NL2010437C2 - Data storage device and computer system comprising such data storage device. - Google Patents

Data storage device and computer system comprising such data storage device. Download PDF

Info

Publication number
NL2010437C2
NL2010437C2 NL2010437A NL2010437A NL2010437C2 NL 2010437 C2 NL2010437 C2 NL 2010437C2 NL 2010437 A NL2010437 A NL 2010437A NL 2010437 A NL2010437 A NL 2010437A NL 2010437 C2 NL2010437 C2 NL 2010437C2
Authority
NL
Netherlands
Prior art keywords
data
data storage
time sequence
memory
access controller
Prior art date
Application number
NL2010437A
Other languages
Dutch (nl)
Inventor
Wibren Willem Draaijer
Original Assignee
Uksi B V
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Uksi B V filed Critical Uksi B V
Priority to NL2010437A priority Critical patent/NL2010437C2/en
Priority to PCT/NL2014/050147 priority patent/WO2014142659A1/en
Application granted granted Critical
Publication of NL2010437C2 publication Critical patent/NL2010437C2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

A data storage device comprises: a data storage memory for storing data, a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence. The access controller is arranged for: -detecting a time sequence of the monitoring signal provided at the monitoring signal input, -comparing the detected time sequence with the reference time sequence as stored in the access controller memory, and -providing a signal at a signaling output of the access controller to signal if the detected time sequence deviates from the reference time sequence wherein the data storage memory is loaded with program instructions forming a bootable software application.

Description

Title: Data storage device and computer system comprising such data storage device
The invention relates to a data storage device, a computer system comprising such data storage device, a method of securely booting a computer device and a method of remote access
In present day computer systems, adverse software such as computer viruses (e.g. a virus, malware, troyans, spyware, key logger, or any other unintended software etc.) are considered a mayor threat for computer safety. A virus (malware) may result in an execution of software by the computer to be damaged, impeded, or even worse, in a leakage of sensitive data, such as passwords, or other personal data that may be used by another person, e.g. for getting access to an online bank account, performing or changing online money transfer orders, obtaining personal data such as passport data, credit card data, etc.
In present computer systems, it is therefore recommended to make use of virus protection by means of antivirus software. Antivirus software commonly operates using a signature list, i.e. scans data traffic, files, etc., for the occurrence of data that matches a signature from the list, and if such match is found, to perform a corrective action, such as blocking the data from execution by the computer, deleting the data, etc.
Other types of antivirus software compare a behaviour of the computer system and its data streams, with previously detected (e.g. learned) behaviour, and generate a warning when certain deviations in respect of previous behaviour is detected.
Given the fact that current computer software (Microsoft, Apple, Android or other platforms) rapidly evolve, large numbers of computers being connected to the internet, newly developed viruses may have effect on many computers not being detected by antivirus software. Furthermore, certain classes of viruses may keep themselves hidden and inactive when detecting that a scan is performed by an antivirus program, thus reducing the probability that the virus in question is detected by the antivirus software.
The invention intends to provide an improved detection of viruses and/or other additional (unauthorised) data.
In order to achieve this goal, according to an aspect of the invention there is provided a data storage device comprising: a data storage memory for storing data, a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence, the access controller being arranged for: - detecting a time sequence of the monitoring signal provided at the monitoring signal input, - comparing the detected time sequence with the reference time sequence as stored in the access controller memory, and - providing a signal at a signaling output of the access controller to signal if the detected time sequence deviates from the reference time sequence.
In operation, the data storage device is connected to an external device, such as a computer device. The computer is then e.g. switched on, reset, rebooted or restarted, causing the computer to perform a booting operation from the data storage device. Any other means to perform a restart may be applied. Other starting conditions, other than a full reboot of the computer, may be used as a starting point as well. For example, software running on the computer device may create a shielded virtual computer environment in which virtual computer environment the data storage device may operate. The computer device (also briefly referred to in this document as “computer”) may be programmed to start a process from the data storage device, such as executing a program, loading a program, etc. For example, the computer may be programmed to initiate a boot sequence from a specified memory or successively specified memories. Having set the computer so as to perform the process (e.g. a boot sequence) from the memory device (or from an interface connection to which the memory device is connected), upon performing the process, the computer will start execution of software program instructions as stored on the data storage device, or other wise access the data stored on the data storage device. A communication via the data interface circuit of the data storage device, via which the data storage device is accessible for the computer, is monitored. A monitoring signal, that signals a presence of data communication via the data interface circuit, is provided and a time sequence of the monitoring signal is compared to a reference time sequence. As the computer hardware will generally be unchanged in respect of a previous performing of the same process, and assuming that the data that is accessed from the memory device remains the same, a time sequence of the process that is performed will remain the same. Any deviation of the sequence of access to the data storage device, as compared to the stored reference sequence of access to the data storage device, is detected. In case of a difference between the detected sequence of access to the data storage device and the reference sequence of access to the memory device, a change in the data (e.g. software program instructions stored in and executed from the data storage device) may have occurred, which may indicate a presence of (unauthorized) additional data such as a virus as executed from the external device or in the data as stored in the data storage device. The detection of a deviation may be exact, however the detection of a deviation may also make use of a tolerance window, in particular a tolerance window in time. The tolerance in time may be set as a fixed time window or as a predetermined fraction (e.g. 5%) of a shortest time between consecutive changes in the reference time sequence or as a predetermined fraction (e.g. 5%) of a shortest time between consecutive changes in the measured time sequence. For example, the time between any two consecutive state-changes in the time-sequence of the detected signal may deviate from the time between the two associated state changes in the reference time-sequence, no more than the predetermined fraction (e.g. 5%) of the shortest time-sequence between two consecutive state-changes to be measured. Thus, tolerances in temperature, power supply voltage, etc. may be taken into account thereby avoiding false alarms due to environmental changes such as power supply voltage change, temperature change, etc. By setting the tolerance window in line with the shortest time between consecutive changes, a sensitivity may be adapted so as to meet a rate of change of the sequence.
In this document, the term computer device or computer may refer to any data processing device such as a personal computer, a laptop computer, a tablet computer, a smartphone, etc. The data storage memory of the data storage device may comprise any suitable type of memory, for example a read only memory or a programmable memory which is set into a read only status after having been loaded with a suitable software program. When the data storage device is in a read only state, a virus or other (unauthorized) data may be impeded from entering the data as stored in the data storage memory of the data storage device. The data interface circuit may comprise any data interface circuit such as a serial data bus, a parallel data bus, a wireless interface such as a Bluetooth interface or other wireless personal area network interface, etc. The interface circuit may be an external interface of the computer or an internal interface, such as an internal data bus. The data storage device may hence form a separate device or be built into the computer. The access controller may be provided in a form of a microcontroller or microprocessor, such as a standalone microcontroller or microprocessor. In order to prevent any virus or additional (unauthorized) data from getting access to the access controller, and thus attempt to get an influence on the comparison with the reference time sequence or the reference time sequence itself, the access controller may be kept unconnected from the data interface circuit and data storage memory, except for the monitoring signal. As the monitoring signal may not provide a direct data connection between the data interface circuit and the access controller, in the sense that no data exchange between access controller and data interface circuit is possible thereby (only the transmission of information that informs the access controller about a presence of access to the data storage memory of the data storage device), access of viruses to the access controller may be prevented. A signaling may be provided in that the access controller activates an optical or acoustical indicator of the data storage device so as to correspondingly provide an optical or acoustical indication (e.g. blinking of an LED) by the data storage device.
In an embodiment, the monitoring signal output of the data interface circuit is at least one of a data read signal and a data write signal. The monitoring may hence be performed on data reading actions, data writing actions or both, so as to provide an accurate monitoring. Correspondingly, the reference time sequence may comprise a reference read sequence, a reference write sequence, a combined read/write reference sequence, or both a reference read sequence and a reference write sequence. In a practical embodiment, the bootable software application will be read from the data storage device, causing a read sequence monitoring to suffice in order to determine if the (read) time sequence corresponds to the reference time sequence. Additional monitoring may be provided by monitoring the write actions (to e.g. monitor when temporary data, settings or possibly malicious data is stored). In an embodiment, the data interface circuit comprises a data interface circuit controller for controlling the data communication via the data interface circuit, the data interface circuit controller comprising a data communication monitoring output, the data interface circuit controller being arranged for signaling at the data communication monitoring output a presence of the data communication via the data interface circuit, the data connection between the data interface circuit and the access controller being formed by the data communication monitoring output being connected to the data monitoring input of the access controller. The data interface circuit controller may for example be a data bus controller, such as a serial data bus controller (in case the interface circuit is formed by a serial data bus), a parallel data bus controller (in case the interface circuit is formed by a parallel data bus), etc. Such data interface circuit controller may provide a signal that may be applied as the monitoring signal, namely a signal indicating the presence of a read action, a signal indicating a presence of a write action, or both, such signals commonly be applied for driving a corresponding LED or other indicator, such as an other optical indicator, that reliably and conveniently signals the such read or write actions from or to the data storage device taking place.
In an embodiment, the access controller is further arranged for: - detecting the sequence of data communication via the data interface circuit, - deriving the reference time sequence data from the detected sequence of data communication, and - storing the reference time sequence data in the access controller memory.
Thus, the reference time sequence may be learned, e.g. from performing a detection of a sequence once, performing the detection plural times and averaging the detected sequences, etc. The reference time sequence may be stored in the access controller memory. The access controller memory is preferably implemented as a memory separate from the memory device this reducing a risk of manipulation of the reference time sequence by a virus or other malware. Alternatively, the access controller memory may be implemented as a part of the memory device of the data storage device which is preferably isolated from the data interface circuit.
In order to prevent any possible overwriting or other manipulation of the reference time sequence, the access controller may further be arranged for: - setting an access status of the access controller memory to read only after having stored the reference time sequence data in the access controller memory.
The access controller may further be arranged for setting the access status of the access controller memory to read only in response to receipt of a user input command. The user may for example allow the memory device to learn a reference time sequence once or a plurality of times, and then end the learning by a user input command, such as the user pressing a button on the data storage device or the user entering a code (such as an activation code) at the computer device. The access controller may thereto be arranged to compare the entered access code with a stored access code or an access code received via the internet, and set the data storage device from the learning mode into normal operation.
In an embodiment, the data storage memory is a read only memory which may prevent any virus or other malware from performing a change to the data as stored in the data storage device. Correspondingly, monitoring a read sequence may be effective.
In an embodiment, the data storage memory is loaded with program instructions forming a bootable software application, thus allowing the computer to boot from the data storage device, hence largely preventing any possible virus or other malware, as present on other storage devices of the computer, to be loaded, as the computer boots from the data storage device. The bootable software application may comprise a bootable operating system and an application program (e.g. a program that enables remote access, such as a browser) to be executed under the operating system. Should a virus have worked its way into the program instructions as stored on the data storage memory of the data storage device, such virus may result in a change in the sequence with which the computer device boots from the data storage device, as the bootable program may have been changed by such virus, causing the access controller to detect a difference between the monitored time sequence of data communication and the reference sequence, and as a result of detecting a difference, may generate a warning signal, examples of which having been described above. (
In an embodiment, the data storage device further comprises a second data storage memory connected to the data interface circuit, the second data storage memory having an enable input for setting the second data storage memory in an enabled or disabled state, the access controller comprising an enable output connected to the enable input of the data storage device and being arranged for setting the second data storage memory from the disabled to the enabled state when the access controller has established that the detected time sequence equals the reference time sequence. Thereby, the second data storage memory of the data storage device may be enabled when the access controller has determined from the comparison between the reference time sequence and the monitored time sequence, that a normal operation, free of computer viruses, seems to be established. User data may be stored in the second data storage memory, and the second data storage memory in which such user data may be stored, may be kept disabled in order to protect access to the user data, until the access controller has established a defined, likely virus free environment. The second data storage memory may comprise a non volatile memory, a volatile memory or both. The non-volatile memory (such as a flash memory) may be used to retain data such as user data, e.g. settings that may be required to allow software stored on the data storage memory to operate. The volatile memory may be applied for storing temporary data such as cookies, downloaded documents, etc. from a session by the user. The volatile memory may be provided with a temporary back-up power supply arranged for maintaining a supply voltage to the volatile memory for a predetermined time, in order to retain data stored in the volatile memory for a predetermined time, and erased thereafter: when the computer device is in normal operating mode, i.e. the (e.g. bootable) software application running from the data storage device has been terminated, a user may read the temporary data from the volatile memory before being erased, so as to obtain a copy of a downloaded document, etc. The erasing provides that any possible malicious data is removed
The bootable software application may comprise program instructions for reading from the second data storage memory operating settings for the bootable software application. As a result, in case the access controller would not enable access to the data stored in the second data storage memory (as e.g. the detected time sequence does not correspond to the reference time sequence), the second data storage memory is not read enabled, causing the bootable software application to stop, as settings required for its operation (e.g. access network settings, remote logging in settings etc., are not available. Thus, operation of the bootable software application is interrupted in a potentially unsafe environment.
When making use of a data interface circuit controller (such as an USB controller), the first and second memories may be conveniently controlled: any data traffic, including read and write actions via the data interface circuit to the data storage memory and/or the second data storage memory may be monitored by the data interface circuit controller, while read and/or write enabling of the (non-volatile and/or volatile) second data storage memory may be effectively controlled by corresponding enable/disable signals as provided by the data interface circuit controller. The enable output may comprise a read enable output and a write enable output, the access controller being arranged to enable a writing in the second data storage memory before enabling a reading from the second data storage memory. The writing before reading may enable the bootable software application running from the data storage memory to delete (overwrite) any virus on the second data storage memory (in particular non volatile memory), before allowing the memory to be read, i.e. before such virus could be activated. The write enable and/or read enable signals as provided by the access controller may be provided directly to the second data storage memory. Alternatively, the write enable and/or read enable signals as provided by the access controller may be provided to the data interface controller which may in turn control the read and/or write access status of the second data storage memory. Thereby, use may be made of memory access control already available in an existing data interface controller circuit.
The access controller may be arranged to signal a writing of data into the non volatile second data storage memory, e.g. by activation of an optical or acoustical indicator of the data storage device so that no software (that could be tampered by a virus) is involved in such signaling. The bootable software application may be arranged to prompt the user if the data stored in the non volatile second data storage memory is to be deleted, and to overwrite data stored in the non volatile second data storage memory if instructed. The user, when being indicated that data is stored in the non volatile second data storage memory, reboot again and instruct to delete the data is stored in the non volatile second data storage memory so as to avoid any malicious data from being activated. Thus, when the user for example recognizes that data is stored in the non volatile second data storage memory while no authorization has been given to do so, a rebooting may be initiated and the data overwritten.
In an embodiment, the data interface circuit comprises a Universal Serial Bus interface circuit, i.e. an interface circuit in accordance with the USB interface standard, so as to allow easy and convenient connectivity to a wide range of computer devices.
According to another aspect of the invention, there is provided a computer device comprising a data storage device according to the invention, the data storage memory of the data storage device being loaded with a bootable software application, the computer device being bootable (i.e. start operation and loading an operating system ) from the data storage memory.
According to yet another aspect of the invention, there is provided a method of securely booting of a computer device, the method comprising: - executing a bootable software application from a data storage device of the computer device, - detecting a time sequence of memory access to the data storage device, - comparing the detected time sequence with a reference time sequence, and - providing a warning signal to signal if the detected time sequence deviates from the reference time sequence.
The method may further comprise - deriving a reference time sequence from the time sequence, and - storing the reference time sequence data in an access controller memory.
An access status of the access controller memory may be set to read only.
According to still another aspect of the invention, there is provided a method of remote access by a computer device to a server, comprising: - booting the computer device in accordance with the method according to the invention, whereby the bootable software application comprises a remote access software application, and - remotely accessing the server by the remote access software application executed by the computer device.
With the computer device and methods according to the invention, the same or similar effects may be achieved as with the data storage device according to the invention. Also, the same or similar preferred embodiments may be provided, providing the same or similar effects.
The data storage device according to the invention may be applied for providing secure remote access from the computer device to a server. The computer device may thereto boot from software stored in the data storage memory of the data storage device. A sequence of the start of the software (e.g. the booting in case of bootable software), is monitored and compared to the reference time sequence. In case of a deviation from the reference time sequence, an occurrence of a virus may be detected and a warning to the user generated. When no deviation from the reference time sequence has been detected, a remote access application contained in the software as stored on the data storage memory, may be started, and remote access (such as remote banking) may be provided. Settings required for operation of the remote access application may be stored in the second memory. Any virus contained in other (mass) storage devices of the computer device (e.g. its normal boot program, BIOS (Basic Input Output System) and operating system) may be prevented from operation, as - directly when switching on or resetting the computer device - the bootable program from the data storage device will start running, thereby preventing any virus infected other software of the computer device from turning into operation. Should a virus contained in other (mass) storage devices of the computer device have worked its way into the program instructions during the boot from the data storage memory of the data storage device, such virus may result in a change in the sequence, causing the access controller to detect a difference between the monitored time sequence of data communication and the reference sequence, and as a result of detecting a difference, may generate a warning signal Further advantages, features and effects of the invention will follow from the appended drawing and corresponding description, in which a non-limiting embodiment of the invention is shown, wherein:
Figure 1A depicts a block schematic view of a data storage device according to an embodiment of the invention;
Figure 1B depicts a block schematic view of an alternative configuration of a data storage device according to an embodiment of the invention;
Figure 1C depicts a block schematic view of another alternative configuration of a data storage device according to an embodiment of the invention and Figure 2A - 2D depict timing diagrams of various operating situations of the data storage device in accordance with Figure 1A and 1B.
Figure 1A depicts a data storage device comprising data storage memory DSM, such as a read only memory in which data is stored, such as in this example a bootable software program. The data may be mask programmed into the memory or programmed into the memory by any other suitable programming means (fuse programmable, etc.), after which the data storage memory is set into a read only state. The data storage device comprises a data interface circuit DIC for communication with an external device such as in this example a computer. The data interface circuit may for example comprise an interfacing circuit (such as an interface bus driver circuit and interface bus connector) and an interface controller to control data communication via the interface. The data interface circuit may for example be formed by an USB (universal serial bus) interface circuit. The data storage device may further comprise an access controller AC and an associated access controller memory ACM. The data interface circuit comprises a monitoring signal output MSO at which a monitoring signal is provided. The monitoring signal signals a presence of data communication via the data interface circuit. The monitoring signal output is connected to a monitoring signal input MSI of the access controller. In the access controller memory, a reference time sequence is stored. The access controller is arranged to detect a time sequence of the monitoring signal, e.g. by logging the monitoring signal over a certain time period, and comparing the time sequence of the monitoring signal to the reference time sequence. In case the time sequence corresponds to the reference time sequence, it may be established that no abnormalities have been detected, resulting in a safe operation. Otherwise, in case of a deviation from the reference time sequence, a virus may be involved resulting in a change of the sequence of operation, and a warning signal may be generated by the access controller and displayed to the user, for example in that the access controller activates an optical warning indicator such as a status LED of the data storage device. The software application as stored in the data storage memory may be a bootable software application and a remote access program and/or other software applications. In operation, the data storage device is connected via the data interface circuit to an interface circuit of the computer, when the computer is off or on or standby. The computer is then switched on or reset, causing it to perform a boot sequence from the data storage device. The computer is to be set in advance to check for the presence of bootable software on a device connected to its interface circuit (e.g. an USB bus), and upon detection of the bootable software on the data storage device, the computer will boot therefrom. The monitoring may be completed when the booting has been completed, and when the time sequence appears to correspond to the reference time sequence, the remote access software (e.g. an internet banking application, secure logging in session, user identification, etc.) may start.
Upon taking into operation the data storage device, the user may allow the data storage device to initially monitor the sequence (e.g. boot sequence) once or a predetermined number of times (e.g. by averaging), and derive a reference time sequence therefrom, which the access controller then stores in the access controller memory. The reference time sequence may then be “locked” by the access controller setting a status of the access controller memory to read only.
As the data storage device according to the invention only requires a monitoring signal connection (and optionally an enable/disable read/write signaling connection as described below) between the data interface circuit and the access controller, the access controller may be almost “isolated” from the remainder of the data storage device and the computer device, causing a risk of virus contamination of the access controller and the time sequence determination, to be low.
The interface circuit may be formed by an USB interface circuit and comprise an USB interface controller. A read indictor/write indicator line of the USB control may form the monitoring signal output.
Figure 1A further depicts a second data storage memory SDM. The Second data storage memory is likewise to the data storage memory DSM connected to the data interface circuit, so as to allow the computer device to which the data storage device is connected, to have access to the second data storage memory. An access to the second data storage memory is controlled by the access controller. When the access controller has established that - upon booting or other defined process - the monitored time sequence corresponds to the reference time sequence (so that a safe operation may be assumed), access to the second data storage memory may be enabled by means of the access controller setting to the data interface circuit a read enable signal, write enable signal or both. In this example two second data storage memories are provided, a non-volatile second data storage memory NV-SDM, such as a flash memory, and a volatile second data storage memory V-SDM, such as a random access chip memory. The non-volatile memory may be applied for storage of settings, such as communication settings of the remote access software application stored on the data storage memory, etc. The volatile memory may be applied for storing data gathered in e.g. a last session, such as cookies, temporary files, downloaded documents (e.g. an account overview in the case of internet banking) etc. The volatile memory may be provided with a temporary data retention backup, such as a data retention capacitor or a battery. In order for the data stored in the volatile memory to be removed after the user has had the opportunity to read the data, the data storage device may be provided with a timer (e.g. implemented by the access controller) that removes the data retention voltage from the volatile memory after a predetermined time period has lapsed (e.g. as of switching off).
The alternative configuration as depicted in Figure 1B and 1C are identical to that of figure 1 A, except that in the configuration as depicted in Figure 1B, the read and write enable signals R/W NV-DSM/VDSM as provided by the access controller AC are provided to the data interface circuit controller DIC, which in turn controls read and write access to the data storage memory and the second data storage memory. In the configuration as depicted in Figure 1C, in addition to the read and write enable signals R/W NV-DSM/VDSM in accordance with Figure 1B, a write enable signal is provided from the access controller AC to the data interface circuit controller DIC, which allows to program the data storage memory with e.g. a bootable software application and set the data storage memory to read only thereafter..
An operation of the data storage device will further be explained in some more detail from Figure 2A - 2C, in which a timing diagram is depicted.
Figure 2A-2C each depict a time diagram in which time is set out on the horizontal axis and data activities of first and second memories are depicted. Each of Figure 2A - 2C, depicts from top to bottom a time line of reading R and writing W of the data storage memory DSM, a non volatile part of the second data storage memory NV-SDM, and a volatile part V-SDM thereof. Where reading R or writing W is enabled, this is represented by a shading. Along the horizontal time line, two phases are identified, a boot stage BST wherein the bootable software application runs, and wherein the access controller performs the monitoring, and a following application stage APS wherein the application software stored on the data storage memory may be executed. As depicted in Figure 2A, during the boot stage, the data storage device is read only (as the boot program is read from it) and a boot sequence (comprising e.g. one interrupted reading or a plurality of read cycles having a same or different length) are executed. In the example depicted in Figure 2A, it is established that the sequence corresponds to the reference time sequence, and the application program is started from the data storage device, while access (Read and Write) to the volatile second data storage device is enabled, while write access to the non-volatile second data storage device is enabled, allowing if needed to overwrite any malicious data on the non-volatile second data storage device, before reading from the non-volatile second data storage device is enabled (i.e. before such malicious software could be loaded by the computer devices). Then, the reading from the non-volatile second data storage device is enabled for a predetermined time to allow reading of settings, e.g. by the application program.
In Figure 2B, a same process is depicted, however in addition to the actions as described above with reference to Figure 2A, a write action WA is performed onto the nonvolatile second data storage memory. After completion of the writing action, the non-volatile second data storage memory is write disabled by the access controller, and a notification is made to the user. A reboot may be performed afterwards..
In Figure 2C, a situation in which a deviation in comparison the time sequence of the monitoring to the reference time sequence is detected, is depicted . As a result, the access controller does not enable the application program to start a (optical or acoustical) warning is provided to the user as described above. The application program is inhibited from operating as an access to operating settings as stored in the NV-DSM, which settings are required for the application program to run, cannot be provided as reading from the NV-DSM is not enabled..
Figure 2D depicts the situation wherein the computer device is in normal operating mode NOM, .i.e. the computer device has not performed a boot sequence from the data storage device. The volatile second data storage memory V-DSM is set in read enabled state RTD for a predetermined time allowing a user (when back to the regular computing environment of the computer) to read the data (which has been written in a recent run of the bootable software application) from the volatile second data storage memory.

Claims (18)

1. Dataopslaginrichting omvattende: een dataopslaggeheugen voor het opslaan van data, een data interfaceschakeling die verbonden is met het dataopslaggeheugen en ingericht is voor het verschaffen van een dataverbinding tussen het dataopslaggeheugen en een computerinrichting, waarbij de data interface schakeling een monitoringsignaaluitgang omvat en is ingericht voor het verschaffen, aan de monitoringsignaaluitgang van een monitoringsignaal dat een aanwezigheid van datacommunicatie via de data interface schakeling aangeeft, en een toegangscontroller met een monitoringsignaalingang die is verbonden met de monitoringsignaaluitgang van de data interfaceschakeling, waarbij de toegangscontroller een toegangscontrollergeheugen omvat voor het opslaan van een referentie tijdssequentie, waarbij de toegangscontroller is ingericht voor: het detecteren van een tijdssequentie van het monitoringsignaal dat aan de monitoringsignaalingang wordt verschaft, het vergelijken van de gedetecteerde tijdssequentie met de referentie tijdssequentie zoals opgeslagen in het toegangscontrollergeheugen, en het verschaffen van een signaal aan een signaleringsuitgang van de toegangscontroller voor het signaleren of de gedetecteerde tijdssequentie afwijkt van de referentie tijdssequentie.A data storage device comprising: a data storage memory for storing data, a data interface circuit connected to the data storage memory and adapted to provide a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, to the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and an access controller having a monitoring signal input connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence, wherein the access controller is arranged for: detecting a time sequence of the monitoring signal supplied to the monitoring signal input, comparing the detected time check with the reference time sequence as stored in the access controller memory, and providing a signal to a signaling output of the access controller for signaling whether the detected time sequence deviates from the reference time sequence. 2. Dataopslaginrichting volgens conclusie 1, waarbij de monitoringsignaaluitgang van de data interface schakeling ten minste een is van een data leessignaal en een data schrijfsignaal.The data storage device of claim 1, wherein the monitoring signal output of the data interface circuit is at least one of a data read signal and a data write signal. 3. Dataopslaginrichting volgens conclusie 1 of 2, waarbij de data interface schakeling een data interface schakelingscontroller omvat voor het besturen van de datacommunicatie via de data interface schakeling, waarbij de data interface schakelingscontroller een datacommunicatie monitoringuitgang omvat, waarbij de data interface schakelingscontroller is ingericht voor het signaleren op de datacommunicatie monitoringuitgang van een aanwezigheid van de datacommunicatie via de data interface schakeling, waarbij de dataverbinding tussen de data interface schakeling en de toegangscontroller is gevormd door de datacommunicatie monitoringuitgang die verbonden is met de datamonitoringingang van de toegangscontroller.A data storage device according to claim 1 or 2, wherein the data interface circuit comprises a data interface circuit controller for controlling the data communication via the data interface circuit, the data interface circuit controller comprising a data communication monitoring output, the data interface circuit controller being adapted to signaling on the data communication monitoring output of a presence of the data communication via the data interface circuit, the data connection between the data interface circuit and the access controller being formed by the data communication monitoring output connected to the data monitoring input of the access controller. 4. Dataopslaginrichting volgens een van de voorgaande conclusies, waarbij de toegangscontroller verder is ingericht voor: het detecteren van de sequentie van datacommunicatie via de data interface schakeling, het afleiden van de referentie tijdssequentiedata uit de gedetecteerde sequentie van communicatie, en het opslaan van de referentie tijdssequentiedata in het toegangscontrollergeheugen.The data storage device according to any of the preceding claims, wherein the access controller is further adapted to: detect the sequence of data communication via the data interface circuit, derive the reference time sequence data from the detected sequence of communication, and save the reference time sequence data in the access controller memory. 5. Dataopslaginrichting volgens conclusie 4, waarbij de toegangscontroller is ingericht voor: het zetten van een toegangsstatus van het toegangscontrollergeheugen naar alleen lezen nadat de referentie tijdssequentiedata in het toegangscontrollergeheugen is opgeslagen.The data storage device of claim 4, wherein the access controller is adapted to: set an access status of the access controller memory to read only after the reference time sequence data is stored in the access controller memory. 6. Dataopslaginrichting volgens conclusie 4 of 5, waarbij de toegangscontroller is ingericht voor het zetten van de toegangsstatus van het toegangscontrollergeheugen op alleen lezen in antwoord op het ontvangen van een gebruikersinvoercommando.A data storage device according to claim 4 or 5, wherein the access controller is adapted to set the access status of the access controller memory to read only in response to receiving a user input command. 7. Dataopslaginrichting volgens een van de voorgaande conclusies, waarbij het dataopslaggeheugen alleen lezen geheugen is.The data storage device according to any of the preceding claims, wherein the data storage memory is read-only memory. 8. Dataopslaginrichting volgens een van de voorgaande conclusies, waarbij het dataopslaggeheugen is geladen met programma-instructies die een bootable software toepassing vormen.A data storage device according to any of the preceding claims, wherein the data storage memory is loaded with program instructions that form a bootable software application. 9. Dataopslaginrichting volgens een van de voorgaande conclusies, verder omvattende een tweede dataopslaggeheugen dat verbonden is met de data-interfaceschakeling, waarbij het tweede dataopslaggeheugen een enable ingang heeft voor het zetten van het tweede dataopslaggeheugen in een enabled of disabled toestand, waarbij de toegangscontroller een enable uitgang omvat die verbonden is met de enable ingang van de dataopslaginrichting en is ingericht voor het zetten van het tweede dataopslaggeheugen van de gedisablede naar de ge-enablede toestand wanneer de toegangscontroller heeft vastgesteld dat de gedetecteerde tijdssequentie gelijk is aan de referentie tijdssequentie.The data storage device according to any of the preceding claims, further comprising a second data storage memory connected to the data interface circuit, the second data storage memory having an enable input for putting the second data storage memory into an enabled or disabled state, the access controller having a includes an enable output that is connected to the enable input of the data storage device and is arranged to set the second data storage memory from the disconnected to the enabled state when the access controller has determined that the detected time sequence is equal to the reference time sequence. 10. Dataopslaginrichting volgens conclusie 8 of 9, waarbij de bootable software applicatie programma-instructies omvat voor het lezen vanuit het tweede dataopslaggeheugen van bedrijfsinstellingen voor de bootable software applicatie.The data storage device according to claim 8 or 9, wherein the bootable software application comprises program instructions for reading from the second data storage memory operating settings for the bootable software application. 11. Dataopslaginrichting volgens conclusie 9 of 10, waarbij de enable uitgang een lees enable uitgang en een schrijf enable uitgang omvat, waarbij de toegangscontroller is ingericht voor het enablen van een schrijven in het tweede dataopslaggeheugen voorafgaand aan het enabled van een lezen uit het tweede dataopslaggeheugen.A data storage device according to claim 9 or 10, wherein the enable output comprises a read enable output and a write enable output, wherein the access controller is adapted to enroll a write in the second data storage memory prior to enabling a read from the second data storage memory . 12. Dataopslaginrichting volgens een van de voorgaande conclusies, waarbij de data interface schakeling een universele seriële bus interface schakeling omvat.The data storage device according to any of the preceding claims, wherein the data interface circuit comprises a universal serial bus interface circuit. 13. Computerinrichting omvattende een dataopslaginrichting volgens een van de conclusies 1-12, waarbij het dataopslaggeheugen van de dataopslaginrichting is geladen met een bootable software applicatie, waarbij de computerinrichting bootable is van het dataopslaggeheugen.A computer device comprising a data storage device according to any of claims 1-12, wherein the data storage memory of the data storage device is loaded with a bootable software application, the computer device being bootable from the data storage memory. 14. Werkwijze voor het veilig booten van een computerinrichting, waarbij de werkwijze omvat: het uitvoeren van een bootable software applicatie van een dataopslaginrichting van de computerinrichting, het detecteren van een tijdssequentie van geheugentoegang tot de dataopslaginrichting, het vergelijken van de gedetecteerde tijdssequentie met een referentie tijdssequentie, en het verschaffen van een waarschuwingssignaal voor het signaleren of de gedetecteerde tijdssequentie afwijkt van de referentie tijdssequentie.A method for securely booting a computer device, the method comprising: executing a bootable software application from a data storage device of the computer device, detecting a time sequence of memory access to the data storage device, comparing the detected time sequence with a reference time sequence, and providing a warning signal to signal whether the detected time sequence deviates from the reference time sequence. 15. Werkwijze volgens conclusie 14, verder omvattende: het afleiden van een referentie tijdssequentie uit de tijdssequentie, en het opslaan van de referentie tijdssequentiedata in een toegangscontrollergeheugen.The method of claim 14, further comprising: extracting a reference time sequence from the time sequence, and storing the reference time sequence data in an access controller memory. 16. Werkwijze volgens conclusie 15, verder omvattende het zetten van een toegangsstatus van het toegangscontrollergeheugen naar alleen lezen nadat de referentie tijdssequentiedata in het toegangscontrollergeheugen is opgeslagen.The method of claim 15, further comprising setting an access status of the access controller memory to read only after the reference time sequence data is stored in the access controller memory. 17. Werkwijze volgens een van de conclusies 14-16, verder omvattende het enablen van een data lezen van een tweede dataopslaggeheugen van de dataopslaginrichting in het geval de gedetecteerde tijdssequentie in hoofdzaak gelijk is aan de referentie tijdssequentie en het lezen, door de bootable software applicatie, van de bedrijfsinstellingen voor het bedrijven van de bootable software applicatie van het tweede dataopslaggeheugen.The method of any one of claims 14-16, further comprising enabling a data reading from a second data storage memory of the data storage device in case the detected time sequence is substantially equal to the reference time sequence and reading by the bootable software application , of the company settings for operating the bootable software application of the second data storage memory. 18. Werkwijze voor toegang op afstand door een computerinrichting tot een server, omvattende: het booten van de computerinrichting volgens de werkwijze volgens een van de conclusies 14-17, waarbij de bootable software applicatie een toegang op afstand software applicatie omvat, en het op afstand verkrijgen van toegang tot de server door de toegang op afstand software applicatie die wordt uitgevoerd door de computerinrichting.A method for remote access by a computer device to a server, comprising: booting the computer device according to the method according to any of claims 14-17, wherein the bootable software application comprises a remote access software application, and the remote gaining access to the server through the remote access software application executed by the computer device.
NL2010437A 2013-03-12 2013-03-12 Data storage device and computer system comprising such data storage device. NL2010437C2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
NL2010437A NL2010437C2 (en) 2013-03-12 2013-03-12 Data storage device and computer system comprising such data storage device.
PCT/NL2014/050147 WO2014142659A1 (en) 2013-03-12 2014-03-12 Data storage device and computer system comprising such data storage device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL2010437A NL2010437C2 (en) 2013-03-12 2013-03-12 Data storage device and computer system comprising such data storage device.
NL2010437 2013-03-12

Publications (1)

Publication Number Publication Date
NL2010437C2 true NL2010437C2 (en) 2014-09-15

Family

ID=48184440

Family Applications (1)

Application Number Title Priority Date Filing Date
NL2010437A NL2010437C2 (en) 2013-03-12 2013-03-12 Data storage device and computer system comprising such data storage device.

Country Status (2)

Country Link
NL (1) NL2010437C2 (en)
WO (1) WO2014142659A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT517154B1 (en) * 2015-03-05 2018-07-15 Siemens Ag Oesterreich Monitoring the startup process of an integrated circuit
CN109687875B (en) * 2018-11-20 2023-03-31 成都四方伟业软件股份有限公司 Time sequence data processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US20100088759A1 (en) * 2008-10-03 2010-04-08 Microsoft Corporation Device-side inline pattern matching and policy enforcement
US20120066765A1 (en) * 2010-09-10 2012-03-15 O'brien John System and method for improving security using intelligent base storage
US20120246729A1 (en) * 2011-03-24 2012-09-27 Samsung Electronics Co., Ltd. Data storage devices including integrated anti-virus circuits and method of operating the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US20100088759A1 (en) * 2008-10-03 2010-04-08 Microsoft Corporation Device-side inline pattern matching and policy enforcement
US20120066765A1 (en) * 2010-09-10 2012-03-15 O'brien John System and method for improving security using intelligent base storage
US20120246729A1 (en) * 2011-03-24 2012-09-27 Samsung Electronics Co., Ltd. Data storage devices including integrated anti-virus circuits and method of operating the same

Also Published As

Publication number Publication date
WO2014142659A1 (en) 2014-09-18

Similar Documents

Publication Publication Date Title
EP2989579B1 (en) Redundant system boot code in a secondary non-volatile memory
CN109815698B (en) Method and non-transitory machine-readable storage medium for performing security actions
CN105144185B (en) Access control device code and system start code
TWI522838B (en) Configuring a system
US20090288161A1 (en) Method for establishing a trusted running environment in the computer
KR100929870B1 (en) How to keep BIOS security of computer system
US20170289193A1 (en) Secure smart terminal and an information processing method
EP2989547B1 (en) Repairing compromised system data in a non-volatile memory
TWI499911B (en) Methods and systems to selectively scrub a system memory
WO2013067486A1 (en) Secure boot administration in a unified extensible firmware interface (uefi)- compliant computing device
CN103718165A (en) BIOS flash attack protection and notification
JPH0833914B2 (en) How to lock a smart card
US20180114024A1 (en) Firmware verification through data ports
CN102509046A (en) Globally valid measured operating system launch with hibernation support
US10742412B2 (en) Separate cryptographic keys for multiple modes
US9262631B2 (en) Embedded device and control method thereof
CN111158767A (en) BMC-based server secure starting method and device
TWI468973B (en) Clearing secure system resources in a computing device
US8214825B2 (en) Electronic device and method for installing software
CN106020895B (en) Application program starting method and user terminal
NL2010437C2 (en) Data storage device and computer system comprising such data storage device.
WO2015188511A1 (en) Nand flash operation processing method and apparatus, and logic device
TWI791244B (en) Monitor system booting security device and method thereof
US9483641B2 (en) Method and device for the performance of a function by a microcircuit
CN113051576A (en) Control method and electronic device

Legal Events

Date Code Title Description
MM Lapsed because of non-payment of the annual fee

Effective date: 20180401