The way to protect the computer memory from unauthorized access and device for its implementation

 

The invention relates to methods of protecting computer memory from unauthorized access through an arbitrary communication channels and to the structure of the devices for implementing such methods. The technical result is to reduce the likelihood of unauthorized access of unauthorized users from accessing the memory of the protected computers. The method is based on the separation of data received via public communication channels, and control commands for handling data from the protected computer, and is that in each session all incoming messages recorded on the locked side of the protected computer external storage device (hereinafter DDT), lock the entrance to DDT from the communication channel, sorted non-empty set of messages received and separated from it by at least one non-empty subset of files, process messages in each of these subsets to determine the need for their receipt and the appropriateness of their inclusion in the database and/or BR and/or ON the protected computer. The device includes an external controller, the means for exchanging data between an external message source and the protected computer, a video buffer, an input switch. 2 C. and 8 C.p. f-LW from unauthorized access by unauthorized users through an arbitrary communication channels and to the structure of the devices for implementing such methods.

It should be borne in mind that in relation to the invention hereinafter indicated: the term "computer" is mainly a personal computer (hereinafter PC), which alone or in LAN mode the free exchange of data with other computers via an arbitrary communication channel, and especially through the Internet; the term "computer memory": - such hardware as a built-in computer long-term (next DZU) and operational (hereinafter RAM) storage device, and such sets of data, as stored on the specified hardware database (the database) and/or knowledge base (hereafter GS) and/or installed the software (collectively), including the database management system and/or knowledge; the term ".permanent memory (hereinafter ROM)" at least one is associated with an external controller device for storing software, which is designed to handle (especially for sorting and testing) of any incoming messages, regardless of the CPU, DZU RAM and the protected computer; the term "protection" - the exclusion of unauthorized access through an arbitrary open communication channels to the memory of any computer and, accordingly, the hacker, but mostly the cracker, who himself or by the order seeks to actively affect the operation of another's computer.

The prior art it is well Known that in the memory of modern computers made enormous quantities of information such damage, loss, or disclosure of which can cause serious economic and/or political losses. Therefore, corruption and, especially, DB or KB computer viruses and theft or alteration of data have become a serious threat even to owners of home computers and, especially, corporations, individual state agencies, and States in General.

Indeed, the owners of computers often suffer from viruses, they usually accidentally or get from the Internet, or together with e-mails, or when you communicate with other users using floppy disks and other funds of the Autonomous data storage and transmission. Although the creation and distribution of new viruses usually represent a purposeful vandalism, it is even more dangerous than less prepared to virus attacks individual users.

Even more dangerous intentional purposeful hacking database of corporations, banks and government agencies crackers. They often RTIP worms and/or Trojan horses. In the modern world especially dangerous hacking military information support systems and command and control that can open up unexpected opportunities for terrorist acts.

From the above it is clear that the means of restraint of these threats must be as efficient as possible regardless of the source and nature of the threat, the public users of computers for the price, reliable, simple and easy to use.

Unfortunately, to date, only some of these requirements can be effectively performed.

For example, such well-known means of reducing the likelihood of unauthorized access to the computer memory as alpha, numeric and alphanumeric passwords. They are cheap, simple and easy to use.

However, as hacking has turned out that such "verbal" passwords are visible only obstacle for novice users. Indeed, even now significantly more expensive in the use of iconic passwords like fingerprints or iris legitimate user of the computer does not save you from hacking. Moreover, no passwords are not saved, DB and KB from virus infection and spoilage.

It is clear that the creation and spread of the Tami reduces losses from spoilage, DB and KB. However, this approach is only effective if the attacks to those viruses which have been identified and which have already been created against the virus.

Another well-known method to reduce the likelihood of unauthorized access to the computer memory based on the use of cryptography (see "Conspiracy - fiction and reality" in the book D. Vacca "security Secrets on the Internet.- Kiev: DIALECTICS, 1997" / Internet Security SECRETS by John R. Vacca, IDG Books Worldwide, Inc.).

Unfortunately, this method is suitable for secure communication only between well-known to each other users, the range is very narrow, and when using codes that contain more than 128 bits. This dramatically increases the cost of computer protection and reduces the possibility of exchange of information through an arbitrary communication channels.

Therefore, experts are increasingly seeking to raise between individual PCs and public open communication channels such barriers, which is figuratively called "firewalls" (see , for example, on the Internet <URL: http://www.esafe.com/press/pr032997.html> article "New anti-vandal software provides Next Generation PC Protection").

Any modern firewall represents a hardware-software complex, which filters the input message (e.g., network traffic), highlights (the NGO isolates them, for example, in the "sandbox", for further review out of contact with own DB or KB.

So, from US 6275938 known way of checking suspicious programs that are written for direct execution on a computer platform with memory and interface. This method includes:
the selection in DZU computer a predetermined limited area memory ("sandbox") for recording and storing suspicious programs,
the download of such programs in specified sandbox
introduction the control code in each suspicious program to block external relations specified sandbox
replacement links in the code for the interface module connections module recoding to inhibit and block the operation of some parts of the interface module and
control the execution of a suspicious program.

This verification involves the use of your own hardware and software resources of the protected computer. Therefore, even when the users of the protected computers actively manage checking, professional crackers capable of penetrating the firewall. Moreover, media, worms and Trojan horses can be not only suspicious of the program, but seemingly innocuous automatically included when the detection in messages, coming across communication channels, such patterns of activity that indicate the attempts of a security breach (US 6304975), or
have a well-known specialists with additional interfaces I / o data using type codes "friend or foe".

However, automatically managed software firewalls ineffective if the crackers use hacks that were not included in the protection program, and the application of these codes is possible only in a relatively closed networks such as Ethernet, where each user prior to connection code gets "your".

Therefore, the establishment of firewalls for such PC or computer systems that have to operate in the free exchange of data with other computers via an arbitrary communication channels, especially via the Internet, remains a challenge.

For this purpose it is desirable to apply additional hardware with their own software. Of them, reportedly, to offer further means of this type is closest to a method and apparatus for protecting computer memory from unauthorized access by unauthorized users via the Internet (see US 6061742).

The known method is data processing, coming from a protected computer.

To implement the method proposed intermediate network adapter that has:
a first interface for exchanging data between an external network and this adapter
a second interface for exchanging data between the adapter and a private network interface of the protected computer and
the external controller (CPU) that is associated with the specified AC adapter and designed to separate the data received from the external network through the first interface, and commands coming from the protected computer via the second interface.

This increase in the number of "middlemen" between the individual computers (including, included in a local network with a common center management) and the external network reduces the likelihood of unauthorized access to protected data via Telnet, FTP or SNMP, but it does not prevent hacking database and/or BR and/or damage when using other network protocols. Indeed, famous invention does not require complete isolation DZU RAM and protect your computer from outside attacks.

The invention
The basis of the invention is the improvement of communication procedures to create such a method and such a device protection on the RAM and the protected computers with free exchange of arbitrary data through an arbitrary communication channel.

This problem is solved by the fact that the way to protect the computer memory from unauthorized access, which is based on the separation of data received via public communication channels, and control commands for handling data from the protected computer, with the use of external hardware, according to the invention
in each session, all incoming messages are first recorded on at least one locked from the protected computer external storage device (hereinafter DDT);
b) then lock the entrance to DDT from the communication channel;
C) under control of an external controller with its own software independently from the CPU, DZU and RAM protected computer sorted non-empty set of messages received and separated from it by at least one non-empty subset of files that belongs to the group of subsets, consisting of:
the first subset of the files whose names have a standard extension that points to a textual and/or iconic nature of these files, and/or
the second subset of the files whose names have standard extensions, pointing to the programmatic nature of these files, and/or
the third subset of the files, amendment after further analysis; and
g) running the specified external controller also regardless of the CPU, DZU and RAM protected computer process messages in each of these subsets to determine the need for their receipt and the appropriateness of their inclusion in the database and/or BR and/or ON the protected computer.

Since such processing all of the received messages is done in the external "sandbox" on the basis of DDT with lockable entrances, exits, insofar at the entrance to each protected computer or a local computer network at low cost software and hardware manages to create an almost impenetrable firewall. Indeed, any number of consecutive attacks from the outside, any messages received on the protected computer only through DDT, all records in which, after each session are erased. Similarly, all outputs to the external channels of communication occur through external storage devices when locked, the interface of the protected computer.

Therefore, the work in the "request-response" is practically eliminated.

The first additional difference is that each received message, which represents a textual and/or iconic file from the specified first subset, out through the second message, and then:
in case of positive evaluation - convert a set of pixels in the active display window in the standard text and/or graphical format and is converted message directly from the active window display record in DZU the protected computer and the appropriate entry in the DDT washed, and
in case of a negative assessment of the active display window is closed without saving the data and write the appropriate message in the AIU wash.

Converting text and/or icon files in the set of pixels and re-conversion of the set of pixels in the suitable standard text and/or graphical format at least deactivates, and in most cases destroys any viruses and any worms or Trojan horses, etc., "additions" that hackers and crackers use to access the memory of other computers.

A second difference is that a specified set of pixels representing text and/or icon file form using the standard control screen. This allows us to dramatically reduce hardware and software resources on the specified forward and reverse transform, and load data paths, PQS is their command allows a much more efficient way to present text and images, which contains the standard elements.

The third additional difference is that as a video adapter and display using the video adapter and the display of the protected computer. This allows to simplify external to the protected computer hardware firewall, without reducing the effectiveness of protection against burglary.

Fourth difference is that in the name of each software file from the specified second subset of the standard extension to replace non-standard extension, perform a test run such a file, preferably outside of the protected computer, evaluate the need for the program and then:
in case of positive evaluation - write the adopted program in DZU protected computer and erase the record of the original message in DDT, and
in case of a negative evaluation to erase the unnecessary entry of the original message in the AIU.

Even when doubtful the program containing the worm and/or Trojan horse, to be tested in a protected computer and accepted, these exploits will be preserved in the memory of the protected computer, because it can accept the next message from the outside only through the blocked DDT and the her is each received message from the specified third subset of the first output through the video on the display only in graphical mode, visually identify as a file which belongs to the first number or the second specified subset, and then:
a) the need for each identified text and/or icon file appreciate the view set of pixels and
in case of positive evaluation - convert a set of pixels in the active display window in the standard text and/or graphical format and is converted message directly from the active window display record in DZU the protected computer and the appropriate entry in the DDT washed, and
in case of a negative assessment of the active display window is closed without saving the data and write the appropriate message in the AIU wash; and/or
b) the name of each identified program file is a standard extension to replace non-standard extension, perform a trial run of the program, preferably outside of the protected computer, evaluate the need for the program, and
in case of positive evaluation - write the adopted program in DZU protected computer and erase the record source Souvanna, when such processing plain text and/or graphic files will be practically freed from viruses or hacking programs, and adopted the program files will serve as a "burial grounds" for worms and/or Trojan horses.

The task is solved in that the device for protecting the computer memory from unauthorized access, containing external to the protected computer means for exchanging data between an external message sources on this computer and at least one external controller to control processing of the received message, which is able to divide the data retrieved from external sources, and commands received from the protected computer, according to the invention:
means for exchanging data between an external message source and the protected computer is made on the basis of at least one external storage device (DDT), which is designed to record each set of the received messages and their temporary storage at the processing time and which is connected with an external message source through a controlled input switch
an external controller to control the output associated with the specified external storage devices and feature seminude device (ROM), and
information to output the specified external storage devices connected to the video buffer, which is designed to convert the received textual and/or iconic messages in a graphical format, and to sequentially output the converted message through controlled output switch on the display for testing and decision on acceptance or rejection of each message.

This device cuts off the RAM and DZU protect your computer from external sources of messages on all the time receiving and processing each set of received messages. Further, it is managed by the buffer to send to the external communication channels messages from the protected computer, which is approved by the legitimate user, in this mode, when RAM and DZU protected computer is disconnected from external storage devices and the communication channel is open only information the output of this external storage devices. Thus, even when the reception of the programs that are infected with worms or Trojan horses, "dialogue" protect your computer from unauthorized users is practically eliminated.

The first additional difference is that in the testing mode of the received messages specified framebuffer device connected to the specified display through sobstvennicheskie difference is that this ROM is included between the specified controller and the specified external storage devices. This allows you to enable the firewall is not the only program processing the received messages, but emulators operating systems necessary to perform a substantial part of this treatment, the inside of the firewall.

The third additional difference is that the protection device memory computers have the command buffer, which is input through the gateway is connected to at least one control output of the protected computer and then to the control input of the controller and/or control input DDT. This allows you to compensate for damage to or loss of personal software firewall in whole or in part, or modify such software and at the request of the user of the protected computer to manually control the processing (i.e. testing and evaluation) of the received messages.

Expert it is clear that the choice of specific embodiments of the invention any combination of these additional differences from the basic inventive concept and that are described below are preferred examples of its embodiments in no way limit the scope of the invention.

A brief description of the boundaries of the new memory access computers with reference to the accompanying drawing, which depicts a block diagram of a device for protecting the computer memory from unauthorized access (hereinafter USPC).

The best options for implementation of the inventive concept
USPC has such external to the protected computer blocks:
controlled input switch 1 to connect USPC to arbitrary not specied external communication channel and disable this channel at the time of processing a non-empty set of messages received,
at least one external storage device (DDT) 2, the information input of which is connected to switch 1 and which is designed to capture and temporarily store each set of received messages at the time of their processing,
the external controller 3, which is equipped with its own software for processing received messages and control the output associated with DDT 2,
ROM 4, which is included between the controller 3 and DDT 2 and serves as a carrier mentioned ON their own,
a video buffer 5, which is connected to the information output DDT 2 and designed for converting each of the received messages in a graphical format and, optionally, to temporarily store the converted message to zhadnoy switch 6 to connect videobuffer 5 on the information input display 7 of the protected computer 8 using if necessary, the built-in protected computer 8 video 9.

It is advisable that the composition USPC was provided buffer 10 teams, which is connected through a gateway of 11 to at least one control output (e.g., keyboard and/or mouse of the computer 8 and further to the control input of the controller 3 and/or control input DDT 2. The same buffer 10 can be used to compensate for damage or loss and to modify their own software USPC in whole or in parts, and optionally a legitimate user of the computer 8, for manual control of the processing of the received messages.

All of these blocks can be easily implemented by specialists in the field of computer technology on public element basis. Really:
the external controller 3 may be implemented on the basis of arbitrary modern processors for personal computers, and
DDT 2 and ROM 4 can be performed as usual "blocks of memory read-only (ROM)", the non-volatile memory blocks of type "EPROM", chipset memory type FLASH, disk, type "CD ROM" with the appropriate laser drive, private drive with a rigid magnetic disk and an arbitrary suitable combinations.

Opisem 8 and arbitrary external communication channel.

Thus, software for receiving and processing messages received from an external communication channel, as a minimum, includes the following components:
a) command automatically locks managed switch output 6 before connecting the computer 8 to the source of the message, for example, to the Internet,
b) command automatic recording of all incoming messages in each communication session to at least one external storage devices 2, locked away from the computer 8;
in the command automatically locks controlled input switch 1 on the information input in DDT 2 after the termination or interruption of the connection with the source of the message;
g) the program is mostly automated sorting non-empty set of messages received and the allocation of him at least one non-empty subset of the files that belong to the group of subsets, consisting of:
the first subset of the files whose names have standard extensions, indicating a textual and/or iconic nature of these f ilow as "txt; asc; rtf; doc; html; htm; bmp; jpg; gif; tif", etc. and/or
the second subset of the files whose names have standard extensions, pointing to the programmatic nature of these files as "exe; corn; bat; log;hartie (usually assigned by the sender) and extensions that can be assigned to the first or second of the above subsets only after additional analysis;
d) program to process the messages in each of these subsets to determine the need for their receipt and the appropriateness of their inclusion in the database and/or BR and/or ON the protected computer 8.

The sorting program always involves the following operations:
a) analysis of the full names of the received files;
b) comparing the actual file name extensions standard extensions;
C) allocating at least one of the above subsets (despite the fact that in the third subset may include files whose names do not have any questionable extension).

Program message processing specific to each of these subsets of files and include mostly automatic and, if necessary or if desired, manual operation.

So, the program processing messages in the form of text and/or icon files from the specified first subset, at least, provides:
a) the automatic conversion of each message in a graphical format, i.e. the set of pixels;
b) automatic removal of a specified set of pixels through the video on the display only in graphical mode using, optionally, a standard control screen (sovershenno needs in the received message, which usually fulfills the legitimate user of the protected computer 8 by visual examination of the text and/or image in the active window of the display;
g) feed (usually manually) command or the acceptance of, or refusal to accept the message;
d) normally the automatic conversion of the set of pixels that corresponds to the message in a suitable standard text and/or graphic format and
f) automatic or manual recording a received message in a text and/or icon format directly from the active window display under the appropriate name in DZU protected computer 8 and the automatic initiation of the command to delete the corresponding entry in the DDT 2, or
W) mostly automatic closure of the active window display, which contains a set of pixels corresponding to the rejected message without saving the data and automatically initiating a command for erasing the corresponding entry in the DDT 2;
C) automatically erase accepted or rejected messages in DDT 2 after surgery (s) or operation (W) to be performed, depending on the installation, immediately or with an arbitrary delay (until the completion of processing of all messages recorded th subset, as a minimum, provides:
a) normally the automatic replacement of standard extensions behalf of each of the received program file nestandartnym extension;
b) mostly manual test run program file with a changed name, preferably outside of the protected computer 8 (in particular, inside USPC controller 3 and the ROM 4);
in assessing the needs in the received message, which usually fulfills the legitimate user of the protected computer 8 by examining the results of the test run;
g) feed (usually manually) command or the adoption or rejection of a multimedia message;
d) heavy manual recording of the adopted program (preferably with a new name) DZU protected computer and automatically initiating a command for erasing the corresponding entry in the DDT 2, or
e) automatically initiating a command for erasing an entry rejected software message DDT 2 and
g) automatically erase accepted or rejected messages in DDT 2 after surgery (d) or operation (s) performed, depending on the installation, immediately or with an arbitrary delay (until the completion of processing of all messages is definitely the files from the specified third subset, as a minimum, provides:
a) the automatic conversion of each uncertain messages in a graphical format, i.e. the set of pixels;
b) automatic removal of a specified set of pixels through the video on the display only in graphical mode using, optionally, a standard control screen (absolutely safe use of the adapter 9 and the display 7 in the bypass RAM and DZU protected computer 8);
C) identification of each regular message or a file which belongs to the first specified subset, or a file which belongs to the second specified subset, and then:
or operations (b)-(C) described above, the processing program text and/or icon files for each detected file type,
either all the operations described above program processing each detected program file.

A significant part of the firewall according to the invention is the messenger of the protected computer 8 to the external communication channel. It includes:
a) supplied manually command to connect the protected computer 8 to the external communication channel, which leads to source absence of records in DDT 2 after the previous session and automatic cleaning DDT 2, if for any reason unnecessary entries left;
C) usually manually performed the write command intended to send messages that come in DDT 2 through the entrance gateway 11 and the buffer 10;
g) command automatically unlock switch 1 post entries in DDT 2;
d) command to send messages to an external communication channel, which is usually performed automatically when locked, the switch 6 and the gateway 11.

Industrial applicability
The invention is industrially applicable, for:
device for protecting the computer memory from unauthorized access can be easily realized on a public element base,
carried out with the help of the device method provides virtually impenetrable security database and/or BR and/or protected computers from hacking.


Claims

1. The way to protect the computer memory from unauthorized access, which is based on the separation of data received via public communication channels, and control commands for handling data from the protected computer, with the use of external hardware, characterized in that a) in each session all contain the fasting device (hereinafter DDT), b) then lock the entrance to DDT from the communication channel, under control of an external controller with its own software independently from the CPU, DZU and RAM protected computer sorted non-empty set of messages received and separated from it by at least one non-empty subset of files that belongs to the group of subsets, consisting of a first subset of the files whose names have a standard extension that points to a textual and/or iconic nature of these files, and/or the second subset of the files whose names have standard extensions, pointing to the programmatic nature of these files, and/or the third subset of the files whose names have non-standard extensions that can be attributed to the first or second of these subsets after additional analysis, and d) running the specified external controller also regardless of the CPU, DZU and RAM protected computer process messages in each of these subsets to determine the need for their receipt and the appropriateness of their inclusion in the database, and/or BR, and/or ON the protected computer.

2. The method according to p. 1, wherein each received message that predstavleniya only in graphical mode in the form of a set of pixels, assess the need in the received message and then when the positive evaluation of the transformed set of pixels in the active display window in the standard text and/or graphical format and is converted message directly from the active window display record in DZU the protected computer and the appropriate entry in the DDT washed, and in case of a negative assessment of the active display window is closed without saving the data and write the appropriate message in the AIU wash.

3. The method according to p. 2, characterized in that a specified set of pixels representing text and/or icon file form using the standard control screen.

4. The method according to p. 2 or 3, characterized in that as the video adapter and display using the video adapter and the display of the protected computer.

5. The method according to p. 1, characterized in that in behalf of each program file from the specified second subset of the standard extension to replace non-standard extension, perform a test run such a file, preferably outside of the protected computer, evaluate the need for the program and forth with a positive assessment record the adopted program in DZU protected computer and article is as DDT.

6. The method according to p. 1, wherein each received message from the specified third subset of the first output through the video on the display only in graphical mode, visually identify as a file which belongs to the first number or the second specified subset, and further a) the need for each identified text and/or icon file appreciate the view set of pixels and a positive evaluation will convert the set of pixels in the active display window in the standard text and/or graphical format and is converted message directly from the active window display record in DZU the protected computer and the appropriate entry in the DDT washed, and when negative evaluation of the active display window is closed without saving the data and write the appropriate message in the AIU erase, and/or (b) the name of each identified program file is a standard extension to replace non-standard extension, perform a trial run of the program, preferably outside of the protected computer, assess the need for the program and in case of positive assessment record the adopted program in DZU protected computer and erase the entry and 7. Device for protecting the computer memory from unauthorized access, containing external to the protected computer means for exchanging data between an external message sources on this computer and at least one external controller to control processing of the received message, which is able to divide the data retrieved from external sources, and commands received from the protected computer, characterized in that the means for exchanging data between an external message source and the protected computer is made on the basis of at least one external storage device (DDT), which is designed to record each set of the received messages and their temporary storage at the processing time and which is connected with an external message source through a controlled input switch, an external controller to control the output associated with the specified external storage devices and include their own software for processing the received messages, which are recorded on the permanent storage device (ROM), and an information output the specified external storage devices connected to the video buffer, which is designed for converting the received text and/or IR is aemy output switch on the display for testing and decision to accept or reject each such message.

8. The device according to p. 7, wherein in the testing mode of the received messages specified framebuffer device connected to the specified display through your own video of the protected computer.

9. The device according to p. 7, characterized in that the specified ROM is included between the specified controller and the specified external storage devices.

10. The device according to p. 7, characterized in that it is equipped with a command buffer, which is input through the gateway is connected to at least one control output of the protected computer and then to the control input of the controller and/or control input DDT.

 

Same patents:

The invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (PC)

The invention relates to a device for data exchange with setting permissions on data exchange

The invention relates to a method of monitoring the performance of computer programs in accordance with their intended purpose

The invention relates to the field of optical recording and reproducing video and/or audio data, in particular to the recording medium for storing identification information of the manufacturer of the recording device, changing the contents of the recording media

The invention relates to a device and method for authentication of the content of the memory

The invention relates to the processing unit and method for accessing a memory having multiple memory cells for storing data values

The invention relates to protected memory, in particular memory, providing multiple layers of protection for areas of application

The invention relates to systems for protection against illegal use of the software product

The invention relates to the field of protection against unauthorized access to information stored in the personal computer, and can be used in automated systems for handling confidential information-based personal computers

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

FIELD: data carriers.

SUBSTANCE: device has calculating, reserving and recording modules. Each variant of semiconductor memory card contains area for recording user data for controlling volume and area for recording user data. On carrier method for computer initialization is recorded, including calculation of size of volume control information, reserving areas and recording therein of control information for volume and user data, recording main boot record and sectors table in first section of first area, skipping preset number of sectors, recording information of boot sector of section, file allocation table and root directory element to following sectors.

EFFECT: higher efficiency.

5 cl, 59 dwg

Up!