System on-a-chip to implement safe bootstrap loading, using its device of image formation and method of its use

FIELD: information technology.

SUBSTANCE: system on-a-chip to perform the safe bootstrap, using the encrypted data, containing: the first memory for storing the encryption keys plurality, that are stored; the second memory; the third memory for storing the encryption key value, that is stored; the first memory controller to control the access to the first memory; the second memory controller to control the access to the second memory; the bus; the CPU for the encrypted data decryption, that is stored in the external nonvolatile memory, using the encryption key, corresponding to the encryption key setting from the plurality of encryption keys in order to store the decrypted data in the second memory and perform the bootstrap, using the data, stored in the second memory; and the switching unit for selective connecting one of the first memory controller and the second memory controller to the bus in accordance with the CPU operating state.

EFFECT: RAM initial loading process improvement.

12 cl, 31 dwg

 



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to means of unlocking and providing access to a device. The method includes receiving a request to unlock an encrypted device connected to a system, wherein the request is received by a secure partition of the system via a secure link established between a trusted remote console and the secure partition, and the secure partition is insulated from the primary operating system in the system; receiving a marker from the trusted remote console through the secure partition; using, through the secure partition, said marker to turn the encryption key of the device stored in a secure storage region, wherein the encryption key of the device is used to encrypt units of the encrypted device, and the secure storage region is concealed from the primary operating system; unlocking, through the secure partition, the encrypted device using the encryption key of the device in response to the request and without involving the primary operating system.

EFFECT: improved security of the device.

21 cl, 9 dwg

FIELD: physics, computation hardware.

SUBSTANCE: invention relates to safety of info systems. Standard technical conditions of active network hardware are, first, recorded. The list of open network ports, check sums of configuration files and software files, check sums of the results of control effects over active network hardware control system are recorded. Intermittent monitoring of active network hardware is executed. Reference and current states of said reference and current hardware are compared. In case current technical state does not comply with reference state, appropriate message is generated.

EFFECT: higher level of active network hardware protection.

2 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A robust and secure hardware-computer system in a cloud computing environment includes, interconnected and connected over a network, a first group of operating computers and a second group of computers for storing program sessions, as well as a control computer, through which the second group of computers for storing program sessions, high-performance computing resources and partitioned file storages are connected, wherein the system additionally includes a hypervisor, a security system which includes an attack detection and prevention module, a firewall module and a module for protection from unauthorised access and a system for providing fault-tolerance, which includes a module for providing fault-tolerance at the hardware resource level, a module for monitoring service virtual machines and a module for providing fault-tolerance of services.

EFFECT: improved reliability of the system and fast recovery of resources lost due to faulty equipment.

FIELD: physics, computation hardware.

SUBSTANCE: invention relates to computer engineering. Programme module code is loaded to main memory by safety system processor unless the actuation of OS execution in main memory address range located outside that used by said OS. Started OS readdress the access to said programme module from user programme to main memory address whereto programme module is loaded before OS execution actuation. This is performed with the help of file system which associates automatically the programme module address in user programme virtual memory space with physical address of main memory programme module.

EFFECT: ruled out faults on OS operation.

15 cl, 5 dwg

FIELD: information technology.

SUBSTANCE: method is performed by using the principle of masking the side electromagnetic radiation and leakage (SEMRL) of the main tablet computer similar to false SEMRL of the second tablet computer, the identical false SEMRL inseparable from the main SEMRL are created, masking the operation of the main tablet computer. At that the main and the additional tablet computer completely identical in hardware components and internal topology are used. The additional tablet computer is located with its screen under the bottom of the main tablet computer in parallel and symmetrically on the same-name sides without mutual touching at a distance of less than a quarter of the wavelength of oscillation of the same processor speed.

EFFECT: providing protection of the tablet computer from information leakage without the use of a noise generator.

FIELD: radio engineering, communication.

SUBSTANCE: method is carried out by inputting identification code information of identified objects into the differential time offset of noise-like signals used as request and response signals. The system consists of an identifier placed on an aircraft and a ground-based identification device. The main parts of said devices are correlation meters for determining the differential time offset of noise-like signals used for identification.

EFFECT: high security of the identification owing to invariance to interception of confidential information, high noise-immunity of the system.

4 cl, 3 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of preventing unauthorised use of vehicle equipment, based on use of software, the method comprising determining, using a vehicle computer system, that the infotainment system is turned on; receiving a unique identification number of the vehicle from a vehicle network associated with the vehicle in which the infotainment system is installed; comparing the unique identification number of the vehicle with a stored identification number of the vehicle, previously associated with the infotainment system; providing access to the infotainment system only if the unique identification number of the vehicle matches the stored identification number of the vehicle; otherwise blocking use of the infotainment system.

EFFECT: effective prevention of unauthorised use of stolen equipment in another vehicle.

3 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method for electronic notary certification of text information, which includes preliminary registration of a contractor in an "electronic notary" system; when sending information by electronic mail, indicating in the "copy" field the address of the automatic "electronic notary" system; upon receiving a copy of the sent information, the automatic mail enters the copy into the personal accounts of the sender and the receiver with indication of the time of sending, the sender, the addressee of the information and all attachments comprising the information, wherein the automatic mail further notifies the addressee on the sending of information and storage of the certified copy of the sent information on the website in the personal account of the contractor.

EFFECT: confirming the sending of a document or file with indication of the date and time of sending via electronic mail.

4 cl

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to data processing. A data processing system has a browser with scripting engine means for executing a script. The scripting engine means implements a public scripting engine and a private scripting engine. The browser is configured to have the script executed by the public scripting engine if the script does not require access to a pre-determined resource at the system. The browser is configured to have the script executed by the private scripting engine if the script requires access to the pre-determined resource. Only the private scripting engine has an interface for enabling the script to access the predetermined resource. The scripting engine means is configured to prevent the private scripting engine from communicating data to the public scripting engine or to a server external to the data processing system if said data communication is not confirmed.

EFFECT: protecting private user data.

5 cl, 1 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to data memory method for storage of software product and to devices for secure data transmission. The device contains the assignment unit (2) for assigning of connections of data (DV) from various initial components (SK) through, respectively, at least, one intermediate component (ZK) to the common target component (ZK), the combining unit (3) for combining of intermediate components (ZK) depending on cryptographic information (KI) in one intermediate component (ZK) by means of, at least, one exchange of messages, and the exchange of messages is performed according to a method with a shared key, to Http-Digest-Authentication method, a request-answer method, key hash method, hash function, to Diffie-Hellman method and/or to the digital signature method and the data transmission unit (4) for data transmission (D) from initial components (SK) through the integrated intermediate component (ZK) to the target component (ZK).

EFFECT: improvement of security of data transmission.

14 cl, 12 dwg

FIELD: physics, computation hardware.

SUBSTANCE: invention relates to computer engineering. Programme module code is loaded to main memory by safety system processor unless the actuation of OS execution in main memory address range located outside that used by said OS. Started OS readdress the access to said programme module from user programme to main memory address whereto programme module is loaded before OS execution actuation. This is performed with the help of file system which associates automatically the programme module address in user programme virtual memory space with physical address of main memory programme module.

EFFECT: ruled out faults on OS operation.

15 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. An integrated circuit card comprises a processing unit associated with random-access memory (RAM) and means of exchanging data with an external device, the RAM including a single memory zone dedicated to data exchange, and the processing unit being configured to write data, intended for exchange between said integrated circuit card and said external device, into said single dedicated memory zone and configured to limit the risk of said zone containing data that are harmful for the security of the card, wherein the processing unit is programmed to scramble data contained in said single dedicated memory zone before transmitting said data to an external medium such that data successively received by the card cannot be re-scrambled or used to generate an unauthorised instruction.

EFFECT: providing data security.

8 cl, 1 dwg

FIELD: information technology.

SUBSTANCE: system comprises: a unit of analysis of access request, a unit of determining process requesting the access, a decider, a unit of audit of unauthorised events, a unit of the process completion, a unit of storage of access rights to resources.

EFFECT: enhanced functional capabilities of the system of control of access to resources through the implementation of functions of detection and prevention of intrusions.

2 dwg, 1 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: system for session-based resource access control, comprising a unit for user identification from a request, a unit for identifying an access object and action from a request, a unit for identifying a process from a request, a unit for user identification and authentication, a unit for selection of a session by a user, a decision element unit, a unit for storing access rules, wherein the input of the unit for user identification from a request is connected to the input of the unit for identifying an access object and action from a request, the input of the unit for identifying a process from a request, the first input of the system, the output of the unit for user identification from a request is connected to the first input of the decision element unit, the second input of which is connected to the output of the unit for identifying an access object and action from a request, the third input is connected to the output of the unit for storing access rules, the first output is connected to first output of the system, the second output is connected to the first input of the unit for storing access rules, the second input of which is connected to the second input of the system, the fourth input of the decision element 6 unit is connected to the output of the unit for identifying a process from a request, the fifth input is connected to the first output of the unit for selection of a session by a user, the second output of which is connected to the second output of the system, the input/output of the user identification and authentication unit is connected to the first input/output of the system, the input/output of the unit for selection of a session by a user is connected to the second input/output of the system, the third input of the unit for selection of a session by a user is connected to the second input of the user identification and authentication unit, the second input of the system, the output of the user identification and authentication unit is connected to the sixth input of the decision element unit, the second input of the unit for selection of a session by a user.

EFFECT: broader functional capabilities of the system for controlling access to resources by implementing session-based resource control, wherein the access subject is defined by three entities - a session, a user and a process.

1 tbl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to protecting information generated and stored in computer systems from unauthorised access. The system for controlling access to files based on manual and automatic markup thereof comprises a decision unit, an automatic file markup unit, a file access rule storage unit, a manual file markup unit, a file markup control unit, a file attribute storage unit, wherein the first input of the decision unit is connected to the first input of the system, the first input of the automatic file markup unit, the second output is connected to the output of the system, the second input of the automatic file markup unit is connected to the third input of the system, the first output is connected to first input of the file markup control unit, the second input of which is connected to the first output of the manual file markup unit, the second output of the automatic file markup unit is connected to the third input of the file markup control unit, the fourth input of which is connected to the second output of the manual file markup unit, the fifth input is connected to the output of the file attribute storage unit, the first input of which is connected to the third output, and the second input is connected to the fourth output of the automatic file markup unit, the first output of the file markup control unit is connected to the third input of the automatic file markup unit, the second output is connected to the third input of the manual file markup unit, the first input of which is connected to the fourth, and the second is connected to the fifth input of the system, the third output of the automatic file markup unit is connected to the first input of the file access rule storage unit, the second input of which is connected to the second input of the system, the third input is connected to the second output of the decision unit, the second input of which is connected to the output of the file access rule storage unit.

EFFECT: high efficiency of controlling access to files.

2 dwg, 5 tbl

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to user authentication. An anti-peep user authentication method comprises preliminary formation of a set of N graphic symbols, where N is a natural number, the value of which is limited by the possible number of graphic symbols which can be placed on a screen with a quality which enables recognition of said graphic symbols, providing the user with a selection from said set for storing a group of S secret graphic symbols sk, where k=1…K, where K is the number of graphic symbols in the group S, selected based on the ease of memorisation by the user, carrying out the i-th step of inputting authentication information, wherein i=1…I, where I is the total number of steps, by displaying on the screen Ni graphic symbols randomly selected from the set, among which an si-th secret symbol is placed in an arbitrary position, the secret symbol being selected from the group S of secret symbols, forming an invisible secret area Ai, fixing a point hi of user action on the screen, generating a positive result of carrying out the i-th step of inputting authentication information upon satisfying the condition of association of the fixed point of action of the invisible secret area hi∈Ai and a negative result otherwise, generating a positive decision on authentication after obtaining positive results of carrying out all I steps of the user inputting authentication information a negative decision otherwise, wherein the graphic symbols from the set N are arranged on the screen in the form a table, in which symbols have random coordinates (Xsi,Ysi), where Xsi=1…a and Ysi=1…b (a is the number of rows in the table, b is the number of columns in the table), further providing the user with a gesture from a database of secret gestures for memorisation, each gesture being formed by a pair of numbers (d1,d2), where d1 and d2 are natural numbers, wherein d1 and d2 are less than or equal to the greater value between a and b (d1,d2≤max{a,b}), when carrying out the i-th authentication step, forming the invisible secret area in the form of a set of graphic symbols of the table having coordinates (XSi±md1, YSi±md2), where m is natural number, wherein md1 and md2 are less than or equal to the greater value between a and b (md1,md2≤max{a,b}), and fixing the points of user action on the screen by selecting any symbol from the invisible secret area.

EFFECT: high efficiency of user authentication.

4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. The system for reforming an object in an access request comprises an access object forming unit, an access request forming unit, wherein the system further includes a unit for storing rules of reforming an object in an access request, a unit for selecting a rule of reforming an object in an access request and an access object replacement unit and connections thereof.

EFFECT: enabling access object system reformation in an access request when multiple users are simultaneously operating on a computer.

2 dwg, 2 tbl

FIELD: information technology.

SUBSTANCE: apparatus for creating a trusted environment and protecting information from unauthorised access for computers of an information computer system comprises a flash memory chip based storage with an SPI interface, which is connected to the SPI bus of the computer motherboard chipset and contains in its write-protected area computer BIOS with additionally built-in instructions which facilitate interaction with a microcontroller and checking integrity of loaded software, and a controlled high-speed electronic switch installed on the SPI bus of the motherboard between the computer chipset and the storage, wherein the microcontroller is provided with an electronic switch control channel, which connects the control output of the input/output port of the microcontroller with the control input of the electronic switch, as well as an SPI interface controller, which enables to connect the microcontroller to the SPI bus and operation thereof in a mode of direct access to memory of the storage and in a mode of controlling instructions from the chipset to the storage via the SPI bus.

EFFECT: high efficiency of protecting a computer from unauthorised activity at all operation phases thereof.

2 cl, 3 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to protecting a computer data storage. The method of loading a secure data storage using a computer comprises steps of turning on a computer, loading Unified Extensible Firmware (UEFI) by the computer from the memory module of the computer motherboard, at the UEFI execution step, switching to a driver execution environment for supplying power to the secure data storage and initiating an access controller of said data storage, sending a UEFI authentication certificate to the access controller of said data storage and verifying the response, upon satisfaction of all conditions of opening access by the access controller of said storage to its own data, at the end of computer operation, closing access to the data storage until the next initiation of the access controller of said data storage.

EFFECT: high efficiency of protecting a data storage.

4 cl, 1 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to protecting a computer from malware. The method of checking a computer with an antivirus in UEFI at an early stage of booting the computer comprises steps of: turning on the computer; the computer loading Unified Extensible Firmware (UEFI) from the memory module of the computer motherboard; at the UEFI execution step, switching to a driver execution environment for launching the antivirus module from a separate partition of the motherboard memory module, wherein the antivirus module checks the computer hard drives for signs of viral activity and if viruses are detected, performs procedures for elimination thereof, and after operation of the antivirus module, protecting the memory module from reading and writing with the aim of changing or blocking the memory module, and the transferring UEFI control for further booting of the computer.

EFFECT: improved computer safety.

3 cl, 1 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!