Software masking of memorizing devices

FIELD: systems and method for software control of access between one or more nodes and multiple devices connected thereto.

SUBSTANCE: system has system of parallel used memorizing devices and node, programmed for identification of each memorizing device and masking access from node to at least one memorizing device. System for controlling access to multiple memorizing devices in system of memorizing devices has node, programmed for determining, whether for each of multiple memorizing devices masking should be performed relatively to node and interface for selective modification of programmed data structure. Method describes operation of system for controlling access to multiple parallel use memorizing devices by multiple computers.

EFFECT: possible concurrent transfer of frames in both directions at speed, exceeding 1 Gbit per second, for distance over 10 km.

6 cl, 13 dwg

 

The technical FIELD

The present invention relates generally to access control devices and, in particular, to a system and method for software management access through the main system, to one or more devices operatively connected to the main system.

PRIOR art

To maintain competitiveness and ensure compliance with current technological changes in computer systems are becoming more and more powerful and complex. The main motivating factor for this was the use of large databases and the applications that require processing more and more data. The increased complexity of systems necessitates the creation of advanced storage devices for data and bandwidth communications. The architectures of computer systems has historically been based on the principle that the mass memory "owned" by the host computer or host to which they are connected. In recent models, architecture of computing systems there is a tendency to create more intelligent storage devices storing data and communication channels through which facilitate the transfer and storage Yes the data.

The two main types of topology data that is typically used to transfer data between processors and between a processor and peripheral devices are the communication channels and networks. "Channel" provides a direct or dial-up point-to-point connection between devices that support communication. The main goal of channel is to carry data with the highest possible data rate and with minimum delay. In communication channels usually carry out a simple error correction performed by the hardware. In contrast, the "network" is a set of distributed nodes (e.g., workstations, storage devices and so on), which has its own Protocol that provides support for communication between these nodes. Typically, each node competes for use of the transmission medium, each node must be able to recognize status errors in network and must ensure that the control error handling required for exit status errors.

Hybrid type is the linkages between fibre channel (Fibre Channel)through which attempted to combine the benefits of technology with the use of the communication channel and network technology. Finding the action scene currently under development Protocol fibre channel adopted as a national standard DoD information systems (National Institute of Standardization USA (ANSI)). In concise language, Protocol, fibre channel is a dial-up Protocol, which allows to provide a parallel connection between workstations, supercomputers, and various peripheral devices. Full bandwidth provided by fiber-optic channel, may be of the order of terabits (trillion bits) per second. Through fibre channel can be carried out simultaneous transmission frames in both directions at speeds in excess of 1 Gigabit per second. Moreover, it can be made to transport commands and data according to existing protocols, for example, according to the Protocol interworking (PMS) (IP), small computer system interface (IMX) (SCSI), a high speed parallel interface (SPI) (HIPPI) and intelligent peripheral interface (IIP) (IPI), both optical fiber and copper cable.

Development and standardization of fiber-optic channel has had a strong impact on the storage device for data storage. Fibre channel allows both faster access and access to a larger distance (e.g., at a distance of over 10 km) compared to other traditional topolog the s storage devices for storing data. Because fibre channel allows you to position the device at a greater distance relative to each other, it also has advantages when recovering data in emergency situations as a mass storage device can be placed at a distance. One of the specific applications of storage devices storing data, for which the fiber optic channel is of significant concern, is the system of shared storage devices, such as network architecture, network memory devices" (SOUP) (SANs), through which many of the major computers can carry out collective network access the respective storage devices.

Typical structure of SOUP (SAN) consists of many systems, storage devices and logically isolated network. System storage devices can contain a storage device, essentially, of any type, such as disks, tape, etc. Network portion contains adapters, cabling, interfaces, hubs, switches, and control devices. In brief formulation through adapters connect servers and peripherals to the cable connections (e.g., fiber optic or other cable connections) in the network. P is the tool interface units perform the conversion from one Protocol to another, for example, the Protocol IMX (SCSI) Fibre Channel Protocol. Through hubs, switches, and control devices provide a Central connection point and provide routing capabilities in a typical data bus network SOUP (SAN). Wednesday SOUP (SAN) allows us to consider many storage devices as a shared dynamic memory area, access to which can be carried out by many of the major computing machine (the host machine). Because you may need simultaneous access to a given storage device for more than one device, for controlling access to a storage device SOUP (SAN) can be difficult.

To selectively control access to storage devices connected with SOUP (SAN), was proposed architecture of the hardware switching. For example, to create zones, limiting individual Fibre Channel nodes in the SOUP (SAN) to communicate between themselves and with the respective storage devices using Fibre Channel switches. In the embodiment, the storage configuration, wherein a set of storage devices arranged in an array logic devices (for example, in one case), another approach is to implement hardware masking rooms logicalhostname (NFI) (LUNs). When masking NFI to control access between the main computing machine and the selected logical devices corresponding to the associated storage devices, use the switches usually found in the SOUP (SAN). For example, the Fibre Channel switch determines what node Fibre Channel and a logical unit number (LUN is a specific command, and performs the masking-level logical unit number (LUN.

However, since the development of a standard interface used to control the hardware switches are insufficient, in most systems in the implementation of effective masking NFI can be difficult. In particular, the management interface for each storage device and the main computer is usually different for each manufacturer. Therefore, in the case when the system contains a storage device and/or the main computers of different manufacturers usually require different interfaces. In addition, the hardware (for example, switches, and chassis equipment) can often be prohibitively expensive for smaller organizations who may wish to use them for shared storage devices. Moreover, t is m case when different host computers connected to the system SOUP (SANS)that use different operating systems, you may experience difficulties when attempting to simultaneously access different computers to the same storage device or logical device). In addition, if the same storage devices connected to multiple host computers, there is an increased probability of failure of file systems, for example, due to the fact that each host computer carries out periodic monitoring devices.

The INVENTION

The present invention relates to a system and method for software access control between the host and one or more respective devices, such as storage devices. The node can be implemented programming one or more data structures so that they point to the fact whether the appropriate device to be within the scope of the site. The scope node is determined proceeding from the node data structure, which can be dynamically changed by software changes in the structure of the data.

According to one aspect of the present invention, for identifying devices connected to the host using the interface. For example, the first node has a data structure through which indicate a device that is connected to the node. The site also has a second data structure, through which indicate whether the corresponding device to be hidden or open with respect to the site. For example, the second data structure may be in the form of a list (list) inclusions through which indicate what the device is (what devices are within the scope of the site and/or in the form of a list (list) exceptions through which indicate what the specified device (these devices do not fall under the scope of the site. To change the second data structure using the selected method can be used programmable interface. As a result, the selected connected device can be dynamically introduced in the scope of the site and/or derived from it. In the system of shared storage devices the interface simplifies the management of shared storage devices and reduces the number of conflicts between devices. For a node whose configuration is performed in accordance with the present invention, can also be reduced boot time, because the operating system must provide on the stupas to the appropriate devices and their arrangement on the basis of the second data structure of the node.

According to another aspect of the present invention, with a system of shared storage devices having multiple addressable storage devices that can be operatively connected to one or more controllers in the site. Each controller uses a programmable data structure through which specify the appropriate device, operatively connected to the node, which should be functionally "open" for a controller or hidden from him. The data structure may contain components of permanent and/or temporary storage. Components of the permanent and/or temporary storage can be changed through an interface, which is used in predetermined ways. For each respective device specified by the structure of the data controller, the controller creates the device object. Each device object associated with an object of a higher level, for example with the class driver, through which exercise control over the operation of the respective device in response to commands received from the controller.

According to another aspect of the present invention provide dynamic deletion (or addition) of an object device for the respective device based on changes in the structure of the data the x node. In the case when the device object is deleted, for example, for the corresponding object-device boot-device higher level (for example, class driver) do not produce, and the appropriate device is no longer within the scope of the site. As a result, traditional methods of communication with the device (for example, commands for reading and/or writing) are denied. However, for the respective device can be created device object to a second node (e.g., through a software change data structure, the second node), whereby establish a communication channel between the second node and a corresponding device. Thus, this aspect of the present invention can be used to facilitate programming swapping between the set of interconnected nodes.

According to another aspect of the present invention may be implemented dynamic interrupt or adding a connection between the subject device and its object is a device of a higher level for the respective device according to whether the corresponding device through the node data structure. In the event of a disconnection between the subject device and its object is a device of a higher level corresponding to the mouth of austo is no longer within the scope of the site, so accessing it from a node is locked. You can create a new device object is more high level and, in turn, is associated with this object by the device, whereby the corresponding device is open with respect to the node, for example, in response to programmatic changes in the structure of the data node.

BRIEF DESCRIPTION of DRAWINGS

1 shows a block diagram of a system according to the present invention;

on Figa depicts a functional block diagram of a system programmed in accordance with the present invention, showing a first state of the system;

on Figb depicts a functional block diagram of the system of Figa showing a second state of the system according to one aspect of the present invention;

on FIGU depicts a functional block diagram of the system of Figa showing a third system device status according to another aspect of the present invention;

figure 3 shows the functional block diagram of the system showing the node connected to multiple targets through a set of tires, which configuration may be performed in accordance with the present invention;

figure 4 shows a block diagram of a system having multiple nodes connected to the system shared zapominayuschaya according to the present invention;

figure 5 shows a block diagram of a system having multiple nodes connected to the system shared storage devices according to the present invention through the network;

figure 6 shows a block diagram of the system based on the Internet, with many nodes, which are connected with a system of shared storage devices according to the present invention;

7 shows an example operating environment for a system arranged in accordance with the present invention;

on Fig depicts the sequence of operations, which shows the methodology initialization criteria masking for a node according to the present invention;

on Figa depicts the sequence of operations, which shows the methodology of the masking device access from a node according to the present invention;

on Figb depicts a more detailed diagram of the sequence of operations for part of the steps of the method according to Figo according to one aspect of the present invention; and

on FIGU depicts a more detailed diagram of the sequence of operations for part of the steps of the method according to Figo according to another aspect of the present invention.

The METHOD of carrying out the INVENTION

The present invention relates to a system and method for software access control is between the node and one or more associated devices for example, the functional storage devices. The node can be executed programming one or more data structures in such a way as to indicate whether the corresponding device to be within the scope of the site. The scope node determines whether each corresponding device functionally open or hidden with respect to the site. According to one aspect of the present invention may be implemented to dynamically change the scope of the site by program change data structure.

Figure 1 shows a simplified block diagram of a system 10 that can be programmed to carry out the masking according to the present invention. The system comprises a host 12, operatively connected via the bus 14 with many devices 16, 18, 20 and 22. A node is a computer, such as client computer, workstation, server, or other computing machine. Devices 16, 18, 20 and 22 may represent a functional storage device (e.g. hard drive, permanent memory on the CD-ROM (ROM-CD) (CD-ROM), digital versatile disk (DVD), storage device, tape etc) or other peripheral devices that can be used is shared with the host 12. The bus 14 may be made in the form of network communication channels or other means of communication, allowing data transfer between the host 12 and the storage devices 16, 18, 20 and 22.

According to one aspect of the present invention, the node 12 contains a controller 24 having an associated data structure, for example, in the form of one or more configurable lists (of lists), through which define criteria scope to define the parameters of the mask used in the node. It should be borne in mind and realize that except where otherwise indicated, any interpretation or in those cases where the need for a different interpretation due to the context used here and in the claims, the term "masking" is to be interpreted in its broadest sense and imply that all such constructions terms are within the scope of patent claims claims. For example, the concept of "masking" in relation to the site may contain as the operation of the injection device in the scope of the site, and the operation of removing a device from the scope of the site. In the case when the device is not within the scope of the node 12, the connection between the host and the device is blocked because of devices which is hidden with respect to the upper levels of the software in the node. Conversely, in the case when the device is within the scope of the host 12, the host can access the device through the use of appropriate communication Protocol.

In the drawings Figa - FIGU shows the functional block diagram, which shows the elements of the operating system (for example, the set of drivers) node 12, which can be programmed and/or configured to provide masking of communication channels between the host and devices (not shown), operatively connected to the node. With reference to Figa node 12 contains the adapter 28 host bus, which, for example, may be a host bus adapter IMX (SCSI). The adapter 28 host bus contains the controller 30, is made and/or programmed to provide control paths or channels of communication between the host 12 and the device, operatively connected to the node through the corresponding bus. In particular, the controller 30 creates objects-devices 32A, 32b, 32V (collectively, the "objects-devices 32") for devices connected to the bus. Each device object 32 is a functional device object through which indicate the device, including, for example, its location (for example, the logical number of the device the VA) and operational characteristics of the device. It should be borne in mind that when used herein, the term "device" has a broad interpretation and corresponds to, for example, a hardware device or functional unit, for example, a logical device for storing data, which corresponds to the storage device.

For each of the corresponding object devices 32A, 32b, 32V are loading another object devices 34a, 34B, 34C higher level (the combination of which is called "objects-devices 34 a higher level"). Each device object 34a, 34B, 34C higher level associated with a corresponding object device through the operational line, designated respectively as 36A, 36B, 36V. Object-devices 34 a higher level represent physical objects-devices, such as drivers classes, through which control operation of the respective device by filing the appropriate commands to the appropriate device or receiving them from him in response to requests from the controller 30 of the host 12. After loading the object device 34 higher level and associate it with the supplied according to him the object device 32 corresponding to the device falls within the scope of the site (for example, a node can access the corresponding device is TSS).

The node 12 or, in particular, the controller 30 contains a structure 40 data to save the information, by which point the device and their relationship with the host during operation. For example, one characteristic of the structure 40 data are in accordance database or list 42, which lists all devices that are operatively connected to the bus controller (below referred to as "universal list of 42"). Universal list of 42 contains devices that are in accordance with the present invention are functionally open and hidden with respect to the node 12. Another characteristic of the data structure 40 is there a database or list of 44, which lists all devices that have attributed to him the objects of the device. That is, in the list of 44 assigned to the objects indicated operatively connected to the controller 30 (or node 12) of the device, for which there is a device object 32.

The third characteristic of the data structure 40 is the presence of patterns 46 data management scope in terms of the relevant list (hereinafter "the list of 46 management scope"), which retain a working map criteria masking for node 12. A list of 46 control the scope of a program so that you can make treason is their criteria masking to enable dynamic implementation of the selected devices in the scope of the node 12 and/or remove selected devices from it without having to bootstrap the system. Criteria masking can contain, for example, the list of exceptions, the list of inclusions or both lists. Lists (inclusions or deletions) can be made in the form of data structures of any type. Through the list of inclusions specify the device (for example, according to the numbers of logical devices or other identification parameters)that are within the scope of the site. And, Vice versa, by means of the list of exceptions raised by those devices that are not within the scope of the site; and all devices that are not contained in the list of exceptions, are within the scope of the site. Therefore, in the case of using the list of exceptions in operative connection of a new device to the node 12, it will be open in relation to the site, for example, by use of a control method with automatic installation configuration (AUC) (Plug-n-Play (PNP)). Generally speaking, the way the search mask in the form of a list of inclusions or in the form of a list of exceptions due to the chosen variant of embodiment, since each of them may have advantages, depending on the system configuration, while implementing the most appropriate way of knockout.

For brevity, in the following example, a list of 46 management area action the Oia is described as a list of inclusions in which the device from the list of inclusions are within the scope of the site. However, it should be understood that the principles set forth herein are equally applicable both to the list of inclusions and to the list of exceptions. In addition, although in the description of a list of 46 management scope States that it is operatively associated with the controller 30 of the host should be aware that can be used and other options for the layout of storage devices for storing data. For example, node 12 may be provided to support the overall structure of the data control scope through which globally indicate what the device are masked with respect to the node 12. In an alternative embodiment, may be supported list management scope separately for each tire.

According to one aspect of the present invention, the list of 46 control scope can be quickly set in accordance with two types of lists of inclusions and/or exclusions), namely a list of 48 inclusions permanent storage and the checklist 50 inclusions temporary storage. The terms "permanent" and "temporary storage" refer to characteristics of the conservation of relevant listings. For example, the list of inclusions temporary storage is not with the subject when the system is restarted or when you disable the controller. Save the list of 50 temporary storage is carried out, for example, in a storage device of the host that is designed for temporary storage of data (for example, a volatile memory device), for example, in random access memory device (RAM) and stores it in the whole time of system operation and functioning of the controller 30. In a preferred embodiment, the list of 48 inclusions permanent storage save when you restart the system or in case of emergency failure, and other similar situations, such as when power is off or when the damage to the controller 30 or the host 12. Save the list of permanent storage is carried out, for example, in the ROM (for example, in the non-volatile storage device), for example, in the system registry. As the list of 48 inclusions permanent storage, and a list of 50 inclusions temporary storage, can be appropriately programmed so that the selected list can be modified, for example, by an administrator or the service of a higher level, resulting in provides the ability to dynamically change the scope of the node 12. For example, to view the contents of the selected lists or to programmatically change the contents of the selected list or lists may be provided by several what about the interfaces (for example, application programming interfaces (APIs)).

As an example, to enable software masking device with respect to the host 12 according to the present invention provides an interface 60, for example, the interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST) (or application programming interface (API)). Executive agent (agent), which is, for example, an application program (or service) of a higher level or the administrator uses the interface 60 to change the list of inclusions and/or exclusions). Through an interface 60 carry out the removal of the respective identification data of one or more devices from the appropriate list of inclusions (permanent or temporary) (or adding to it). The type and extent of changes in the list determined by commands in interface 60, for example, by the application of a higher level or system administrator.

In addition to control the layout of a particular device within the scope of a node 12 may also be desirable to perform a full erase of the list controls scope for settings mask corresponding to this list, do not have an impact on the system behavior (for example, to ensure that no attempts were the shape masking). To perform this operation, for example, in relation to the list of inclusions can be created appropriate interface or application programming interface (API), for example, the interface 70 OCHISTITELNUYU (CLEAR_INCLUSION_LIST). The administrator (manual) or an application program at a higher level (initiated by any operation) can use the interface 70 by specifying which list (or lists) of inclusions should be removed. The result of this interface 70 is determined by the type of list (of lists) management scope. For example, if there is only one list, and uninstalled using interface OCHISTITELNUYU (CLEAR_INCLUSION_LIST), then the system will return to the operation mode, the default, which for example, may consist in the fact that every device that is visible to the system is open. Alternatively, in the presence of aggregate mixed lists management scope (for example, when there as lists of inclusions and lists of exceptions), the system mode will vary depending on what type of list is deleted. For example, if through an interface removed the list of inclusions, each device listed in the list of exceptions is excluded from the region is t steps. If from a population of mixed lists deleted the list of exceptions, all of the devices listed in the list of inclusions are included in the scope. The operation of modifying the scope of a node is produced, for example, in accordance with one of the following methods. That is, can be carried out removing or adding objects themselves-devices (see, for example, Figb), or may be performed off or create relationships between objects-devices and related drivers class (see, for example, Pigv).

To determine the current status list of inclusions (or exceptions) node, the administrator or application program can be used by another interface, for example, the interface 80 POLITICLY (GET_INCLUSION_LIST), through which provide information that shows the current list of inclusions (temporary and/or permanent storage). Access to the interface 80 POLITICLY (GET_INCLUSION_LIST) can be carried out in the site by any application program or by any user.

To issue the list of devices connected to the controller, as well as identification of the parameters of the corresponding devices can be also used another interface 90 ZAPROSOV (QUERY_ATTACHED_DEVICES). Example is, it can be implemented on the basis of the search request data in response to the request of IMX (SCSI), and access thereto may be made by any user or by any application program that is associated with this node.

On Figb shows a functional diagram of a method, according to a particular aspect of the present invention can be used to control the placement of the device within the scope of the node 12. The same number of positions to which you have added a symbol in the form of a dash (')refer to the corresponding components previously indicated in the description relating to Figa. In particular, this method relates to the management (for example, adding or removing) the corresponding object device 32V' for the node mask corresponding device in relation to this site. For example, for device removal, which is open at the current time, from the scope of the node 12', deletes the object device (for example, 32V'), set in accordance with a specific device. It is marked on Figb position 32X, through which indicate the absence of the object device 32V (Figa). Delete object device may be initiated, for example, by using the interface 60' SEDATIVEHYPNOTIC (SET_INCLUSION_LIST) to remove select the nogo device from the list of inclusions. A list of 46' management scope contains changes made in the list of inclusions. The interface 60' issues in automatic configuration (AUC) (PNP)or in native interface (not shown) command delete the corresponding object device. Delete object device 32V, in turn, leads to the removal or discharge of the appropriate driver 34B class (Figa). The device is also removed from the list of 44' assigned objects. Because the device is not delivered in compliance with any device object or the class driver, there is no any suitable communication channel, through which any objects or drivers of a higher-level associated with the node 12 may communicate with the device and, therefore, access to the device from the site is actually blocked.

For introduction of the device, which at this time is hidden, in the scope of node 12 node programmatically create device object 32 for this device. With reference to Figb this can be accomplished, for example, by the application of a higher level or by the administrator using interface 60' SEDATIVEHYPNOTIC (SET_INCLUSION_LIST), through which the list of inclusions add the appropriate data that identifies the device is in. The interface 60' issues a command to the management tool APK (PNP) or other interface to add the device object for this device, followed by loading the driver class 34B for the device and, in turn, its operatively associated with the object device 32V (see Figa). The device can be added to the list of 48' inclusions permanent storage, or a list of 50' inclusions temporary storage that depends on your reasons for establishing a communication channel between the host and the device. After object creation device 32V device is also added to the list of 44 assigned objects. In that case, if the added device is a new device for the system, it can also be added in the universal list of 42.

Removal of list management scope by the administrator or by an application program or module of a higher level can also be used interface 70' OCHISTITELNUYU (CLEAR_INCLUSION_LIST). As mentioned above, will be whether the device is introduced in the scope of node 12' or derived from it depends on whether the list list of inclusions or list of exceptions.

On FIGU shows a functional diagram of another method, according to the present invention can be used in the node 12 for program management o f the receiving device within the scope of the node 12". The same number of positions to which you have added a symbol in the form of a double Prime (")refer to the corresponding components previously indicated in the description relating to Figa. In this method, the masking of the communication channel between the host and device can be implemented by controlling the current connection 36 between the object device 32 and the object device 34" higher level corresponding to this device. With reference again to Figa, for example, if the device has a device object 32V and the corresponding object 34B class driver, the device may be inferred from the actions pane, node 12 by dynamic separation (or removal) due 36V between the class driver and the object device. This is shown in Figv position 36X, through which indicate the lack of communication 36V (Pigv). A device that is not within the scope of the site, but is part of a General list of 42", can be entered into the scope of the node 12, for example, by adding links between 36V object device 32V and driver 34B class for this device, which is shown in Figa.

Masking can be carried out in a manner analogous to the method described with reference to Figb. In concise language to change the list of inclusions (perecin the 50" temporary storage or list 48" permanent storage) the administrator or an application program of a higher level using the corresponding interface for example, the interface 60" SEDATIVEHYPNOTIC (SET_INCLUSION_LIST). A list of 46" management scope contains the changes made to the corresponding list of inclusions. The interface 60 also throws in its own interface or a management tool APK (PNP) command to add or to break the link 36 in accordance with whether the device is functionally hidden or open with respect to the site. If the device has to be opened with respect to the node 12, were not created nor device object or class driver (for example to connect a new device), then create the corresponding device object 32V and driver 34B class and provide them with the link, as previously shown and described with reference to Figa. For each object, the device 32 may be set to a Boolean value (TRUE or FALSE) the associated flag to indicate whether the device object visible device within the scope of the node.

Figure 3 shows an example system environment 100, in which the operative connection node 110 with multiple target devices 120 through the many buses 130 and 140. Node 110 contains the controllers 150, 160, providing operative communication with each respective bus 130, 140 to create and control paths (Cana is AMI) communication between the node and each target device. Each target device 120 has a corresponding target address and contains one or more logical devices 170. Logical unit 170, for example, provide a means of communication with the functional storage devices corresponding to the target device 120. Each logical device 170 has a corresponding logical unit number (or other identification parameters). The node 110 and the controllers 150 and 160 are designed so that they function essentially the same as the host and the controllers shown in the description relating to Figa - Figv. In particular, the node 110 may contain a list of inclusions permanent storage, which remain in the registry and which contains one or more logical devices that are within the scope of the node.

The list of inclusions permanent storage used for initial system startup or during initialization to create paths or channels of communication between the host 100 and each device 120 or a logical device 170, specified in the list. For example, during initialization, the host 110 or the controllers 150 and 160 define a list of controls scope based on the list of inclusions permanent storage, stored in the system registry. In the case of the absence of the list of permanent storage can be installed configuration node, the default, in which each device, operatively coupled with the node is functionally open, or in which no device is not open. In the example below, assume that the original list of inclusions persistent storage exists.

Each controller 150, 160 performs bus enumeration and transfer request to each target device 120 for each respective bus 130, 140 to determine the number of logical devices corresponding to each target device. The controllers 150 and 160 can also provide an additional query to determine the device type corresponding to each logical device, and retrieve specific data about the identifier of each logical unit, for example, about the serial number. On the basis of data about the identifier, each controller 150, 160 performs additional checking his list management scope to determine lists whether the device or logical device in the list. If the logical device is within the scope of the controller, logical device, create a device object, and the logical device can be marked as visible, for example, by setting an appropriate flag, the corresponding device object. In the list priesand the x objects also add parameters logical unit, associated with each device object. However, if the logical device is not within the scope of the node 110, the corresponding device object not create. However, in any of these cases, the parameters which identify each logical device, add in the universal list of node 110. This process is repeated until then, until the proper processing of each logical unit 170 for each target device 120 each bus 130, 140.

In some cases, for example, during initial system startup, it may be desirable to set programmatically empty list management scope, which removed all elements of list management scope. For example, an empty list of inclusions deletes all device 120 or logical unit 170 from the scope of the node 110. Conversely, the presence of an empty list of exceptions leads to the fact that all devices connected to the bus, to be entered in scope. In this situation, the node 110 list of inclusions (permanent or temporary) does not contain any of these it devices, and therefore, the list management scope of any device is not specified. In that case, if the controller does not have a list on the values, then check device, operatively connected to the bus, when the bus enumeration is not produced. This significantly reduces the boot time, because there is no need to perform control procedures proper functioning of the device or check the file systems associated with the device. The initial load time can also be reduced by programming the list of inclusions node at the initial stage so that it indicate only a relatively small number of devices, which leads to only a small number of devices within the scope of a node (for example, when the system is connected to a storage device for storing data of large capacity, such as the environment SOUP (SAN)). Through this also to reduce the overload in the circuit and reducing the number of conflicts between devices.

Figure 4 shows a functional diagram of an example layout of a system 200 according to the present invention, in which the system 210 shared storage devices via respective connectors 206 and 208 connected set of nodes 202 and 204. The system 210 shared storage devices comprises, for example, the network 212 memory devices SOUP (SAN), operatively connected with many zapominayuschaya a, B, 220V, 220g and d (collectively referred to as "storage devices 220"). Each storage device 220 may represent, for example, disk, tape, or media data of any other type (optical or electronic).

SOUP (SAN) 212 contains, for example, a set of adapters, devices, pairing (bridges), hubs, switches, and control devices through which control routing and connections between storage devices 220 and nodes 202 and 204. In brief formulation through adapters connect nodes or servers, and peripheral equipment to the cable connections (for example, optical fibers or other cable connections) in the network SOUP (SAN) 212. Through interface units perform the conversion from one Protocol to another, for example, from the Fibre Channel (fibre channel) Protocol interworking (PMS) (IP) or from the Protocol IMX (SCSI) Fibre Channel Protocol (fibre channel). Through hubs, switches, and control devices provide a Central connection point and provide the means for routing the data bus network SOUP (SAN). To increase system throughput and, in turn, speeds, in the SOUP (SAN) 212 may be used in esavana structure Fibre Channel for connecting devices in the form of a dial-up configuration with the point of intersection, contains the storage device 220 and the nodes 202 and 204.

Between nodes 202 and 204 may be an additional line 230 connection, which is optional, by means of which provide connectivity between nodes. Line 230 connection can be made in the form of network (LAN, WAN), lines, long-distance communication or any other communication mechanism through which can be provided for communication between nodes 202 and 204 and/or their users. Besides, you may be provided with output lines of communication outside the network SOUP (SAN) by using any number of protocols, interprocess communication (for example, Protocol SPI (HIPPI), Protocol interworking (PMS) (IP), the Protocol universal interface (VI), and so on).

For example, nodes 202 and 204 for lines 206 and 208 of the communications network SOUP (SAN) 212, in which to communicate with storage devices 220 are using Fibre Channel may be used by the Protocol IMX (SCSI). Each node 202, 204 is programmed in such a way that contains a data structure, such as a list of inclusions and/or exclusions, whereby determine what storage devices 220 are within the scope of the corresponding node. The data structure may contain lists of permanent and/or temporary storage. You can control which of zapomina the existing devices are within the scope of each node, and which are not within its scope, shall be implemented by the application program or Executive means (agent) at a higher level. As mentioned above, dynamic masking access between each node and the selected storage devices may be implemented by software changes to the list of inclusions for each node.

For example, the node 202 may have a list of inclusions, which contains a storage device a, and the node 204 may have a list of inclusions, which contains a storage device b and 220V. Before from node 202 to be accessed storage device b, node 204 may be issued the command to abandon the exclusive use of the device. This can be accomplished by the application of a higher level or by the administrator using the interface (SEDATIVEHYPNOTIC (SET_INCLUSION_LIST)), whereby the storage device be removed from the list of inclusions node 204. Changes in the list of inclusions in this way leads to a corresponding change list management scope. To block access to a storage device b from node 204 object-level device can be used in the interface or the management tool APK (PNP), for example, according onomous of embodiments of the invention, that shown and described with reference to Figa - Figv. In the case where the storage device b is not within the scope of the node 204, the node 204 (or its user) is able to communicate with the node 202 via line 230 connection, which indicates the termination of the exclusive use of the storage device. Then, the administrator or application program at a higher level (or node 202, or node 204 via line 230 connection) can use an interface (for example, the interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST)to add a storage device b in the list of inclusions node 202. In turn, make the appropriate changes and list management scope. The interface also gives the team another interface or management tool APK (PNP) to enter the device b in the scope node 202, for example, by issuing appropriate commands added object unit corresponding to the storage device b, and/or linking object device with the appropriate class driver for mass storage device b. Because the device object node 202 is associated with the appropriate class driver, access to the corresponding storage device b resolved (for example, the device is within the scope of the node 202). In a similar way can be the implemented software masking of access in relation to the other storage device 220 of the nodes 202 and 204.

For example, the administrator may provide each node 202, 204 appropriate level of access to storage devices, commensurate with the needs of each site. In addition, each node 202, 204 may be programmed in such a way so as to access the same storage device (device) 220, which allows to reduce the needs in the memory system 200 as a whole. As a result, there is no need to duplicate the data to multiple nodes. Moreover, such a masking reduces the congestion in the path and reducing the number of conflict situations between devices, which can occur when attempting to perform a simultaneous access to a storage device take more than one node.

Figure 5 shows an example of another layout system 300 according to the present invention, in which multiple client nodes 302 and 304 is associated with multiple server nodes 306 and 308 via a conventional network infrastructure 310, for example, via a LAN or a WAN. Server nodes 306 and 308 operatively connected to the system 318 shared storage devices. In particular, the server nodes 306 and 308 are connected to multiple storage devices 320S, b, 320v, 320g and d (collectively referred to as "remember what their devices 320") through a network of SOUP (SAN) 330, which may contain a topology with the structure of the Fibre Channel.

According to one aspect of the present invention, each of the client nodes 302 and 304 contains one or more programmable data structures, made for example in the form of a list of inclusions and/or exclusions by which to determine what storage devices 320 are within the scope of each respective client node. As mentioned above, the data structure may be in the form of lists of inclusions temporary and/or permanent storage. The data structure also can match an empty list of inclusions through which indicate that within the scope of the respective client node has no storage devices. It should be understood that each of the server nodes 306, 308 may also be programmed so that it contained lists of inclusions (or exceptions) for additional control access to the selected storage devices. In accordance with the present invention, can be made dynamic masking one or more storage devices in relation to each node 302, 304, 306, 308 by using the appropriate interface through which one or more for ominaeshi devices can be programmatically added to the list of inclusions of the corresponding node or removed from it.

For example, a client node 302 has a list of inclusions, which indicates a storage device 320S and 320v, and the node 304 has an empty list of inclusions (e.g., all devices connected to the bus, excluded from its scope). In order to access a storage device 320v from node 304, a storage device added to its list of inclusions (or remove from its list of exceptions). This can be accomplished, for example, through an application program of a higher level or by the administrator using the interface (SEDATIVEHYPNOTIC (SET_INCLUSION_LIST)to add a storage device 320v in the list of inclusions node 304. The addition may be permanent or temporary, depending on how the list of inclusions (temporary or permanent storage) add a storage device. Such modification of the list of inclusions leads to a corresponding change in the list control scope node 304. In the management tool APK (PNP) also serves the team, for example, to create a device object to a storage device (in this case suggest that it does not already exist). Object device connected through a communication path with the class driver to transmit the control commands to the storage device 320v (for example, serves the team read the treatment or records in response to requests for I / o).

You may also need to bring a storage device 320v scope node 302 before the device is opened with respect to another node 304. Thus, one of the server nodes 306 or 308, or client node 304 may communicate with the client node 302 via the network infrastructure 310 and submit a request for waiver exclusive use of the storage device 320v node 302, for example, by software masking of access to a storage device from the host 302. To initiate masking in the client node 302, for example, according to any of the shown and described are embodiments of the invention may be used in the interface (SEDATIVEHYPNOTIC (SET_INCLUSION_LIST)). Because the storage device 320v is functionally hidden in relation to the client node 302, it leads to the reduction of congestion in the path and to reduce the likelihood of potential conflicts that can occur while accessing the device from two or more nodes.

Figure 6 shows an example system 400 based on the Internet, in which the masking according to the present invention can be used to dynamically control access to multiple storage devices a, b, V, 410g and d (collectively, the "mass storage device is isthmi 410") system 420 shared storage devices. Many Internet servers 430 and 440 operatively connected to the network 450 Internet. Each server 430, 440 also contains the appropriate storage device 460, 462, physically associated with each server. For example, the server 430 and 440 correspond to web servers for electronic Commerce whereby carry out the orders and handle pre-selected aspects of transactions for a specific area of commercial activity. Another server 470 is a main server through which to carry out additional processing of transactions or data management (for example, retrieving data), for example, based on the transaction received from each web server 430, 440. The master server 470 also includes a storage device 472, exclusively used only by the server. All servers 430, 440 and 470 operatively connected to storage devices 410 through a network of SOUP (SAN) 474 system 420 shared storage devices.

In accordance with the present invention, each server 430, 440, 470 may be programmed in such a way that contains a data structure, for example, in the form of a list of inclusions and/or exclusions by which specify criteria masking for each respective server. As mentioned above, the list may contain the arachni permanent and/or temporary storage, through which indicate whether a particular storage device to be within the scope of the corresponding server. According to one aspect of the present invention, for implementing dynamic masking of the storage device in relation to the appropriate server storage device 410 may be programmatically added to the data structure of one of the servers 430, 440, 470, or removed from it.

For example, the Internet server 430 corresponds to a server that is designated to receive and process the orders received from the network 450 Internet relating to the first area of commercial activity over the Internet. Through server 430 may be implemented saving data on transactions in the associated storage device 460, but it requires an extra memory stick for further processing. System 420 shared storage devices provides sufficient memory storage devices such as storage devices b, for execution of applications that require processing large amounts of data. To provide access to a storage device b server programmatically enters the storage device in the scope of the server 430.

According to the present invention, DL is adding a storage device b in the selected list of inclusions (e.g., temporary or permanent storage) server 430, for example, by an administrator or by the application of a high level can be used to interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST). Make changes to the list of management scope server 430 in accordance with the changes in the list of inclusions for temporary storage. In addition, actuate own interface or a management tool APK (PNP) for insertion of the storage device b in scope server 430, for example, according to one of the following as an example of embodiments of the invention, illustrated and described with reference to Figa - Figv. At that time, when the storage device b is within the scope of the Internet server 430, the server may use the storage device for processing and storing information about transactions, as well as any other device owned by the server. After the processing is over, the server 430 may waive its exclusive use of the storage device b, for example, through the use of interface (SEDATIVEHYPNOTIC (SET_INCLUSION_LIST)) to remove the storage device from your list of inclusions temporary storage.

As in the preceding example, access to a storage device b carried out with the specific goal imenno for processing and transmitting data to another computing machine, the storage device may be added to the list of inclusions for temporary storage. Therefore, if during processing will occur crash server 430 or associated controller, a storage device contained in its list of inclusions temporary storage, will not remain within the scope of the server 430. Instead, to continue processing the transaction information, the server must re-arrange exclusive use them these storage devices.

The server 430 (or its user) may also exchange information with the main server 470 (or its user) via line 480 of communication, to send the notification that they cut off access to a storage device b and that the master server 470 may exercise the exclusive use of the storage device b, for example, by adding a storage device in its list of inclusions. Initiating interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST) in the main server 470, whereby the storage device b add to the list of inclusions master server can be implemented by programmable commands, accompanying the exchange of information. You should realize that for the transmission of information about the web server 430 and data supplied in Sapmi the surrounding device b, can be used in any communication mode, including manual or automated way, with the transmission by wire or wireless transmission, etc. Once through the main server 470 implemented software introduction storage device b in its scope, it can realize the processing and saving of data to a secondary storage device 472, exclusively used only by itself, storing the data in a storage device b, or they may be implemented to transfer data to another storage device 410 after agreement the possibility of its exclusive use. Server 440 may communicate with the main server 470 through the communication line 482 to transmit information about the state of the server 440 and transmit status information and/or commands related to the associated storage devices 410.

Preferably, a large amount of data can be created by separate computers 430 and 440 Internet server and transferred to the storage device system 410 420 shared storage devices for processing by the main server 470. For example, the master server 470 may be used as a file server for the entire system 400. In addition, this methodology can be used for effective the th backups of selected data, moreover, these data can be stored in remote storage devices 410 taking into account the technical limitations of the network SOUP (SAN). For example, Fibre Channel allows you to place the storage device and the main computers that can access these devices, at a distance of at least 10 kilometers from each other.

7 and the following description are intended to illustrate various aspects of the invention, and a brief General description of a suitable computing environment that can be implemented in various features of the present invention. Despite the fact that the above General description of the invention has been described with reference to executed through computer commands of a computer program that executes on the host computer or the site under different system configurations, specialists in the art will understand that the invention can also be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, etc. through which perform particular tasks or implement particular abstract data types. In addition, specialists in the art it is clear that proposed in the invention methods can be is implemented through computer systems, having other configurations, including through a single-processor or multiprocessor computer systems, minicomputers, large mainframe computers and personal computers, handheld computing devices, microprocessor-based or programmable consumer electronic devices and the like, each of which may be operatively connected to one or more respective devices. Demonstrated aspects of the invention may also be implemented in distributed computing environments where certain tasks are performed by remote processing devices, communication between them is performed via the communication network. However, some or all of the aspects of the invention can be implemented on stand-alone computers, for example, in the implementation of the operational multiple processors with multiple shared storage devices (for example, for segmented storage device on the disks). In a distributed computing environment, program modules may be located in local and remote storage devices. However, you should realize that the masking according to the present invention is carried out at a lower level (for example, stacks of drivers within each computer, or node, whereby provide is described here provide masking capability.

With reference to Fig.7, is given as an example variant of a system 500 in which implement various aspects of the invention, includes a conventional server computer 502, which contains a processor 504, a system memory 506, and a system bus 508, whereby connect various system components including the system memory to the processor 504. The processor 504 may be any of various commercially available processors, including Intel x86" (Intel x86), "Pentium" (Pentium and compatible microprocessors manufactured by Intel and other firms, including firms "Cyrix" (Cyrix), AMD (AMD) and Nexgen" (Nexgen); processors "alpha" (Alpha), manufactured by the firm "Digital" (Digital); MIPS processors manufactured by the firm "Amipic technology (MIPS Technology)processors firms "NEC", "IDT", Siemens (Siemens), and others; as well as processors "Power Records" (PowerPC), manufactured by the firm "Ibeam" (IBM) and the company Motorola (Motorola), but these examples are not restrictive. As processor 504 can also be used dual microprocessors and other multi-processor configuration.

The system bus 508 may be any of several types of tyres with different structure, including bus storage device or the storage controller, a peripheral bus devices, or a local who inu using any of a variety of conventional configurations of the tire, for example, local bus connections to peripherals (PCI)local videochina VESA (Association for standards in the field of video electronics), microchannel bus (MicroChannel), bus standards (ISA standard architecture for industrial applications) and EISA (extended standard architecture for industrial applications), and many others. The memory system 500 contains a permanent memory (ROM) 510 and a random access memory (RAM) 512. Basic input / output system (BIOS), containing the basic routines that help to transfer information between components of the server computer 502, for example, at initial start up, keep in ROM 510.

The server computer 502 additionally contains the drive 514 on hard drives, memory 516 on magnetic disks, through which, for example, read from a removable drive 518 or write on it, and drive 520 on optical disks, through which, for example, read from disk 522 permanent storage on CD-ROM (ROM-CD) (CD-ROM) or read/write to other optical media. Drive 514 on hard drives, memory 516 on magnetic disks and drive 520 on the optical drives connected to the system bus 508 through matched the public interface 524 hard drive, interface 526 storage on magnetic disks and interface 528 of the optical drive. The drives and their associated media, readable by a computer, provide nonvolatile storage of data, data structures, computer executable commands, etc. to the server computer 502. Although the above description is read via computer media refers to the hard drive, a removable magnetic disk and a CD-ROM (CD) (CD), specialists in the art should understand that in the example operating environment can also be used and other types of media, deemed by the computer, for example cassette with magnetic tape, memory cards, digital video disks, Bernoulli cartridges, etc. and that any such media may contain executable by computer commands by which carry out the methods of the present invention. In addition, suppose that the server computer performs the "exclusive possession" of each device 514-522, which form a part of the server computer 502. However, one should realize that in an alternative embodiment, these devices may be located remotely with respect to the server computer 502 and must be submitted with the joint use with one or more other computers, and as a server computer or other computer programming so that was used masking according to the present invention.

Memorizing a number of software modules, including an operating system 530, one or more application programs 532, other program modules 534 and data 536 program can be implemented in the drives and RAM 512. Demonstrated computer as the operating system 530 is used, for example, the operating system for the server "Microsoft Windows 2000" made by "Microsoft", although it should be understood that the present invention may be implemented using other operating systems or sets of operating systems.

The user can enter commands and information into the server computer 502 via the keyboard 538 and pointing device, for example, manipulator 540 type "mouse". Can also be used and other input devices (not shown), including a microphone, a pen cursor control (joystick), gaming keypad, satellite dish, scanner, etc. These and other input devices are often connected to the processor 504 via an interface 542 serial port connected to the system bus 508, but they can be on clucene and other interfaces for example, a parallel port, game port or a universal serial bus (upsh) (USB). To the system bus 508 via an interface, such as a video adapter 546, also connect the monitor 544 or other type of visual display device. In addition to the monitor, the computer usually contains other peripheral output devices (not shown), such as speakers, printers, etc.

The server computer 502 may also be operatively connected to the system 550 shared storage devices, for example, through a network of SOUP (SAN) 552. The server computer 502 are connected to a network of SOUP (SAN) 552, for example, via an interface of the storage device or adapter 554. Network SOUP (SAN) is a dotted line to show that it is optional, since the server computer 502 may be directly connected to the system 550 shared storage devices through the corresponding storage adapter.

The server computer 502 may operate in a networked environment using logical connections to one or more remote computers, such as remote client computer or node 560. The remote computer 560 may be a workstation, a server computer, a router, a peer device or other about who would be the network node, and typically contains a large number or all of the components, the description of which was given in relation to the server computer 502, although for reasons of brevity, figure 7 shows only a storage device (memory) 562 for data storage. In addition, the remote computer 560 may be programmed in such a way that it was used masking according to the present invention in relation to one or more operatively associated devices, including part of the server computer 502 or system 550 shared storage devices that are connected to the server computer through the network of SOUP (SAN) 552. The logical connections depicted in Fig.7, include a local area network (LAN) 564 and a global network (HS) 566. These types of networking environments are commonplace in office networks, computer networks enterprise-scale, in-house networks based on the Internet (intranet) and the Internet.

When used in a network environment local area network (LAN) server computer 502 connect to the local network 564 through a network interface or adapter 568. When used in a networking environment, global network, the server computer 502 typically contains a modem 570 or connect to the server connection, local network, or it has other means of establishing communications over the WAN (HS) 566, for example, through the th Internet. Modem 570, which may be internal or external, is connected to the system bus 508 via the interface 542 serial port. In the presence of network neighborhood preservation program modules depicted related to the server computer 502, or portions thereof can be implemented in a remote storage device (memory) 562 for storing data and/or in the shared storage device 550. It is clear that the illustrated network connections are shown only as examples, and can be used another tool to create a communication channel between computers.

The description of the present invention was described with reference to acts and symbolic representations of operations performed by a computer, such as server computer 502, or a remote computer 560, unless otherwise stated interpretation that complies with the rules, which are generally used by experts in the field of software engineering. Such acts and operations are sometimes referred to as executable by a computer. It is clear that the acts and symbolically represented operations include executed by the processor 504 conversion of electrical signals, whereby display data bits, resulting in a carry conversion or processing of displaying them in the form of electricity is sky signal, and the save operation information bits in the memory cells of the memory system (including the system memory 506 in the memory 514 on hard drives, floppy disks 518, in the ROM 522 on CD-ROM (ROM-CD) (CD-ROM) and in the system 550 shared storage devices), by performing by a configuration change or other modification of the operation mode of the computer system, as well as other processing of signals. Memory cells that retain these information bits, represent the physical memory locations that have particular electrical, magnetic, or optical characteristics corresponding to the information bits.

C the above examples of the operating environment and examples of the layout of the system, methodology mask according to the present invention will become better understood when it is explained with reference to the flow diagrams depicted in Fig - Figv. Description of the methodology is given as an example and shown in each of these drawings, set forth with respect to the system layout which is similar to those shown in Figure 3. In brief formulation each target device has a corresponding bus address (which is equivalent to the host Fibre Channel), and each target device additionally with whom holds one or more logical units (LU) (LU). Each LU creates an interface for the corresponding dimension of the associated device, for example, for part (for example, for a segment or disk) of the target device. Each LU has a corresponding logical unit number (NFI) or other identification parameters for identifying the logical device from the corresponding target device. In this example, assume that the node is programmed in such a way that contains the list of inclusions permanent storage, which can be stored in the system registry. In the list of inclusions permanent storage specify which devices should be within the scope of a node in the initial state. For brevity in the description below describes the methodology masking, which uses only the lists of inclusions, although in alternative or as an option according to the present invention can be implemented lists of exceptions. You should realize that according to the present invention, each node can be programmed in such a way that it was implemented methodology, shown in Fig - Figv.

With reference to Fig, it shows the methodology of the baseline criteria masking for a node with respect to each of the multiple target devices, operation is connected to a node. The method begins with operation 700, at which carry out the initialization of the system or node, for example, at initial system startup. Immediately before the initial loading within the scope of a node is not any devices. In the method passes to operation 710, in which are download the list of inclusions persistent storage of the storage device. Then at operation 720 determines the list of controls scope based on the list of inclusions permanent storage. The way to make the transition from operation 720 to operation 724, after which the node access to the next bus associated with the host, which in this case is the first bus. Then, when you run this method creates a query for each target device, operatively connected to the bus.

At operation 730, the node receives or carries the load address of the next target device associated with a polled bus. Then create a query against the target device (operation 740), operatively connected to the node. In particular, a query command that can be used to command IMX (SCSI), send in zero logical device of the current target device polled bus. Each target device contains, less is th least zero logical device that can respond to basic commands, for example, to query about the rest of the LU associated with the target device. Then at operation 750 transfer commands to inform the national League in zero logical device of the current target device current polled bus. In response to this zero logical device provides a list of all the LU associated with the target device. In that case, if, in response to the request sent at operation 750, a message stating LU, for any reason is not granted, then the node can search for all potential NFI, which may be associated with the target device. Then in the method proceed to operation 760, in which the node number of the first logical unit is placed in the cache memory to perform additional queries in relation to the logical unit (LU) of the corresponding target device.

At operation 770 transfer General query regarding LU, placed in the cache memory that is associated with the current target device. This query, for example, may include a request to receive information about the type or configuration of the device shown by LU (for example, what device it is). Then at operation 780 send another request to p is the receiving of the identification parameters or data, the corresponding device is displayed by LU, for example, its serial number. After collecting enough information to identify the device, the method may be continued by performing the operation 790.

In operation 790 determine whether the identified LU within scope (data structures) of the node. In this example, according to operation 720, the scope is determined according to the devices specified in the list of inclusions permanent storage. In that case, if the LU is not within the scope of the node, the method passes to operation 800, in which LOU target device is added to the environment, for example, by storing identification parameters in the universal list. A Boolean flag that corresponds to the device that are not within the scope can be set as FALSE (for example, visible=FALSE (visible=FALSE)), but it is not mandatory. Since in this example, the condition, the default status is FALSE, the operation of setting the flag in an explicit form is not required.

However, if the operation 790 identified LU is within the scope of the node, the method passes to operation 810, where the set a Boolean flag as TRUE (e.g. the, visible=TRUE (visible=TRUE)). After the operation 810 the method passes to operation 820, which creates the device object. Object creation device may be implemented using, for example, the native interface or controls APK (PNP). Device object operatively associated with the current LU current target device. Because the device created device object, then at operation 840 identification data corresponding to the device type in the list of assigned objects (see Figa - FIGU). Then the method passes to operation 800, in which the identification device settings to add, and in the General list. Then the method passes to operation 850.

At step 850 determines whether yourself in the current target device any additional LU for which can be executed queries. In that case, if the secondary LU exists, then the method passes to operation 860, in which the cache memory is placed next NFI. Then the method returns to operation 770 and repeat the above steps for the next NFI. If at operation 850 determines that no additional LU does not exist (for example, was carried out processing of all NFI current Clevo what about the device), then the method passes to operation 870. At operation 870 determine whether there are any additional target device associated with a polled bus. If the result of this operation determination is positive, indicating the presence of an additional target devices connected to the bus, the method returns to operation 730, in which the node receives the address of the next target device connected to the current bus. Then the method is repeated for each LU of the target device.

In that case, if the result obtained at operation 870, the determination is negative, indicating the absence of any additional target devices connected to a bus, the method passes to operation 880. In operation 880 determine whether there are any additional bus, operatively associated with the node. In that case, if the bus has not yet been surveyed and processed, the method returns to operation 724, in which polling the next bus to which the received access, according to the above method. In that case, if the result obtained in operation 880, the determination is negative, which suggests that was processing all buses connected to a node, the method proceed to implement the structure of the operation 884. When the operation 884 carry the load of the object device higher level of the driver class for each object device, and its operative Association with each corresponding object device created at operation 820. This can be implemented, for example, by passing in the management tool APK (PNP) reports the results of a survey of bus (for example, including about masking any devices should be performed). The management tool APK (PNP), in turn, issues commands to the device drivers of the upper level on the implementation of their binding to the corresponding new objects-devices that must be selected so that they were within the scope of the site. After the operation 884 way finished operation 890. By implementing this methodology get that list of inclusions permanent storage determines whether or not each device is within the original scope of the site. Other devices are outside the scope of the site and, therefore, are functionally hidden in relation to the site. However, all operatively attachable device contained in the universal list. It should be understood that it can also be used and the list of exceptions in this case the devices listed in paragraph the list are outside the scope of the site, and all other devices are within steps of the node.

On Figa - 9B depict flow diagrams showing examples of methodology software changes criteria masking corresponding to the node. These operations can be performed in response to the interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST), for example, disclosed in the description Figa - Figv. With reference to Figa, the method begins with operation 950, which activate the interface, for example, described herein interface SEDATIVEHYPNOTIC (SET_INCLUSION_LIST). This interface may represent, for example, IMX (SCSI), such as a control command input and output. Proper configuration data create when using the UI recognition device that mask in relation to the site, as well as when changes occur in the list of permanent and/or temporary storage. As mentioned above, this interface can be activated manually, for example by a system administrator, or initiated by some operation, for example, by the application of a high level Executive or intellectual agent (agent).

After the operation 950, the method passes to operation 960, which are modified with the appropriate list of inclusions (temporary and/or permanent storage) based on the received parameters of the interface. Then at operation 970 carry out save the new list of inclusions in the corresponding storage device, including changes made at operation 960. For example, if the changes in the list of inclusions permanent storage, then save the corrected list is carried out in an appropriate non-volatile storage device, such as in the registry. Changes in the list of inclusions temporary storage, preserve, for example, in volatile memory device in which data is stored as long as the system is in working condition or functioning controller. Then the method passes to step 980, where the update list management scope to match the changes made in the list of inclusions. It should be understood that the list control scope can contain objects corresponding to the list of temporary or permanent storage, or may contain working copies of both lists, stored in a volatile storage device. After the operation 980 in the way are transferred to the operation 990, which is led by masking one or more devices in response to the fixes that are included in the list control scope. On Fehb and Figv presents two possible implementation methodology mask (operation 990).

On Figb describes the methodology masking, which in General corresponds to the drawing Figb and its accompanying description. Because the mask may correspond to either the open or hide the selected device in relation to the site, the first operation 1000, performed after the operation 990 initialization method of masking is the operation of determining whether the device to be within the scope of the site. It is carried out, for example, based on whether the modified list list of inclusions (which specifies the device that should be within the scope of a node or a list of exceptions (which identifies the devices that should be excluded from the scope of the site). The result of the determination also depends on whether changes in the list by introducing additional devices or removal of an existing device. Provided that the data masking indicate that the device must be entered in the scope node, the method passes to operation 1010.

At operation 1010 node for the device create a device object set forth above. Then, when the operation 1020 sets a Boolean flag that corresponds to a device object, as TRUTHS IS PASSED (for example, visible=TRUE (visible=TRUE)). Then the method passes to operation 1030, in which the list of assigned objects make corrections so that it contained the identity of the device that corresponds to the newly created device object (operation 1010). After the operation 1030, the method proceed to operation 1050, which determines whether to perform the masking any additional devices. If the result of this operation determination is positive, indicating the presence of additional devices, masking, which must be implemented, the method passes to operation 1060, which receive data on LU and/or other identification data for the next device, masking, which should be implemented. After the operation 1060 in the method returns to operation 1000.

In that case, if the operation 1000 data masking indicate that the device should be excluded from the scope of the node, the method passes to operation 1070. At operation 1070 delete the device object corresponding to the device for which to perform masking. This can be accomplished, for example, through its own interface or controls APK (PN), acting on the object is deleted devices. Then, when the operation 1080 can be set a Boolean flag that corresponds to a device object, as FALSE (for example, visible=FALSE (visible=FALSE)). Then the method passes to operation 1090, when the device object is removed from the list of assigned objects. As a result, the device is functionally hidden in relation to the site. Then the method passes to operation 1050, which determine whether even any additional masking. If the result of the operation 1050, the determination is negative, then the method passes to operation 1100, which carry the load driver class and its operative communication with each corresponding object device, which should be within the scope of the site. As indicated above, this can be accomplished, for example, in response to incoming of management tools APK (PNP) drivers top-level commands to perform their binding to the proper objects-devices, for example, the status flag is VISIBLE). After loading the driver class and establish its connection with the object device device falls within the scope of the site. After the operation method 1100 masking finish operatie is 1110.

On FIGU illustrates another methodology masking, which can be implemented according to the present invention. This feature masking in General corresponds to the method which has been illustrated and described with reference to Figv. The method begins with operation 990 performed in response to initiation of a predetermined way of knockout. Then the method passes to operation 1200, which indicate whether the data masking that which device to perform the procedure of masking must be within the scope of the site. If the analysis determines that the device must be within the scope of the node, the method passes to operation 1210.

At operation 1210 determines whether the device that is introduced into the scope of the site, a new device (not included in the General list). This operation of determining may be performed by checking the node contains the General list, by which point the data corresponding to the device, or by checking the list of assigned objects. It should be remembered that, according to this aspect of the present invention the relationship between the subject device and the corresponding class driver is broken or the lock is trated, and the object the device is left even when the device is not within the scope of the site. Therefore, the device object created for each device specified in the universal list. If the result obtained at operation 1210 determination is positive, this indicates that the device is newly added device, the method passes to operation 1220.

Operations 1220-1250 are essentially identical operations 1010-1040 of Figb. In concise language, in operation 1220 node for the device create a device object, for example, using auctions (PNP) or a proprietary interface. Then the method passes to operation 1230, which set a Boolean flag that corresponds to a device object as TRUE (for example, visible=TRUE (visible=TRUE)). Then, at operation 1240 make corrections to the list of assigned objects so that it contained identification data of the adding device. After the operation 1240 in the way are transferred to the operation 1260, which determines whether to perform the masking any additional devices. In that case, if you want to mask additional devices, the method proceed to comply with the Oia operation 1270, at which carry out the loading of data about the next LU or other identification data corresponding to the device.

In that case, if the result obtained in the previous operation 1210 is negative, this indicates that the device is introduced into the scope of the site, not a new device that is added to the system, the method passes to operation 1280. When the operation 1280 find an existing device object associated with the device, and set the logical status value of the corresponding flag as TRUE (for example, visible=TRUE (visible=TRUE)). Then the method passes to operation 1290, in which the device object associated with the corresponding class driver. This functional aspect of linking the object device with the appropriate class driver can be implemented using management tools APK (PNP) or your own interface by issuing to the driver in the top-level class appropriate commands on its binding to the corresponding device object. After surgery 1290 in the way are transferred to the operation 1260, which determines whether to perform the masking any additional devices.

In that case, if the result of the previous operation 1200 is determined that Dan is haunted mask indicate the need for removal of the device from the scope of the site, in the method passes to operation 1300. In operation 1300 set a Boolean flag that corresponds to a device object, as FALSE (for example, visible=FALSE (visible=FALSE)). Then the method passes to operation 1310, in which sever the connection between the subject device and the corresponding class driver. Removal can be, for example, performed by a delete query issued by the relevant interface or a management tool APK (PNP). In the end a communication device actually removed from the scope of the site, with access to the device via the host controller is blocked. Can be performed more operations overlap any communication channels coming directly into the class driver, whereby to provide blocking communication path between the host and the device. After the operation 1310 in the way are transferred to the operation 1260, in which, as indicated above, determine whether to perform the masking any additional devices in accordance with the methodology of Figv. In that case, if additional masking is not required, the method passes to operation 1320, which implement the driver loads the class and its operational link with each relevant about the project device, within the scope of a node (for example, in accordance with the flag visible=TRUE (visible=TRUE)). After the operation 1320 in the method passes to operation 1330, at which the method is complete.

Although the methodology of Figb and Figv have been described as separate ways of masking, it should be understood that a given node can be programmed and/or configured in such a way that it was implemented both types of masking, because one type of masking may be more desirable than another. In addition, together with software masking can also be used and are described here hardware masking NFI, for example, in the network environment SOUP (SAN), operatively connected to one or more nodes. Programmatic way of masking NFI according to the present invention enables a given node, efficient and dynamic masking of access to one or more associated devices even where it is not possible to use the hardware. In addition, a programmatic way of masking allows you to implement configuration changes in a node in the dynamic mode without rebooting. As a result, numerous interrelated main computers can programmatically share memory the disabilities or other shared devices.

Above was the description of the present invention through examples. Of course, it is impossible to describe every conceivable combination of components or methodologies for explanations of the present invention, but the ordinary skilled in the art will understand, there are many more combinations and permutations of the elements of the present invention. Accordingly, in the present invention mean that it encompasses all such changes, modifications, and variations which are within the essence and scope of patent claims, as defined by the claims.

INDUSTRIAL APPLICABILITY

This invention can be used for industrial purposes in the field of computer technology.

1. A system that controls access to a storage device containing a system of shared storage devices, which includes multiple storage devices, the host, operatively connected to a system of shared storage devices, and the node is programmed in such a way that he could identify each storage device, operatively coupled with the node, and to mask the access node, at least one of the storage devices.

2. The system according to claim 1, in which the node additionally includes about Ramaswamy data structure, which indicates whether the storage device from the system shared storage devices to be within the scope of the site, and the masking of access to storage devices from the host carried out on the basis of the programmable data structure.

3. The system according to claim 2, in which the programmable data structure includes at least a portion, which corresponds to programmable data persistent storage.

4. The system according to claim 3, in which the programmable data structure additionally includes another portion corresponding to a programmable data temporary storage.

5. The system according to claim 2, in which the node is additionally programmed so that executes at least one of the operations for creating and deleting node programmable means of communication that provides a communication channel between the host and storage device, based on the programmable data structure.

6. The system according to claim 5, in which the programmable connection means includes a device object associated with the node and the corresponding storage device, and associating the object of the exercise device based on the programmable data structure.

7. The system according to claim 5, in which the programmable connection means includes a programmable connection that is provides a communication path between the object device, identifying one of the storage devices and which is operatively associated with the node, and the object is a device of a higher level, which is operatively connected with one of the storage devices and controls its behavior, and perform masking of the communication path in accordance with a programmable data structure.

8. The system according to claim 1, in which the node additionally includes at least one of the following structures: a programmable data structure of temporary storage and programmable data structure persistent storage that identify criteria mask for the node.

9. The system according to claim 1, in which the system shared storage device additionally includes a network device memory, operatively connecting a node with multiple storage devices.

10. A system that facilitates management of access devices hardware containing many devices hardware and at least one bus connecting each of the many devices hardware c each of the multiple nodes, in which each of the multiple nodes programmed to identify each of the many devices, computer software, each of the plural the government of nodes has a programmable data structure and programmed to mask access from the site to, at least one of the multiple devices hardware in accordance with the programmable data structure.

11. The system of claim 10, in which the programmable data structure of the corresponding node identifies whether each of the many devices hardware to be within the scope of the corresponding node, and the node hides the access to devices on the basis of the associated programmable data structure.

12. The system according to claim 11, in which the programmable data structure of the corresponding node includes a programmable data permanent storage, identifying at least one device hardware, which must be fulfilled masking in relation to the corresponding node.

13. The system according to claim 11, in which the programmable data structure of the corresponding node includes a programmable data temporary storage, identifying at least one device computer software is subject to masking in relation to the corresponding node.

14. The system according to claim 11, in which the programmable data structure of the corresponding node includes a programmable data permanent storage and programmable data vremennogo the storage, identifies the device hardware, subject to masking in relation to the corresponding node.

15. The system according to claim 11, in which each set of nodes is additionally programmed so that executes at least one of the operations add and remove in the corresponding node of the programmable communications based on the programmable data structure, and a programmable means of communication provides a communication channel between the corresponding node and one of the many devices hardware.

16. The system of clause 15, in which the programmable connection means includes a device object hardware associated with the corresponding node and the corresponding one of the many devices the hardware of the computer, and associating the object of the exercise device based on the programmable data structure.

17. The system of clause 15, in which the programmable connection means includes a programmable communication path between the object device hardware, operatively associated with the corresponding node, and the object device hardware higher level operatively associated with one of a variety of hardware devices provide is of the computer, moreover, the masking of the communication path in accordance with a programmable data structure of the corresponding node.

18. The system of claim 10, in which the node additionally includes at least one of the following data structures: a programmable data structure of temporary storage and programmable data structure persistent storage, which specify criteria mask for the node.

19. The system of claim 10, in which at least some of the multiple devices is a storage device system shared storage devices operatively connected to the host through a network of storage devices.

20. Management system access to multiple storage devices in the system shared storage devices containing the node, operatively connected to multiple storage devices, and the site has a programmable data structure indicating whether each of the multiple storage devices to be executed by its masking with respect to the node, and the interface for selective modification of the programmable data structure in response to a software command to perform masking of the access node, at least one of the multiple storage devices.

21. The system according to claim 20, in which the programmable data structure is evil includes programmable data permanent storage, identifying at least one of the multiple storage devices that are subject to masking in relation to the node.

22. The system according to claim 20, in which the programmable data structure node includes a programmable data temporary storage, identifying at least one of the multiple storage devices, which must be fulfilled masking in relation to the node.

23. The system according to claim 20, in which the programmable data structure node includes a programmable data permanent storage and programmable data temporary storage, identifying the storage device, to which must be fulfilled masking in relation to the node.

24. The system according to claim 20, in which the node is additionally programmed so that executes at least one of the operations add and remove a programmable means of communication that provides a communication channel between the node and the corresponding storage device in response to changes in the programmable data structure.

25. The system of paragraph 24, in which the programmable connection means includes a device object, which identifies the appropriate storage device and associated with the node and the corresponding storage device, and associating the object device implementing tlaut based on the programmable data structure.

26. The system of paragraph 24, in which the programmable connection means includes a programmable communication path between the object device, which identifies the appropriate storage device and which is operatively associated with the node, and the higher-level object, which is operatively associated with a corresponding storage device and controls its behavior, and the communication path is changed depending on a programmable data structure.

27. Machine-readable storage medium containing computer executable commands for managing access to storage devices by performing the following operations: identify a storage device, operatively connected to the node, perform the masking access node, at least one programmatically selected storage device.

28. Machine-readable storage medium containing computer executable commands for managing access to storage devices by performing the following operations: identify a storage device, operatively connected to the node, the node creates a programmable data structure that indicates the selected storage device, and perform masking of the access node, at least one programmatically selected zapomina is the overarching device based on the programmable data structure.

29. Machine-readable storage medium according p containing more computer executable commands for performing the step of storing in a persistent storage device of the node data that indicate at least one of the multiple storage devices, which must be fulfilled masking in relation to the node.

30. Machine-readable storage medium according to clause 29, which contains additional computer executable commands for performing the step of saving in a temporary storage device of the node data that indicate at least one of the multiple storage devices, which must be fulfilled masking in relation to the node.

31. Machine-readable storage medium according to item 30, containing more computer executable commands for performing the step of determining a programmable data structure based on the data stored in at least one of the storage devices in the permanent storage device or in a temporary storage device.

32. Machine-readable storage medium according p containing more computer executable commands for performing the steps of storing in a persistent storage device of the node identification data, at least one of the plural is tion storage devices masking should be performed with respect to the node, and determining a programmable data structure based on the data stored in the constant storage device.

33. Machine-readable storage medium according p containing more computer executable commands, whereby in response to changes in the programmable data structure to perform the step of adding or deleting a programmable means of communication between the node and the corresponding one of the storage devices.

34. Machine-readable storage medium according p, in which the programmable connection means includes a device object, which identifies a corresponding one of the multiple storage devices and which is associated with the node and the corresponding one of the multiple storage devices, and read through a computer storage medium contains further computer executable commands for performing the step of registration of the object device based on the programmable data structure.

35. Machine-readable storage medium according p, in which the programmable connection means includes a programmable communication path between the object device that identifies one of the multiple storage devices and which is operative is associated with the node, and the object is a device of a higher level, which is operatively connected to one of the storage devices and manages them, and read through a computer storage medium contains further computer executable commands, whereby in response to changes made to the programmable data structure, perform the step of adding or removing communication path.

36. Method for managing access to multiple shared storage devices multiple computers, containing the following steps:

perform software identificatio multiple storage devices

perform software masking access through at least one of the multiple computers, at least one of the multiple storage devices.

37. The method according to p, further comprising the step of saving at least one programmable computer data structure that specifies criteria masking, determining whether to perform masking of the storage device in relation to at least one computer, and the stage programmable masking performed on the basis of the programmable data structure.

38. The method according to p. 37, additionally comprising the step of storing in a permanent memory in which trojstva, at least one computer data indicating at least one of the multiple storage devices, masking, which should be compared at least to the same computer.

39. The method according to p. 38, further comprising the step of saving in a temporary storage device, at least one computer, data identifying at least one of the multiple storage devices, masking, which should be compared at least to the same computer.

40. The method according to p. 39, further comprising the step of defining a programmable data structure based on the data stored in at least one of the storage devices in the permanent storage device or in a temporary storage device.

41. The method according to p. 37, additionally comprising the steps: providing at least one computer, at least one of the data types: data persistence and data temporary storage, identifying at least one of the multiple storage devices, masking, which should meet at least one computer, and determine the programmable data structure based on at least one of the data types: data permanently store the data temporary storage.

42. The method according to p. 37, additionally comprising the step of adding or deleting a programmable means of communication, at least one computer, whereby to provide a communication channel between the at least one computer and a corresponding storage device in response to changes made to the programmable data structure.

43. The method according to p. 42, in which the programmable connection means includes a device object that is associated at least with one computer and a corresponding one of the multiple storage devices, while the device object describes at least one of the location and operating characteristics of one of the storage devices, and the method further includes the step of registration of the object device, at least one computer based on the programmable data structure.

44. The method according to p. 42, in which the programmable means of communication contains a programmable communication path between the object device that identifies one of the storage devices and which is operatively connected at least with one computer and object-device higher level, which controls the behavior of one of the storage devices and operatively connected with the said one of the storage devices, and the pic is b additionally includes the step of adding or removing communication path, in response to changes made to the programmable data structure.



 

Same patents:

The invention relates to systems for the transmission of data lines shared tire using a variety of interfaces

The invention relates to computing and information exchange in computer network

The invention relates to a circuit for exchanging signals I / o between the devices to operate in one of multiple modes using a single channel and can be used in electronic measuring Coriolis mass flowmeter

The invention relates to methods of information exchange in computer networks

The invention relates to the field of data transmission in multiplex channels of information exchange and can be used for access control stand-alone terminal to the data bus

The invention relates to computing and is designed for interfacing computers over telephone lines

FIELD: digital communication systems.

SUBSTANCE: method includes considering rules of setting up and maintaining of communication session by increasing number of cached message packets and maximal allowed number of coincidences, to provide higher stability and reliability to authorized clients.

EFFECT: higher reliability, higher durability, higher efficiency.

2 cl, 4 dwg, 1 tbl

FIELD: computer science.

SUBSTANCE: after procedure call, control saving of return address in address space of calling program is performed, and prior to return from procedure, control check of return address is performed, and if values match, than transfer of control to calling software is permitted, in other cases, program, to which procedure belongs, is forcibly removed from memory of computer system.

EFFECT: possible effective detection and prevention of unsanctioned access attempt with use of distortion of memory address due to reservation of true return address.

FIELD: data protection technologies.

SUBSTANCE: method includes setting a number of standards for possible attacks, minimally allowed value of likeness coefficient of compared sign fields of message packets, maximally allowed number of matches of fields of support i-numbered packet (standard) to compared fields of packet from communication channel and setting a number of matches, recording a set of support packets, containing standards of given attacks, and after receiving from communication channel of k-numbered message packet, selecting it from fields header, comparing their value to values of fields of support packets, calculating comparison coefficients, comparing them to preset value Km.min, and with ≥ Km.min recoding Km.i, appropriate for it message packet, increasing Kmi for one unit, with < Km.min, receipt of k+1 message packet, after that actions, starting from selecting fields from header of k+1 packet, are repeated until satisfying condition Kmi≥Km.iadd, after that possibility of attack going on is evaluated.

EFFECT: higher efficiency.

2 cl, 7 dwg, 1 tbl

FIELD: computer science.

SUBSTANCE: device has external information carrier 1, made in form of energy-independent memory, external block 2 for reading information from external information carrier, containing external contact assembly 3 for reading information from external information carrier and controller 4 for information exchange with external carrier, and, positioned on same board 5, permanent memory device 6, processor 7 of identification and authentication, controller 8 for information exchange with personal computer, local bus 9, interface block 10, energy-independent memory block 11, power control device 12, and device 13 for blocking common bus 14 for control and data exchange of personal computer.

EFFECT: safe identification and authentication operations, higher effectiveness of protection.

2 dwg

FIELD: data protection.

SUBSTANCE: device has buffer memory block, conjunction device, device for forming control commands by conjunction device, indication block, block for controlling and transforming information to encoded and decoded states, hard memory device and device for information input from keyboard.

EFFECT: higher efficiency, higher speed of operation.

17 dwg

FIELD: electric communications.

SUBSTANCE: method includes counting rules of setting up and maintaining of communication session by increasing number of recorded message packets and using maximal allowed number of coincidences, which is necessary for stable functioning of automatic systems, including offering services to authorized clients. For monitoring sensitivity threshold is predetermined for safety monitoring system of automated system, which threshold is determined by maximal allowed number of matches and number of standards, while values of coefficients can be selected dependently on required trustworthiness of attack detection.

EFFECT: higher trustworthiness.

3 dwg

Protection means // 2260840

FIELD: mobile communications.

SUBSTANCE: protection means has key module and blocking module. Mobile communication system has protection means and communication port. Method describes operation of said protection means and mobile device.

EFFECT: broader functional capabilities.

3 cl, 5 dwg

FIELD: computer science.

SUBSTANCE: system has center of certification, forming and distribution of keys, at least one user device and at least one distributed data processing server. Method describes operation of said system. Subsystem for forming open keys contains memory block for tables of secret substitutions of columns and rows of secret keys tables, memory block for table of symmetric substitution of columns and rows of external key table, register for sequence of transitive connection between rows of secret substitutions tables, block for logical output on sequence of transitive dependence, memory block for table of relative non-secret substitution of columns and rows of external key table, open key register, input commutation block and control block.

EFFECT: higher efficiency, broader functional capabilities.

5 cl, 15 dwg

FIELD: computer science.

SUBSTANCE: system has electronic key, information processing block and conversion to video information, block for transmitting optical video information, block for receiving and processing optical video information and controlling electronic key.

EFFECT: higher reliability, higher efficiency, broader functional capabilities.

1 dwg

FIELD: computer science.

SUBSTANCE: previously for sender and receiver a binary series of digital watermark k-bit long is formed as well as binary series of secret key, message is certified at sender side using binary series of digital watermark and secret key, certified message is sent to receiver, where authenticity of received message is checked using binary series of digital watermark and secret key.

EFFECT: higher reliability, higher efficiency.

4 cl, 5 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

Up!