The method of connecting a personal computer

 

(57) Abstract:

The invention relates to computing, and in particular to information and computer systems and networks, and can be used in the network integrity monitoring for protection of information resources in workstations, informational, and functional servers, etc. the Technical result is to increase the level of security, improving the usability of the system. To do this, after the filing of the clock signal checks when booting consistently implement the software code module trusted boot, check the integrity of the protection system, the search for data about users and system settings protection function call initialize hardware of a personal computer with the identification of the user, and the query and checked the personal password of the user, then perform the download of the personal user interface in accordance with the provided level of authority and loading software commands.

The invention relates to computing, and in particular to information and computer systems and networks, and can be used in the monitoring network integrity protection is further provided in the control system is a function of the integrity of the actual control system. This system must be implemented in a fundamentally different way, so you can remove unauthorized software component of the control system only after disassembling the computer, removed the chassis, in a free slot which is placed in charge of the hardware components of the control system integrity. When the hardware implementation of control systems and monitoring the integrity of an unauthorized removal of software components should be blocked the possibility of uncontrolled operation of the transmitter, and for convenience, the computer must be able sanctioned removal software protection system without removing hardware components without disassembly of the computer).

Known protection system of information resources of the computing system and a network of Secret Net (see System access Secret Net. User manual, 1996). The system is a software package installed on a standalone computer or on computers in a local area network.

The system solves the problem of integrity control (intact) files when the system is turned on. The latest version of the system Secret Net is only a special task of monitoring the integrity of the files.

A known method of monitoring the sustainability of programs by ensuring stability control within the required time interval (see RF patent №1709321, CL G 06 F 11 / 30, publ. 1992).

There is also known a method of monitoring and debugging, based on measurement results by the end of the phase error detection, containment and correction of errors, and the measurement is carried out in the process of error detection by splitting the control and test intervals with localization errors have been identified in this interval or during the next interval control test (see RF patent №2050588, CL G 06 F 11/28, publ. 1995).

A disadvantage of known methods is the necessity of the separation of the control parameters at different intervals, which always entails the occurrence of errors and subsequent system failure.

The closest known by its technical essence and the achieved result is chosen as the prototype of the method of connecting a personal computer with which submit software commands and serves the clock signal validation when downloading software commands during the test mode (see, for example, patent RF №2138075, CL 2050588, CL is th.

The essence of the invention is expressed in a set of key characteristics, sufficient to achieve provided by the invention technical result, which translates into a high level of security by expanding the functions of the control system integrity as part of the expansion functions of the software components and facilities of the protected system.

This technical result is achieved in that in the method of connecting a personal computer with which submit software commands and serves the clock signal validation when downloading software commands during the test mode, after the filing of the clock signal checks when booting consistently implement the software code module trusted boot, check the integrity of the protection system, the search for data about users and system settings protection function call initialize hardware of a personal computer with the identification of the user, and the query and checked the personal password of the user, next are downloading personal user interface in accordance with the provided level of authority and further Sestanovich compliance with a criterion of "novelty", since it is not known from the prior art.

The proposed method is industrially applicable existing technical facilities and meets the criterion of "inventive step", because it is not obvious from the prior art, while the latter does not identify any transformations, characterized by distinctive features of the prototype substantial evidence on the achievement of the technical result.

Thus, the proposed technical solution meets the conditions of patentability of an invention.

Other known technical solutions for a similar purpose with such significant signs the applicant is not found.

The proposed method is as follows.

The main part of the BIOS of a personal computer which is responsible for handling hardware interrupts, SMI, POST, and the program is interactive settings "Setup" is contained in a separate Packed "files". Unpackaged contains only the code necessary for the primary initialization of chipset scans and memory, as well as procedure-extraction. This code gets control after power-up or sbrockey initialize hardware (POST). Next is the primary test of memory and, if the test gave a positive result, copying part of the BIOS image F000h:0000h 0F000h:0FFFFh in the segment 2000h. Then unpacking “file” “original, tmp in RAM address 5000h:0000h - 6000h:0FFFFh. After that, in line 2000h:046h function is called copy_segE_segF_2, which allows write access to the shadow memory area from address 0E0000h no 0FFFFFh, and then copy in this area or unpacked file, if coincided checksum, or if the sum does not match, the segment 1000h, containing an exact copy of the segment F000 for further attempts to restore the contents of the BIOS. At the end of the copy function prohibits entry segments E and F000, thus fully simulating the operation of the ROM, however, this process significantly increases further, the execution speed of the program. Next in line 2000:ECE executed the command “jmp far ptr F000:F80D” transferring management of the copied area. Since then, the program executes in RAM, but with a banned account. First it copies the remaining part of the segment 4000h in the segment 0E000h (pre-allowing entry). Next, the program transfers control to turn on each function of the POST table. Last fu the Oia program POST (Power-on self test) has allowed us to develop a method of providing a trusted operating system PC, implemented by embedding code module "trusted boot" in the BIOS and call it at the initial stage of operation of the BIOS. Module trusted download is designed to verify the user's authority personal computer.

The algorithm works:

- turn on the power button the PC;

- download the BIOS;

- boot BIOS;

- check memory and BIOS checksum;

- run POST;

- when the procedure is run No. 8h loading code module "trusted boot";

- check the integrity of the protection system;

- search in EPROM computer data about users and system settings protection;

call the initialization function of the equipment;

- the identification of the user;

request and verify personal user password;

download personal user interface in accordance with his level of authority,

- continued the BIOS.

In contrast to known methods of implementation (Dallas Lock, Secret Net, chord) the proposed method does not require installation of additional hardware in the expansion slots of the PC, use the standard procedure is moznosti gain unauthorized access to information resources.

The way to protect the information resources of a personal computer in which submit software commands and serves the clock signal validation when downloading software commands during a test mode, wherein after the supply of the clock signal checks when booting consistently implement the software code module trusted boot, check the integrity of the protection system, the search for data about users and system settings protection function call initialize hardware of a personal computer with the identification of the user, and the query and checked the personal password of the user, then perform the download of the personal user interface in accordance with the provided level of authority and loading software commands.

 

Same patents:

The invention relates to computing, and in particular to information and computer systems and networks, and can be used to protect information resources in workstations, informational, and functional servers

The invention relates to microelectronic technology and is intended for use in both analog and digital microelectronic devices

The invention relates to computing, and in particular to an electronic banking system or to the shared database institutional server

The invention relates to computing, and in particular to computing and information systems, implemented on computers of all types, and can be used for protection of information resources as workstations and servers

The invention relates to the field of computer technology, automation and information systems, as well as protection from unauthorized access

The invention relates to distributed information and control systems (RIUS), mainly to RIUS, operating in real time, and can be used in various application systems, operating information of a confidential nature

The invention relates to cryptography and can be used when building devices commercial closed communication to ensure information security in commercial computer communication networks, as well as for protection of information in computer from unauthorized access

Storage device // 2055391
The invention relates to computer technology, in particular to the protection of data from unauthorized access storage devices

The invention relates to computer technology and can be used to protect the memory cells when power is

The invention relates to computer technology and may find application in the organization of authorized access to resources of the computing system

The invention relates to the field of information security with cryptographic transformation of data

The invention relates to the field of authentication objects

The invention relates to methods of protecting computer memory from unauthorized access through an arbitrary communication channels and to the structure of the devices for implementing such methods

The invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (PC)

The invention relates to a device for data exchange with setting permissions on data exchange

The invention relates to a method of monitoring the performance of computer programs in accordance with their intended purpose

The invention relates to the field of optical recording and reproducing video and/or audio data, in particular to the recording medium for storing identification information of the manufacturer of the recording device, changing the contents of the recording media

The invention relates to a device and method for authentication of the content of the memory

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

Up!