AU744891B2 - Improved data switch - Google Patents
Improved data switch Download PDFInfo
- Publication number
- AU744891B2 AU744891B2 AU93323/98A AU9332398A AU744891B2 AU 744891 B2 AU744891 B2 AU 744891B2 AU 93323/98 A AU93323/98 A AU 93323/98A AU 9332398 A AU9332398 A AU 9332398A AU 744891 B2 AU744891 B2 AU 744891B2
- Authority
- AU
- Australia
- Prior art keywords
- data
- switch
- data processing
- user interface
- processing systems
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
WO 99/18493 PCT/AU98/00829 1 "IMPROVED DATA SWITCH" TECHNICAL FIELD This invention relates to an improved data switch for selectively switching a user interface (eg. keyboard, mouse and display) between two or more independent data processing systems.
BACKGROUND ART A problem exists where a single data processing system is used to process data of differing security classifications. Within the single data processing system there is the potential for data of differing security classifications to be mixed, allowing the possibility that classified data may be released to recipients not intended to possess that information.
Traditionally system designers have sought to address this problem by using "trusted" software to identify and partition data of differing classifications within the single data processing system. The development and subsequent evaluation, certification and accreditation of such complex partitioning software has become extremely time consuming and expensive.
An alternative method is to provide a plurality of independent data processing systems and user interfaces so that the separation of data of different security classifications is achieved by full physical separation between systems. This approach is hardware intensive and also has ergonomic disadvantages in that the operator is forced to physically move between the different systems.
The present invention relates to a hybrid system in which a user can, via a single user interface (eg.
keyboard, mouse etc) selectively input data to one of two or more independent data processing systems.
Such a system is broadly known from Australian Patent 691102 and this document is the most relevant WO 99/18493 PCT/AU98/00829 2 prior art currently known to the applicant.
The invention aims to provide an improved failsafe architecture which ensures that inadvertant data transfer between independent data processing systems is avoided.
DISCLOSURE OF INVENTION This invention in one aspect resides in an improved data switch for selectively connecting a user interface to one of a plurality of independent data processing systems.
Optionally, a data diode may be provided between the data processing systems for allowing data from the lower classification system to pass to the higher classification system, but not in the other direction.
To ensure that data cannot be inadvertantly transferred between the independent data processing systems (and especially from the higher security system to the lower security system), the user interface is adapted so that it is incapable of transferring data between data processing systems during or after switching between processing systems.
A standard user interface includes a processor and buffer memory in the keyboard. The user interface processor/buffer can retain data and can cause an inadvertant transfer of data between systems.
This problem is overcome according to the present invention by using a modified user interface having no processor/buffer memory on the "upstream" side of the data switch. Rather, the buf f er (s)/processor are relocated and replicated "downstream" of the data switch.
Necessarily, there is a buffer/processor for each of the independent data processing systems.
Thus, in one aspect the invention resides broadly in an improved data switch in which no data can remain "upstream" of the data switch after switching.
According to another aspect the invention resides in a methodology of preventing inadvertant data transfer, WO 99/18493 PCT/AU98/00829 3 such method involving the relocation and replication of the user interface processor/buffer on the "downstream" (or data processing system side) of the data switch.
BRIEF DESCRIPTION OF DRAWINGS In order that this invention may be more easily understood and put into practical effect, reference will now be made to the accompanying drawings which illustrate preferred embodiments of the invention, wherein:- FIG 1 is a schematic block diagram illustrating how the invention may be implemented; FIG 2 illustrates how the keyboard is reset when switching between processors according to the prior art; FIG 3 illustrates detail of the modified keyboard approach.
BEST MODE With reference to FIG 1, input devices (ie. keyboard and mouse) of the user interface are selectively connectable to one of two processors (in the illustrated case processor B) via an input switch.
Similarly, processor B is selectively connected to the output device (ie. display monitor) of the user interface via an output switch.
It will be appreciated that the input switch and output switch are linked or "ganged" so that switching of the input switch and output switch between processors occurs simultaneously.
The switches may be manually actuated to the alternative position in which connection to processor A is achieved.
It is important that no data be retained on the user interface side of the switch during or after switching, particularly when switching from the higher classification system to the lower classification system.
This can be achieved by resetting the input WO 99/18493 PCT/AU98/00829 4 device(s) when switching between processors as per the prior art.
Referring to FIG 2, there is illustrated greater detail of the present invention. As can be seen, the input switch includes a corresponding plurality (in this case two) of keyboard processor/buffers. As mentioned previously, there is normally a single processor/buffer within the keyboard (ie. upstream of the switch), however in this case there are two processor/buffers located "downstream" of the switch. Accordingly, data contained within the respective keyboard processor/buffers cannot be transferred between data processing systems during or after switching and no reset function is required.
The present invention has a significant architectural failsafe advantage over the prior art and is not reliant on any reset functions or the like to clear data.
The preferred embodiment of the present invention achieves a number of objectives:separation of data of differing classifications is guaranteed by full physical separation of the data processing systems.
the switching of the data input and the data output is a simple mechanical function which is electrically confirmed and can therefore be easily proved to provide data separation.
the security enforcing functions are all physical in nature, and therefore no trusted software is required.
no specialised application software is required.
The fundamental requirements of the input switch are: data from the keyboard can be directed to one (and only one) of the data processing systems at any one time.
the operator can switch the data from the keyboard and mouse to the desired data processing system.
WO 99/18493 PCT/AU98/00829 there is confirmation to the user of which data processing system has been selected, and validation that the switch is functioning correctly.
there is complete electronic isolation between the data procesing systems.
the input switch will ensure that no information remains within the keyboard, mouse or switching mechanism when switching takes place.
The fundamental requirements of the output switch are:there is a complete electronic isolation between data processing systems.
the output switch will route the output of the selected data processing system to the display monitor.
All of the fundamental requirements of both the input and output switches are implemented in hardware.
This removes the requirement to utilise trusted software or firmware. This makes Government endorsement a much easier and faster task.
The present invention provides an alternative to existing solutions. The data is separated without the need of trusted software. The architecture of the invention ensures that data cannot be transferred between systems, in contrast to the prior art arrangement in which the operator is reliant on the reset mechanism functioning as intended. Thus, the present invention is failsafe unlike the prior art.
The user is given a clear indication of which data processing system has been selected and data cannot be transferred between systems during or after switching.
It will of course be realised that whilst the above has been given by way of an illustrative example of this invention, all such and other modifications and variations hereto, as would be apparent to persons skflled in the art, are deemed to fall within the broad scope and ambit of this invention as is herein set forth.
Claims (2)
1. A system including:- a user interface; a data switch for selectively connecting the user interface to one. of a plurality of data processing systems, characterised in that there is no data storage means located on the user interface side of the data switch.
2. A system as claimed in claim 1, wherein there are a plurality of data storage means located on the data processing system side of the data switch and wherein each of the plurality of data storage means is connected in series with one of the plurality of the data processing systems. AMENDED SHEET (Article 34) (IPEA/AU) L-=1 nrr--cl-li-~il~;~ii~v
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU93323/98A AU744891B2 (en) | 1997-10-02 | 1998-10-01 | Improved data switch |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPO9598A AUPO959897A0 (en) | 1997-10-02 | 1997-10-02 | Data switch |
| AUPO9598 | 1997-10-02 | ||
| AU93323/98A AU744891B2 (en) | 1997-10-02 | 1998-10-01 | Improved data switch |
| PCT/AU1998/000829 WO1999018493A1 (en) | 1997-10-02 | 1998-10-01 | Improved data switch |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU9332398A AU9332398A (en) | 1999-04-27 |
| AU744891B2 true AU744891B2 (en) | 2002-03-07 |
Family
ID=25641583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU93323/98A Ceased AU744891B2 (en) | 1997-10-02 | 1998-10-01 | Improved data switch |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU744891B2 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4641262A (en) * | 1983-03-07 | 1987-02-03 | International Business Machines Corporation | Personal computer attachment for host system display station |
| US5291596A (en) * | 1990-10-10 | 1994-03-01 | Fuji Xerox Co., Ltd. | Data management method and system with management table indicating right of use |
| WO1996030840A1 (en) * | 1995-03-31 | 1996-10-03 | The Commonwealth Of Australia | Method and means for interconnecting different security level networks |
-
1998
- 1998-10-01 AU AU93323/98A patent/AU744891B2/en not_active Ceased
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4641262A (en) * | 1983-03-07 | 1987-02-03 | International Business Machines Corporation | Personal computer attachment for host system display station |
| US5291596A (en) * | 1990-10-10 | 1994-03-01 | Fuji Xerox Co., Ltd. | Data management method and system with management table indicating right of use |
| WO1996030840A1 (en) * | 1995-03-31 | 1996-10-03 | The Commonwealth Of Australia | Method and means for interconnecting different security level networks |
Also Published As
| Publication number | Publication date |
|---|---|
| AU9332398A (en) | 1999-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101261614B (en) | Addressable serial peripheral interface | |
| CN101303681B (en) | Dynamic reconfiguration of PCI EXPRESS links | |
| US5680288A (en) | Hot plugging of an adapter card | |
| US5117225A (en) | Computer display screen monitoring system | |
| EP0326696B1 (en) | Hybrid communications link adapter incorporating input/output and data communications technology | |
| US20210397578A1 (en) | One-way bus bridge | |
| EP0817045A3 (en) | Mixing and splitting multiple independent audio data streams in kernel space | |
| KR950035193A (en) | Computer network and how to communicate voice and data information | |
| WO2005050462A3 (en) | Protective bus interface and method | |
| JP2005509947A5 (en) | ||
| WO2003077138A3 (en) | Document processing system including multi-device compatible interface and related methods | |
| EP0801352A3 (en) | Data processing system | |
| KR970049639A (en) | Logical Address Bus Architecture for Multiprocessor Systems | |
| KR920020316A (en) | Quadrature Bus Protocol for Performing Transactions in Computer Systems | |
| AU744891B2 (en) | Improved data switch | |
| WO1999018493A1 (en) | Improved data switch | |
| US6253275B1 (en) | Interrupt gating method for PCI bridges | |
| WO2004064413A3 (en) | Switch/network adapter port coupling a reconfigurable processing element for microprocessors with interleaved memory controllers | |
| US6330694B1 (en) | Fault tolerant system and method utilizing the peripheral components interconnection bus monitoring card | |
| EP0353249A1 (en) | Parallel networking architecture | |
| US6577905B1 (en) | Apparatus and method for providing a transient port | |
| CN108681511A (en) | The system and implementation method of compatible SATA and SAS hard disks | |
| US7313638B2 (en) | Command accumulation tool | |
| US5896514A (en) | Logic implementation of control signals for on-silicon multi-master data transfer bus | |
| US7802041B2 (en) | Information processing apparatus including transfer device for transferring requests |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |