Device for controlling unauthorized access

 

Device for controlling unauthorized access relates to computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (computer basis). The technical result is to expand the functionality of the device and increase efficiency control unauthorized access to information. This device contains input registers, parallel-serial register output registers, pulse generator, a frequency divider, a transmitter, a receiver, encoder, decoder, trigger ready, trigger response trigger interrupt logic circuit And the DC storage device, the setting device address PC, address, ports, memory addresses, the analysis scheme addresses, the mode switch control unit. 1 C.p. f-crystals, 3 ill.

Technical field the Invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) on the basis of the person who Oia objects (for example, according to the patent of Russian Federation N 2029377, 2055401), which provides centralized control for unauthorized physical access to the hardware of the computing system. For this purpose hardware computing systems are equipped with sensors, the condition of which is controlled by a Central device. The disadvantage of these devices is the redundancy used for this purpose hardware (sensors, significant cable products), as well as the possibility of uncontrolled inclusion of technical means and reading information from the screens of the monitors. In addition, the network architecture of the control differs from the architecture of the main local area network (LAN) - based personal computers, which also leads to redundancy used cable products.

The closest analogue (prototype) of the claimed device is a network card Ethernet network (e.g., EtherCard PLUS Elitel6 Series SMS. The user manual) that enables the exchange of information between the PC integrated into the local area network.

Summary of the invention the Known device comprises input registers, the first two information inputs which are connected respectively to the input data from sensors and is vtorogo connected to the output of the input register, the output registers, the first information input of which is connected to the first output shear parallel-to-serial register and the output data bus of the PC, the pulse generator, frequency divider, the input connected to the output of the master oscillator, the transmitter, the output of which is connected to the line LAN control, the receiver, the input connected to the local bus network control, encoder, an input connected to the second output shear parallel-to-serial register, and the output to the first input of the transmitter, decoder, two inputs of which are connected respectively with the first outputs of the receiver and the frequency divider, and the first output from the fourth input shear parallel-to-serial register, the trigger response, the output of which is connected to the data bus of the PC, and the first input of the fourth managing input input registers, the trigger ready, the first output of which is connected with the third managing input input registers, trigger interrupt, the output of which is connected to the bus interrupt PC, and the first input with the second output trigger ready, the control unit, the first input connected to the second output of the frequency divider, the first directly and the second and third in the coherent case, and a fourth output connected to a second input of the transmitter and a second input of the trigger ready, the third input of the control logic circuit And connected with the second output of the decoder block random-access memory (ROM), the first input and the output of which is connected respectively with the address bus and data bus of the PC.

A disadvantage of the known device (prototype) is its limited functionality, not allowing him to use for the implementation of centralized control from unauthorized access to information in local area networks that span multiple PC officials (AWS DL), and display information about unauthorized access to an automated workplace services security information (AWS SOBI).

The aim of the invention is to expand the functionality of the device and increase efficiency control unauthorized access to information.

In the known device further introduced referencing address PC, address, ports, memory addresses, the analysis scheme addresses five inputs which are connected respectively to the outputs of audacia port addresses, and memory addresses, the inputs of the recording business is the input register and the first input of the trigger ready, and the third output from the third managing input output registers, the address comparison PC, three inputs which are connected respectively with the output of the unit address of the PC, the third output shear parallel-to-serial register and a second output of the receiver, and the output from the second installation inputs trigger response and trigger the interrupt and the second input of the output registers, the mode switch, the output of which is connected with the second input of the control unit, and the first () and second ("P") inputs, respectively, with the second output of the circuit analysis addresses and the output of the comparison circuit address of the PC.

The control unit contains the trigger switch mode, parallel/serial, set input connected to the second input ("Start") unit, and the output from the first output (Parallel/serial) block, trigger, synchronization, installation input through the second circuit And connected to the first input ("Frequency") of the block and the trigger output switching mode, parallel/serial, counter-pulse distributor, a counting input connected to the first input ("Frequency") block, fault input, trigger output synchronization the first output with the second output ("Impulse parallelnyi output with fault input trigger synchronization the trigger acceptance, installation input connected to the fourth output of the meter-pulse distributor, and the output from the fourth output ("Turning on the transmitter) unit, a counter, a counting input connected to the first input ("Frequency") block, fault input, trigger output transfer and output with fault input trigger of handover, the first scheme And two inputs which are connected respectively to the first input ("Frequency") of the block and the output trigger of handover, and the output from the third output ("Synchronizing series") of the block.

List of drawings and other materials In Fig.1 shows a structural diagram of a device for controlling unauthorized access.

In Fig.2 shows the block diagram of the control unit of the device.

In Fig.3 shows the structural scheme of the computing system using the device to control unauthorized access.

Example options for performing device Device for controlling unauthorized access (Fig.1) contains the unit address of the PC 1, the input registers 2, circuit analysis addresses 3, unit address, port 4, unit address memory 5, a block random-access memory (ROM) 6, a comparison circuit address of the PC is 11, the mode switch 12, an encoder 13, the pulse generator 14, the frequency divider 15, the control unit 16, a trigger interrupt 17, the transmitter 18 and the receiver 19, the decoder 20, the control logic And 21 bus from the sensors 22, the ISA bus of the PC 23, the bus interface LAN control (ISC) 24.

The control unit 16 of the device (Fig. 2) contains the trigger switch parallel/serial 25, the trigger synchronization 26, the trigger acceptance 27, the counter-pulse distributor 28, the counter 29, the first and the second scheme And 30, 31.

A fragment of the computing system using the device to control unauthorized access (Fig.3) contains the PC as part of an automated workplace (AWP) officers (DL) - user 32, the PC as part of AWS services security information (SOBI) 33, a device for controlling unauthorized access (NIC control) 34, Ethernet network card 35 local area network (LAN), T-connector 36, 37 terminator, cable (Thin Ethernet Cable) 38.

Referencing the address of the PC 1, the unit address port 4, unit address memory 5 is performed on the switches and are used to set the corresponding address manually by the operator when setting the configuration of the si information, received in parallel from the bus of the PC 23, for subsequent transfer to the bus interface DSC 24. The input registers 2 have four ports: port address of the PC from which you want to receive an answer; two data ports; port commands.

The analysis scheme addresses 3 and comparison circuit address PC 7 perform the comparison of the address on the bus address of the PC 23 and received from the bus interface lbfv 24 is installed on the unit 4 port addresses, and memory addresses 5. Permanent memory (ROM) 6 is used to store the boot program of the PC (approximate volume 8 To8 bits). Shear parallel-to-serial register 8 converts the parallel words in a serial code during transmission and reverse conversion when receiving information. Output registers 10 are designed to read information coming from the local network control 24, and then write it in the PC. The switch 12 sets the mode of the device in the PC officials - user ("P") and SOBI ("C") and installed manually by the operator in position "P" or "C" when setting the configuration of LSC.

The encoder 13 is designed to convert serial information from potential code in photomanip synchronize a block device. The control unit 16 determines the operation algorithm of the device is sending or receiving when functioning as an arm of the user (official) (P) or AWS SOBI (C) depending on the state of the switch 12. The transmitter 18 and the receiver 19 are respectively for transmission and reception of information to / from bus BFV and convert to the required physical levels. The decoder 20 converts the information from the Manchester code in potential code.

Device for controlling unauthorized access 34 included in the PC (AWS DL and arm SOBI) 32 and 33 are connected in a serial LAN control (ISC) is similar to a local area network (LAN) Ethernet (network card 35), using a cable 38, T-connectors 36 and 37 terminators. Arm officials working mode (configuration) "P" (established by the switch 12, and arm SOBI mode (configuration) "With".

The operation of the device in the local network is under program control "Subsystem access control "Stop File" RDPI.00329-01.

ROM 6 monitoring device contains a boot program of the system. After the unit is installed in the PC loading arm is only possible with a regular drive (drive C). Additionally the device;
two bytes of data transmitted;
- one half byte code management;
- one half byte of status exchange.

Control code determines the request to AWS DL from AWP SOBI: "Lock AWP DL". "Unlock AWP DL". "Issuing state AWP DL".

The state of the currency determines the state of the internal triggers readiness 9, answer 11.

The exchange BFV is always carried out on the initiative of the arm SOBI. Installing the unit 1 in the device number is assigned specific AWS DL. Valid numbers for AWS DL from OO to FD (in hexadecimal code). Room AWP SOBI - FE. In the process, "Subsystem access control" (send) is a dynamic performance control arm DL side of FTEs as follows:
Arm SOBI periodically (every 5 s) using BFV, sends requests for all possible addresses AWS DL;
- upon receipt of a request from a workstation SOBI device control arm DL generates an interrupt and executes one of the following:
at power on AWS DL AWP SOBI to pass information about the power-arm DL;
when activated, the work transfer on AWS DL is checked for correct functioning of the transfer with subsequent transfer to AWP SOBI information on the functioning of the arm Dltk time (25 C) on the workstation WAS not received information about initialization send to AWS DL or installed in the fact that the wrong job transfer, AWP SOBI signal is formed about breaking AWS DL;
- if, after receiving arm SOBI information about initialization send to AWS DL AWP SOBI there is no response signal from the previously worked AWS DL, recorded the fact off on AWS DL and checked for proper shutdown of the user, otherwise a signal is generated about breaking AWS DL.

After turning on the PC when scanning addresses the analysis scheme addresses 3 waiting for the coincidence of the address bus 23 and the address specified by audaciam port addresses 4 and the memory 5. The coincidence of addresses allowed in the work of the permanent memory (ROM) 6. A special program recorded in the ROM, interfering with the BIOS and control functions for unauthorized access to the PC.

Further operation of the device will consider when installing the switch 12 in position "C" (AWP SOBI). The program loaded in the PC, periodically writes to the ports (input registers 2):
220 - address peripheral PC (AWS DL) from which you want to receive an answer;
221, 222 data addressed to the peripheral frame;
223 from the device receives the signal "Ready" trigger ready.

When comparing the address circuit 3 is produced in This pulse sets the trigger mode switching parallel/serial 25 of the control unit 16 in the parallel recording of information. At the same time allowed to install trigger synchronization 26. He cocked synchronously with the front of the pulse coming from the pulse generator 14 of the device. Trigger synchronization 26 enables the counter-pulse distributor 28.

Counter-pulse distributor 28 generates a pulse recording information in shear parallel-to-serial register 8 from the input registers 2. The trigger switch mode 25 is reset and the registers are transferred in serial mode. Then the pulse from the counter-pulse distributor 28 sets the trigger acceptance 27 in the state Transfer. The output trigger signal 27 enables the transmitter 18 and the supply of shift pulses on shear parallel-to-serial registers 8. After the counter 29 counts the required number of pulses to transmit information word, it will reset the trigger acceptance 27. Information word from the exit shear parallel-to-serial register 8 is encoded by the encoder 13 in Manchester code and is transmitted through the transmitter in-line 24 - the local control network.

Information adopted from line 24 (LAN control) receiver 19 in the Manchester code, Preobrazhenie the end of the received data word receiver 19 generates a signal "End of word". This signal is allowed the use of the comparison circuit address of the PC 7. Scheme 7 compares the address passed in shear parallel-to-serial register 8, the address set by the setting device address of the PC 1. When the comparison signal is output Address compare". On this signal the trigger response 11 outputs a signal "Response", and made a census of the received information from shear parallel-to-serial register 8 output registers 10. Output registers 10 and the trigger output response 11 is read by PC.

Device for controlling unauthorized access to the configuration (mode) "P" defined by the switch 12, is installed in the PC workstation DL (officials). The difference between the operation of the device in the mode "P" from the unit in mode "C" is that as a triggering pulse to the input of the control unit 16 receives the signal from the comparison circuit address of the PC 7. In addition, if the device is not set to signal "Ready" trigger readiness 9, the trigger interrupts 17 produces a signal "Interrupt", coming on the bus of the PC. In other respects the operation of the device in the mode "P" is not different from the unit in mode "C".

By combining the local network control multiple controlled PC with ustanovlen configuration "C", controlling PC (arm SOBI), producing a periodic survey obtains information about the physical state of the controlled PC. As parameters of the physical condition of the controlled PC can do the following:
power on the PC (including unauthorized);
the booting of the operating system;
message from the software controls access to the resources of the PC;
the message about the physical opening of the protective covers (lids) PC.

Industrial applicability
Device for controlling unauthorized access industrial realizable, has the best features, allowing to increase the efficiency of the control performed on europlate for installation in the system unit of a PC, has a reasonable weight and size parameters and low power consumption.


Claims

1. Device for controlling unauthorized access, containing the input registers, the first two inputs are connected respectively to the input data from the sensors and the data bus of the personal computer (PC), shear parallel-to-serial register, Pervyi input of which is connected to the first output shear parallel-to-serial register, and the output data bus of the PC, the pulse generator, frequency divider, the input connected to the output of the pulse generator, the transmitter, the output of which is connected to the line LAN control, the receiver, the input connected to the local bus network control, encoder, an input connected to the second output shear parallel-to-serial register, and the output to the first input of the transmitter, decoder, two inputs of which are connected respectively with the first outputs of the receiver and a frequency divider, a first output from the fourth input shear parallel-to-serial register, the trigger response the output of which is connected to the data bus of the PC, and the first input of the fourth managing input input registers, the trigger ready, the first output of which is connected with the third managing input input registers, trigger interrupt, the output of which is connected to the bus interrupt PC, and the first input with the second output trigger ready, the control unit, the first input connected to the second output of the frequency divider, the first directly and the second and third outputs via the control logic And is connected with two control inputs shear parallel-to-serial registrerade logic circuit And connected with the second output of the decoder, block random-access memory (ROM), the first input and the output of which is connected respectively with the address bus and data bus of the PC, characterized in that the device additionally introduced referencing address PC, address, ports, memory addresses, the analysis scheme addresses five inputs which are connected respectively to the outputs of the setting device port addresses, and memory addresses, the inputs of the write, read and address bus of the PC, the first output to the second input of the ROM, the second output from the fourth managing input input registers and a first input of the trigger ready, and the third output from the third managing input output registers, the address comparison PC, three inputs which are connected respectively with the output of the unit address of the PC, the third output shear parallel-to-serial register and a second output of the receiver, and the output from the second installation inputs trigger response and trigger the interrupt and the second input of the output registers, the mode switch, the output of which is connected with the second input of the control unit, and first and second N inputs respectively with the second output of the circuit analysis addresses and the output of the comparison circuit address of the PC.

2. Device for controlling unauthorized access is athelny, installation input connected to the second input of the start block, and the output from the first output of the parallel/serial unit, trigger, synchronization, installation entrance through which a second circuit connected to the first input of the frequency of the block and the trigger output switching mode, parallel/serial, counter-pulse distributor, a counting input connected to the first input of the frequency block, fault input - trigger output synchronization, the first output with the second output pulse parallel" block, the second output with fault input trigger switch mode, parallel/serial, the third output with fault input trigger synchronization, trigger acceptance, installation input connected to the fourth output of the meter-pulse distributor, and the output from the fourth output enabling the transmitter unit, a counter, a counting input connected to the first input of the frequency block, fault input - trigger output of reception and transmission, and the output with fault input trigger of handover, the first circuit, And two inputs which are connected respectively to the first input of the frequency of the block and the trigger output of reception and transmission, and the output of the third

 

Same patents:

The invention relates to a method of authenticating at least one user when the communication at least between two users, wherein the first user from the second user, the first data transmitted

The invention relates to a method of determining the authenticity of an object according to the information about this object and can be used to uniquely identify a variety of objects, including excisable goods, audio, video, works of art

The invention relates to computing, Informatics and Cybernetics, in particular to systems identification of objects, and is intended for use in control systems security locks

The invention relates to a device for forming electronic signatures

The invention relates to the field of cryptography, namely the authentication of objects, and can be used as a separate element when building authentication systems designed to identify correspondents in communication networks

The invention relates to the field of cryptography, namely the authentication of objects, and can be used as a separate element when building authentication systems designed to identify correspondents in communication networks

The invention relates to distributed information and control systems (RIUS), mainly to RIUS, operating in real time, and can be used in various application systems, operating confidential information

The invention relates to distributed information and control systems (RIUS), mainly to RIUS, operating in real time, and can be used in various application systems, operating information of a confidential nature

The invention relates to distributed information and control systems (RIUS), mainly to RIUS with "star" topology, operating information of a confidential nature

The invention relates to a device for data exchange with setting permissions on data exchange

The invention relates to a method of monitoring the performance of computer programs in accordance with their intended purpose

The invention relates to the field of optical recording and reproducing video and/or audio data, in particular to the recording medium for storing identification information of the manufacturer of the recording device, changing the contents of the recording media

The invention relates to a device and method for authentication of the content of the memory

The invention relates to the processing unit and method for accessing a memory having multiple memory cells for storing data values

The invention relates to protected memory, in particular memory, providing multiple layers of protection for areas of application

The invention relates to systems for protection against illegal use of the software product

The invention relates to the field of protection against unauthorized access to information stored in the personal computer, and can be used in automated systems for handling confidential information-based personal computers

The invention relates to systems of information protection, such as technical documentation, placed in storage, and retrieval of information

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!