RussianPatents.com

Data storage device (versions). RU patent 2506633.

IPC classes for russian patent Data storage device (versions). RU patent 2506633. (RU 2506633):

G11C16/22 - Safety or protection circuits preventing unauthorised or accidental access to memory cells

G06F21/60 - ELECTRIC DIGITAL DATA PROCESSING (computers in which a part of the computation is effected hydraulically or pneumatically G06D, optically G06E; computer systems based on specific computational models G06N; impedance networks using digital techniques H03H)

G06F12/14 - Protection against unauthorised use of memory

Another patents in same IPC classes:

Registration and receiving information about database table change which can be used to invalidate cache elements / 2380748
Server provides Web answers which may contain contents of data tables in database. Server supports cache (for example in system memory) where contents can be stored (including contents of data tables) for enhancement of efficiency of subsequent providing this content for Web client requests satisfaction. Server performs data tables monitoring as for changes, and when particular data table is changed the elements in cache which are dependent on particular data table are invalidated. Additionally, in response to Web client request for Web answer, the server assigns cache dependence on database at least part of created Web answer (for example for contents retrieved from data table) based on commands executed when Web answer is created. At least part of created Web answer is subsequently cached in server cache area.

Semiconductor memory board and data-reading device / 2251752
Board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

Methods and apparatus for selective data encryption / 2505931
Method includes a step, at an encryption device (710), of: determining whether the length of a message M is greater than, equal to or less than the length of a key k; and if the length of the message M is greater than the length of the key k, exactly k bits of the message M are encrypted; if the length of the message M is equal to the length of the key k, said k bits of the message M are encrypted; if the length of the message M is less than the length of the key k: the message M is connected in series with the next message to obtain a message which is elongated by at least k bits. At least one next message contains bit stream data and is the payload of the next packet; and exactly k bits of the elongated message are encrypted, wherein the message M is the payload of the packet and contains bit stream data.

Identification-based data entity encryption for safe access thereof / 2505855
Method involves encrypting (103), using a symmetric encryption key (102), a data entity (100) to obtain an encrypted data entity (104), and encrypting (105), according to an identification information based encryption scheme with a data entity (100) identifier (101) and a master public key, said symmetric encryption key (102) to obtain an encrypted encryption key (106), granting a requesting party a decryption key (201) for decrypting the encryption key (106), where the decryption key is granted in response to a permit request, which includes a decryption key (201) to be issued to the requesting party, recording the granted decryption key (201) in a log book, and performing regular verification.

Apparatus, method and system for efficient distribution of conditional access information / 2505854
Method involves determining a period of time in which a service access permit is valid in accordance with an access permit message with service-dependent user identification; deactivating the permit; permitting service access using previous service-dependent user identification for extension or reactivation, when since the last time interval during which service access was opened using a service access permit, a given period of time has passed, during which the expired time is counted and extension or renewal of access using an already used user identifier, associated with a defined service, is prohibited, when the used time reaches or exceeds a given authorisation action limit.

Method for iterative cryptographic transformation of data / 2504911
Method involves generating a sequence of round keys K1, K2,…, KR, where R is the number of transformation rounds, from a private key using a key turning procedure; executing R transformation rounds; each round key used at the i-th round (Ki) is used to generate N round sub-keys Ki1. Ki2,…, Kin, where N is the number of paths of round transformations in each round; when executing each i-th round, N copies Ci1, Ci2,…, Cin of an input unit C are created, each copy Cij subjected to stochastic transformation Eij, which is recorded in the form Cij:=Fij(Cij, Kij); the transformed values Cij are transmitted to inputs of a combinational circuit F, the function of which is a parallel composition of different paths of round transformations; the result of actions of the combinational circuit C:=F(Ci1, Ci2, …, Cin) is declared the round result, which is transmitted to the input of the next round for i<R, and the result of the actions of the last round is the transformation result.

System for protecting information containing state secrets from unauthorised access / 2504835
System for protecting information containing state secrets from unauthorised access comprises a plurality of user information security systems, a plurality of automated user workstations and functional severs, a backbone network, a domain controller server, a security server, a security server database, at least one automated administrator workstation and one administrator information security system. Each user information security system comprises a security agent, a user access partitioning system and a database of enhanced user authentication means; the administrator information security system comprises a security administrator agent, a security administrator access partitioning system and a database of enhanced administrator authentication means, wherein the automated user workstations further include trusted download hardware-software module; furthermore, the automated workstations include enhanced authentication means.

System for protecting information containing state secrets from unauthorised access / 2504834
System for protecting information containing state secrets from unauthorised access comprises a plurality of user information security systems, a plurality of automated workstations and functional severs, a backbone network, a domain controller server, a security server, a security server database, at least one automated workstation for an information security administrator and at least one administrator information security system. Each user information security system comprises a security agent, a user access partitioning system and a database of enhanced user authentication means, and the administrator information security system comprises a security administrator agent, a security administrator access partitioning system and a database of enhanced security administrator authentication means.

Digital rights management apparatus and method / 2504005
Method comprises steps of: encoding a digital program to link said digital program with an authentication agent by packing the digital program and authentication agent into single digital content. Said authentication agent includes a program code executed by a device, wherein the device can reproduce said digital program and execute the program code. The program code is configured to authenticate the device when executed in the device; and provide said device with digital content which includes said digital program and said authentication agent. Said digital program is encrypted via a first encryption algorithm, and the decryption key of the fist encryption algorithm is encrypted via a second encryption algorithm and is stored in the authentication agent.

Method and apparatus for performing user video authentication / 2504004
Disclosed is a method of performing video authentication of a user, which comprises steps of: receiving a user-provided authentication photograph; capturing a continuous video image of the user in real time over a certain period of time using a video capturing device at a user client; performing real-time decomposition of the video image and obtaining a series of video data frames; selecting from the series of video data frames a specific number of video data frames and generating at least one contrast image for video authentication of the user based on the specific number of video data frames; comparing the authentication photograph with the contrast image and making a decision on the user video authentication result according to the comparison result.

Method for cryptographic transformation of information and apparatus for realising said method / 2503135
Method is based on breaking down an initial 32-bit input vector into eight serial 4-bit input vectors. Conversion tables are placed in each replacement unit, each table having sixteen rows, each row having four padding bits corresponding to 4-bit output vectors. Four replacement units are used, one for each pair of 4-bit input vectors, wherein each replacement unit employs a 16-byte or more central processing unit register in which two conversion tables are placed, and conversion of pairs of 4-bit input vectors to pairs of 4-bit output vectors in accordance with the conversion unit is carried out by switching the rows of the conversion tables to the central processing unit register of the corresponding replacement unit using pairs of 4-bit input vectors in form of switching addresses, after which the 4-bit output vectors are combined in series into a 32-bit output vector.

Method for remote monitoring and control of networking information security based on use of domain name system / 2503059
Method involves modifying DNS response to resolution of a domain name of a target information service such that, an "Additional" field specified by configuration information and security policy rules is added to the DNS response, said field initiating the beginning of the process of monitoring and controlling communication security, after which the modified DNS response is sent from a controlled DNS server to the DNS server of an internet provider; a request is sent on behalf of a client to the target information service; the request from the client is received at the monitoring point; the necessary control actions are determined based on the network security policy and information in the request to the target information service; control actions are carried out for network traffic.

System and method to detect malicious software / 2497189
Method for automatic identification of malicious software includes reception of a sequence in a language of an assembler from a binary file by means of an expert system knowledge base. Further, in accordance with the method, identification of instructions sequence from the received sequence is identified. And also classification is realised, by means of the expert system knowledge base, of the sequence of instructions as threatening, non-threatening or not subject to classification by means of application of one or more rules of the expert system knowledge base to the sequence of instructions. At the same time the sequence of instructions is classified as threatening, if it includes: procedures of coding, procedures of decoding, instructions for replication of a part of instructions sequence. If the sequence of instructions is classified as threatening, information may be sent into a component of code analysis, and a user may be notified that the binary file includes malicious software.

Using protected device for provision of secure data transfer in insecure networks / 2494448
Method of secure data transmission in insecure networks between a computer and a network resource, includes stages, when: the first secure connection is established between a facility of secure data transfer and a computer; data is collected on used network connections on the computer; the second secure connection is established between the facility of secure data transfer and the security server, using data on used network connections on the computer; the established first and second secure connections are established for secure data transfer.

System and method of adaptive optimisation of inspection of data flow sent in network for availability of threats / 2488880
Method is realised due to selective partial inspection of a data flow on the basis of statistics of placement of previously detected threats in a data flow. Statistics of threats placement in the data flow may be produced from at least one system of statistics collection by threats, which inspects the data flow fully.

Electromechanical device for protection of information placed on digital usb flash storage against unauthorised access / 2486583
Electromechanical device for protection of information placed on a digital USB flash storage, against unauthorised access comprises a casing that contains a ferromagnetic frame, inside of which there are coaxially arranged a fixed inductor and a movable anchor made of an electroconducting material and a striker made of a ferromagnetic material. The anchor is made in the form of a disc with an inner cylindrical bushing and is connected with a striker. The frame is made in the form of a magnetic conductor and in the cross section covers the inductor, the anchor and the space of anchor and striker travel. The lower wall of the frame is made with a curve designed for a digital USB flash storage. In the frame there are two double flat springs, which are made as capable of moving the digital storage along the longitudinal axis of the z frame.

Method of increasing reliability of detecting malicious software / 2485577
Result is achieved by creating conditions wherein attackers will not be able to conduct testing of quality of detection of their malicious software. The method comprises steps for transmitting, by an information detection module over a computer network to a system of blocking and information modules, a signal on a malicious entity; the system of blocking and information modules generates redundant detection features for neutralising malicious entities according to rules in the system of blocking and information modules; at least one blocking detection signal is transmitted over the network from the system of blocking and information modules to the blocking module of an antivirus protection system; the blocking module detects and neutralises the malicious entity.

Method to protect information computer networks against computer attacks / 2483348
Method includes stages, at which the following is carried out: a list of trusted addresses of a receiver and a sender of message packets is formed, a verification packet is formed, for this purpose the sender's address D is read, and the receiver's address lj, and the initial value equal to one is recorded into the field "Packet life time" TTL, afterwards the formed packet Pij is formed into a massif P, the value of quantity Kadd is set for the received response packets on the non-delivered packet Pij with the current value of the field "Packet life time" TTL, then the formed packet is sent to a communication channel.

Providing digital credentials / 2475840
Method comprises steps of receiving input data which determine a descriptor for digital credentials; storing the descriptor; in response to storage of the descriptor, automatically sending the user a first notification that the digital credentials are available for the user; receiving a request through a first channel to create digital credentials for the user; issuing, over a second channel, a second notification that digital credentials were requested; obtaining approval to create digital credentials creating digital credentials.

Method for preventing unauthorised access to information stored in personal computer / 2475823
Before booting a resident operating system (ROS), execution of a series of instructions is set, which, according to the address in random access memory (RAM) of the personal computer of the boot code of the primary operating system, through which it is booted from a real boot device (FDD, HDD, CDROM, USB, Network), establishes the break point such that its triggering will be handled by the corresponding code in the BIOS extension, wherein the minimum boot code of the primary operating system and information on the real boot device are stored in the RAM of the personal computer. Returning management of the computer BIOS is carried out only after performing this preparatory operation. Further, upon triggering of the break point, the first instruction of the boot code to switch to the ROS boot device is changed, the ROS is booted from memory of the information security equipment, and the security task is launched (checking integrity, identification/authentication etc), at the end of which a program to enter into normal mode of operation of the personal computer is executed.

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering, particularly to means of protecting information from unauthorised access. The data storage device has a control unit, the first group of inputs/outputs of which is connected to the group of inputs/outputs of a memory unit, the device further including a commutation unit for switch circuits and a unit for protecting switch circuits, the group of inputs of which is the group of inputs of the data storage device, and the group of outputs is connected to the group of inputs of the commutation unit for switch circuits, the first group of inputs/outputs of which is the group of inputs/outputs of the data storage device, and the second group of inputs/outputs is connected to the second group of inputs/outputs of the control unit.

EFFECT: high reliability of the data storage device and providing high security of information storage.

5 cl, 5 dwg

The invention relates to the computer engineering, in particular to the means of protection from unauthorized access to information.

Known data storage device (see the patent JP №6085158, IPC:G06F 12/14 Chip-card from unauthorized access protection system», Hiroshi Watanabe, .26.10.1994)containing a control unit, which includes schema compare the input code with the established code, counter discrepancies when comparing the input and set by the code, the scheme of the signal conditioning block and a scheme of blocking the information area, and memory consisting of several information fields. For access to information of each field is used one or more of the installed codes. Access to the contents of the device is possible only when you enter from the outside code and its coincidence with a predetermined code. Timing and power supply control unit is accessed externally. The specified device is taken as the closest analogue of the claimed invention.

The disadvantages of the closest analogue is the lack of protection, which leads to the possibility of a hazardous exposure (for example, static electricity) information control unit and memory, in addition, there is the possibility of the direct selection code data on information and communication lines and analysis of the responses of the device with the purpose of choosing the optimal algorithm of selection.

The technical result, the achievement of which aimed claimed invention consists in increasing the reliability of data storage devices, as well as ensuring greater safety information storage.

To obtain a technical result of the first option in the storage device that contains the control unit, the first group of input-output of which is connected with a group of inputs-outputs a block of memory, what is new is the additionally introduced interswitch key chains and protection unit key chains, input group which is a group of inputs storage devices data, and the group outputs connected with a group of inputs commutation key chains, the first group of input-output of which is a group of input-output data storage devices, and the second group of the inputs / outputs connected with the second group of inputs-outputs the control unit.

The mentioned set of essential features to improve the reliability of data storage devices by eliminating the possibility of a dangerous outer influence (for example, static electricity) for informational inputs, control units and memory to their damage or destruction, and improve the safety of data storage by eliminating the possibility of direct selection set by the code on information and communication lines and analysis of the responses of the device with the purpose of choosing the optimal algorithm.

Association control units and memory in the microprocessor module, as well as unification of blocks switching key chains and protection key chains in intelligent power protection key chains allows to reduce the number of used blocks, which also increases the reliability of the device.

To obtain a technical result for the second variant in the storage device that contains the control unit, the first group of input-output of which is connected with a group of inputs-outputs a block of memory, what is new is the additionally introduced interswitch key chains, persistent storage device, electrically erasable storage device, the device for forming analog component, device selection analog component and device selection digital component, the first groups of input-output devices selection of analog and digital components are combined and is a group of input-output data storage devices, and the second group of inputs-outputs are connected respectively with the first and second groups of inputs-outputs commutation key chains, the third group of input-output of which is connected with the second group of inputs-outputs the control unit, group output of which is connected with the group of the device inputs formation analog component, group of the output of which is connected with a group of inputs commutation key chains, third and fourth groups of inputs-outputs the control unit are connected respectively with groups of inputs-outputs permanent storage and electrically erasable flash storage device.

The mentioned set of essential features of the second option allows to enhance reliability and ensure higher security of the information storage devices by eliminating the possibility of impact on the elements of power and control the connection information circuits, as well as by eliminating the possibility of obtaining information on the status of the device and the parameters enable it using the code sequences in a specific format. The scheme of division of the information, including a block of memory, persistent storage device and electrically erasable storage device that improves the reliability of the data storage device.

Figure 1, figure 2, figure 3 and figure 4 shows the structural scheme of the storage device for the first option.

Figure 5 shows the block diagram of realization of the storage device on the second version.

Storage device (figure 1) contains the block 1 protection key chains (Б), block 2 switching key chains (Б), block 3 management (BM) and unit 4 memory (PSU).

The first group of inputs-outputs BU 3 is connected with a group of inputs-outputs 4 BP. Input group Б 1 is a group of inputs storage device. The group outputs Б 1 is connected with a group of inputs Б2. The first group of inputs-outputs Б 2 is a group of input-output data storage devices, and the second group of the inputs / outputs connected with the second group of inputs-outputs BU 3. Input group and the group of inputs-outputs storage device connected respectively to the group of outputs and group o external connector 5.

Storage device (figure 2) contains the block 1 protection key chains, block 2 switching key chains, microprocessor module 6.

Input group Б 1 is a group of inputs storage device. The group outputs Б 1 is connected with a group of inputs Б 2. The first group of inputs-outputs Б 2 is a group of input-output data storage devices, and the second group of the inputs / outputs connected with a group of inputs-outputs of the microprocessor module 6. Input group and the group of inputs-outputs storage device connected respectively to the group of outputs and group o external connector 5.

Storage device (figure 3) contains an intelligent unit 7 protection key chains (Б), control unit 3 and unit 4 of memory.

The first group of inputs-outputs BU 3 is connected with a group of inputs-outputs 4 BP. Input group and the first group of inputs-outputs Б 7 are groups of inputs and input-output data storage devices, respectively. The second group of inputs-outputs Б 7 is connected with the second group of inputs-outputs BU 3. Input group and the group of inputs-outputs storage device connected respectively to the group of outputs and group o external connector 5.

Storage device (figure 4) contains an intelligent unit 7 protection key chains (Б) and microprocessor module 6.

Input group and the first group of inputs-outputs Б 7 are groups of inputs and input-output data storage devices, respectively. The second group of inputs-outputs Б 7 is connected with a group of inputs-outputs of the microprocessor module 6. Input group and the group of inputs-outputs storage device connected respectively to the group of outputs and group o external connector 5.

Storage device (figure 5) contains Б 2, BU 3, 4 BP, read only memory (ROM) 8, electrically erasable storage device (EEPROM) 9, forming device analogue component (UFAS) 10, the device selection analog component (UVAS) 11 and device selection digital component (head of aecr) 12.

The first group of inputs-outputs UVAS 11 and head of aecr 12 merged and are a group of the inputs / outputs of the storage device, and the second group of inputs-outputs are connected respectively with the first and second groups of inputs-outputs Б 2. The third group of inputs-outputs Б 2 is connected with the second group of inputs-outputs BU 3. The group outputs BU 3 is connected with a group of inputs UV AU 10, a group of output of which is connected with a group of inputs Б 2. The third and fourth groups of inputs-outputs BU 3 connected respectively with groups of inputs-outputs ROM 8 EEPROM 9. A group of inputs-outputs of the storage device connected to a group of I / o external connector 5.

Б 1 is a combinational logical scheme, the relationship between the input and output variables which is set using Boolean functions, and performs selective connection switching circuits. Output variables are uniquely determined by the values of the input variables. For their technical realization can use logical elements that implement Boolean functions, such as multiplexers, , Raman shifter, Comparators, adders, functional digital converters.

Б 2 consists of compact relay with switching capacity and low power consumption series NG6D. Chip series 1554 the logic of «AND NOT» can be used as an element of comparison, at the entrance Б 1.

To implement the above options storage device as BOO 3 you can apply microcontroller 1886 of national development, as bas 4 - chip EEPROM (electrically persistent storage device) 5582, as the microprocessor module 6 - chip 1986 9.

Б 7 is a machine to perform logical operations with the ability to memorize certain state variables. Output variables depend not only on the input variables, but also on the current status of the device. The values will be saved through triggers on the duration of the measure. New state of the automaton is defined, on the one hand, the previous state and, on the other hand, the values of the input variables. For their technical realization of the following elements can be: counters, shift registers, pseudorandom sequences, asynchronous and synchronous signal handlers.

ROM 8 may be executed on chip type 16232.

EEPROM 9 may be executed on chip type 5584.

FAS 10 may be made under the scheme (.. «Circuitry of analog and analog-to-digital electronic devices» - M, Publishing house «-XXI», 2005, .412-413, .8.32).

UVAS 11 can be made under the scheme (.. «Circuitry of analog and analog-to-digital electronic devices» - M, Publishing house «-XXI», 2005, .412-413, .8.33, 8.34).

The head of aecr 12 may be made under the scheme (GI Volovich «Circuitry of analog and analog-to-digital electronic devices» - M, Publishing house «-XXI», 2005, .411-412, .8.30).

Scheme of interaction of blocks UV AU 10, UVAS 11 and head of aecr 12 can be implemented according to the scheme (.. «Computer control of the technological process, experiment, equipment» - M: Hot line - Telecom, 2009, p.74).

The principle of operation of the device does not affect implementation option.

Storage device works as follows.

The work is based on the set of software and hardware microprocessor system.

For storage devices, shown in figures 1-4, with a power source (figures not shown) come voltage required for functioning of devices, including digital and analog integrated circuits devices.

In the storage (figure 1 and figure 2) with a group of outputs external connector 5 on Б 1 enters control information. In Б 1 external control signal produces a random connection switching circuits Б 2. With group o external connector 5 through the block Б 2 in block BU 3 or microprocessor module 6 (depending on the implementation) receive information that is being transformed by the algorithm in the PSU 4 or microprocessor module 6, and stored.

In the storage (figure 3 and figure 4) with the group outputs external connector 5 at the entrance Б 7 receives control information, passing through the system of selection of switching circuits, representing the machine to perform logical operations with the ability to memorize individual States variables, commutes selected key chains. With group o external connector 5 through Б 7 rig 3 or microprocessor module 6 (depending on the implementation), information is sent exposed to transform the algorithm BP 4 or microprocessor module 6, and stored.

In the storage device (figure 5) from the external connector on 5 UVAS 11 and head of aecr 12 comes mixed analog-digital signal that carries information that control the switching key chains in Б 2, and data are subject to transformation into a BOO 3, according to the key information contained in the EEPROM 9, algorithm contained in ROM 8, and further storage in the PSU 4. Selection of analog and digital components of the signal occurs due to the strong difference of frequency bands. The response team is formed similarly with the use of UV AC 10.

Thus, options to build storage devices provide increased reliability from the influence of external factors by using the properties of the components included in the device.

1. Storage device containing the control unit, the first group of input-output of which is connected with a group of I / o memory block, wherein the additionally introduced interswitch key chains and protection unit key chains, input group which is a group of inputs storage device, and a group of outputs connected with a group of inputs commutation key chains, the first group of input-output of which is a group of input-output data storage devices, and the second group of the inputs / outputs connected with the second group of inputs-outputs the control unit.

2. Storage device according to claim 1, characterized in that the control units and memory merged with a microprocessor module, a group of input-output of which is the second group of inputs-outputs the control unit.

3. Storage device according to claim 1, wherein the power switching key chains and protection unit key chains merged into intelligent power protection key chains, input group which is a group of inputs storage device, and the first group of input-output is a group of input-output data storage devices, a second group of inputs-outputs intellectual protection unit key chains is the second group of inputs-outputs of the commutation key chains.

4. Storage device according to claim 1, characterized in that the control units and memory merged with a microprocessor module and switching units key chains and protection unit key chains merged into intelligent power protection key chains, input group which is a group of inputs storage device, and the first group of input-output is a group of input-output data storage devices accordingly, the second group of inputs-outputs intellectual protection unit key chains is the second group of inputs-outputs of the commutation key chains, group of inputs-outputs of the microprocessor module is the second group of the inputs / outputs of the control unit.

5. Storage device containing the control unit, the first group of input-output of which is connected with a group of I / o memory block, wherein the additionally introduced interswitch key chains, permanent storage, electrically erasable storage device, the device for forming analog component, device selection analog component and device selection digital component, the first groups of inputs-outputs device selection of analog and digital components are combined and is a group of input-output data storage devices, and the second group of inputs-outputs are connected respectively with the first and second groups of inputs-outputs commutation key chains, the third group of input-output of which is connected with the second group of inputs-outputs the control unit, the group output of which is connected with the group of the device inputs formation analog component, group of the output of which is connected with a group of inputs commutation key chains, third and fourth groups of inputs-outputs control unit connected respectively with groups of inputs-outputs permanent storage and electrically erasable flash storage device.