GB2274524A - Data security in a network file server. - Google Patents

Data security in a network file server. Download PDF

Info

Publication number
GB2274524A
GB2274524A GB9301431A GB9301431A GB2274524A GB 2274524 A GB2274524 A GB 2274524A GB 9301431 A GB9301431 A GB 9301431A GB 9301431 A GB9301431 A GB 9301431A GB 2274524 A GB2274524 A GB 2274524A
Authority
GB
United Kingdom
Prior art keywords
removable disk
disk drive
file server
processor
workstation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9301431A
Other versions
GB9301431D0 (en
Inventor
Liam Shanahan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEWBOURNE Ltd
Original Assignee
NEWBOURNE Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEWBOURNE Ltd filed Critical NEWBOURNE Ltd
Priority to GB9301431A priority Critical patent/GB2274524A/en
Priority to BE9300131A priority patent/BE1005329A6/en
Publication of GB9301431D0 publication Critical patent/GB9301431D0/en
Publication of GB2274524A publication Critical patent/GB2274524A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A data processing apparatus has a number of workstations connected to a local area network. Each workstation has a processor connected to a removable disk drive. The workstation processor is programmed on start-up to set various operation parameters, to establish a communications session with the file server processor and to subsequently disable further write requests to a removable disk in the removable disk drive to ensure confidentiality of data stored on the network file server. <IMAGE>

Description

"Control of Data Storaae Devices" The invention relates to the control of data storage devices in an apparatus comprising a number of workstations operating to access a data bank, to process data and to input data to the bank.
One of the problems associated with control of data storage devices in such a system is that of satisfying the two conflicting requirements of on the one hand allowing as many people as possible within an organisation to access the data so that the data bank has optimum utilisation, and on the other hand of maintaining confidentiality of the data by preventing it being transmitted out of the system.
In the prior art, methods such as that described in EP-B10,139,759 (Fanuc Ltd) are described for connecting external equipment to a processor in which connection information is retrieved for use in exchange of data between the processor and the external equipment. Such methods do not specifically address the problem of controlling storage devices in a networked computer system where there is a large data bank and the above requirements are to be met.
The invention is directed towards providing an apparatus to overcome these problems.
According to the invention, there is provided a data processing apparatus comprising: a bi-directional local area network cable; a bank of fixed disks storing a data bank of data records; a file server processor connected between the local area network cable and the fixed disks and being constructed to route access requests transmitted on the cable to the fixed disks, to retrieve the relevant data records, and to transmit the records on the cable to the source of the request; a plurality of workstations connected to the local area network cable, each workstation comprising: a user input interface; a removable disk drive; a controller for the removable disk drive; a workstation processor connected to both the user interface and to the removable disk drive controller, the workstation processor being constructed to initially set operation parameters by reference to the removable disk drive, to automatically transmit an interpreter from the removable disk drive to the file server processor via the local area network cable, to store received routing instructions in an on-board random access memory circuit, these routing instructions directing routing of interpreter requests to the file server processor, and to set a register stored in the random access memory circuit to disable write instructions to the removable disk drive.
In one embodiment, the file server processor is additionally constructed to automatically transmit communication instructions retrieved from the fixed disks to a workstation processor when the latter is activated.
The invention will be more clearly understood from the following description of some preferred embodiments thereof, given by way of example only, with reference to the accompanying drawings in which: Fig. 1 is a diagrammatic representation of a data processing apparatus of the invention; and Fig. 2 is a flow chart illustrating the manner in which various components of the apparatus shown in Fig. 1 are constructed.
Referring to Fig 1, an apparatus 1 of the invention is shown. The apparatus 1 is for the storage of a large data bank in which there are records of data relating to people who have been, or who are employed in an organisation.
Thus, maintaining confidentiality of the data is extremely important. Another requirement is that different people within the organisation have access to the data so that it may be viewed, and new data entered. Because there are other data processing requirements of the apparatus 1, and for financial reasons, the apparatus 1 is constructed for distributed processing within the organisation so that each user is at a workstation which can carry out various processing operations.
In detail, the apparatus 1 comprises a bi-directional local area network cable 2 to which is connected a file server processor 3, which is in turn connected to a bank of fixed disks 4 having a total capacity of 100 MB. In addition, a number of workstations 5, 6, 7 and 8 are connected to the network cable 2. Each workstation comprises a workstation processor 9 connected to a keyboard 10 for user communication. Each processor 9 is also connected to a storage device controller 11, which is in turn connected to a storage device, namely, a removable disk drive 12.
An important aspect of each workstation is that there is no non-volatile memory device such as a fixed disk and the only device for permanent storage of data is a removable disk which may be inserted. Thus, on a permanent basis, all of the data is stored in the bank of fixed disks 4 in which there is a record for each person.
Another important aspect of the invention is the manner in which the file server processor 3 and each workstation processor 9 is programmed during operation to perform the technical steps of ensuring that data may not be transmitted from the apparatus 1 to another system or that it may not be transported by means of removable disks or otherwise. The manner in which the workstations and the file server processors 9 and 3 are programmed is now described with reference to Fig. 2 which shows a process 20 carried out by components of the apparatus 1.
The first process step 21 involves one of the workstations 5, 6, 7 or 8 being activated. This is achieved by insertion of a removable disk in the drive 12 and the processor 9 accessing the disk for booting instructions.
In step 22, the processor 9 transmits a signal to the file server to establish a communications session via the cable 2 and subsequently in step 23 the processor 9 receives network instructions from the file server processor 3.
The file server processor 3 retrieves these instructions from the fixed disk 4 and the instructions relate to the manner in which communications should be carried out so that the data bank may be accessed.
In step 24 the relevant workstation processor 9 sets various operation parameters by reference to the removable disk drive 12 via the controller 11. The parameters include those relating to interrupts, the size of memory blocks to be used for reading and writing of data and device driver data for the processor 9. When these parameters have been set, in step 25 the workstation processor 9 transmits an interpreter program which has been read from the removable disk to the file server processor 3. The processor 3 is programmed to store the interpreter in a pre-set block of memory locations in the fixed disks 4 and to route subsequent instructions from the workstation processors 9 to the interpreter while they are operating. In addition, the relevant workstation processor 9 stores routing instructions in an on-board random access memory, these routing instructions directing communication with the file server processor 3.
An important step in the process 20 is that of disabling write instructions in a register in the random access memory circuit which controls access to data via the controller 11. Thus, once step 27 has been preformed, the workstation processor 9 may not write data to the removable disk inserted in the disk drive 12. However, it may transmit data signals to a display screen so that the user may view data from the data bank.
During operation, in step 28, each of the workstations 5, 6, 7 and 8 accesses data on the fixed disks 4 and reads the data and displays it on the relevant screen and also transmits new data via the file server processor 3 to the data bank for storage. This is indicated by the step 28.
Thus, the user may control a wide range of data processing operations to ensure that the data bank is maintained up to date and that the stored data is utilised for efficient working of the organisation. In step 29, data is displayed on a screen (not shown) at each of the workstations.
However, if a request is received via the keyboard 10 for writing of data to a removable disk inserted in a disk drive 12, it is prevented as indicated by step 30 because of the register stored in the on-board memory circuit which disables write instructions. Accordingly, a user may not instruct the retrieval of data from the fixed disk 4 and writing of the data to removable disks for transportation to another system. This helps to ensure confidentiality of the data. In step 31 the workstation processor 9 transmits any process data to the data bank 4 to end an operation session.
It will be appreciated that the technical steps carried out by the various components of the apparatus 1 ensure that maximum utilisation may be made of a data bank for efficient working of an organisation, while at the same time the technical steps ensure that it is extremely difficult for a user to transfer data to another system.
It will also be appreciated that the apparatus 1 is extremely simple in construction and that the above advantages have been achieved in an inexpensive manner. It will also be noted that because the equipment involved is relatively simple, maintenance and operation requirements are relatively small.
The invention is not limited to the embodiments hereinbefore described, but may be varied in construction and detail.

Claims (2)

1. A data processing apparatus comprising: a bi-directional local area network cable; a bank of fixed disks storing a data bank of data records; a file server processor connected between the local area network cable and the fixed disks and being constructed to route access requests transmitted on the cable to the fixed disks, to retrieve the relevant data records, and to transmit the records on the cable to the source of the request; a plurality of workstations connected to the local area network cable, each workstation comprising:: a user input interface; a removable disk drive; a controller for the removable disk drive; a workstation processor connected to both the user interface and to the removable disk drive controller, the workstation processor being constructed to initially set operation parameters by reference to the removable disk drive, to automatically transmit an interpreter from the removable disk drive to the file server processor via the local area network cable, to store received routing instructions in an on-board random access memory circuit, these routing instructions directing routing of interpreter requests to the file server processor, and to set a register stored in the random access memory circuit to disable write instructions to the removable disk drive.
2. An apparatus substantially as hereinbefore described, with reference to and as illustrated in the accompanying drawings.
2. An apparatus as claimed in claim 1 wherein the file server processor is additionally constructed to automatically transmit communication instructions retrieved from the fixed disks to a workstation processor when the latter is activated.
3. An apparatus substantially as hereinbefore described, with reference to and as illustrated in the accompanying drawings.
Amendments to the claims have been filed as follows 1. A data processing apparatus comprising: a bi-directional local area network cable; a bank of fixed disks storing a data bank of data records; a file server processor connected between the local area network cable and the fixed disks and being constructed to route access requests transmitted on the cable to the fixed disks, to retrieve the relevant data records, and to transmit the records on the cable to the source of the request; a plurality of workstations connected to the local area network cable, each workstation comprising:: a user input interface; a removable disk drive; a controller for the removable disk drive; a workstation processor connected to both the user interface and to the removable disk drive controller, the workstation processor being constructed to initially set operation parameters by reference to the removable disk drive, to automatically transmit an interpreter from the removable disk drive to the file server processor via the local area network cable, to store received routing instructions in an on-board random access memory circuit, these routing instructions directing routing of interpreter requests to the file server processor, and to set a register stored in the random access memory circuit to disable write instructions to the removable disk drive, wherein the file server processor is additionally constructed to automatically transmit communication instructions retrieved from the fixed disks to a workstation processor when the latter is activated.
GB9301431A 1993-01-25 1993-01-25 Data security in a network file server. Withdrawn GB2274524A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9301431A GB2274524A (en) 1993-01-25 1993-01-25 Data security in a network file server.
BE9300131A BE1005329A6 (en) 1993-01-25 1993-02-11 Control devices data storage.

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9301431A GB2274524A (en) 1993-01-25 1993-01-25 Data security in a network file server.
BE9300131A BE1005329A6 (en) 1993-01-25 1993-02-11 Control devices data storage.

Publications (2)

Publication Number Publication Date
GB9301431D0 GB9301431D0 (en) 1993-03-17
GB2274524A true GB2274524A (en) 1994-07-27

Family

ID=25662701

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9301431A Withdrawn GB2274524A (en) 1993-01-25 1993-01-25 Data security in a network file server.

Country Status (2)

Country Link
BE (1) BE1005329A6 (en)
GB (1) GB2274524A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2824927A1 (en) * 2001-05-18 2002-11-22 Scaling Software Unalterable loading of a data process into a data system connected to a communication network, in which rebooting system passes through a transitory loading state to load a transitory program into memory

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1585960A (en) * 1976-07-30 1981-03-11 Plessey Co Ltd Information flow security mechanisms for data processing systems
GB2222899A (en) * 1988-08-31 1990-03-21 Anthony Morris Rose Computer mass storage data protection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1585960A (en) * 1976-07-30 1981-03-11 Plessey Co Ltd Information flow security mechanisms for data processing systems
GB2222899A (en) * 1988-08-31 1990-03-21 Anthony Morris Rose Computer mass storage data protection

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2824927A1 (en) * 2001-05-18 2002-11-22 Scaling Software Unalterable loading of a data process into a data system connected to a communication network, in which rebooting system passes through a transitory loading state to load a transitory program into memory

Also Published As

Publication number Publication date
GB9301431D0 (en) 1993-03-17
BE1005329A6 (en) 1993-06-29

Similar Documents

Publication Publication Date Title
US6559864B1 (en) Method and system for displaying and providing access to data on a monitor
US5640544A (en) Computer network having an asynchronous document data management system
KR970007545A (en) Image processing apparatus
EP0367702B1 (en) Multiprocessing system and method for shared storage usage
KR970016918A (en) A data storage system and a data access method for a plurality of host computers on arrays of a plurality of storage devices
GB2274524A (en) Data security in a network file server.
IE930042A1 (en) Control of data storage devices
JPS61135270A (en) Picture display system
JP3190668B2 (en) Network type education system
JPH01303547A (en) Control system for information memory
EP0573922B1 (en) Network type document management system
JPS59151252A (en) Picture retrieving device
JPH04151757A (en) Picture data transmission system
JP2000047923A (en) File access system and file controller
JPH07152651A (en) Method and device for information processing
JPH01276354A (en) Information processor
GB2273585A (en) Temporary password access.
JPH04192026A (en) Information processor
JP2994917B2 (en) Storage system
JPH05128070A (en) Remote cache control device and its method
JPH02226333A (en) Picture display system
JP2752834B2 (en) Data transfer device
JP3259095B2 (en) Data transfer method
JPH0619980A (en) Image retrieval system
JPH05334262A (en) Communication equipment for computer system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)