Systems and techniques of preventing intrusion into network servers

FIELD: physics.

SUBSTANCE: invention pertains to the field of increasing information security in computer networks, in particular to the system of preventing intrusion into network servers. The filter (302) for analysing incoming commands processes commands directed to the web-server, through comparison with a previously entered set of commands for the web-server, which are stored in comparison tables. Intercepted commands for which no correspondence is found during comparison with the previously entered commands are deleted. In that case the intercepted commands are not transmitted to the web-server. The system can contain extra algorithms for recursive checking of files in catalogues, located lower than the root directory of the web-server, as well as means of monitoring web-server resources and lowering of the level of use of the web-server resources when the last threshold value is exceeded.

EFFECT: protection of data of the web-server.

32 cl, 7 dwg

 

A RELATED APPLICATION

This application concerned is filed in the U.S. application, US 10/290961, entitled "resource Management server, analysis and intrusion prevention."

BACKGROUND of INVENTION

A. Area of technology

This invention is intended primarily for network servers, and in particular to a security software used to protect network servers.

Century Level of technology

Network servers, such as computers, transmitting the HTML document (HyperText Markup Language, hypertext markup language) on the computing device client on the Internet can communicate and receive processing requests data from a variety of different end-users.

Servers that are able to receive and respond to requests from end-users, usually called web servers.

At a basic level, web servers provide display static web pages by promoting the requested files to end users. More profoundly, web servers can respond to user input and to create dynamic web pages based on user input. Common gateway interface the Common Gateway Interface (CGI) is a standard Protocol through which the web server passes the user's request to an application program. The application is done is by processing the user request and send information to the web server for sending to the user.

Web servers are often the targets of malicious attacks. Cyber criminals often try to deactivate the server, to gain control over the server or to gain unauthorized access to stored on the server information. One way to attack is to send a long-running query or more requests to the web server to cause a server error, such as buffer overflows. This error can lead to the collapse of the security level of the entire server.

Accordingly, there is a need to develop means of improving the reliability of web servers and their resistance to attacks.

BRIEF description of the INVENTION

Systems and methods that correspond to the principles of the present invention provide a system to protect web servers from intrusion (web host intrusion prevention system, WHIPS), which protects servers, network applications, such as web servers from malicious attacks and/or overload.

According to one aspect of the invention, a method includes intercepting commands received at a web server, comparing the intercepted commands previously entered set of authorized and harmless commands and reject commands for which no matches were found in the specified collection.

According to another aspect of the invention provides for the availability of computational us the device, contains a communication interface that receives network intended for the computing device. Also included in the computing device includes a comparative table in which is stored a set of commands, the service network that receives traffic from the communication interface and responds to commands received over the network. When receiving commands over the network filter performs a comparison of the received command with tables. In addition, upon receipt of the command, not the corresponding data comparison tables, the filter sends the communication interface command to refrain from crossing the network to the web server.

BRIEF DESCRIPTION of DRAWINGS

On the accompanying drawings, which are an integral part of the description of the present patent application, the above illustration and description.

List of figures:

Figure 1. Layout of a typical system in which the possible application of the present invention;

Figure 2. Layout of a typical computing device corresponding to one of the servers in figure 1;

Figure 3. Diagram illustrating the interaction between elements of software running on the server, shown in figures 1 and 2;

Figure 4. Diagram illustrating an exemplary embodiment of the comparative tables, in accordance with this invention;

Figure 5. The block diagram of the inter is Astia communication interface, filter and comparative tables are given in figure 3;

6. The interactions between the resource Manager, shown in Figure 3, with the server; and

7. Block diagram of operation of the resource Manager, performed according to one aspect of the present invention.

DETAILED DESCRIPTION

In this description of the invention refers to the accompanying drawings. The link with the same number can belong to different drawings to indicate the same or similar elements. In addition it should be noted that the invention is not limited to the above detailed description. The scope of the invention defined by the accompanying patent claims and its equivalently signs.

As indicated above, the composition of the WHIPS includes a comparative table and a filter. In tables authorized user requests. And the filter filters out incoming requests based on the comparative table. Unauthorized requests are blocked and not go to the software of the web server. Accordingly, users who try to attack the web server using methods such as buffer overflows, blocked by the filter.

GENERAL SYSTEM OVERVIEW

Figure 1 shows the layout of a typical system 100, in which the possible application of the provisions of the present invention. System 100 may include some to the number of computing end-user devices 101A and B, the network 102 and the web server 103A and V (computing devices end-user 101A and 101 and the web server 103A and B are referred to collectively as the computing end-user devices 101 and a web server 103, respectively). Computing device of the end user 101 may include personal computers, through which users are connected to network 102. The network 102 may be a network of any type, such as a local area network (LAN), wide area network (WAN) or virtual private network (VPN), intranet, the Internet or a combination of those types of networks. Computing device of the end user 101 and the web server 103 may be connected to network 102 through wired, wireless and/or fiber optic connection.

The Web server 103 is able to respond to requests from computing devices end users 101. For example, the web server 103 may be an HTML server, interacting with a computing device of the end user 101A via the hypertext transfer Protocol file (hyper-text transfer protocol, HTTP) to transmit HTML pages to the users. Database 110A may be connected to the web server 103A. The Web server 103 may access the database 110A when running the HTML user requests.

Figure 2 shows a diagram of a typical computing device, sootvetstvujushchijemu from the web server 103.

The server 103 may include bus 210, processor 220, memory 230, ROM 240, storage device 250, an input device 260, output device 270, and communication interface 280. Via the bus 210 is the relationship between the elements of the server 103.

The composition processor 220 may include any type of conventional processor or microprocessor, which is responsible for the interpretation and execution of instructions. Under the RAM 230 refers to RAM or any other type of dynamic storage device that stores information and instructions designed for execution by processor 220. Under ROM 240 refers to the traditional device ROM or any other static storage device that stores information and instructions for use by processor 220. To a storage device 250 are any types of magnetic and/or optical recordable media and the corresponding actuators. On the storage device 250 may be stored in the database, such as database 110 (Fig 1).

Alternatively, the database 110 may be stored on an alternate storage device 250, such as a remote storage device, or memory 230.

The input device 260 may include one or more traditional means of information input to the web server 103, such as a keyboard, mouse, light pen, digital is the first keyboard, microphone, devices, virtual reality, etc. Under output device 270 is meant one or more traditional means of displaying information to the operator, including monitor, printer, speakers, etc. communication interface 280 may include any communication device through which the connection between the web server 103 and other devices and/or systems. For example, the communication interface 280 may include communication with other devices via a network, such as network 102.

In one embodiment of the invention memory 230 contains instructions, which is realized through WHIPS 202. WHIPS 202 can interact with traditional software web server. For example ON the web server 203. Under the web server 203 refers to any traditional web servers, such as Apache web server, open source or information server Internet Information Server, US), offered by Microsoft Corporation (Redmond, Washington).

WHIPS

Figure 3 shows the interaction between the elements, including WHIPS 202 running on the server 103. Part WHIPS 202 may include a communication interface 301, a filter 302, comparison tables 303 and the resource Manager 304.

The communication interface 301 intercepts incoming from the network 102 schedule, addressed to the web server 103, and napravle is it on the filter 302. The communication interface 301 can be implemented in several different methods. In one embodiment, based on the transmission control Protocol transmission control protocol (TCP) wrapper software, communication interface 301 functions as an access module for the web server 203. In another embodiment, the communication interface 301 can be located at the program level, and the server 203 is "attached" to a specific port. The communication interface 301 intercepts the graph at the network level and transmits it to the specified port. Another option application communication interface 301 is the use of the virtual device. ON the web server 203 is "attached" to the virtual device, while the communication interface 301 is "attached" to a valid network socket (for example, communication interface 280). The communication interface 301 receives network traffic from the actual socket and forwards it to the web server 203. It is obvious that the implementation of the communication interface 301 can be used in different ways and that the choice of the optimal method depends on a number of factors, such as hardware and software environment in which WHIPS 202, and, finally, the web server 203.

The filter 302 compares the commands received through the communication interface, the su 301 list, stored in the comparison tables 303. If, on the basis of the comparison results, the filter 302 determines that the command is illegal, the communication interface 301 does not pass it to the web server 203. By blocking incoming commands filter 302 prevents malicious programs coming on ON the web server 203 with the aim to destabilize the server 103 or damage it.

The resource Manager 304 performs the resource monitoring server 103. When server resources, 103 Manager 304 can reduce the use of resources on the server 103. By preventing a lack of resources on the web server 103 prevents overload and increases the overall stability of the web server 103.

In more detail, the filter 302, comparison tables 303 and the resource Manager 304 are described below.

FILTER AND COMPARATIVE TABLES

Figure 4 is a diagram of a typical application of the comparison tables 303, corresponding to the provisions of this invention. In General comparison tables 303 represent a group of tables that presents commands, such as HTTP, and available options for these commands. Valid parameters for the command are determined on the basis of the resources that the server 103 must provide a computing device of the end user 101.

As shown in figure 4, the comparative is Litsa 303 can include tables GET (static) 401, table GET (dynamic) 402 and the POST table 403.

The GET command is used by end users to extract resources from the server 103. A simple GET command may be, for example, the following kind: GET <URI>, where URI is the universal resource identifier (uniform resource identifier)that represents resources that are subject to removal. URI may, for example, to identify the document (e.g., HTML page, picture or audio file stored on the server 103.

The resources specified URI in the GET command may not be static resources. In contrast, the URI may point to dynamic data generated by the server. For example, the URI may specify a script file, which should be done by the server to generate dynamic data dependent on one or more variables. The GET command can refer to a scenario according to which the server before sending the user weather searches for the most recent forecast.

Table 401 may include all permitted static GET command to the server 103. For example, the server 103 may be an HTML file "home.html" 410 and the image family.jpg" 411, which must be made available for computing the end-user device 101. Although in the table 401 is indicated only two entries actually in tables similar to table 401 may contain many more entries.

Table 402 m which may include entries for verbs of GET, related to dynamic elements, such as the GET command, runs the script. Scripts must conform to the CGI standard for creating interactive web sites. In the table 402 shows two scenarios - 420 and 421. Pursuant to this invention, the table 402 in addition to the name of the script may include additional information. In the table 402 may, for example, to store the elements 423 and 424, defining the type of scenario, identified by file name, and the estimated input parameters of the script. For example, the script Peri 421 performing the processing of information about the user, such as user name, has limitations on the length of the name (for example, 50 characters or less). Accordingly, in the information 424 for scenario Peri 421 in the table 402 can optionally specify the presence or absence of restrictions in scenario Peri on the length of input the user name.

In WHIPS 202 can contain tables for other teams, not only for the GET command. For example, the HTTP POST command allows users to transmit data to the processing server 103. The command POST is typical of a dynamic team that access to certain scripts to process user data. In table 403 may be stored elements, such as 430 and 431 relating to the command POST. Entries for POST commands are structured similarly to the elements for dynamic tables to the mandé GET 402.

To ensure effective access tables 401-403 table data may be stored and/or be arranged in a tree structure. In addition, the server 103 may be a dedicated memory for the cache to store the most frequently used items-tables 401-403, which greatly accelerates the access server to the last. Also, although not shown in the diagrams, the composition of comparative tables 303 may include such tables as tables HTTP PUT commands.

Figure 5 shows a block diagram illustrating the interaction between a communication interface 301, a filter 302 and comparison tables 303, corresponding to the provisions of this invention. The communication interface 301 directs incoming commands received from the computing device of the end user 101, the filter 302 (operation 501).

The filter 302 searches for the command in the comparison tables 303 (operation 502). For example, if the received command is a static command GET, the filter 302 may compare the resources accessed by the GET command with the records in the table 401. When there is a team in the comparison tables 303 filter 302 sends a communication interface 301, the signal indicating that the command is acceptable (operation Acts 503 and 504). The communication interface 301 may then send a command to the web server 203 for processing (operation 505).

However, in the absence of commands is in tables or mismatched command format, specified in the comparison tables 303, a filter 302 sends a communication interface 301, the signal that the team is unacceptable (operation 503 and 506). Therefore, the command accesses the restricted resources of the web server 103 and may be malicious. Then, the communication interface 301 may delete the received command, or alternatively, to place this event in the log (operation 507).

The Web server 103 may display to the user who sent a prohibited command, the error message "request not found" (the request is not found).

Before using comparison tables 303 to determine the status of the received command WHIPS 202 index comparative tables. WHIPS 202 can index a comparative table to load ON the web server 203. Comparative table 303 can be incrementally updated as administrators change the content ON the web server 203.

When building comparison tables 303 WHIPS 202 examines all the files that define the content or part of the web server 203. Mainly utilities web server to store these types of files in the table of contents file structure starting from the root web directory. Therefore, WHIPS 202 may be recursively scan all directories below the root directory to search for the appropriate files. Static files can be used to build static is abliz GET 401. Scripts can be respectively placed in the dynamic tables GET 402 and tables POST 403. WHIPS 202 may examine found scripts to extract additional information, such as information 423 and 424, characterizing the type of script, including data on input parameters for end users.

The RESOURCE MANAGER

The resource Manager 304 monitors the level of resources of the server 103, and may reduce the use of resources in their lack. Thus, the resource Manager 304 may operate in conjunction with the filter 302 to increase the stability of the server 103.

Figure 6 is a diagram explaining the main ways of interaction between the resource Manager 304 running on the server 103, and the elements of the server 103. In particular, the resource Manager 304 may communicate with the communication interface 280 (and/or software involved communication interface 301), a storage device 250, a memory 230 and a processor 220. In General, the data elements of the server 103 may be considered resources of the server 103. The resource Manager 304 may monitor and manage the level of activity of these resources.

Figure 7 shows the block diagram illustrating the operation of the resource Manager 304, corresponding to the principles of the present invention. The resource Manager 304 may begin by checking the activity level of the communications interface 280. This procedure includes checking the number of open connections between the server 103 and the computing end-user devices 101.

Computing device of the end user 101 that should receive the information from the server 103, starts with a request to establish a connection with the server 103. The server 103 in turn can accept or reject the request on the connection. In addition, the server 103 may, at any time to track the number of open connections.

The resource Manager 304 supports the activity level communication interface 280 is not above the threshold value. The threshold value can be set by the administrator locally on the server 103 or from a remote computer via the network 102. The resource Manager 304 may perform validation of a threshold value for the activity level of a communication interface 280 (operation 702). Upon detection of a threshold value, the resource Manager 304 may take measures to reduce the number of active connections (operation 703). Under these measures can be considered close open connections. For example, the resource Manager 304 may first close the open, but not active compounds. If the number of connections is still too high, the resource Manager 304 may close the connection the Oia server 103 with low priority. If the number of connections is still too high, the resource Manager 304 may proceed to closing open connections, select randomly. In addition, if the number of open connections still exceeds the threshold value, the resource Manager 304 may block any new requests for connections from computer end-user devices 101.

Besides checking the activity level of a communication interface 280, the resource Manager 304 may perform an audit of the use of memory 230. If the amount of free memory exceeds the predetermined threshold value (for example, 95% of the memory 230 is employed), the resource Manager 304 may take measures to eliminate out-of-memory (operation 705 and 706). These measures may include, for example, the closure of inactive processes (so-called "zombie processes").

The resource Manager 304 may also perform validation of processor utilization. When exceeding the load of the processor 220 preset threshold value (for example, CPU utilization is more than 90%), the resource Manager 304 may take measures to reduce the load (operation 708 and 709). These measures are similar operation 706 may include, for example, stop, idle processes or processes with low priority.

The resource Manager 304 is capable of Prov is to extend the number of remaining free space on the storage device 250, such as the hard disk(s). By reducing the free space on the storage device 250 is below a preset threshold (for example, employs 95%) the resource Manager 304 may take appropriate measures (operation 711 and 712), such as the redirection of incoming write commands to the hard drive on the console (i.e. the monitor) or performing a compression ratio of non-critical files (log files).

As follows from the foregoing and as shown in Fig.7, the purpose of the resource Manager 304 is a decline in the use of resources and, thus, reducing the probability of failure of the server 103 due to overload.

The commands used to check the CPU utilization, use, storage devices and check the load on the network connection is well known and is not addressed further in this document.

CONCLUSION

WHIPS, as described above, includes a filter that examines the incoming team to ensure that processing only commands that do not access confidential or restricted resources of the web server. Unauthorized commands are blocked. Also WHIPS may include a resource Manager, which monitors the use of resources on the server. The resource Manager may perform actions aimed at reducing the use the of resources or load.

The above description of the preferred variant of the invention provides illustration and description, but in no way limits the invention to the specified form of execution.

In light of the above, the basic principles of the invention should be understood that as a result of further research or as a result of some experience gained in the implementation of the invention may result in the invention of changes and additions. Moreover, the sequence of operations shown in Figure 5 and 7, may vary in different embodiments of this invention. Moreover, it is possible parallel execution of independent operations.

Although WHIPS in the above sections dealt with as an element executing on the web server, WHIPS can (in other variants of the implementation) to be adapted for use in network environments with application servers.

Some parts of the invention have been described as software that performs one or more functions.

In a more General sense, the software should understand the type of logic circuit. In logic may include hardware, such as an integrated chip for a specific application, programmed in object valve matrix, software or a combination of apparatnogo or software.

No item, transaction or instruction used in the description of the present application should not be considered as critical or integral part of the present invention, while the latter is not given in an explicit form. Also in this document when used in the singular (indefinite article "a"in the original description) refers to one or more objects. If we are talking about one object, one uses the term ("one") or a similar turnover.

The scope of the invention defined by the patent claims and its equivalents.

1. The method of processing commands for at least one user, including:

intercept commands received at a web server;

comparison of the intercepted commands previously entered set enabled on the web server commands; and

remove those intercepted commands, which, when compared with the previously entered commands, no matches were found, the intercepted commands are not passed to the web server.

2. The method according to claim 1, further including:

direction software web server those intercepted commands for which a match is found in the predefined set of commands.

3. The method according to claim 1, wherein comparing the intercepted commands previously entered is the abortion practices of commands includes search matches for the intercepted commands across multiple tables.

4. The method according to claim 3, wherein a set of tables includes a separate table to store commands that are specific to different types of HTTP commands.

5. The method according to claim 4, wherein the commands include HTTP GET and POST.

6. The method according to claim 1, including:

monitoring resources of the web server; and

the decline in the use of resources of the web server if the threshold value for the level of resource usage.

7. Computing device, including:

a communication interface configured to receive network destined for the computing device, if the graph contains commands for at least one user;

comparative table configured to store at least one set of commands, at least one user;

software web server, configured to receive the network from the communication interface and response to commands received from a network; and a filter configured to perform a search in the comparative tables based on the received network commands, the filter transmits instructions to the communication interface to prevent transmission network software web server in case of being received network commands, for to the which is not matched at least one set of commands.

8. Computing device according to claim 7, in which the comparative tables further include:

many tables, and each set of tables is allocated for storing commands related to the various types of HTTP commands.

9. Computing device of claim 8, wherein the commands include HTTP GET and POST.

10. Computing device under item 8, in which at least one of the many tables stores information on scripts HTTP verbs.

11. Computing device according to p. 7, further including:

a database, connected to the software server, and containing information requested by commands received from the network graph.

12. Computing device according to claim 7, further including:

the resource Manager configured to monitor resources of the computing device and to reduce the use of resources in excess of the last threshold value.

13. Computing device 12, in which the monitored resources include at least one of the following: processor power, memory and bandwidth of the network interface.

14. The method of processing commands for at least one user, including:

study-related files stored on the web server information;

< num="111"> creating tables, defining the allowed commands for at least one user to access the investigated files.

ban received commands intended for the web server, on reaching the web server if there is no match for them in the generated table; and

the direction of the received commands software web server when finding matches for the received commands in the generated tables.

15. The method according to 14, in which research-related files stored on the server information includes a recursive examination of files in directories below the root directory of your web server.

16. The method according to 14, in which research-related files stored on the server information includes updated research results files when the latter changes.

17. The method according to 14, in which the analyzed files include static files.

18. The method according to 14, in which the analyzed files are included scripts.

19. The method according to 14, wherein the tables include a separate table to store commands that are specific to different HTTP verbs.

20. The method according to claim 19, wherein the commands include HTTP GET and POST.

21. The method according to 14, further comprising: monitoring resource from the web server; and reducing the use of resources of the web server when exceeding the latter by ogopogo values.

22. The processing system commands containing:

funds research teams at least one user received at a web server;

means for comparing the investigated commands previously entered commands that are valid for the web server; and

tools to remove those investigated commands for which means for comparing the command is not found in pre-entered set of commands, the investigated commands are not passed to the web server.

23. The system according to item 22, further comprising: means for sending commands to the web server when finding matches for these commands means for comparing the set of previously entered commands.

24. The system according to item 22, additionally comprising: means to create tables that store sets of previously entered commands.

25. The system of paragraph 24, wherein the tables include a separate table to store commands that are specific to different HTTP verbs.

26. The system according to item 22, further comprising means for monitoring resources of a web server; and means for reducing resource use web-server to increase past the threshold.

27. Machine-readable media for storing instructions to prevent the invasion of the web server on which are stored instructions,when executed in the processor, the processor:

intercepts commands at least one user received at a web server; compares the intercepted commands previously entered commands that are allowed for the web server; and remove the intercepted commands for which no match is found in the predefined set of commands.

28. Machine-readable medium according to item 27, wherein the instructions additionally provide: the processor intercepted commands software web server when finding matches in the predefined set of commands.

29. Machine-readable medium according to item 27, in which the comparison of the intercepted commands previously entered command set includes search intercepted teams in multiple tables.

30. Machine-readable medium according to item 27, wherein the instructions additionally provide: monitoring of processor resources from the web server; reducing the use of resources of the web server if you increase past the threshold.

31. System for protection against malicious attacks by using concrete of specified commands, the network application server, in which at least one client sends commands to the specified server for receiving information from a specified server on the specified commands, while this system contains:

tools for gender the treatment of these commands, including the specific command;

means for comparing all of these commands, including all of the following specific commands previously entered commands;

means for deleting any of these commands, including the specific commands for which no match is found in the specified predefined set of commands is provided and delete commands; and

means for directing all non-remote commands to the software specified server to receive responses.

32. The way to protect the server from malicious attacks by using concrete of specified commands, the network application server, in which at least one client sends commands to the specified server for receiving information from a specified server on the specified commands, with the specified method includes:

the receipt of these commands, including the following specific commands;

comparison of all these teams, including all of the following specific commands previously entered commands;

removing any of these commands, including the specific commands for which no match is found in the specified predefined set of commands is provided and delete commands; and

the direction everything is not remote commands to the software specified server to obtain those answers.



 

Same patents:

FIELD: physics.

SUBSTANCE: invention pertains to access to extra information content for users, who own licensed information carrying medium. The first remote module (12) sends extra data to the reading/recording device. The recording and/or player device (11) is made with provision for detecting presence of an information carrying medium in the recording and/or player device and authentication of the information carrying medium.

EFFECT: method of information exchange improves the functioning of the recording and player device.

6 cl, 4 dwg

FIELD: technological processes.

SUBSTANCE: invention may be used both at software and hardware implementation levels in computing and information systems for cryptographic protection of information in digital form. As keys, sequence of prime numbers (PN) in a row are used, order numbers (indices) of which are vectors of users initialization. For identification individual number of users is used. User with one personal number may enter different systems, where there is a current PN value corresponding to them from prime numbers range, which is licensed for this system. Size of stated sequence forms circle, that is after the last PN goes the first PN. Change of keys is done by shifting the register by correct time signals.

EFFECT: improves reliability of information protection.

2 cl, 1 dwg

FIELD: technological processes.

SUBSTANCE: invention is related to the sphere of computer network protection, in particular, to the method of providing safety of distributed computing network. Method consists in performance of the following actions: initial data is preset, sender forms initial data burst, and in case the sender does not have data for formation of valid initial data burst, a false initial data burst is formed, the received data burst is coded and transformed in format TCP/IP, sender and recipient addresses are included into it, and formed data burst is sent to the recipient. Sender's address is changed. Addresses of sender and recipient are extracted from the recipient and compared with preset addresses. In case of mismatch received data bursts are not analyzed, and in case of match coded data is extracted from the received data burst and is decoded. Recipient's address is changed. Then repeatedly initial data burst is formed at the sender. Stated variants differ in sequences of actions, which realize changes of addresses of corresponding subjects of distributed computing network and actions by masking intensity of data traffic between them.

EFFECT: increases safety of computing networks.

22 cl, 24 dwg

FIELD: technological processes.

SUBSTANCE: invention is related to devices of users authentication. Inviter, who already belongs to the group, together with invitee use a secret password. Inviter uses the password to create the invitation, afterwards the invitation is presented to invitee and authenticator. Authenticator creates request key and value, and sends the request value to the invitee. Using password and information from the invitation, the invitee recreates request key, uses request key for derivation of response value from request value, and sends response value to authenticator. Authenticator compares response value with expected value and in case of their coincidence, is convinced that the invitee certainly has the possibility to recreate request key. Authenticator is convinced that the invitee is exactly the one who received the invitation of inviter, and admits the invitee in the group.

EFFECT: provides development of trust relationship for authentication with the purpose of joining the group.

43 cl, 9 dwg

FIELD: technological processes.

SUBSTANCE: invention is related to devices of users authentication. Inviter, who already belongs to the group, together with invitee use a secret password. Inviter uses the password to create the invitation, afterwards the invitation is presented to invitee and authenticator. Authenticator creates request key and value, and sends the request value to the invitee. Using password and information from the invitation, the invitee recreates request key, uses request key for derivation of response value from request value, and sends response value to authenticator. Authenticator compares response value with expected value and in case of their coincidence, is convinced that the invitee certainly has the possibility to recreate request key. Authenticator is convinced that the invitee is exactly the one who received the invitation of inviter, and admits the invitee in the group.

EFFECT: provides development of trust relationship for authentication with the purpose of joining the group.

43 cl, 9 dwg

FIELD: methods and system for processing visualized digital information.

SUBSTANCE: the system for protecting visualized digital data contains a set of computing devices, where at least one of them is the main device, and at least another one is a remote computing device, where each one of aforementioned devices contains one or more processing components, configured for usage in data processing chain, consisting of components for processing protected information, subject to visualization for user, individual processing components which support one or more of such interfaces, such as authentication interface and intermediary authentication interface, where the intermediary authentication interface ensures reading of authentication identifiers and recording of authentication identifiers, and authentication identifier uses for each one of one or more lists for checking each component in each one of aforementioned one or more lists, to determine authorized components, where an authorized component may receive non-encrypted data. Methods describe operation of the system.

EFFECT: protection from unsanctioned access or duplication of unprotected information immediately after that information reaches visualization device, such as a user computer.

20 cl, 8 dwg

FIELD: computer engineering, possible use for trusted loading of a computer and for protection from unsanctioned access to information, which is stored in personal computers and in computerized informational and computing systems.

SUBSTANCE: device contains controller for exchanging information with external information carrier, controller for exchanging information with computer, processor for identification and authentication of users, blocks of energy-independent memory, module for blocking common control bus and exchanging computer data when an attempt of unsanctioned access to it is made, power management device, block of interfaces of external devices, module for blocking external devices, energy-independent flash memory, hardware indicator of random numbers, microcontroller of sensors of opening and extraction of computer components, random-access memory device, where introduced additionally to identification and authentication processor are module of constant user authentication, module for checking integrity and conditions of hardware components of protection device, module for controlling load on switches of hardware encoder, module for controlling network adapters, module for interaction with system for delimiting access and module for interaction with servers of informational and computing system.

EFFECT: expanded functional capabilities and increased efficiency of protection of information from unsanctioned access.

1 dwg

FIELD: forensic examination of electronic information carriers and, in particular, technology for accessing password-protected information, contained in electronic pocket-books.

SUBSTANCE: in accordance to the invention, code generation block generates a code series, which is injected into electronic pocket-book being examined. Visual control block receives and analyzes information from the screen of electronic pocket-book. Signal from visual control block is received at control block. If the signal from visual control block indicates a wrong password, control block outputs a command to code generation block to generate next code series. If the signal from visual control block indicates correct password, control block outputs a signal which is received by indication block.

EFFECT: possible automation of selection of password for accessing information contained in electronic pocket-books which do not have external interface.

3 dwg

FIELD: protocols for interaction of peer entities of network structure and, in particular, concerns protective infrastructures for protocols of interaction of peer entities.

SUBSTANCE: methods are provided, which suppress capability of malicious node to disrupt normal operation of peer-to-peer network. Claimed methods allow nodes to use both protected and unprotected data about identity, ensuring self-check thereof. Then necessary or comfortable, association of ID is checked by "enclosing" a trustworthiness checking procedure into appropriate messages. Probability of connection to malicious node is initially reduced due to random selection of node with which connection is established. Also, information from malicious nodes is identified and may be discarded by recording information about previous connections, which will require a response in the future.

EFFECT: creation of protection infrastructure for a system with peer-to-peer network structure.

4 cl, 6 dwg

FIELD: protection and management of information access in automated control systems.

SUBSTANCE: in accordance to the invention, commutators for enabling power for individual functional modules of computer are introduced into system, which are determined during setting of electronic key according to identification information, recorded in it.

EFFECT: increased efficiency of information protection, more reliable control of information access.

4 cl, 5 dwg

FIELD: physics, computing.

SUBSTANCE: invention relates to local area networks. The technical effect is the increase in the local area network quality by generating seven frame types, decrease in the quantity of frame types and overhead costs for the data packet (DP) transmission implementation, and provision of automatic network restoration from a failure/malfunction state when more than one master local area network stations (LNSs) appear in the network or the master LNS disappears from the network, correspondingly. The method of local area network operation with the data communication line with common access and centralised determinated message communication control based on their separation into DPs and the DP transmission in information frames between the addressed subscribers of all its LNSs is implemented using three types of control frames (CF1, CF2, CF3), an information frame (IF), and three types of response frames (RF1, RF2, RF3), CF1 containing the first start combination (SC1), a discriminator field, an individual LNS address field, an addressing modifier (AM), a control command (CC) field, and a monitoring bit; the difference of CF2 from CF1 is the contents of the CC field and the presence of a service word following the CC field; CF3 contains SC1, a discriminator field, an individual DP recipient address field, an individual DP sender address field, a DP length field, an AM, a communication method modifier (CMM), and a monitoring bit, the IF contains the second start combination, a DP field, and a resolvable checksum word, RF1 contains SC1, a discriminator field, an LNS status word, and a monitoring bit, the difference of RF2 from RF1 is the presence of a service word following the LNS status word field, RF3 is CF1 or CF2 or CF3 with inversed values of bits in the discriminator field.

EFFECT: increase in local area network quality, decrease in quantity of frame types and overhead costs for implementation of data packet transmission, and provision of automatic network restoration in event of malfunction.

FIELD: physics; communications.

SUBSTANCE: invention relates to the authentication in communications. The method and device for speech encryption at cellular authentication in the extensible authentication protocol format is put forward.

EFFECT: providing of usual authentication and setting format in communications.

11 cl, 10 dwg

FIELD: computer engineering, possible use for creating multi-processor multi-thread computers.

SUBSTANCE: method for organization of multi-processor computer includes parallel execution of a thread of computations by means of distributed representation of thread descriptor stored in virtual memory, execution of primary selection of architecture commands by means of thread monitors, generation of graph for information dependencies of transactions, which are serially outputted through network into execution clusters, active thread is transferred to resident queue of transactions awaiting completion and next active thread is selected, by sequencers of execution clusters transactions are received and their commands and aforementioned graph are copied to registry file of cluster, execution-ready commands are copied to priority-ordered secondary selection queues, aforementioned selection and transfer of complete commands to the cluster are performed, graph is corrected based on these, on basis of correction results, the finalized command is added to either secondary selection queue or transaction completion result is transferred to monitor, thread is moved to queue for completed threads with correction of thread descriptor representation root, where completed thread is removed from waiting queue, and completion reason is outputted as a result available for software analysis.

EFFECT: fully hardware-based realization of multi-program control over threads with priority-based exclusion with precision up to an individual command.

FIELD: technology for solving network analysis problems provided by probability graphs.

SUBSTANCE: device contains clock impulse generator, cycle counter, input field, group of AND elements, output counter block, delay element, AND element, OR element, control signal block, second AND elements, pseudo-random series generators, pseudo-random series generators, pseudo-random series generators.

EFFECT: expanded functional capabilities due to modeling of various communication channel conditions, increased trustworthiness of results due to modeling of various types of failures of communication units in process of operation.

2 dwg

FIELD: engineering of systems for finding events and notifying query programs, registered for such notification.

SUBSTANCE: device for notifying about events contains a set of query means, a set of notification means, card means, means for controlling notifications. Method for notifying about events includes receiving a set of requests for event registration, each one of which originates from query program, each registration request contains first identifier, identifying query program, and second identifier, identifying one of notification programs, storage of identifiers in card and activation of notification program, identified in card, access to card for identification of all query programs, from which registration requests were received, activation of identified query programs and transfer to each of them of representation of event that occurred. Stored on machine-readable carrier are commands, which direct computer to realize aforementioned method.

EFFECT: expanded functional capabilities.

5 cl, 4 dwg, 3 tbl

FIELD: computer engineering; two-dimensional and three-dimensional images processing problem.

SUBSTANCE: device consists of processor matrix, control unit, rotation junction, pressure junction, memory junction matrixes, commutation unit, volume detection junction, and code former. Additional informational input is introduced in the device in every matrix processor local memory input commutator, memory junction matrix, additional pressure junction inputs, connected with processor matrix outputs, additional control unit outputs, connected with additional commutation unit inputs. For each k-th matrix control signal matrix collection of elements is divided into non-overlapping subsets; for each subset first cascade amplifier is introduced. The whole set of m-th cascade amplifiers is divided into non-overlapping subsets; for each m-th cascade amplifiers, excluding the last one, an m+1 cascade amplifier is introduced, output of which is connected with input of every amplifiers of m-th cascade; last cascade amplifiers inputs are connected with corresponding outputs of control unit.

EFFECT: increased speed and accuracy of two-dimensional and three-dimensional images processing.

56 dwg, 2 tbl

FIELD: computer science.

SUBSTANCE: device has matrix of m rows and n columns of homogeneous environment elements, block for finding maximum, adder, memory block, m blocks for counting units, block for estimation of channels load level, containing two pulse generators, two row selection decoders, unary value selection decoder, element selection decoder, element selection multiplexer, channel load decoder, two comparison elements, m channel load counters, two groups of m OR elements, two groups of m forbidding elements, current column counter, group of m AND elements, third group of m OR elements, two groups of m triggers, two row counters, two column counters, two OR elements, delay elements, counter of next column.

EFFECT: broader functional capabilities.

5 dwg

The invention relates to computing and is used when building the switching means multiprocessor computing and control systems, subscriber communication systems with decentralized management and information-measuring systems

The invention relates to the field of information security and, in particular, refers to the hardware and software components of firewalls are used to prevent unauthorized access and exchange of information between the various subscribers of computer networks

The invention relates to the field of computer engineering and can be used in automated control systems

FIELD: computer science.

SUBSTANCE: device has matrix of m rows and n columns of homogeneous environment elements, block for finding maximum, adder, memory block, m blocks for counting units, block for estimation of channels load level, containing two pulse generators, two row selection decoders, unary value selection decoder, element selection decoder, element selection multiplexer, channel load decoder, two comparison elements, m channel load counters, two groups of m OR elements, two groups of m forbidding elements, current column counter, group of m AND elements, third group of m OR elements, two groups of m triggers, two row counters, two column counters, two OR elements, delay elements, counter of next column.

EFFECT: broader functional capabilities.

5 dwg

Up!