Protection means

FIELD: mobile communications.

SUBSTANCE: protection means has key module and blocking module. Mobile communication system has protection means and communication port. Method describes operation of said protection means and mobile device.

EFFECT: broader functional capabilities.

3 cl, 5 dwg

 

The technical field

The present invention relates to a protection system for protecting a device or set of information.

Prior art

Increasingly rapid development in electronics has led to the emergence of a large number of mobile electric devices with reduced size. The very mobility leads to the fact that not only the device but also the information stored in it, more attractive and attractive to thieves.

Known remedies provide a lock using either hardware, or software in combination with the primary input.

If the hardware lock is used, the primary input module, such as module input fingerprint (biometric sensor)module input PIN (personal identification number) code, combined with an additional module, such as module so-called smart cards (smart cards with a microprocessor or the like, or without such a module.

In the event of a software lock uses a software validation, which ensures that the correct input (PIN code, fingerprint and so on) to be transmitted via the external input module. Usually the software is stored in saponin the next device, such as a hard disk, which is easily accessible.

U.S. patent No. 5668876 refers to the resolution (authorization) user's use of services provided by a modified pager, which computes a unique response code on the transmitted code of the call based on the calling code, enter the personal identification number and internal key. Response code is entered in a simple terminal, such as a phone, and if the unique response code is received, the user can access the requested service, such as cashless transactions or remote maintenance via telephone.

Application WO 00/24554 describes the algorithm of El-Gamal in the cryptosystem with public key. Secret new random numbers are generated on the server and the secret keys of the users, which is encrypted using a symmetric algorithm using the private keys of the user's identification, defined by hashing the corresponding key phrases users or biometric information (fingerprint, sample voice, retina-scan, or test result entity) are contained in a repository accessible to the server, and a new random number and the encrypted secret key is transmitted to the user equipment if necessary through a network that is not secure. So before the traditi detection striker random numbers or the use of the previously used random numbers in attack the block repeat play, use sharing Protocol answer a call in which at least one new secret random number transmitted from the server to the user equipment when the user identification to the server. During this exchange the first random number, which is allocated to the user for use when signing the document, and the second random number to be used by the user when creating the signature by hashing together the first and second random numbers, as the Protocol part of the answer, is transmitted to the user equipment in encrypted form together with the value pack and signature server, which is formed by hashing together the first and second random numbers and the values update.

Description of the invention

The present invention is the creation of a highly reliable and security devices to prevent access to the equipment and / or information stored in it.

Another objective of the present invention is a device for identification and blocking of the input signal, which can be combined with different devices.

One of the advantages of the means according to the present invention compared with the known method is inter alia that (if you apply to a computer) do not need any modifications the AI operating system or basic input-output (BSW, BIOS) of the computer. The fact is that such systems just to get to work, even without any great knowledge in this field.

In addition, the module lock according to the invention, is integrated in the equipment to be protected, thus providing full protection, in addition, there is no need to modify the usual inputs and outputs of the equipment, ports, etc.

These problems are solved with the help of remedies to protect access to the device or the device that contains the primary key of the module and the module locks, which are distinguished by the fact that the key module is placed at a distance from the module block contains the input module and the communication module and the user authentication is performed in the key module until the locking / unlocking will be allowed a key module.

Brief description of drawings

Below the invention is described with references to embodiments of with reference to the accompanying drawings, on which:

figure 1 shows a block diagram with the main parts of the tool according to the present invention,

figure 2 shows the communication scheme between the two modules in the tool according to the present invention,

figure 3 shows a block diagram according to the first variant implementation of the tools in the computer according to the but the invention

4 is a schematic side view of a mobile communication device provided with means according to this invention, and

5 is a structural diagram showing another aspect of the present invention.

A detailed description of the preferred option implementation

The device 10 according to the present invention, which is schematically shown in figure 1, consists mainly of two modules, denoted by 11 and 12.

The first module consists of a touch or key parts 10 to enter identification information which is identification of the user. A key part 10 can be divided into two modules: the input module 13 and the key module 14, which preferably, but not necessarily, physically integrated into a single module 11.

Preferably, the input module 13 may consist of funds of any type, preferably with the help of which can be entered unique identifying information. Such means may include a biometric sensor, reader, PIN, device, voice recognition device recognizing the retina, reader, card, etc. all these tools are well known to the specialist.

The second part consists of a module 12 of the lock that protects the object in question 15.

The key module 14 initializes Unica is inuu a communication procedure between a key part 11 and part 12 of the lock. Unique to this invention is that the user authentication is performed directly in the key parts 11 and does not occur in the part that performs the lock.

After the user corresponding lock can be removed. You have two options to remove the lock with one hand on some pre-selected period of time, on the other hand is constantly (if selected manually), which, however, offers little protection. If the lock was removed for some period of time, the user is required to identify yourself again, when this time period expires.

When the work is entered identification information, for example, by pressing your finger on the sensor (the sensor fingerprint, SOP), entering the PIN code, etc. If the user identity is confirmed, it is sent encrypted electronic signal from the key module in the module block, whereby the locked resource or object 15 (for example, a hard disk drive in the computer) is made available to the user.

Using a secure transmission method between the modules guarantees the impossibility of sending a false signal to the module lock to provide access to a locked module.

External module key module 14, is provided by the electronics, which is mainly the zoom includes a microprocessor 16 with integrated and protected large degree program and data memory. The latter is a precaution, allowing access to the program or saved information of a key for reading or copying.

Preferably in the key module 14 stores the list of allowed users. The maintenance of this list, such as adding new authorized users, deleting users, and so on, is performed locally without communication with other modules.

Key module decides in each case, when the object should be protected, whether it should be unlocked or locked. The decision is usually based on the decision of the operator/ user, i.e. the key is initiated by authorized users. The lock can also occur on the initiative of the module lock after some predetermined time, if the operator, despite the request does not identify himself for some time.

The key module can be completely deprived of the lock and should not be protected from encroachment, because the data from the computer and media data cannot be read from outside of the processor protection function in the processor).

Module 12 of the lock that is associated with a key module, for example, via a serial connection, is mounted on or in the object 15, which should be blocked, and performs its protection. Every attempt is made to access blocked is the object using bypass normal procedures logon through the key portion 11 is detected by the module lock. Alternative steps can be initialized, i.e. the extension of inactivity for a longer period of time, warning signals, erase all data on the hard disk / storage device, etc.

Communication between modules of the key and lock is performed using, for example, encoded in digital form signals through a serial connection.

The connection can be asynchronous and can occur with a relatively high transmission rate. Communication occurs via a Protocol block, which may also contain known means of parity and time.

As already mentioned, the purpose of the protection system, according to this invention is inter alia prevent unauthorized access, such as computers, or more specifically access to a hard disk and information that is on it. To obtain an almost complete protection, and communication between key part 11 and part 12 of the lock can be used an encrypted Protocol. The probability that a security violation was successful, depends on the length of the random number, a secure key length and the length of the answer. It can easily be made smaller than, for example, 10-18that actually means protection from unauthorized access.

The locking Protocol in the communication procedure, ensure asiausa computer integrity of the transmission and ensuring that unauthorized violation of the exchange of data between modules cannot occur. If the messaging is done correctly, with the locked object will not be locked and it remains unlocked, respectively. If you encounter any errors, the object is blocked.

To verify the identity can be used the following exchange of messages (see figure 2):

A. key module or key code 14 run a test sequence using the request module lock

b. module lock meets variables, randomly generated message

C. at the same time using a special algorithm that uses the security key that is calculated numeric value. This value, which is calculated from the sent response messages are stored for later use,

d. the key module is responsible numeric value that is calculated from a received message using the same algorithm and key used in the module block. This number can be used without changes in the response or can be encoded so that the module locks could interpret it. If the module block receives a message that contains a number identical to the number that is calculated during the transfer phase b, the IDA is the certification is confirmed.

If the messaging is right, according to the above steps a-d, the locked object, respectively, remains unlocked, or unlocked. If the response does not match, then the object remains locked.

Hidden key code can vary for the key module and module(s) lock and module lock. This is possible because the core module is initialized by using the additional information, which is specific to the connected module block, respectively. This allows the module lock to return the correct answer in the module lock (as if he has access to the code key module lock).

In the most preferred embodiment, the module of the biometric sensor is used as an input module.

Biometric sensors have significant advantages for the identification of people at the entrance, with access to computers, etc. Among the advantages can be mentioned performance, extremely high degree of protection in the identification and, in addition, also no problems with forgotten passwords or password, which fell into the wrong hands. In combination with the present invention the sensor portion performs the biometric identification of the user fingerprint. When the user identification is Yelsk fingerprints done, the encrypted message is sent from the key module in the module block, whereby the locked resource is made available to the user.

Lists of samples allowed fingerprints are in the key module. The maintenance of this list, i.e. adding new authorized fingerprint, remove fingerprints, etc. is locally without communication with other modules.

The sensor module may be provided with means of indication, such as two LEDs, red and green, for ease of understanding, were the same fingerprint or not. The led's indicate, removed or installed lock, and also the status when registering / deleting fingerprints.

Listed below are some non-limiting examples that clarify various aspects of the invention.

The first non-limiting example, shown in figure 3, belongs to the module 30 hard drive (or other memory or storage device in the computer is equipped with a sensor finger 31 or biometric sensor, i.e. the module addition. Addition is one of the many applications of the locking system according to the invention. Under the module with the addition of means standard module, such as a hard disk drive, which is equipped with a module lock and which contact the n with a computer (or similar) module via a special electrical means, which is, for example, on the circuit Board 32 of the controller Board to install in the computer, such as payment standard ISA (industry standard bus architecture), PCI (standard peripheral interface) or the like). The electronic part includes a key module and also a means to communicate with software on your computer using the supplied data bus. The sensor 31 or, alternatively, other identifying equipment associated with the card 32 directly or, for example, via infrared communication or radio communication (Bluetooth specification), or similar.

In this preferred embodiment, a standard hard disk drive is modified in order to work together with the locking device according to the invention. It is implied that he is blocking inside, and that using hardware prevents access to data on disk. The appropriate procedure depends on the design of the device (disk).

Connect to the device remain the same as regular hard drive, i.e. connect the signal cables and powered from the power supply unit of the computer. An additional connection is provided for connection of the module to lock the controller.

Function lock according to the invention, dostigao is by using the key module and lock respectively. Sensor fingerprint is connected via cable and the switch controller interface that uses a key module. Module lock is placed on your hard disk.

In addition to the lock, the lock is an electronic part for connection with computer programs. The program may, among other functions, to warn you about locking the hard drive. In addition, the blocking may be performed using software.

To restart the computer, use the switch, usually mounted on the front. He always attached to a power source (input voltage V = + 5 V) even when the computer is turned off, provided that the main voltage is enabled. The switch signal is transmitted to the motherboard and the computer starts to work. When using the sensor of the fingerprint of the switch can be disconnected and the input voltage V, which is fed to the contact, instead, served on a controller card. From there it moves on to the sensor of the fingerprint. Thus the sensor fingerprint is always enabled. When authorized registration card controller signal is output on the motherboard, replacing the normal button.

The lock can not be initialized is how many different ways:

- automatically, after a lapse of a certain amount of time (for example, in the case of unauthorized manipulation),

- when the user performs the lock through the lock system,

- when the user performs the lock using the control procedures described below.

Unlocking can usually be done in one way, namely by providing the correct fingerprint.

If the person/people who is/are registered(and) his/her thumbprint/fingerprint that was not available when the drive must be unlocked, there is the possibility to, for example, system programmer, or is responsible for the protection unlock the module, using a special code. It should be fairly complicated code in order to prevent virtually any access.

An attempt is made to remove the block, transmitting false signals to the hard disk may lead to blocked from further access attempts, for example for a certain period of time or until a responsible person will not reset the lock function.

The sensor of the fingerprint may also be supplemented by other locking devices, such as smart cards.

Except for the previously listed functions, the module addition is fully compatible with standard hard disk.

To install the module with the addition may require special software. It will control lock function via the controller card and provide status to the user. In particular, the user should be warned in advance for a certain time before the drive will be locked. With the help of this program it is also possible to directly lock the module. Accordingly, the program is always active, and the disk status is displayed on the taskbar (field of activity), where you can also set different commands.

Another area of application for this system, according to the invention, are "portable computers", i.e. laptops, which protects all types of storage media: hard drive (NZD), floppy drive (APG), a compact disk (CD), random access memory (RAM), a persistent storage device (ROM), flash memory, system Board, containing all components, such as the basic input-output (BSW, BIOS)modules of the controllers to control the media data, etc

In stationary computers / servers can be used to protect components on the NIC cards and similar equipment to administer networks.

The system can be organized as a remote control system, combined with mobile is owned by the phone as a device, which transmits the code. The code generator data for acyclic code to access computers, alarm systems, car locks, passage, etc.

Referral codes can be accessed through the telephone system GSM (global system for mobile communications), WAP (wireless access Protocol) or the like. The device according to the invention, unlocks the module, and it is then possible to choose the type of action.

In an applied task using the invention for banking transactions or the like through, for example, the client computer may be provided with touch / key module according to the invention. The customer module provides an embedded unique PIN code and a special algorithm. The PIN may be of a type that is used in applications credit or Bank cards, but slightly wider. The same PIN code can also be stored in the key module, used by the client. The PIN code can be changed through a special terminal in the Bank. The same unique code may be associated with a customer account number.

In the Bank, when receiving a request for a transaction response is generated using a special evaluation module, which confirms that the request from the corresponding key module is authentic, owned by the present owner of the account.

This is the function may be described in more detail according to the following steps:

the client communicates with the Bank by means of a computer program installed in his computer and enters their account number,

the Bank issues a response that contains the identifying portion of the data block, and so on,

the customer selects the type of transaction and populates data on the number, etc. and confirms the transaction,

the program sends information to the transaction lock, as described above, and also the data transaction containing, for example, the number, the account number, the timestamp, and so on,

the answer will be accepted only if the module lockout has made the correct identification from the key module; the response may contain identification information, various data lock / unlock and also details of the transaction and sent to the Bank. At the same time checks the data transaction (for example, the amount and identity of the executor of the transaction,

the Bank uses the above algorithm together with a PIN code of the client to confirm the answer, and if accepted the correct answer, consisting of the incoming response and transaction data, which confirms that nothing has changed after biometric control, the transaction is accepted and the client is informed.

If trade operation or transaction is carried out, for example, via the Internet, the user can be obespecheniem module, equipped with, for example, a biometric sensor, or similar. Key user module provides a unique identification in the form of a checksum or similar. The same unique identification may be associated with the user's account number at the Bank. The Bank is equipped with control means for checking the correctness of the request for the transaction in the same manner as described above. In this case, the test and the first transaction executed by the Bank and then reported to the seller in such a way as described above.

In one additional example, the invention is used in a mobile device, such as a mobile phone, shown in figure 4. The tool 40 protection consists of two connected to each other via hinge parts 41 and 42 (in this example), where part 42 includes a connector 43 for connection to the communication port (not shown) of the telephone 44. The device comprises a sensor module 45, such as a biometric sensor, etc. and the corresponding electronic part and a memory placed in the second part 41. Power supply electronic parts can be supplied from a power supply of the phone. The connector is connected to the phone, and the sensor portion 41 is attached to the back side of the phone, such as the top of his battery. Once attached, the phone can use is as a Manager or a key module according to the above description.

The phone can only be accessed if the appropriate person, certified by a sensor that uses a phone that can also be used to control other modules, such as payments over the phone network, remote control, opening doors, access to computers (for example, through the infrared interface control), etc. In this case, the module locks can be implemented in the phone.

Examples of other applications of tasks using the invention include:

Radioprotecao (RFR), i.e., a storage device, such as a hard disk, provided biometric reader or relay card reader.

Module lock for portable equipment (PDAs), running only when a specific relay is close by. Repeater, for example, may be integrated in a wristwatch. In addition, the wristwatch can be provided with a biometric sensor that communicates with a PDA through infrared communication or radio communication.

The locking device can be integrated into the remote control device to ensure that only authorized users can access the equipment with the remote control.

When the encryption/designova the AI e-mail or file encryption can be performed using the public key, while decryption using a secret key that is checked for belonging to the correct person using a biometric sensor.

The invention is not limited to the use of a key or module block, as well as combinations of multiple keys and modules lock, where there may be one or several key modules or modules lock working together. The structural diagram in figure 5 shows such a tool, where L1-L5denote the modules of the lock, and K1and K2designate key modules. The key module, for example, K1can be configured in such a way that he shot the lock with the number of modules block, for example L1-L4, while To the2unlocks the L4and L5. The term "latch" means also allowing access to various resources and information. Communication between modules of the block and between the modules lock and key modules can be performed via radio, the Internet (or other networks), infrared, etc., decoding is preferably performed as described above.

Although there have been illustrated and described only the preferred embodiments of the present invention, it is understood that there may be changes and modify the tion in the volume described in the attached claims.

1. The tool (10) to protect access to the device or module with the help confirm the identity of the user, and the said means mainly includes a key module (11) and the module (12) lock mentioned key module (11) communicates with the said module lock and includes an input unit (13), the module (14) communication and a tool that performs user authentication in the key module (11) before the key module allows performing lock/unlock in the above-mentioned module lock, in which the mentioned key module (11) is made with the ability to communicate with the module lock (12), starting a test sequence after the above execution lock/unlock allowed, by sending a request to the module (12) lock module block meets the transmission of alternating randomly generated messages and computes a numeric value using the algorithm, using a secure key, which is stored in the above-mentioned module lock, and mentioned numerical value is calculated from the transmitted response message, mentioned the key module in response generates a numeric value calculated from the received message, using upon the mentioned algorithm and referred to the protected key, and if the mentioned module block receives a message containing a value that is identical to the value calculated by the module locks, identification confirmed and provided access to the device or information.

2. The tool according to claim 1, characterized in that the said device is a computer, a machine for cash withdrawal, door lock, car door, remote control unit, mobile communication device, a portable computer, etc.

3. The tool according to claim 1 or 2, characterized in that the input module is a biometric sensor, reader code (personal identification number), device, voice recognition device recognizing the retina, a card reader or a mobile phone, etc.

4. A tool according to any one of claims 1 to 3 characterized in that the identification information of the user stored in the key module.

5. The tool according to claim 1, characterized in that the above numeric value is used without changing the answer or encrypted so that the module locks could interpret it.

6. The remedy according to claim 1 characterized in that said module lock is provided in the storage device (30)available in the computer mentioned key module contains Biomet the systematic sensor (31) and the module lock prevents access to the data, and it is associated with the software of the computer through the module (32) of the controller.

7. The remedy according to claim 6, characterized in that said controller module is one of the ISA card, PCI card, or the like.

8. The remedy according to claim 6 or 7, characterized in that the controller module contains a key module.

9. Remedy any of PP-8, characterized in that the sensor module initializes referred to the computer through the controller module.

10. Remedy any of PP-9, characterized in that the lock operation is initialized automatically after expired some time, and/or by the user through the remedy, and/or by the user using the procedure of protection.

11. Mobile device (44) connection to provide access to the module or module, characterized in that it contains the remedy according to claim 1, whereby the above-mentioned remedy is an external module associated with the communication port of said mobile device (44) due to the fact that the remedy is provided a biometric sensor associated with the said communication module, whereby the module is a single unit consisting of the key module and/or module block, and that user authentication is performed in the key module before blokirovki the/unlocking is accepted by the module lock.

12. The method of providing access to the module or module, essentially containing key module (11) and the module lock (12), and referred to the key module (11) is associated with a module block containing the input module (13) and the communication module (14), this method contains the steps:

A. initialize identification in the above-mentioned key module after initiation by the user,

b. initializes a verification key module by means of identification referred to in the key module, sending a request to the module locks

C. module lock meets variables randomly generated message

d. simultaneously calculate a numeric value using the specified algorithm that uses a secure key stored in said module block, and save it for future use,

that is the key module is responsible numeric values calculated from a received message, mentioned using a specified algorithm and key used in the module block, and

f. confirm the identification, if the module block receives a message that contains a numeric value that is identical to the value confirmed in the transfer step, providing access to the module or module.

13. The method according to item 12, wherein mention is the second value is calculated entirely from the response message.



 

Same patents:

FIELD: computer science.

SUBSTANCE: system has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

EFFECT: higher efficiency, broader functional capabilities.

5 cl, 15 dwg

FIELD: mobile communications.

SUBSTANCE: server generates one-time activation code, sends it to user via intellectual card in cell phone and when user inputs an activation code in his cell phone, inputted code is transmitted to server for verification, in case of positive result server sends a command to phone to provide for access, which opens access to appropriate set of functions of intellectual card, while portion of functions can contain, for example, PKI-functions, which were concealed and inaccessible for user until said moment, after that user can select his own PIN-code for authentication, encoding and signature for transactions, and, concerning activation of PKI functions, generation of necessary secret and open keys, and also necessary certification are carried out after verification of activation code.

EFFECT: higher efficiency, broader functional capabilities.

1 cl, 1 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

The invention relates to computing and can be used in automated systems for the provision of Internet services

The invention relates to a device for mutual authentication of two blocks of data

The invention relates to the field of user identification in various service systems and providing them with the relevant authority, including confirmation of solvency or reputation stand

The invention relates to a process subscriber identity

The invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (PC)

FIELD: computer science.

SUBSTANCE: system has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

EFFECT: higher efficiency, broader functional capabilities.

5 cl, 15 dwg

FIELD: computer science.

SUBSTANCE: system has electronic key, information processing block and conversion to video information, block for transmitting optical video information, block for receiving and processing optical video information and controlling electronic key.

EFFECT: higher reliability, higher efficiency, broader functional capabilities.

1 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

FIELD: computer science.

SUBSTANCE: system has means for confirming authenticity in real time scale, which detects standard digital signature for executable, using content of digital signature, excluding portions of executable, for which address linking is performed by program loader. Means for confirming authenticity in real time scale after loading of executable image determines integrity of digital signature for checking whether executable was modified in an unsanctioned way, and also guarantees that each pointer in executable image is not readdressed in an unsanctioned way.

EFFECT: higher efficiency, broader functional capabilities.

4 cl, 6 dwg

FIELD: data carriers.

SUBSTANCE: device has calculating, reserving and recording modules. Each variant of semiconductor memory card contains area for recording user data for controlling volume and area for recording user data. On carrier method for computer initialization is recorded, including calculation of size of volume control information, reserving areas and recording therein of control information for volume and user data, recording main boot record and sectors table in first section of first area, skipping preset number of sectors, recording information of boot sector of section, file allocation table and root directory element to following sectors.

EFFECT: higher efficiency.

5 cl, 59 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!