprises stages on which: a data stream entered by a user is received from a trusted input device in a second program execution environment; the received stream is sent from the second program execution environment to a protected program execution environment; determination is made of whether the protected program execution environment is in standard input mode; the initial data stream entered by the user is sent to the protected program execution environment based on the input mode of the latter; if the protected environment is in standard input mode, then at least the first part of data entered by the user is sent to the second program execution environment; determination is made of whether the data entered by the user contain user instruction for highly reliable input mode (NIM) and if so, and the protected program execution environment is not in highly reliable input mode, the protected program execution environment is switched to highly reliable input mode.

EFFECT: increased security level of computers.

38 cl, 6 dwg

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

Up!