JP2002542537A - Hardware structure for improving information security, mobile terminal device, and method for improving information security of computer - Google Patents

Abstract

(57) [Problem] To provide an apparatus and a method for preventing unauthorized access to an information system via a network. SOLUTION: The workstation of the present invention has two processor units (PA, PB) and a switch unit (16) incorporated in one housing. One of the processor units (PA) is connected to the public data communication network. The other processor unit (PB) is not connected to the public data communication network and is used as a dedicated processing device. The two processor units of this workstation are independent power supply units (21,22), independent fixed disk drives (9,10), and electrically isolated units used to transfer information between the processor units. It includes the hardware interface of the data transfer medium. On the other hand, both processor units share a display (20), a keyboard (18) and a mouse (19), and are provided with an interface for them. Which processor unit the user uses is selected by operating the control switch (17) or inputting data from the keyboard. In conjunction with the switch unit, an alarm (23, 24) indicating which processor unit is currently connected to the device is provided. ADVANTAGE OF THE INVENTION According to this invention, when connecting a workstation to a public data communication network as needed, it can be protected from unauthorized access, and work continuation and data storage can be performed safely. Information received from the network is written, for example, in an encrypted state on a floppy disk or printing paper, protected, and transferred to the processor unit.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD OF THE INVENTION

The present invention relates to a hardware structure for preventing unauthorized access to a computer via a data network. The invention further relates to a method for preventing unauthorized access to a computer via a data network.

[0002]

Problems to be solved by the prior art and the invention

Information security of computers connected to public networks, either directly or via a local area network (LAN), is now becoming a daily issue. For example, just opening an email program may give a third party some ID that allows for subsequent espionage. Computer viruses can also be hidden in email message attachments or newsgroup messages, or in the case of using a World Wide Web (WWW) browser, Java.
Infiltrate computer systems by lurking in applets. Virus programs propagate from one workstation to another over the corporate or corporate intranet. One virus copies text files and key-in information written on all workstations to a single computer, saves files or displays information on the screen,
Always send back a copy of the image file every 15 minutes, for example.
Such a process is performed. When the virus operates, for example, "c @ wi
An extra file may be created in a specific directory such as “nnt @ System32”. If the file is left without being captured or erased, the virus program controls the contents of the file to be transmitted once a day, as if the spy had read the information.

[0003] In addition, if the system is infected with a virus, in addition to the information collection by such a hidden virus, the damage of data is naturally caused. Recently, new risk factors such as unauthorized remote control of computers and “Trojan horses” have been created. In the latter, when a workstation is connected to the network, it continuously sends a PGP key used for data encryption endlessly.

[0004] As information communication becomes widespread and familiar, information security is eroding steadily. For example, a spy inside a company can access a communication partner's computer with a remote control program. It is also possible to infiltrate the computer of the other party and infect the computers connected thereto via the intranet of the company one after another. Nevertheless, it is uneconomical to establish an information protection measure for each communication partner, and there is no guarantee that the computer of the communication partner is isolated from connection or access with other computers.

In order to improve information security, software protection is strengthened using anti-virus software or software commonly called a firewall, or a part of a plurality of computers is separated from a network. Have been. However, the method of protecting unauthorized access to confidential information by software has drawbacks that authentication is not easy to use and operation reliability is not sufficient. On the other hand,
The difficulty is that virus protection programs are not completely safe when a new virus appears. Also, industrial espionage has a security code, but if the spy changes his or her security code for the target, its identification is no longer possible.

Next, the firewall is a method of isolating a communication system of a company from a public data communication network by accepting only a data packet sent from a specific IP address to an in-house network. This can significantly improve information security on intranets when used correctly,
Long-term effects cannot be expected against sophisticated spies. For example, in order to dazzle a firewall, it is conceivable to use a fake IP address. In addition, many firewalls are not necessarily based on good design philosophy, such as permitting easy passage in some cases.

For example, there is known a method of connecting two computers as shown in FIG. In the figure, workstations 101, 102, 103 and 111 are one and the same L
Connected to AN. All workstations connected to this LAN may be connected to the Internet via the firewall 120. The workstation 111 also belongs to a post 110 containing another computer 112. The computer 112 stores confidential information and is not connected to any data network. Such a system configuration is excellent in information security because it includes an isolated machine like the computer 112, but is expensive, requires many computer desks, and is inconvenient.

An object of the present invention is to solve the above-mentioned disadvantages of the prior art.

[0009]

[Means for solving the problem and functions and effects]

In order to solve the above-mentioned problem, the device of the present invention is described in the independent claim 1.
And 14 have the features as described. The method of the present invention also has the features as described in independent claim 16. The other claims provide more preferred embodiments of the invention.

The basic idea of the present invention is as follows. That is, at least two processor units and a switch unit are incorporated in the housing of one workstation. One of the processor units is connected to the public data communication network. The other processor unit is not connected to the public data communication network and is used as a dedicated processing device. The two processor units of the workstation include an independent power supply unit, an independent fixed disk drive, and a hardware interface of an electrically isolated data transfer medium used to transfer information between the processor units. It is said. On the other hand, both processor units share a keyboard, a mouse and a display, and are provided with an interface for them. Which processor unit the user uses is selected by operating a control switch or inputting data from a keyboard. The switch unit serves to send signals from the keyboard and the mouse to the selected processor unit and to send display signals from the selected processor unit to a common display.

[0011] Also, in conjunction with the switch unit, an alarm is provided to indicate which processor unit is currently connected to the device. Further, peripheral devices such as a printer and a scanner are also connected to the workstation. These may be shared between the processor units or may be dedicated to one particular unit.

According to the present invention, when a workstation is connected to a public data communication network as required, it can be protected from unauthorized access, and work continuation and data storage can be performed safely. it can. Since the processor unit is isolated from the data communication network, there is no fear of virus intrusion from the network and no unauthorized inside can be seen through the data network. Another advantage is that the intended protection function can be realized without using many extra devices such as posts, and the method of use is simple. In addition, when the operating processor becomes malfunctioning, the other processor can be temporarily used as a spare processor.

Further, according to the present invention, having a protected processor unit makes it possible to adopt a cheaper network protection method as compared with a conventional workstation, and as a result, There is no cost increase or little if any. In connection with this, when employing the protection method of the present invention, unlike the conventional protection system, it is also advantageous that no special knowledge is required at the time of installation or upgrade. One.

[0014]

BEST MODE FOR CARRYING OUT THE INVENTION

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. FIG. 1 has already been described as a conventional technique. FIG. 2 shows an example of a workstation according to the invention. In the configuration shown in the figure, a first processor unit PA, a second processor unit PB, and a switch unit 16 are arranged in one housing 1. The first processor unit PA includes a motherboard 2, a CPU 6, a memory module 5, a fixed disk drive 9, and a network card 3. A cable 4 for connecting to a data communication network is connected to the network card. First processor unit P
A contains a floppy disk drive 7 and a CD-ROM (Compact Disc Read On).
ly Memory) drive 8 is interfaced. Further, the first processor unit PA receives power from a unique power supply unit 21.

The second processor unit PB includes a motherboard 10, a second CPU 12, a second memory module 11, and a second fixed disk drive 15. Further, a second floppy disk drive 13 and a second CD-ROM drive 14 are interface-connected. Further, the second processor unit PB receives power from a unique power supply unit 22.

The switch unit 16 is connected to a bus on the motherboard of each processor unit, and has a control interface for a keyboard 18, a mouse 19 and a display 20. The switch unit 16 has a switch 17 operated by an independent lever, a push button, or an input command from a keyboard. The position of the switch 17 determines to which of the processor unit PA and the processor unit PB the control interface is connected. The switch 17 also controls indicators 23 and 24 indicating which processor unit the keyboard, mouse and display are connected to. Here, the alarms 23 and 24 are configured as light emitting diodes or lamps. However, an audio signal output device may be used instead.

Although it is costly to provide each processor unit with a separate power supply configuration, it is desirable to enhance information security. That is, each motherboard has a very sensitive voltage detection unit and a supply voltage control unit, but when the processor unit is operating, the load on the power supply is constantly fluctuating, and the supply voltage The levels also vary, albeit slightly. In this case, when the power supply is shared between the processor units, the monitor program for detecting the voltage is installed in, for example, the processor unit PA connected to the data communication network, and the monitoring result is sent to the processor unit PB which should be isolated from the network. Is transmitted.

In the above configuration, the processor unit PA is used as a network machine, and the processor unit PB is used as a processing device for successfully storing all information that needs to be protected. In this case, even if there is any data theft access to the unit PA, the business risk to the company in this case is not so serious, and even if the data is destroyed, the processing in the unit PB is prevented. is not. The exchange of information between the two processor units is performed by scanning a data floppy disk or a document with a scanner. It is also possible to use an infrared link within the workstation. In any case, the exchange of data is performed according to certain rules that guarantee information security.

Further, different operating systems (
By installing an OS, the protection performance can be further improved. For example, even if a virus programmed on the premise of the Windows environment enters the floppy disk of the unit PB that runs on Linux, it is unlikely that this will work because the OS is different.

FIG. 3 illustrates an example of using a computer in a network environment according to the present invention. In this figure, an intranet X, which is an internal network of a company, is connected to the Internet via a firewall 301. Intranet X further includes local area networks LAN1, LAN2, LA
N3 and LAN4. In each local area network, a workstation and a server are connected by a hub such as HUB1. Local area network LAN1 includes workstations 311 and 312. In the present invention, these workstations are configured as having processor units PA and PB. Below, for each workstation,
The former is abbreviated as “part A” and the latter is abbreviated as “part B”. Both workstations are A
Section is connected to the intranet X.

The local area network LAN 2 is a workstation 3 according to the present invention.
21, 322 and 323. Further, the local area network LAN3 includes workstations 331 and 332 according to the present invention. Each of these workstations 331 and 332 has two independent and protected processor units B and C in addition to the unit A connected to the intranet X. The protected part B of the workstations 321, 322 and 323 are interconnected to form a small network on the intranet side. For this protected sub-network, the workstation 3 of the local area network LAN 3
Part B of 31 is connected by protected fixed connection means. In the local area network LAN3, at least two workstations 33
1,332 C sections are interconnected to form a protected network. When such a protected internal network is constructed, parts A and B or parts A and C of individual workstations form an inter-network interface through which viruses and the like cannot pass.

In the intranet X, an independent well-known or workstation according to the present invention can be connected. For example, in the figure, such a workstation 391 is connected to the intranet X via the node ND.

In FIG. 3, a workstation 305 used by an employee is remotely connected. This workstation 305 also relates to the present invention, and is connected to the intranet X via the Internet at the section A. Also, the protected section B of the workstation 305 is connected to a conventional computer 306 via a connection line CN for some purpose. The connection line CN is, for example, a telephone line.

FIG. 4 shows a configuration example in which the computer according to the present invention and a mobile terminal device are combined. In the figure, a computer 41 and a mobile terminal device 42 are shown. The computer 41 comprises an A section connected to the data communication network 43 and a protected B section. Part A includes a part necessary for an external communication infrared link. The mobile terminal device 42 is provided with an infrared device unit so that the mobile terminal device 42 can be connected to the computer 41 via the infrared link 44. The link A is further provided in part A of the computer 41.
4 is installed. This software is for transferring a signal coming from the mobile terminal device to the data communication network 43. The use of the infrared connection technology as described above makes the mobile terminal device 42 multifunctional. For example, even if an unspecified mobile terminal user makes an unexpected access, using the computer according to the present invention makes it impossible to access information protected in the processor unit B of FIG. Become.

FIG. 5 is a flowchart showing an example of software processing when information is transferred in the system according to the present invention. In step 51, a message from the network is received by the processor unit PA. This message is
For example, it is sent from a third party, or downloaded and acquired by a computer user using browser software. In step 52, it is checked whether the message has been encrypted. If so, it is checked whether the message has been modified (step 53). This step can be performed using an encryption program including a check algorithm. If the message is altered, it is discarded (step 58). On the other hand, if no change is found in the message, the processor unit PA writes this to the data transfer medium (step 54). As the data transfer medium, for example, a floppy disk or printing paper is used.

Next, in step 55, the use of the processor unit PB is started by switching by the switch unit. In step 56, the processor unit PB
The message is read from the data transfer medium for transmission to. If the message has been written to a floppy disk, the protected processor unit P
This is replaced with the floppy disk drive of B, and the message is rewritten from the floppy disk to the memory. On the other hand, if the message is printed on printing paper, set it on the scanner connected to the protected processor unit PB,
The information printed by the scanner is converted into electronic information,
Copy it to B's memory.

Then, in the next step 57, the message is decrypted. As a result,
Only messages that are known not to have been modified will be decrypted and stored in the protected processor unit for use. If the transferred message is not encrypted, the process proceeds to step 59, where the message is written to the fixed disk of the processor unit PA, and the content is checked in the processor unit PA.

According to steps 51 to 57, data transfer between machines in the intranet can be performed in a manner that unauthorized access by a third party is excluded. In this case, it may be set so that the decrypted information cannot be transferred from the processor unit PB to the processor unit PA functioning as a network machine.

The embodiments of the present invention have been described above. However, the present invention is not limited to a mode in which the processor unit of the present invention is applied to a computer of a normal form. For example, the processor unit of the present invention can be incorporated in a mobile terminal device.
Furthermore, various modifications can be made within the technical scope of the independent claims.

[Brief description of the drawings]

FIG. 1 is a diagram showing a conventional system configuration example.

FIG. 2 is a diagram showing a system configuration example of the present invention.

FIG. 3 illustrates an example of using a computer in a network environment according to the present invention.

FIG. 4 is a diagram showing an example in which a computer is used in cooperation with another computer according to the present invention.

FIG. 5 shows an example of the method of the present invention.

[Procedural Amendment] Submission of translation of Article 34 Amendment

[Submission Date] July 30, 2001 (July 30, 2001)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Contents of correction]

[Claims]

──────────────────────────────────────────────────続 き Continuation of front page (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE ), OA (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, KE, LS, MW, SD, SL, SZ, TZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR , HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA , ZW [Continuation of summary] is selected. In conjunction with the switch unit, an alarm (23, 24) is provided which indicates which processor unit is currently connected to the device. ADVANTAGE OF THE INVENTION According to this invention, when connecting a workstation to a public data communication network as needed, it can be protected from unauthorized access, and continuation of work and data storage can be performed safely. The information received from the network is written, for example, in an encrypted state on a floppy disk or printing paper, protected, and transferred to the processor unit.

Claims (18)

[Claims] 1. A hardware structure for improving information security, wherein the computer has at least a first processor unit and a second processor unit arranged in the same housing (1). The first and second processor units each have an independent fixed disk drive and a shared keyboard, mouse and display interface, and the system uses one of the processor units at a specified time. A switch unit (16) having means for selecting what is to be done and connecting said interface to one of said processor units, further comprising: Connection means, while the second processor unit (B) function as a data security unit, wherein the first and second processor units serve as means for transferring information between the processor units, as an interface of an electrically isolated data transfer medium. The information security improvement system further comprises: a notifier for displaying a currently used processor unit. 2. The first and second processor units are connected to independent power supply units (21, 2) to prevent information acquisition based on changing the power supply voltage.
2. The hardware structure for improving information security according to claim 1, comprising: 3. The method according to claim 1, wherein the first processor unit determines whether or not the received message is encrypted, and has a determination / detection unit that detects a change to the encrypted file. 2. The hardware structure for improving information security according to claim 1, wherein said second processor unit has means for encrypting and decrypting information. 4. The floppy disk drive according to claim 1, wherein said first and second processor units incorporate a floppy disk drive interface independent of each other, and said electrically isolated data transfer medium is a floppy disk. Hardware structure for improving information security. 5. The apparatus according to claim 1, wherein said first processor unit has a printer interface, said second processor unit has a scanner interface, and said electrically isolated data transfer medium is a printing paper. Hardware structure for improving information security. 6. The information security improving hardware structure according to claim 1, wherein said first processor unit has an operating system different from that of said second processor unit. 7. The information security improving hardware structure according to claim 1, wherein the means for connecting the interface of the switch unit comprises a manual switch (17). 8. The hardware structure for improving information security according to claim 1, wherein the means for connecting the interface of the switch unit includes a keyboard-originated code identification circuit consisting of at least four characters. 9. The hardware structure for improving information security according to claim 1, wherein said annunciator is a pair of light emitting diodes (23, 24). 10. The annunciator outputs an audio annunciation signal.
Hardware structure for improving information security as described. 11. The second processor unit (321B) includes at least one other protected processor unit (322B, 323B, 3).
31. The hardware structure for improving information security according to claim 1, further comprising connection means for connecting to the information security device. 12. The hardware structure for improving information security according to claim 1, wherein at least two protected processor units (331B, 331C) are provided in addition to the first processor unit (331A). 13. The information security improvement according to claim 1, wherein said first processor unit (41A) has a connection interface of an infrared link (44) and software means for transmitting data via the infrared link. For hardware structure. 14. A first processor unit, a second processor unit, a keyboard and a display interface shared between the first processor unit and the second processor unit, and A mobile terminal device including at least a switch unit having means for selecting one of the processing units to be used at a time and connecting the interface to one of the processor units, Only the processor unit is provided with connection means for a mobile communication network, and each of the first processor unit and the second processor unit is independently provided with a drive of a portable storage medium. The terminal unit displays the currently used processor unit. A mobile terminal device provided with an alarm device to be shown. 15. A method for improving information security of a computer, comprising: a first processor unit having an independent fixed disk drive, a shared keyboard, a mouse, and a display interface; and a second processor. And a switch unit having means for selecting one of the processing units to be used at a designated time and connecting the interface to one of the processor units. Processor unit has a connection means for a data communication network, and a determination / detection means for detecting a change to an encrypted file, and a second processor unit has a function of encrypting and decrypting the information. Configured to have means, A message from the public data communication network is received at the first processor unit (51), and it is determined whether the message is encrypted (52), and the encrypted message is changed. It is determined whether or not the message has been modified (53). If the message is encrypted and has not been modified,
The message is stored in a data transfer medium (54), a control command is given to the switch unit so that the interface is connected to the second processor unit (55), and the message is sent to the second processor unit. The message is read from the attached data transfer medium (56), the message is decoded in the second processor unit (57), and if the message has been decoded, it is read out by the first processor unit. A method for improving information security of a computer, wherein the information is stored on the fixed disk (59). 16. The data transfer medium is a floppy disk.
5. The method for improving information security of a computer according to 5. 17. The method according to claim 15, wherein the data transfer medium is printing paper. 18. The method according to claim 15, wherein the printing paper is read by a scanner in order to transfer the message to the second processor unit.