Device for limiting access to hard disk sectors

FIELD: information technology.

SUBSTANCE: present invention relates to devices for limiting access to digital data stored on a data carrier. The technical outcome is achieved due to that permission for access to data is checked using a separate device, fitted on the controller board of the data carrier. Change in device parametres, which are program-accessible, can only be done using special software, which is part of the system for limiting access to data. For this purpose in the device there is an extra unit for analysing commands, which verifies authenticity of commands given by the software.

EFFECT: provision for limited access to sectors of a data carrier, distinguished by special attributes, and prevention of unauthorised altering of the attributes themselves.

2 cl, 5 dwg

 

The invention relates to computer technology and can be used in external storage devices of computers, such as drive controllers information on hard drives.

Devices that restrict access to the sectors of the hard disk provides data protection against unwanted reading or modification. It uses a variety of ways barring access information, for example, using different devices or keys to control the user's authority while working on the computer. This implies the correctness of all running legitimate user applications and processes. But this is not always the case - there is the opportunity to initiate processes on behalf of the user and using his powers, but not user-callable and not controlled. This occurs, for example, during the attacks of destructive programs, penetrating into the personal computer through a computer network, or other ways to read the secret information or intentional distortion of data on storage media (an example of the latter can serve as computer viruses) [1]. When the user is working with a certain set of rights, programs, initiated at this time, have the same rights as the user. So the opportunity is the access to the files of this user even to those with whom he does not work directly. If the user has supervisor rights, that is, sets the rules for data access, there is a possibility that initiated in a computer system program will also be able to change the rules of data access and, consequently, to execute them in further unauthorized handling.

Thus, the user during his work on a personal computer cannot completely guarantee the security of data on the hard drive of the magnetic disk from the effects of destructive programs and processes acting on behalf of, and authority, but directly they are not initialized.

A device for protecting data from unauthorized access (patent No. 2130641 EN, IPC 7 G06F 12/14, TPMF No. 14, 1999.05.20). It is designed to restrict access to data by converting, in which the original data file is divided into blocks of variable length and each block is variable shift ring ASCII code of each character block.

The disadvantages of this method are insecure encrypted information from intentional distortion, inability to detect attacks malicious software in real time, and, as in any way encryption - decryption, there are a finite verojatno the ü opening keys and ciphers using modern computers. In addition, it is impossible to organize sector-by-sector data protection on the media, allowing destructive programs to modify the individual selective sectors.

Known protection device against unauthorized access to information stored in the personal computer (patent No. 2212705 EN, IPC 7 G06F 12/14, TPMF No. 26, 2003.09.20).

The disadvantage of this device is the presence of four non-volatile memory elements, which have a limited shelf life recorded in the data without supplying them food, and exposed to electromagnetic fields. This reduces the reliability of the device as a whole, which makes the protection less effective.

Known protection device memory access (patent No. 2215321 EN, IPC 7 G06F 12/14, TPMF No. 30, 2003.10.27). It provides for the restriction of access to the memory by writing to the storage device of ranges of memory addresses and attributes used to control access to memory cells in the data range. The disadvantage of this device is the lack of authentication command when changes in the ranges of addresses to which access is limited. In addition, when accessing the memory location you want to map its address with the addresses of all memory areas to which access is limited, which does not allow to restrict access to a large number and aerovane in the address space of the memory cells.

A device restricting access to recorded digital media data (patent No. 2277720 EN, IPC 7 G06F 12/14, TPMF No. 16, 2006.06.10).

The disadvantage of this device is the lack of authentication software commands when modifying attributes of a legitimate user. This creates the possibility of unauthorized changes of attributes, resulting in lower durability of the protection created by the device.

Data protection can ensure additional protection of the data attributes from unauthorized modification. The latter should be placed in a place of memory of the computer where access is only possible by restricting device access, this should exclude the possibility of unauthorized software reading or modification in the normal mode and in the mode of their software changes the user must check the legality of the performed changes.

The objective of the invention is the provision restricting access to the hard disk sectors, containing valuable information, which is in the process of the user may be exposed to unauthorized reading or modification of various destructive software.

The technical problem is solved in that on-Board hard disk controller is a device consisting of mi is reprogramming device management (MPWU), a group of registers port decoder address decoder commands, trigger group flags, schematic reading, schema attribute entry access logic element OR circuit for comparing the address scheme of the analysis of attribute access, unit of analysis commands (TANK)circuit block gates having outputs to the switches on the front panel of the computer.

The first group of inputs of the group of registers port connected with the third group of input devices, the group of inputs of the address decoder connected with the fourth group of input devices, the output of the address decoder is connected to a second input of the group of registers ports, the input of the decoder commands connected with the first group of outputs of the group of registers ports, and a group of his output from the third group of inputs trigger group flags group outputs group triggers flags connected with a group of inputs, MPWU, the first and second inputs of the trigger group flags connected with the first and second input devices, respectively, the first input of the differential reading is connected to the first output NUU, second and third the input schema reader is connected to the eighth and ninth input device respectively, the first group of outputs of the circuit reading is connected with the second group of inputs of the comparison circuit addresses, the second group of outputs schematic reading is connected with the second group of inputs of the circuit analysis of the access token, the third circuit output reading from the linen with the eighth input of the trigger group flags, the first input of the differential lock gates connected to the fifth output NUU, second and third inputs of the circuit block of gates connected with the sixth and seventh inputs of the device respectively, the first and second outputs of the circuit block of the gates is connected to the second and third outputs, respectively, the third input of the comparison circuit addresses connected to the first output NUU, the first group of inputs of the comparison circuit addresses connected with the second group of outputs of the group of registers ports, the output of the comparison circuit addresses connected to the fourth input of the trigger group flags, the first circuit input record access token is connected to the fourth output NUU, the second circuit input record access token connected with the ninth input of the second input of the logic element OR is connected to the fifth input of the first logic element OR is connected to the output of the circuit record access token, the output of logic element OR is connected to the first output, the first input of the differential analysis of the access token is connected with the third output NUU, the first and second outputs of the analysis scheme of the access token is connected to the fifth and sixth inputs of the trigger group flags, respectively, the first, second and third inputs of the TANK is connected with the sixth, seventh and eighth outputs of NUU accordingly, the fourth group of inputs of the TANK connected with the group o the species of the group of registers ports, the output of the TANK is connected to the seventh input of the trigger group flags.

The device is connected to the interface bus of the computer and to the internal lines of the hard disk controller in such a way as to be able to manage the process of accessing the sectors of the storage media without interference in the algorithms of the other parts of the controller. The device running additional system software appends the specific attributes of the access end address of the sector after identification fields and fields before the data sectors of the storage media that stores the data of those files that you put under protection. In the process of applying computer and controller to the sectors of the device reads and processes set the attributes of the access and the presence of the bar-code access prohibits the process of recording and/or reading of the data field of the sector. By means of the removal of the prohibition signal communication with the protected sectors with corresponding external output device personal computer user can disable the device, thereby obtaining authorized access to all sectors of the media. In addition, by submitting an enable signal software-controlled modification of the attributes of access to the corresponding external output device, the user allows authorized modification Atri is outow access. Thus, without additional information redundancy, the protection attributes of the files and their sectors are transferred from program-level computers at the hardware level controller storage of digital information, which guarantees the impossibility of unauthorized software-controlled modification and thereby prevents the violation of data privacy and ensures the privacy of the files without the overhead of a computer for encryption and decryption of information. To monitor and prevent attacks from malicious software during the software-controlled modification of the attributes of the access device includes a unit of analysis commands. Thus, the proposed device allows you to organize sector-by-sector data protection on the hard disk, as well as to detect attacks malicious software in real time as at the moment of their conversion to the protected data, and in the intervals of program-controlled modification of attributes.

Objectives and advantages of the invention will become clearer from the description of the variants of its implementation with reference to the accompanying drawings:

Figure 1 (full) illustrates the General layout of the proposed device is the controller of the storage media hard disk drive;

Figure 2 (explanatory) represents the format of the sector of the media information is AI (sector drive hard disk drive) to a specific field attribute access (57);

Figure 3 shows a detailed diagram of the device is connected to the node controller of the storage media hard disk drive;

Figure 4 shows a General functional diagram of the described device;

Figure 5 shows a General functional block circuit diagram of the analysis commands.

A device for limiting access to data stored on the hard disk in the preferred embodiment implementation.

The drive controller hard disk drive (CNSMD) (47)connects to the device (2), presented in figure 1. Single-chip microcontroller (Ω) (3) to the control processor and the internal RAM (4) with internal lines of communication between them, acting as the data conversion and management processes of reading, writing, and positioning of heads, and the rotation of the disk. Channel read - write (SPC) (5) and the data separator (6), which in the course of its work the preliminary allocation of the data writing and reading, coding and correction, the selection signals. Diagram of the positioning control (7) and the magnetic head block (8)engaged in the process of applying to the magnetic disk control magnetic heads. The control circuit of the spindle motor (9)for controlling rotation of the disk [3-5].

The format of a sector on the hard drive of the magnetic disk, the data on which C is protected by the proposed device (2), presented in figure 2. The beginning of the sector is synchrotone (54), followed by the address of the sector (62), consisting of fields in the address marker (55), the identifier field (56). At the end of the address of the sector (62) after the identifier field (56) is a field attribute access (57). Address marker (55) determines the beginning of the identifier field (56), which contains the description of the sector, which is search. Space (58) between the address part of the sector (62) and marker data fields (59)defining the beginning of the data field (60)required to make the controller the drive is correctly performed control action to ensure the process of reading or writing data sector. For the data field (60) followed by a space (61) between two adjacent sectors. Field(54), (55), (56), (58), (59), (60), (61) are the standard fields of the sector drive hard disk drive [2]. Field attribute access (57) is made and processed by the proposed device (2).

The limiting device access to the sectors of the hard disk is implemented as follows. Ω (3) receives the command from the interface bus (ISH) (1) to communicate with the media. The device (2) receives this command through the duplication yourself ports CNSMD (47) (per address port CNSMD (47) physically has two registers, one in OHMS (3), the other device (2)). After this happens the search sector, the read identifier which coincides with the identifier, received in the ports with the command computer. Then Ω (3) and control processor (4) (3) give the control signals of the control circuit positioning (7), which moves the magnetic head block (8) in the desired area of the recording media. Then Ω (3) gives the output (28) read strobe data in the device (2) (3) is fed to the inlet (21)is transmitted to the output (18), and then fed to the inlet (33) SPC (5). Channel SPC (5) (1) provides on its output (35) read the IDs of the sectors of media, and the output (34) - sync signals that arrive simultaneously at the inputs of (30) and (29) respectively Ω (3) and inputs (20) and (19) devices (2) (3).

If the external output disable communication with the protected sectors (10)connected to the input (14), the signal is present prohibition of communication with the protected sectors, the device (2) allocates came to the input (20) and (19) threads read the information and signals an identifier read each sector, compares the received identifier with the identifier received from the interface bus (1). The absence of this signal indicates that the user wants to get access to all sectors of the media, so the device (2) does not block communication with the media. This ensures that no unauthorized access is closed the m sectors, the access attributes which contain a ban on any kind of exchange without the permission of the user.

Feed this signal, and the enable signal software-controlled modification of the attributes of access to the relevant external output device may be, for example, by the user presses keys on the front panel of the computer, leading to snapping/breaking electric circuits, including an external output device and the DC voltage source and, as a consequence, the level change of the electric potential on the data findings.

After the desired sector is found (read the sector ID of the media coincided with the ID specified ISH (1), device (2) identifies the reading field attribute access (57), read after the identification field (56), from a stream of signals at its inputs (20) and (19), the attribute access. Options attribute access can be the following code sequence. F0h - barring code entries in the data field (60) sector, 0Fh code prohibit read / write from/to field data (60), 00h code, allowing all kinds of communication with the sector. Options access attributes represented in hexadecimal code.

After reading the address of the sector (62) sector whose ID matches the ID of a specific sector, Ω (3) :the article on one of the outputs (27) or (28) strobe relevant currency: output (27), if write data to a sector on the output (28), if the data is read from the sector.

If the attribute access does not contain any code prohibition of access to the sector, which leads CNSMD (47), the device (2) repeats received on the input (21) and (22) control signals from Ω (3) yields (17) and (18). While SPC (5) starts to perform a given type of exchange with field data sector. In read mode, read and converted into SPC (5) data is fed directly to the input (30) Ω (3). In write mode, the data issued by Ω (3) to the outlet (26) and received at the input (23) of the device (2), are transferred to the output (16) and is fed to the input (31) SPC (5)where after encoding and precompensation is burning in the data field of the sector.

If the attribute contains access barring code for the type of access to the sector, which leads CNSMD (47), the device (2) stop copying control signals issued with Ω (3) yields (27) and (28) and received at the inputs (22) and (21) of the device (2). When attempting to write to a sector having a field attribute access (57) with the code prohibit recording device (2) blocks the signal input (22), thereby blocking the write operation to the media. When the read or write protected read-sector device (2) blocking both signal inputs (21) and (22).

When blocking the operation of reading data from the sector by blocking signals input (21), SPC (5), not having received the control signal on input (33), does not read data field, the magnetic head block (8). When the block write operation data in the sector by blocking signal input (22) SPC (5), not having received the control signal on input (32), does not produce an entry in the data field of the magnetic head block (8).

In addition, the blocked attempt to access a protected sector may indicate the presence in the system of destructive applications that are unauthorized reading or modification of data.

Software-controlled write attribute access attribute field access (57) (figure 2) is carried out at the end of the address of that sector, the data which the user wants to put under protection. The device (2) receives from the interface bus (1) write command attribute access with a code sequence of a given type in the desired sector. If the external output resolution software-controlled modification of the attributes of access (11)connected to the input (15) of the device (2) (1, 3), there is a permission signal software-controlled modification of access attributes (which indicates that the user wishes to produce their modification), the received command is executed. In the absence of this signal, the command will not be executed. This provides protection attributes access the t unauthorized modifications in the operating mode of the device, when the computer accesses the disk sectors.

When performing write operations (modifications) attributes access OHMS (3) receives ISH (1) the software team search for a desired sector. After this happens the search sector, a matter whose ID matches the ID received in the ports with the command computer similarly this same procedure in the mode of access to the sector described above.

The device (2), having read from the storage medium identifier that matches the identifier of the desired sector, obtained with ISH (1) from software issues at the time of passage of the magnetic head over the field attribute access (57) to the output (17) of the control gate entry at the input of gate entries (32) SPC (5). In addition, the device (2) according to the received command generates the necessary code sequence attribute access, pre-converted and synchronized with the sync signal input (19), the output (16), from which she received at the input of subject records in a data carrier (31) SPC (5). Channel SPC (5), receiving at its input (32) of the control gate write, write the appropriate code in the box attribute access (57), the following for field identification (56) (figure 2).

The limiting device access to the hard disk sectors (2) consists of the following function with the national nodes (figure 4): firmware control device (MPWU) (41), the group of registers ports (36), the address decoder (37), the trigger group flags (40), the scheme reads (42), the decoder commands (39), the blocking gates (46), the comparison circuit address (38), the scheme record attribute access (44), the logical element OR (45), the analysis scheme attribute access (43), the unit of analysis commands (48).

The device (2) is located on the Board CNSMD (47) and connects to its nodes and interface bus (1), as shown in figures 1, 3. Group inputs (24) of the device (2) connected to the address and control lines (13) front tire (1). Group input (25) of the device (2) connected to the data lines (12) ISH (1). Inputs (14) and (15) of the device (2) connected to an external control pins prohibition of communication with the protected sectors (10) and permission of program-controlled modification of attribute access (11), respectively. Input (23) of the device (2) connected to the output (26) Ω (3)which serves to feed him the serial code of the recorded data. Input (22) of the device (2) connected to the output (27) Ω (3)which serves to feed him strobe recording. Input (21) of the device (2) connected to the output (28) Ω (3)requirement for filing with him of a read strobe. Input (20) of the device (2) connected to the output (35) SPC (5)serving to feed him sequential code data input (30) Ω (3). Input (19) of the device (2) connected to the output (34) SPC (5)serving to supply a synchronization signal h is input (29) Ω (3). The output (18) of the device (2) connected to the input (33) SPC (5)serving to feed it a read strobe. Output (17) of the device (2) connected to the input (32) SPC (5)serving to feed him strobe recording. Output (16) of the device (2) connected to the input (31) SPC (5)serving to feed him the serial code of the data being written.

The functions performed by device nodes.

Firmware device management (MPWU) (41) generates the control signals to all other nodes of the device. In the group of registers ports (36) by the group of its inputs connected to the group of inputs (25) of the device (2), records the commands and addresses from the data lines (12) interface bus (1).

The address decoder (37) takes a group of inputs (24) of the device (2) signals from the control and address lines (13) front tire (1) and controls the recording input data in the corresponding register group registers ports (36).

The decoder commands (39) analyzes commands received on its input group output group registers ports (36), and produces at its output a group of flags passed to the group of inputs trigger group flags (40).

The trigger group flags (40) stores the flags of the transition conditions of MPWU (41), which are transmitted from the group of its outputs on a group of inputs, MPWU (41), and receives as flags on the first and second inputs inputs (15) and (14) of the device (2) is therefore, its signals permissions software-controlled modification of the attributes of the access and deny communication with the protected sectors.

The scheme of reading (42)is controlled by MPWU (41), highlights from the serial code read data and clock coming in on the second and third of its inputs connected to the input (20) and (19) of the device, respectively, read SPC (5) information and transmits the first group of its outputs on a group of inputs of the comparison circuit address (38) ID, read sector, with the second group of its outputs on a group of inputs of circuit analysis attribute access (43) attribute access, from its output to the input of the trigger group flags (40) code flag reading of the identifier.

The scheme of blocking gates (46)is controlled by MPWU (41), blocks the transmission gates record read from the second and third of its inputs connected to the inputs (22) and (21) of the device respectively, the first and second outputs are connected to the outputs (17) and (18) of the device, respectively.

Comparison circuit address (38)is controlled by MPWU (41), compares the identifier of the read sector received the second group of inputs of the first group of outputs schematic reading (42), with the identifier of the sector, adopted by the first group of inputs of the comparison circuit address (38) from the second group of outputs of the group of registers ports (36), and produces at its output a flag match IDs passed to the input of the trigger group flags (40).

Scheme record attribute access (44)is controlled by MPWU (41),and generates the necessary code sequence attribute access pre-converted and synchronized with the clock, adopted at its second input connected to the input (19) of the device.

The logical element OR (45) performs a logical disjunction (disjunction) serial code data received from the input (23) of the device with the serial code attribute access, received at its input with the output of the circuit write attribute access (44), and transmits the resulting signal on its output connected to the first output (16) of the device(2).

The analysis scheme attribute access (43)is controlled by MPWU (41), receives on its second group of inputs from the second group of outputs schematic reading (42) attribute access, the analysis of which forms at its first and second outputs flags prohibition of entry and/or the prohibition of reading of data transmitted to the inputs of the trigger group flags (40) and then used MPWU (41) to restrict access to the data field of the sector.

The unit of analysis commands (TANK) (48), managed MPWU (41), analyzes the contents of the code field of each command received at its input group output group registers ports (36) with software-controlled modification of access attributes. If the code field of the command is true, then the TANK generates at its output permission flag modification that is passed to the input of the trigger group flags (40) and used the ZAT is MPWU (41) to allow/deny access to the data field of the sector.

The device (2) is operating, if the external output disable communication with the protected sectors (10) the signal is present prohibition of communication with the protected sectors, which sets the corresponding flag in the trigger group flags (40). Otherwise, the firmware control device (41) is not issuing control signals to other components of the device (2). In this mode, the logical element OR (45) and the scheme of blocking gates (46) passively transmit the signals from the inputs (23), (22) and (21) respectively, yields (16), (17) and (18). The signal input (23) passes through the logical element OR (45) unchanged, as the scheme record attribute access (44) is not producing at its output any signals.

The first mode of operation of the device (2) is the communication with the media and restrict unauthorized access. Ω (3) receives the command from the interface bus (1) to communicate with the media by writing to the registers its port control sequences. The device (2) receives this command through the duplication yourself ports (the group of registers ports (36)) Ω (3). The signals on the address and control lines (13)arrived at the group of inputs (24) of the device (2)are transferred to the address decoder (37), which issues a control signal to the corresponding register group registers Porto is (36) to write data, received from the data lines (12) interface bus (1) on a group of inputs (24). Data from the register group registers ports (36)that is written to the command on the exchange of information with the sector, come to the command decoder (39), through which the group of registers flags (40) sets the flags of the transition conditions of MPWU (41)corresponding to the type of command execution.

After this happens the search sector whose ID matches the ID received in the ports with the command computer. Then Ω (3) and control processor (4) (3) give the control signals of the control circuit positioning (7), which moves the magnetic head block (8) in the desired area of the recording media. Then Ω (3) gives the output (28) read strobe data in the device (2) (3) is fed to the inlet (21) and circuit block gates (46) is transmitted to the output (18) and fed to the inlet (33) SPC (5).

The scheme of reading (42) allocates came to the input (20) and (19) threads read the information and signals an identifier of each read sector puts in the trigger group flags (40) the flag of the read ID. MPWU (41) this flag generates a control signal comparing identifiers of the comparison circuit address (38), which compares with a scheme of reading (42) identifier ID, which was recorded with ISH (1) registers identification is icator from a group of registers ports (36). When matching these IDs comparison circuit address (38) sets a specific flag in the trigger group flags (40). While this flag is not set, MPWU (41) generates a control signal continue reading identifiers sector scheme reading (42). After the flag is set (the desired sector is found), NUU (41) controls the processing and analysis of attribute access by feeding the control signals for the circuit reading (42) and the analysis scheme attribute access (43). The scheme of reading (42) selects a code sequence attribute access from the stream coming into it signals when reading field attribute access (57) and passes it to the analysis scheme attribute access (43), which processes the code and it compiles for MPOW (41) flags prohibition of the relevant type of currency in the trigger group flags (40).

If the attribute access does not contain any code prohibition of access to the sector, which leads CNSMD (47), the scheme of blocking gates (46) repeats received on the input (21) and (22) of the control gates from Ω (3) yields (17) and (18).

If the attribute contains access barring code for the type of access to the sector, which leads CNSMD (47), NUU (41) generates a control signal block corresponding gate in the circuit block gates (46). That will stop the copy control signals issued by Ω (3) yields (27) and (28) and post the bite of the inputs (22) and (21) of the device (2), on the outputs (17) and (18). If you attempt to write to a sector that has the attribute access ID of the prohibition of recording, the schema lock gates (26) is blocked signal input (22), thereby blocking the write operation to the media. If you read or write protected read-sector, the schema lock gates (46) blocked both signal inputs (21) and (22).

The second mode of operation of the device (2) is a software-controlled write attribute access (modify attribute access) in the attribute access (57) (figure 2). This mode begins with the filing of the device commands "Start", containing the necessary information for the TANK. The device (2) receives from the interface bus (1) write command attribute access with a code sequence of a given type in the desired sector. If the external output resolution software-controlled modification of the attributes of access (11)connected to the input (15) of the device (2) (1, 3), there is a permission signal software-controlled modification of attribute access, which initiates setting the corresponding flag in the trigger group flags (40), then this flag MPWU (41) generates control signals sent to the unit of analysis commands (47). TANK (48) analyzes received from a group of registers ports (36) additional code field is the commands themselves and through the group of registers flags (40) sets the flag of MPWU (41) the truth or falsity of the team. If the code field of the command is true, then the command is executed. Otherwise MPWU (41) not issuing signals to other components of the device (2), the modification of the attributes of the access is not performed and the device (2) is in the standby mode, receipt of a new command.

When you write attribute access OHMS (3) receives from the interface bus (1) command to search for the sector. After this happens the search sector, a matter whose ID matches the ID received in the ports with the command computer similarly the same procedure in the mode of access to the sector.

After receiving the device (2) is read from the media ID and verify it is consistent with the sector ID that is specified with ISH (1), NUU (41), interviewing a flag match identity group triggers flags (40), exhibited by the comparison circuit address (38), delivers to the circuit block gates (46) control signal. After receiving this signal, the blocking gates (46) gives the time of passage of the magnetic head over the field attribute access (57) to the output (17) of the device (2) a control gate entry at the input of gate entries (32) SPC (5).

MPWU (41) in accordance with the received command issues a corresponding control signal to the scheme record attribute access (44), which generates the necessary code sequence ATP is bout access to the input of logic element OR (45). The logical element OR (45) transmits this code to the output (16) of the device (2), from which he received at the input of subject records in a data carrier (31) SPC (5) (during recording attribute access to the input (23) of the device is not supplied serial code recordable MD (3) data, as CNSMD (47) does not lead to any exchange of data with the magnetic disk, so the code sequence attribute access will be via a logical-OR (45) unchanged).

Added unit of analysis commands restricting device access to the sectors of a hard disk consists of the following functional units (figure 5): the case of polynomial coefficients of scrambler (64)character scrambling account (63), the register of the coefficients of a polynomial of the cyclic redundancy code (65), the Converter scrambling account (66), the transmitter cyclic redundancy code (67), reset counter (68), the comparison circuit cyclic redundancy code (69), schema compare bill (70), the logical element And(71) (79) (80), group logical elements excluding OR (72) (83), the group of logical elements, And (73) (74), the logical element OR (75) (81), the logical exclusive OR element (76) (77), the logical element (78), the case of cyclic redundancy code (82).

The case of polynomial coefficients of scrambler (64) and register cyclical redundancy code (82) represents the t of the shift registers with the ability to download information on all inputs in parallel.

TANK analyzes the team's additional code field (key). In turn, additional code field consists of two parts, transferred into the TANK between the two groups of lines of the group of inputs (52). In the first group of lines ("Account") is sent skremblirovanie (mixed) bits containing information about the amount transferred to the device commands received after the command "Start". The second group of lines ("CEC") is transmitted bits cyclic redundancy code (checksum) bits field "Account".

In the case of polynomial coefficients of scrambler (64) with a group of lines Account group inputs (52) and the case of the coefficients of a polynomial of the cyclic redundancy code (65) with a group of lines "CEC" group of inputs (52) by the signal (49) NUU respectively written bits of the field "Account" (the coefficients of the polynomial scrambleface) and the bits of the key field "CEC" (the coefficients of the polynomial of the cyclic redundancy code), and will reset the counter (68). Signal (50) NUU in case scrambling account (63) with a group of lines Account group inputs (52) can be written bits of the field "Account".

Data from the register of polynomial coefficients of scrambler (64) and register scrambling account (63) are fed to the Converter scrambling account (66). Converter scrambling account (66) receives the output restored (original) bit field "Account", applying the logic is massive exclusive OR operation on bits of the register scrambling account (63), positions coincide with the positions of the "1" in the case of polynomial coefficients of scrambler (64). Signal (51) the contents of register scrambling account (63) moves, and the end is written computed Converter scrambling account (66) recovered bits of the field "Account". Thus, after a series of transformations in the register scrambling account (63) will be stored restored the "Account". The bits produced at the output of the Converter scrambling account (63) together with the data from the register of a polynomial of the cyclic redundancy code (65)arrives at the transmitter cyclic redundancy code (67), which receives at its output a cyclic redundant code (checksum). The calculated cyclic redundancy code is compared by the comparison circuit cyclic redundancy code (69) with a field key "CEC". If both, cyclic redundancy code match, (69) will output a high signal which increments the current value of the counter (68).

The value of the Converter scrambling account (66) and the current value of the counter (68) are compared by the comparison circuit accounts (70). If both values do not match, which means

1) during the software-controlled modification codes of security attributes sectors of the teams were damaged or lost if the value of the Converter scra morovannoho account (66) more than the value of the counter (68);

2) the presence of destructive third-party programs that send their commands to the device to restrict access to the sectors of a hard magnetic disk;

the comparison circuit accounts (70) produces a signal of low level.

The signals of the comparison circuit accounts (70) and the comparison circuit cyclic redundancy code (69) arrive at the logical element And (71), the output of which is formed the signal output (53) of the unit of analysis teams (match - "1" or the discrepancy between the "0" field command "key").

In the implementation of device protection attributes sectors of files transferred from program-level computers at the hardware level of the device's controller information. This ensures that no unauthorized access, read and modify, which ultimately contributes to ensuring the privacy of files and increase the reliability of the entire computer system as a whole without the overhead of a computer. In addition, attributes can detect accesses to protected data and to detect attacks destructive programs.

Resistance protection information this device increases by authentication commands computer with software-controlled modification of attributes access to sectors additionally introduced into it a hardware item.

List Lite is atory

1. Lukatsky AV attack Detection. - SPb.: BHV - Petersburg, 2001 - 624 S.: ill.

2. Peskov S.A. Central and peripheral EMU. - M.: MP "BINOM", 2000. - 460 C.

3. Morozov Century, Trachtulec A. Diagnosis and repair HDD type HDD. - M.: the Star, 1993.

4. The bukchin L.V., Armless YL Disk subsystem IBM-compatible personal computers. - MP "BINOM", 1993.

5. Gorelikov C. IBM PC. Disk system: controllers, drives, and maintenance. - M.: the Star, 1992.

1. The device restricting access to recorded digital media data containing firmware control device, the group of registers port decoder address, trigger group flags, the schema is read, the decoder commands, the scheme of blocking gates, the comparison circuit addresses the scheme record access token, the logical element OR a circuit analysis of the access token, the first and second input devices are connected to external control pins permit program-controlled modification of the characteristics of the access and deny communication with the protected sectors, respectively, the third group of input devices connected to the data lines of the interface bus, the fourth group of input devices are connected to the address and control lines the interface bus, the fifth input device connected to the first output single-chip microcontroller con the roller drive information clerk to send him the serial code recorded on a data carrier, the sixth input device connected with the second output single-chip microcontroller, serving to feed him strobe recording, the seventh input device connected to the third output single-chip microcontroller, clerk for filing with him of a read strobe, the eighth input device connected with the second output channel of the read / write controller of the storage device serving to transfer it serial code read sector data to the second input single-chip microcontroller, the ninth input device connected to the first output channel read - write, which serves for transmission of the synchronization signal at the first input single-chip microcontroller, the first output device connected to the first input channel read - write used to transfer serial code recorded on a data carrier, the second output device is connected with the second input channel read - write, serving to feed him strobe recording, a third output connected to the third input channel read - write, serving to feed it a read strobe, the first group of inputs of the group of registers port connected with the third group of input devices, the group of inputs of the address decoder connected to everday group input device, the output of the address decoder is connected to a second input of the group of registers ports, the input of the decoder commands connected with the first group of outputs of the group of registers ports, and a group of his output from the third group of inputs trigger group flags group outputs group triggers flags connected with a group of inputs of the microprogram control device, the first and second inputs of the trigger group flags connected with the first and second input devices, respectively, the first input of the differential reading is connected to the fourth output of the firmware control unit, the second and third inputs schema reader is connected to the eighth and ninth input device respectively, the first group of outputs of the circuit reading is connected with the second the group of inputs of the comparison circuit addresses, the second group of outputs schematic reading is connected with the second group of inputs of the circuit analysis of the access token, the third circuit output reading is connected to the eighth input of the trigger group flags, the first input of the differential lock gates connected to the seventh output of the firmware control unit, the second and third inputs of the circuit block of gates connected with the sixth and seventh inputs of the device respectively, the first and second outputs of the circuit block of the gates is connected to the second and third outputs, respectively, the third input of the comparison circuit addresses the connection is replaced with the first release of firmware device management, the first group of inputs of the comparison circuit addresses connected with the second group of outputs of the group of registers ports, the output of the comparison circuit addresses connected to the fourth input of the trigger group flags, the first circuit input record access token is connected to the sixth output of the firmware control unit, the second input of the differential write access token is connected to the ninth input of the second input of the logic element OR is connected to the fifth input of the first logic element OR is connected to the output of the circuit record access token, the output of logic element OR is connected to the first output, the first input of the differential analysis of the access token is connected to the fifth output of the firmware control unit the first and second outputs of the analysis scheme of the access token, which are formed respectively flags prohibition of entry and the prohibition of reading of data is connected with the fifth and sixth inputs of the trigger group flags, respectively, characterized in that the composition unit of analysis team, designed to validate the contents of the code field software commands from the fourth group of inputs of the first group of outputs of the group of registers ports, and forming at its output permission flag modification permissions, coming in at seventh input trigger group flag is in, first, second and third inputs of the analysis block commands respectively for the signal recording bit initialization command signal write bits of code fields check command and signal record content conversion code field check command and connected with the sixth, seventh and eighth outputs of the microprogram control devices.

2. The device according to claim 1, characterized in that its composition is introduced unit of analysis commands containing the register polynomial scrambling, register scrambled account, the case of a polynomial of the cyclic redundancy code Converter scrambled accounts, computer cyclic redundancy code, reset counter, the comparison circuit cyclic redundancy code comparison circuit accounts, the logical element And the first and the second input unit is connected to the second and third outputs of the microprogram control device, respectively, the third group of inputs of the unit are connected with a group of outputs of the group of registers ports, the first input register of the polynomial scrambling and the first input register of the polynomial cyclic redundancy code connected with the first input unit, the first input register of the scrambled accounts connected with the second input unit, the second group of inputs of the register of polynomial scrambling and the second group of inputs of the register TFR is Morosanova account connected with a third group of inputs of the block, the first and the second group of inputs of the Converter scrambled account connected with a group of outputs of the register of polynomial scrambling and a group of outputs of the register scrambled account, respectively, the first and second group of inputs of the transmitter cyclic redundancy code connected to the group of outputs of the Converter scrambled accounts and group output register of a polynomial of the cyclic redundancy code, respectively, the first input of resettable counter connected to the first input unit, a second reset input of the counter is connected to the output of the comparison circuit cyclic redundancy code, the first and second group of inputs of the comparison circuit account connected with a group of outputs of the Converter scrambled account group reset inputs of the counter, respectively, the first and second group of inputs of the comparison circuit cyclic redundancy code connected to the group of outputs of the transmitter cyclic redundancy code and the third group of inputs of the block, respectively, the first and second inputs of the logic element And is connected to the output of the comparison circuit and output of the comparison circuit cyclic redundancy code, respectively, the output of the logic element And coupled to the output block.



 

Same patents:

FIELD: physics, computation technology.

SUBSTANCE: invention concerns method and device of digital rights management. When authorisation on server is not accessible, operations with minimised risk are allowed by implementation of internal authorisation scheme. Authorisation method for operation to be performed on digital element involves definition of first operation group members including first predetermined group of operations on digital element, and second operation group including second predetermined group of operations on digital elements; comparison of predetermined operation to be performed on digital element to operations included in each indicated operation group; external authorisation with access to authorising server if operation belongs to first operation group; internal authorisation by device if operation belongs to second operation group; and authorisation of operation to be performed on digital element if one of listed authorisations brings positive result.

EFFECT: enhanced security level of operations with digital content.

13 cl, 5 dwg

FIELD: physics; control.

SUBSTANCE: present invention relates to information delivery systems with functions of controlling sublicenses and methods of supporting creation of intellectual property together with information users. Second systems SLs1-SLs3 for controlling intellectual property, which are available to second class licensees, holding the sublicense on using the system from first class licensees, request information on intellectual property from the first MLs system of controlling intellectual property available to first class licensees, in response to requests coming from user systems US1-US3, with requirement for creating objects of intellectual property. The first MLs system for controlling intellectual property publishes the results for searching information on intellectual property, obtained in response to requests by user system US4, on a browser screen, set for the very first MLs system for controlling intellectual property, and allows the user system US4 to browse the search results.

EFFECT: provision for use of intellectual valuables together with parties requesting information, in accordance with which several systems of controlling intellectual property are provided with possibility of cooperation on a sublicensed contract.

11 cl, 24 dwg

FIELD: information technologies.

SUBSTANCE: data of serial interface for detection of dual-in-line memory module (DIMM) presence in electronically erasable programmable read-only memory (EEPROM) is encoded using closed key of motherboard with which this dual-in-line memory module (DIMM) is to be used, so that only basic input-output system (BIOS) of specified motherboard could decode presence detection serial (SPD) interface data to complete downloading.

EFFECT: improving protection of computer system integrity by blocking the use of memory modules retrieved from original motherboard in another motherboard.

15 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to protection systems. Unit of protection and method realise requests for data from USB device or other similar device, at that protected component may realise protected communication to device without variation of underlying USB bus protocol, or device, even where software that controls the bus is not trusted. Protection unit (physically separated or integrated in device or concentrator) intercepts data transmitted from device into protected component in response to request for data. Signal of data reception confirmation unavailability is transmitted into protected component, and data are coded. The following request for data is intercepted, and coded data are sent in response. Confirmation of data reception from protected component in device is allowed to reach the device. In order to process request for installation, permit command that contains coded and decoded installation command is sent to protection unit. If coding is checked successfully, then installation command sent to device (via protection unit), is allowed to reach the device.

EFFECT: provision of improved protection.

32 cl, 6 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to control of generation of cryptographic keys in an information media, comprising a party which generates the key and distributes the key information for the party using the key. Through a given unilateral function of deriving keys, a relationship between key generations is determined, which is such that, earlier generation of keys can be more efficiently derived from later generation, but not the opposite. Each time, when necessary, the party using the key iteratively receives the given unilateral function of deriving keys for outputting the key information of at least, one previous key generation from the key information of new key generation. That way, memory requirements for the party using the key can considerably be reduced.

EFFECT: protection of data during recording.

32 cl, 6 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns field of protection of computer systems from updating, namely to expedients for interlinking of the software with the given computer system. The identification data of hardware (SHWID) are related to a corresponding secret. Identification data of hardware (SHWID) can be used for guidance of software use on the given computer system depending on a degree of change of hardware in this computer system.

EFFECT: prevention of illegal use of the software is reached by generation of the given hardware identification (SHWID) for the given computer system.

14 cl, 7 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns resorts of generation of hardware identification for the given computer system. In this method identify all copies of builders within each of n classes of builders, generate set of hashing effects, concatenate the set of hashing effects for part of hashing formation, and the part of hashing shapes a part of detailed hardware identification for the first computer system; and concatenate a heading part, a part of the counter and a hashing part detailed hardware identification for formation of detailed hardware identification for the first computer system.

EFFECT: maintenance of safety and reliability of hardware identification of computer system at change of its configuration.

50 cl, 7 dwg

FIELD: information technologies.

SUBSTANCE: result is provided by introduction of guide medium between information region and user, at that guide medium is formed by at least one wave guide and oriented so that direction of wave information signal transfer matches with line of user look or deviates from it by angle less than 30° and creation of darkened area in this medium, which absorbs wave information signal traveling to the side of detached observer, which is located on one side in respect to guide medium together with information user.

EFFECT: exclusion of unauthorised view of information by detached observer and simultaneous provision of useful information to user.

4 cl, 2 dwg

FIELD: information technologies.

SUBSTANCE: licensor receives request from inquiring party, which comprises identifier that identifies inquiring party, and data of rights related to digital content, at that data of rights enumerates at least one identifier and rights related to it. Then licensor finds identifier of inquiring party in catalogue and finds in catalogue on its basis identifier of every group, member of which is inquiring party. Every found identifier of inquiring party and every found identifier of group are compared to every identifier enumerated in data of rights, in order to detect match, and digital license is issued to inquiring party for presentation of content with rights that are related to matched identifier.

EFFECT: provision of creation of controlled presentation of digital content and its arbitrary forms determined by owner, developer.

38 cl, 16 dwg, 2 app

FIELD: physics; computer technology.

SUBSTANCE: present invention pertains to portable data storage devices with non-volatile solid-state memory, with provision for encryption. Portable data storage device has non-volatile memory, interfaced with the section for obtaining and transferring data to the main computer and main control unit for transferring data to and from the non-volatile memory. The portable data storage device also has an integrated generation circuit. The portable data storage device can transfer at least one key. The main computer confirms that, the data it obtained are correct, and the device can confirms as well that, the main computer obtained the correct data.

EFFECT: accuracy of encrypted data, transferred from the device to a main computer.

30 cl, 3 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

FIELD: data carriers.

SUBSTANCE: device has calculating, reserving and recording modules. Each variant of semiconductor memory card contains area for recording user data for controlling volume and area for recording user data. On carrier method for computer initialization is recorded, including calculation of size of volume control information, reserving areas and recording therein of control information for volume and user data, recording main boot record and sectors table in first section of first area, skipping preset number of sectors, recording information of boot sector of section, file allocation table and root directory element to following sectors.

EFFECT: higher efficiency.

5 cl, 59 dwg

Up!