JPH04506428A - Multilayer protection system for computer hard disks - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

[Detailed description of the invention] Multi-layer protection system for computer hard disksIn some parts of this application, the applicant has 07/378.549 filed on July 10, 1989. Discloses and claims the subject matter shown.

United States Department of Energy Energy Systems, Inc. (llartin) by Martin Marietta Marietta Energy Systems, Inc.) Approximately DE-AC05-840R21400, the United States Government granted the invention Own the rights.

1 line and 1 The invention relates to the field of computer disk security, and in particular to the field of computer disk security. Concerning multi-level systems and equipment to eliminate unauthorized access to disks. .

IJI presentation 1 Organizations that use proprietary or classified information, especially in government and military environments, It is possible that data may be intentionally or inadvertently stored on a non-removable hard disk. Therefore, using a microcomputer equipped with a non-removable hard disk, Handling of top secret information is authorized only in a confidential environment. As a result, permission It is possible that unauthorized persons may obtain confidential information.

Additionally, information legitimately stored on a non-removable hard disk may be inadvertently erased. It also needs to be protected from being deleted or modified. these unexpected desirability It goes without saying that striving to keep your computer in an environment that is immune to However, productivity is hindered. However, the comviator's disk drive information inside the microcomputer while verifying and eliminating unauthorized access to the information contained in the microcomputer. Being able to access a central processing unit can significantly increase productivity Would. A similar demographic exists among computer users in private companies.

The prior art recorded in the root case is now referred to and viewed. See above Some of the technologies present provide all interlayers of access to computers. In contrast to the prior art, the external opening of the disk drive compartment or the locking/unlocking It relies on creating a physical barrier to the closing switch. In this prior technology, Verify and eliminate access to information stored on protected disk drives provides a mechanism for simultaneously accessing the computer's central processing functions; Or not proposed.

Therefore, while allowing users to use computer central processing units, Verify and eliminate unwanted access to your computer's hard disk storage The purpose of this project is to provide a multi-layered system of hardware and software combinations. It is the purpose of light.

If protecting a computer's floppy disk drive is justified If so, unwanted access to your computer's floppy disk drive We offer a multi-layered system of hardware and software combinations that also eliminates It is another object of the present invention.

Inspect all protected disks and record activity status at routine security audit points. It is another aspect of the invention to provide a multi-layered security system that maintains It is a purpose.

Multilayer machine eliminates “computer virus” contamination of protected drives It is another object of the invention to provide a secure system.

Other objects and advantages over the prior art are described below along with the drawings. will become apparent to those skilled in the art after reading the detailed description provided herein.

112 ri Various features of the present invention enable computer hard disk drives to operate at multiple levels of cooperation. A computer disk that can control and eliminate both disk replication and write access. A multi-layer protection system is provided for the screen. This computer disk multi-layer protection system contains a layer of hardware and an arrangement that couples the computer to the disk controller. A physical switch device where wires are inserted between the computer and the disk controller. This electrical connection is established only under controlled conditions.

Maintaining key management control for this security switch requires hard disk storage consists of different levels of cooperation that control access to the location. Multiple levels of embodiments of the invention Within the scope of the file protection program, four operating modes are established. This mode of operation The first mode is ``NORMAL'' mode, in which the operator both read and write access to a computer's hard disk storage Can be done. The second mode is the "read only" ("READ 0NLY') mode. At this time, the operator can read from the hard disk storage device, but cannot write to it. Can not.

The third mode is the “write only” (“WRITE 0NLY”) mode. The operator can write data to the hard disk storage device, but cannot read it. I can't. Finally, there is a fourth “NEITHER” mode. This mode allows the operator to write data to hard disk storage. It cannot be read from or read from hard disk storage, but it is still running. You can take advantage of all of the computer's other functions.

This layered protection system also requires that the hardware is functional and in use. It also includes a software layer that verifies that the This software If a failure occurs in the hardware part, the system will be stopped. This software also Initiate and maintain condition records for security audit purposes. Administrative control uses software Booting the computer with a "boot" disk that contains the software layer It is necessary to This software is designed to "terminate and terminate an d5tayRe5ident') (TSR) functions as a program . This allows the hardware to run while the operator is using the computer. is functional and prevents unauthorized access to the hard disk. This makes it possible for the software to verify this. computer user secret Verify that no writes were made to the protected disk when you completed the work on the protected disk. , this software is used again to update security audit status records. .

A brief explanation of the drawing The features of the invention described above will be apparent from the following detailed description of the invention together with the following drawings. You can understand it more clearly by reading it.

Figures 1A, 1B, and 1C are pictorial diagrams of the components of the access restriction system. Ru.

FIG. 2 is a pictorial representation of a typical switch device constructed in accordance with various features of the present invention. It is a diagram.

FIG. 3 is a schematic diagram of the electrical system of the access restriction system shown in FIG. 1.

The fourth FIJ is a detailed circuit diagram of the electrical system of the present invention.

Figure 5 shows how the software is installed before the user can access the computer. The invention's software during a startup period where the 5 shows a flowchart for the operational steps of the software layer;

Figure 6 shows the operational steps in the software layer and the operator in TSR mode. that no unauthorized changes were made to the protected disk during the period of use of the data. During the “QUIT” portion of the software that verifies the A flowchart is shown below.

``The preferred form for carrying out the Figures 1A, 1B, and 1C show the multilayer protection system for computer disks. Show pictorially. In FIG. 1A, the security switch 18 shown in FIG. The key 34 and locking device 128 are shown. These elements - Shown as a representation of the hardware part of the disk's multi-layer protection system.

The mechanical elements of these lock and switch devices are well known in the industry and are not commercially available. This is a typical multi-pole, multi-throw lock switch that can be obtained from a warehouse. What's important here If this lock switch is interfaced to a computer as described in this application, This is a method of Switch 18, along with key 34 and locking device 28, It can also be installed directly inside the controller 3o or the fixed disk drive mechanism. will be recognized by those skilled in the art. connection between the hard disk and the computer. The choice of location is a matter of individual concern for the present invention, as preventing communication is an important function. It depends on how you install it.

An overview of a typical implementation of the management control level hardware part is shown at 22 in Figure 2. vinegar. This section includes a housing for switch 18 (not shown in this figure). A housing 20 is included, the switch receiving the aforementioned key 34 and locking device 28. Put it in. Connect this switch to the disk drive controller and disk drive controller. Various electrical cables 12 and 14 are shown for coupling to objects.

Mechanical keys and locking devices are shown and described but may not prevent or permit access. Suitable means for controlling the Of course, you can understand what you are getting.

A schematic diagram of the system of the present invention is shown in FIG. Here the management control level hardware part Cable 12 and 22 for coupling drive mechanism controller of computer 30. 14 is used, but the drive mechanism control device may be an independent unit if necessary. I understand that it's bad. The switch 18 in the housing 20 is conveniently a bipolar switch. However, as shown in both Figures 1B and 4, this switch is a multi-pole switch. It is a multi-throw switch. As discussed in more detail below, this switch This may obstruct some of the conductors between the drive controller and the disk drive. It's fine to see. The remaining wire is shown as 40 in FIG. This conducting wire 40 is The housing 20 may be bypassed or passed through the housing 20.

A detailed circuit diagram of the management control hardware system of the present invention is shown in FIG. mentioned above As such, the switch 18 is a typical multi-pole, multi-throw switch. this switch is ``1NORIIAL'', ``read-only'' (-READ), which are discussed next. 0NLY") and "Read/Write disabled" NE-11ER") switch It includes an instruction 80 for indicating the position. In a preferred embodiment, key removal position, the only position from which the key can be removed ” position.

The particular wire that is blocked by being coupled to the switch 18 has a "drive mechanism" Select J ('Drive 5 select') and 'Write gate J ('1ri te Gate'), "Write Enable'", and " A read gate J ('Read Gate') and two "data write" ('' Write Data'), and these lines are maintaining accurate timing with respect to data transmitted through the timing device 22; The switching device 22, the computer 30, and the hard disk drive Comprehensive input and output wires for data transmission between structures 32 Preferably, the path lengths are the same length and are within about 1.5 m (5 fset). Yes.

Referring now to the circuit diagram in Figure 4, in the "standard" operating position the hard disk Can read and write to storage devices, so it can be used with computers and hard disks. It can be seen that the full capacity of the storage device is at the disposal of the operator. Insert key 34 When the switch 18 is set to “read-only” mode, “data write +” (″ The line marked write Data÷1) is opened by contacts 1 and 2, and The line marked Data Write-J (“write Data-’) is contact 3 and 4, and the "write gate" line is opened by contacts 7 and 9 of switch 18A. is opened between the ) The possibility of doing so is completely eliminated. In the ``write only'' position of switch 18, the ``read only'' Output gate" line is connected to contacts 5 and 6 of section B of switch 18 as shown here. to read any data stored on the hard disk storage device. I won't be able to do that. In the ``disable read/write'' position of this switch, the ``disable read/write'' position ``WRITE FAUL''), ``Drive mechanism selection IJ ('D RIVE SELECT 1’), “Drive mechanism selection 2 J (”DRIVE 5 The three lines labeled ELECT2' are connected to the switch through isolation diodes 38. By connecting contacts 7 and 8 of circuit 18A to the "write gate" line, the be enabled.

To those skilled in the art, this avoids picking up or creating noise on the free circuit. It will be recognized as necessary. At the same time, the "write gate" line As stated above, switch 18A is reopened between contacts 7 and 9.

Of course, in other embodiments of the invention, such portions may be included as an integral part of an alternative cable. A comprehensive alternative cable fabricated with the switch device of the present invention built into the replaces the existing connection cable of the computer to be modified with the present invention. It will be obvious to those skilled in the art that this can be done. Furthermore, as already mentioned, security switch 18 or an equivalent device, such as a controller or disk drive circuit. It can also be mounted in locations other than those illustrated, such as on a substrate.

In a preferred embodiment, the software layer of the present invention is configured such that the hardware Used to verify that the control device is functioning to disable it. this layer verifies that the protected disk is truly protected.

The flowcharts shown in FIGS. 6 and 7 illustrate the operation of the software system in the preferred embodiment. Show the work.

Although these flowcharts are easy to read for those skilled in the art, We discuss the behavior of the system based on the rules shown. However, the flowchart shown here is It should be noted here that this description describes an example of a preferred operation. individual reference Reference numbers are given by way of example only and are not intended to limit the scope of the invention. It's not something you can do.

The operator first selects 120 "configure protection mode". For protective mode''), all non- Secret connection, i.e. disconnect the computer from the network and switch the key 34 Remove it from switch 18. The operator then checks the security software level. Insert the boot disk containing the files and turn on the computer. this boo ``Autoexecute bat'' (autoexec, bat') included in the target disk 1 The 'Drotect' program is started depending on the file. Ru. all disk drives, all disk drives other than those specified, or Start this "protection" program to protect all specific disk drives. can be set. For illustrative purposes, the flowcharts refer to the specified disk drives. It is expressed as "n".

Status logging is then initiated by the program at 125. Audit record Recording status can be specified as any set of values, but in the example described here, The values in Table 1 are used.

Table 1 value 0 Unfinished startup. Unable to leave.

1. Failure during startup.

2 Successful launch. Unable to leave.

3. Attempt to write to the protected disk drive during operation.

4. Failed the test during operation.

5. Failed the exam while leaving.

9 Successful exit at the end of the entire process. No abnormalities.

Thereafter, at 130, the system identifies the first protected disk drive and Ensure that the mechanism is securely protected. The disk drive is not protected. If not, the status is displayed in 135 and the audit record status is updated to (1). . A reminder is given to the operator to form a protection mode and during the scheduled time The software will notify you that the system will be rebooted. The preferred method described here is In a preferred embodiment, the system is rebooted in about 15 seconds. By this, in 124 " The "Protection" program will be restarted. The disk drive mechanism "n' passed the initial test. The results are then displayed and the same program is applied to each protected disk drive. The program repeats 130. The last disk drive was tested in the 130 If passed, the audit record status is updated to (2) and the audit record status is updated to (2) for the protected disk drive. A display informs the user that the test has been completed. boot record, file The file allocation table (FAT) and the protection disk drive each have a total of 140 checks. Transferred to boot disk. The “Protection” program is “Termination and Residence J” (T SR) and the keyboard is released at 140. Keyboard lock on 127 The unlock status of the lock and 145 is due to an internal function of the software. It should be understood by those skilled in the art that this should not be confused with the locking of the electrical switch described above. will be recognized.

At this point, the operator can use the computer's computing power completely at will. It turns out. Any attempt to write to the protected disk drive will result in a TS Continuously monitored at 150 by the R protection program. attempt to write Detects an attempt at 155 and alerts the operator to reinsert the two-boot disk. The audit record status is updated to (3). Reshaping the “protection” mode The operator is reminded to You will be notified that it will be rebooted. In the preferred embodiment described herein, approximately 15 seconds The system will be rebooted. This will restart the "Protection" program on 124. It will be done.

When the user is finished operating in the secret environment, reinsert the boot disk and Exit” program must be executed. The "Exit" program allows you to The current boot record, current FAT, and current checksum are saved on the boot disk. These records are then compared. If the audit record status is the same , the audit record status is updated to (9). At 164, the system locks the keyboard and Display the results of these tests. In a preferred embodiment, the system is labeled as follows.

In other words, the checksum is complete. Make sure to turn off the power, remove confidential materials, and clean the system. and remove all top secret materials.

At this point, the system must be powered down.

If the current records differ from these records stored on the boot disk, If so, the audit record status is updated to (5). The keyboard is locked and The user is notified of the lever failure. In a preferred embodiment, the system is labeled as do. That is, breakdown. Disk drive mechanism °n” inspection total failure.Computer security administrator (C Please notify 3O) immediately.

At this point, the system must be powered down.

From the above points, this multi-layer protection system for computer disks surpasses the previous technology. Those skilled in the art will appreciate that it provides the advantages of In particular, this computer A multi-layer protection system protects the operator's computer central processing unit. Prevents unwanted access to your computer hard disk while still allowing use. Verify and eliminate all sources and, if warranted, Hard disk and A multi-layered system of software combinations is provided. In this system, constant security Maintains a status record of all checksums and activities on protected disks for auditing purposes do. In protection mode, this system also provides protection against contamination of the protection disk drive. will be obvious to those skilled in the art.

Although preferred embodiments have been shown and described, no limitations on the invention are intended thereby. Rather, we include all modifications and alternatives that fall within the spirit and scope of the invention. It will be understood that it is intended to be encompassed as defined in the appended claims. cormorant.

Flg, IB Flg, 3 Flg, 6 international search report

Claims (11)

[Claims] 1. from a computer-based disk drive control device to a hard disk storage system. A multi-layered protection system for controlling access, a selected electrical connection connecting the disk drive controller to the hard disk storage system; having a contact device coupled to the circuit and selectively activating selected contacts of the contact device; the disk drive controller and the hard disk, the disk drive controller having a device for accessing the hard disk; a switch device coupled between the storage systems; Operation of the protected disk drive is accessed through the switch device. A locking device combined with the switch device and a locking device to selectively prohibit the Management control of access from the disk drive control device to the hard disk storage system a device for selectively operating the locking device; A multi-layer protection system consisting of. 2. The switch device and the lock device combined with the switch device, independent from the disk drive controller and the hard disk storage system; A multilayer protection system according to claim 1, which is attached to a housing. 3. The switch device and the lock device combined with the switch device, mounted on the same printed circuit board as the electrical components of the disk drive mechanism controller; 2. The multilayer protection system of claim 1. 4. The switch device and the lock device combined with the switch device, Claim 1, wherein the hard disk storage system is mounted in a housing housing the hard disk storage system. Multilayer protection system as described. 5. A component of a rotary switch, wherein the switch device comprises a plurality of rotary selection positions. and the device for accessing the contacts is a rotating shaft carrying the moving contacts. By this, selected components of the contact are rotated in a certain rotational position. a contact device for connecting a disk storage system and the disk drive mechanism control device; A multilayer protection system according to claim 1, which interacts with selected components of the multilayer protection system. 6. The plurality of rotational selection positions are at least one of the discs of the protection disc drive mechanism. Unprotected mode operation that allows disk reading and writing, and the protected disk drive mechanism One mode of operation in which the internal disk can be read but not written to, and the One mode in the protected disk drive that can write to, but not read from, the disk. operation of the disk and the ability to read or write to the disk in the protected disk drive. 6. The multilayer protection system of claim 5, providing a single mode of operation. 7. Computer disk drive controller to computer disk drive controller. A multilayer protection system for controlling access to the storage system, a selected electrical circuit connecting the disk drive controller to the disk storage system; a contact device coupled thereto and selectively accessing selected contacts of the contact device; the disk drive control device and the hard disk storage system; a switch device coupled between; Access the operation of the protected disk drive via the switch device. a locking device combined with the switch device to selectively prohibit the for managing and controlling access from the disk drive controller to the disk storage system; a device for selectively operating the locking device; electing that the switch device not allow access to the protected disk drive; A hardware test that tests the switching equipment to ensure that it is working properly. an identification device; A protection disk for selectively controlling which of the disk drives to protect. disk drive mechanism selection device and the computer's protection disk drive mechanism. Protection disk drive identification device to determine whether A multi-layer protection system consisting of. 8. The multi-layer protection system protects the protected disk drive for security audit purposes. 8. The multilayer protection system according to claim 7, further comprising a status auditing device for recording security status. . 9. The multi-layer protection system prevents unauthorized access attempts to the protected disk drive. 8. The multilayer protection system of claim 7, further comprising an access inhibiting device for preventing access. 10. The multilayer protection system allows no access to the protected disk drive. further comprising an access absence verification device capable of verifying that the multilayer protection system has not been accessed. 8. A multilayer protection system according to claim 7. 11. Computer disk drive controller to computer disk A multilayer protection system for controlling access to a storage system, a selected electrical circuit connecting the disk drive controller to the disk storage system; a contact device coupled thereto and selectively accessing selected contacts of the contact device; between the disk drive controller and the disk storage system, the disk drive controller having a device for A switch device coupled to the installed in the switch device to selectively inhibit access to the operation of the switch drive mechanism. a locking device to be coupled to the disk storage system; a device for selectively operating the locking device for management control of access; The switch device does not allow access to the protected disk drive. testing the switching device to ensure that it is selectively operating; hardware verification equipment, A disk drive for selectively controlling which of the disk drives to protect. Which of the drive mechanism selection device and the protection disk drive of the computer should be protected? a protective disk drive identification device for determining whether the recording the security status of the protected disk drive for security audit purposes; Security audit equipment and thwarts attempts to gain unauthorized access to the protected disk drive. access prohibition device, The multi-layered protection ensures that no access to the protected disk drive is allowed. Access absence verification device that can verify the system A multi-layer protection system consisting of.