RussianPatents.com

Method for preventing unsanctioned access to system being protected

IPC classes for russian patent Method for preventing unsanctioned access to system being protected (RU 2282240):

G06K9/62 - Methods or arrangements for recognition using electronic means

G06F12/14 - Protection against unauthorised use of memory

Another patents in same IPC classes:

Method for recognition of papillary patterns / 2279129
Method includes stage of generation of papillary pattern passport with further placement of the latter into computer memory, and stage of comparison of given papillary pattern to passport of papillary patterns, which utilization procedure for comparing two sets of values of electric parameters with arbitrary number of characteristic points, which is performed by full search of sets of characteristic parameters of all characteristic points. In process of full search of sets of coordinates and characteristic parameters, values of electric parameters are selected, matching in two sets, on basis of numbers of coincidences a signal is generated about match of compared sets of electric parameter values.

Method for recognition of papillary pattern / 2279128
Method includes generation of three passports, including an additional statistical one and determinate one. Successive execution of comparison procedures of given papillary patterns received from papillary pattern indicator with passports makes it possible to shorten total duration of recognition procedure due to taking a decision about recognition of papillary patter at early stages while satisfying recognition clarity criterions.

Method for recognition of images in optical-digital correlators / 2277257
Method for recognition of images in optical-digital correlators includes procedures for input of amplitude distributions of standard and compared objects into correlator, transformation of these distributions to synthesized phase distributions, receiving correlation between them, registration of received recognition signal and estimation of recognition result, distributions of standard and compared objects, related to arbitrary type objects, are unambiguously matched with phase random distributions Ψ_st(x,y), Ψ(x,y), synthesized from distributions of standard and compared objects and starting phase distribution Ψ_o(x,y), utilized further during recognition in optical-digital correlator instead of real objects.

Method for facsimile recognition and reproduction of printed product text / 2260208
Method includes conversion of recognized and standard images to digital form, their digital processing by determining coordinates, comparison and determining of match of recognized and standard contours. Determining of coordinates of line of characteristic contour of recognized image of symbol is performed using appropriate standard graphic image by finding value of coordinates X, Y, angle β of position of optical center of text symbols by superposition along area of printed area of digital images - in straight contrast of standard on appropriate recognized in reversed contrast.

Portable device for scientific identity identification / 2257613
Device has in case in form of small suitcase, a computer, which is compatible to operation systems meant for using programs of scientific identification. Computer is connected to display and keyboard, it can be connected to printer external relatively to case, and presumes presence of remote connection to processing center, responsible for identification. Device additionally has fingerprint reader connected to computer and digital camera connected to computer.

Identification device with protected photograph and also means and method for authentication of such an identification device / 2253148
Device has photographic image of a person and microprocessor, which has processor, memory, connected to processor and containing authentication data, and interface means, connected to said processor to organize communication with external device. Said photographic image has specially concealed information, contents of which when combined with said authentication data provides for authentication of said photographic image, and said microprocessor is made with possible realization of at least a portion of said authentication.

Method for identification of crossed symbols during recognition of hand-written text / 2251736
Method includes dividing image on areas, finding areas with hand-written symbols, using structural and sign classifiers for recognition of symbols, use of structure classifier as main recognition tool, selecting best suiting symbol of several variants.. recognition of symbol includes recognition of symbol by at least one additional sign classifier of crossed symbols, performing concurrent comparison to crossed symbol and at least one common symbol like the latter, and identification of symbol as crossed one in case of better compliance to signs of crossed symbols.

Automatic recognition of symbols on structural background by combination of models of symbols and background / 2249251
Method includes following stages: tuning, forming symbols models, recognition, recording background model together with background of read image, separating model of registered background from elementary image of background, combining for each position of symbol of model of letters and/or digits with elementary displaying of appropriate background, forming of combined models, comparison of unknown symbols to combined models, recognition of each unknown symbol as appropriate symbol, combined model of which is combined with it best in accordance to "template comparison" technology.

Method and device for blocking commands for limiting access to data recorded on a data carrier / 2280890
Attributes of carrier sectors are recorded in energy-independent memory. Device analyzes informational series, meant for transfer into ports of information accumulator controller. If aforementioned series contain command for type of access to sector, forbidden by code of attribute, and access permission to marked sectors of carrier is not initialized, then device blocks transfer of command to ports of aforementioned controller. In opposite case device does not block the transfer of command. Device contains external clamps for manual initialization of data exchange permission with marked sectors of information carrier, and for permission of software-controlled modification of access signs.

Method for protecting computer networks from unsanctioned actions / 2279124
Method for protecting computer networks from unsanctioned actions provides increased stability of functioning of computer networks under conditions of unsanctioned actions due to increased trustworthiness of detection(recognition) of unsanctioned actions by expanding characteristic space of protective system and due to controlling computing resources of computing networks, which is performed by correcting parameters of protection system and structure of computing networks.

Computing module and method for realization of arithmetic operation with encrypted operands / 2279123
Device has first input for sending first encrypted operand, second input for second encrypted operand, third input for encryption parameter and output for encrypted result of operation. Also provided is adder with selective transfer for encrypted data, cryptographic processor, providing high level of protection from attacks, method for performing operations with operands, method and device for forming computing device for performing operations with operands.

Method and device for limiting access to digital data recorded on carrier / 2277720
Device contains micro-program controlling device, a group of port registers, address decoder, flag triggers group, reading circuit, commands decoder, strobes blocking circuit, address comparison circuit, access sign recording circuit, logical element OR, access sign analysis system. Method describes operation of aforementioned device.

Method for controlling network equipment connections to signal distribution environment of local computing networks in compliance with standards ieee 802,3 10-base-2, 10-base-5 and device for realization of said method / 2277261
One of common means utilized for unsanctioned access to information, transferred via local computing network, is a protocol analyzer. Protocol analyzers are functionally capable of copying all of network traffic, and also network frames, satisfying given filtration criterions. Protocol analyzers are connected to network in the same way as workstations. One thing in particular obstructs counteraction to malicious utilization of protocol analyzers, namely, their passiveness. It is not possible to detect presence of aforementioned device in local area network by software means. Common methods utilized to protect information from unsanctioned access within distribution environment of local area network are mainly based on cryptographic protection of files intended for transferring. Method is based on probing distribution environment of local area network by harmonic signal, recording its phase delay, introduced by legitimate network equipment, which is taken as standard, and further tracking of probing signal phase to detect uneven phase delay, introduced by current configuration of network equipment, relatively to recorded standard configuration with removal of effect from network collision and signaling when equality is not maintained. Phase monitoring of probing signal within distribution environment is performed within frequencies range, unaffecting serviceability of local computing network. As a result, continuous and masked control is provided over all physical connections of network equipment to distribution environment of local computing network to facilitate introduction of organizational and technical measures countering unsanctioned access to information. Proposed invention is directed not towards semantic closure of source information transferred by network services, but towards prevention of the very possibility of intercepting network frames in distribution environment of local computing network as a result of timely detection of unsanctioned connection to distribution environment of network equipment, thus significantly increasing level of information protection from unsanctioned access in local computing network.

System entering method / 2276398
User inputs first user name GUSER and first password GPSSWD at user station WS. User station WS enters first system NEMU through first connection, using first user name GUSER and first password GPSSWD. First system NEMU determines together with second system DX the second user name MUSER and second password MPSSWD. First system NEMU sends second user name MUSER and second password MPSSWD to user station WS, and user station WS enters second system DX with second user name MUSER and second password MPSSWD.

Method of providing confidentiality of information / 2274910
Confidentiality of information stored in computer is provided to get leak protect ion when computer works in Internet network in case when computer equipped with potentially dangerous software which is capable of initiating communication with remote computer and to transmit data. There are several steps of provision. All Internet-connections are revealed which computer during operation of potentially dangerous software established connections and list of those connections is made to note any connection of remote address, port, type of connection and local process, initiating connection. Those are chosen which didn't coincide with connections revealed when mentioned computer was switched off. Special software is started at remote computer, which software is cable of detecting the fact of origin of creation of connection, remote address, used port and type of connection as well as local process initiating the connection. The software is also capable of stopping process of connection establishment and to warn operator of computer mentioned.

Device and method for controlling transmission of decoding keys / 2273959
Each one of variants of information protection systems for controlling access to protected information has hardware means for storing at least one data element, including decoding key and appropriate information protection code, while information protection code sets number of operations of passage of decoding key, and first user, connected to encoded information, can determine through information protection code, whether second user can transfer code for information protection to third user, while number of generation of data is requested each time after receipt of query for transferring decoding key to another user and is decreased for one unit for each request, and as soon as it reaches zero, system denies all further requests.

Method for distributing keys in large system distributed over significant space / 2273877
For realization of method to key distribution center biometric images of user are delivered once and recorded, source artificial neural network is generated and user key as well, aforementioned neural network is taught so, that during its input to biometric image of user it spawned user key at outputs, after that neural network taught in such a way is delivered to user object via open communication channels, where it is recorded and utilized for forming key by feeding to its input by user of his biometric image, and if it is necessary to change the key new key is generated in center, source artificial neural network is taught again on new key and transformed neural network is delivered along open communication channel to user object, where it is recorded and utilized for receiving new key.

Device for recognizing distortion of digital information stream / 2273045
Device has commutator, five registers, two comparison blocks, two memorizing devices, two search strategy registers, two decoders, generator of controlling signals, encoder, indication block.

Processor / 2248608
Processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

Information authentication method (variants), discs player (variants) and gaming device (variants) / 2248624
Method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

Method for protection of computer core from unsanctioned outside changes / 2249247
Method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

FIELD: engineering of equipment, limiting access to system being protected, possible use for preventing unsanctioned access to system by random individuals.

SUBSTANCE: method includes determining coordinates of certain specifics of papillary pattern of user and on basis of difference of coordinates of produced image of print and one stored in database, positive or negative decision is produced about access of user to system.

EFFECT: increased level of protection of system.

2 dwg

The present invention relates to the field of equipment that prevent unauthorized access to the protected system, based on fingerprinting and can be used to prevent access to the system random people, or people intending to commit illegal actions in respect of the protected system. Under the protected system here refers to, for example, the communication channel between the Bank and the client, military facilities, offices of public authorities, etc. the Method is based on the comparison of fingerprints (or hands) of the user stored in the database system prints.

A device for registration of papillary pattern (patent RF №2231119, IPC 7 And 61 In 5/117, priority dated 30.08.2002 g)containing sequentially arranged and optically connected to the light source, the prism having an input, the perceiver and the output surface, and a system of photodetector elements, and the image processor electrically associated with the system of photodetector elements. The output surface of the prism is rotated relative to the line of intersection of the output surface of the prism plane formed by the input and reflected from the receptive surface of the beams and the angle of rotation is 1...40°. This device allows to obtain high-quality prints p is law (or hands), selected as analog and can be used in the inventive method in the form of a device for obtaining a fingerprint of the user of the protected system.

As a prototype, as the closest to the claimed method according to essence, the chosen method and device for verification transaction (patent WO 9618169 A1, IPC 7 G 06 K 9/00, priority 01.12.1995,), which consists in the following. Using the scanning device receives the fingerprint of the person conducting the transaction, and then through the device forming electronic signals to convert the received fingerprint in the electronic image and remember it. Then the stored electronic image is compared with the electronic image corresponding to the fingerprint image of the person conducting the transaction. The transaction is permitted only when the electronic image of the fingerprint of the person conducting the transaction, mainly coincides with the stored electronic image of the fingerprint of the individual who is authorized to conduct the transaction. In case of discrepancy resolution on the transaction is not given. On this principle, a system of identification by comparing, for example, at a crime scene fingerprint with the existing database with a set of finger prints is a certain contingent of individuals, what is used in law enforcement. The disadvantage of this method, which can be used to restrict access by unauthorised personnel to the protected system, is the low degree of protection against ingress into the system random violence. Explain this on the example of interaction between the Bank and the client are located in different cities or countries. Suppose that a random person captured electronic image of the fingerprint of an actual client of the Bank. Sending it on the wire between the Bank and the client or through the client computer to the Bank, it begins to compare with the existing database of the Bank control images of fingerprints clients, and because the Bank's image is a fingerprint image of a real client-Bank system identifies a random person on the imprint as a real customer and issues a positive decision on the action of a random person, such as the receipt or transfer of funds. Thus it is shown that the prototype method does not provide reliable protection from the actions of random violence.

The problem solved by the present invention is to increase the degree of protection of the protected system from the actions of random violence.

This is achieved by the fact that:

- the image control fingerprint system user is predelay coordinates of several features of papillary pattern of the user and add them to the database of the protected system;

every time a user accesses the system, receive the fingerprint image of the user and re-determine the coordinates of the features of papillary pattern similar to the control features of the printout, and put them into the database system;

- determine the value of the difference between the coordinates of the same features of papillary pattern obtained on the test fingerprint and the fingerprints of all previous addresses of the user, and the coordinates of the current user accessing the system;

- when equal to zero, at least one of the differences take a negative decision to admit a user to the system, and when the zero - positive.

It should be noted that under the features of papillary pattern refers to the so-called secondary signs of papillary pattern (interrupt papillary lines, split papillary lines etc) in contrast to primary signs - type papillary pattern (arc, spiral, curl etc).

The essence of the proposed method is illustrated in figure 1 and figure 2, which shows a diagram of a user interaction with the protected system (figure 1) and simplified fingerprint image (figure 2). The numbers indicated in figure 1: 1 - the user of the protected system, 2 device (scanner) for registration of papillary pattern of a finger (or hand) of the user 1, 3 - eliminate the means of image processing of the user's finger (e.g., PC) and communication with the protected system 4, which has a database 5 users, which stores image control fingerprint users in electronic form, obtained, for example, when a user registers, 6 - random person wishing to undertake any action in respect of the system of 4, 7 - lines of communication (electrical, optical and other), which is associated users, and random people with system 4.

Figure 2 shows a simplified depiction of a user fingerprint, consisting of two papillary lines 8 and 9. While papillary line 9 has, for example, two features - interrupt papillary lines 11 and splitting of the papillary line 10. HOU - system of coordinates, which define the coordinates of the points of the features of papillary pattern.

The essence of the method consists in the following. User 1 puts his finger on the device registration papillary pattern (scanner) 2, forming an electronic image of the fingerprint, which is transmitted via the communication line 7 to the imaging device 3, for example, a computer with appropriate software, forming a mathematical description of the image (template) of the fingerprint. Then the image and/or pattern sent on the wire 7 in the protected system 4 having a base of data is x 5 with the stored images and/or templates) of the control fingerprint of the user system 4 and the coordinates of the features of papillary pattern control prints. For sent in system 4 fingerprint image (and/or template) user 1 database 5 identify the identity of the user 1 (as in the method-prototype) and further define the coordinates of several features similar to the features of the control fingerprint papillary pattern of user 1 (the number of features can be equal to 1, 2, 3 or more), and put them in the database 5 of the protected system 4. Let the number of features is equal to two, and the coordinates of the features in the current user in the system HOU will be respectively (x1N, y1N) and (x2N, y2N), where N=1,2,3... the number of user's requests to the system.

In addition, the database 5 system 4 are the coordinates of the features of papillary pattern of the user's finger 1 all its previous requests to the system.

Then determine the value of the difference between the coordinates of the same features of papillary pattern obtained on the test fingerprint and the fingerprints of all previous addresses of the user, and the coordinates of the current user accessing the system, i.e. get a number of values:

Δx1,1=x1,0-x1,N, Δy1,1=y1,0-y1,N

Δx2,1=x2,0-x2,N, Δy2,1=y2,0-y2,N

..................................................................

Δx1,N-1=x1,N-1-x1,N, Δy1,N-1=y1,N-1-y1,N

Δx2,N-1=x2 N-1-x2,N, Δy2,N-1=y2,N-1-y2,N

where (x1,0, y1,0) and (x2,0, y2,0) - coordinates of two features of papillary pattern control imprint. If the device 2 all N was applied finger real user system 4, the difference Δx1,K, Δx2,K, Δy1,K and Δy2,K (where K=0, 1, 2,..., N-1) will be different from zero, because it is almost impossible to put your finger twice to the same place receptive surface of the device 2. The result is affirmative, the decision to admit a user to the system. The positional accuracy of features of papillary pattern thus it is enough to choose not more than 0.01 mm If the system 4 random person 6 sends caught by the fingerprint image of the real user 1, which was previously sent by the user 1 to system 4, one of the differences of the coordinates of the features of papillary pattern will be zero and the system 4 generates a negative decision on the admission of this user to the system. In the description of the application as a criterion of the validity of the user system is considered zero difference coordinate features of papillary pattern, although can be considered and implemented other criteria, such as comparing values αx+βy, x²+y²and so on, where x, y - coordinates, α and β - some constants.

Thus, compared with the prototype ask the config method provides a high degree of protection systems against harmful effects of random individuals, and in the opinion of the applicant may be protected by patent. Currently, the applicant developed technical proposals for implementation of the described method to protect one of the objects.

The way to prevent unauthorized access to the protected system based on fingerprinting, namely, that using the device for registration of papillary pattern receive the fingerprint image of the user of the system, and then identify the user's identity by comparing the fingerprint image with the existing database a set of images of the control fingerprint system users, and then on the basis of comparison take a positive or negative decision to admit a user to the system, wherein the image control fingerprint of the user of the system determines the coordinates of several features of papillary pattern and put them into the database of the protected system, and whenever user to the system, receive the fingerprint image of the user and re-determine the coordinates of the features of papillary pattern similar to the control features of the printout, and put them into the database system, and then determine the value of the difference between the coordinates of the same features of papillary pattern obtained on the test fingerprint is the fingerprint of all previous addresses user and the coordinates of the characteristics of the current user accessing the system, and when equal to zero, at least one of the differences take a negative decision to admit a user to the system, and when zero is a positive decision.