RU118773U1 - COMPUTER TYPE "THIN CUSTOMER" WITH HARDWARE DATA PROTECTION - Google Patents

Abstract

1. A computer of the "thin client" (TK) type with hardware protection of data from unauthorized changes, containing at least one additional electrical circuit element that controls write access to a reprogrammable storage device that stores critical data, in particular Disk-On-Module ( DOM), characterized in that the mentioned element is a mechanical switch that allows you to block writing data to the DOM. ! 2. TC according to claim 1, characterized in that the mechanical switch is located inside the TC housing and is made in the form of a miniature switch or a jumper ("jumper") included in the electrical circuit of the DOM "write enable" bus.

Description

The utility model relates to the field of computer technology and information technology.

In recent years, especially in connection with the rapid development of information networks with a client-server or terminal architecture, used, in particular, in medicine, education and business, a relatively recently emerged, but already firmly won a place in the market, is becoming more widespread A type of computer known as a thin client (TC).

Compared to ordinary personal computers (PCs), TC features are significantly simplified architecture, and, as a result, hardware configuration, due to the fact that all or most of the TC information processing tasks are transferred to the server. That is why shopping malls are relatively inexpensive, miniature, do not include moving parts and have low power consumption. Instead of hard drives for storing and loading a locally-specialized operating system (OS), under which TCs operate, they usually use DOM (Disk-On-Module) - devices based on flash memory and a control chip that implements logic operation of a conventional hard disk [1].

For effective and safe operation of the shopping center with office and specialized applications that require an increased level of protection of critical data from unauthorized changes by an attacker, only software methods for protecting information, like a PC, are in most cases insufficient, and, as a rule, it is necessary to use hardware methods of protection [2] . However, these, being well-developed for PCs, are not applicable for shopping malls, in particular, due to the lack of free slots in the latter that allow installing any additional hardware modules in them.

Closest to the claimed utility model is a computer equipped with at least one additional element of an electrical circuit that controls write access to critical data saving (usually a verified operating system and software) reprogrammable storage device: for a regular PC, to a hard disk, which analogue for TC is DOM [2, p.100].

According to this source, in a computer equipped with such protection, there are a lot of such additional circuit elements, because their combination should form a controller circuit of the information protection system - in particular, a trusted boot hardware module installed on a common bus in an empty slot. Along with the fact that this is not technically feasible for a shopping center, the very principle of an "electronic lock" underlying such controllers, theoretically, makes them vulnerable to unauthorized programmatic influences from the outside (without opening the PC case), which is also undesirable.

The problem solved by the utility model is to significantly increase the level of security of the TC against unauthorized changes by the attacker of the critical data stored in it. The technical result associated with the solution of this problem is that now, to obtain firm guarantees of immutability, in particular, the OS image, it is enough to provide only physical protection for the TK, because somehow modifying it from the outside without opening the TK case has become fundamentally impossible .

The problem is solved in that in a TC with hardware data protection against unauthorized changes, containing at least one circuit element that controls access in recording mode to critical data-saving reprogrammable memory device, in particular Disk-On-Module (DOM), the mentioned element is a mechanical switch that allows you to block writing data to the DOM. Thanks to this, an authorized system administrator gets the opportunity, setting up the system and writing the verified data to the DOM of each of the TCs included in the system, to reliably protect them from unauthorized changes in the future.

It is advisable that the mechanical switch was located inside the TC housing and made in the form of a miniature switch or a jumper (“jumper”) included in the DOM “write permission” bus electric circuit. Such a technical solution is the simplest and most reliable for the vast majority of options for the implementation and use of the utility model.

Providing the above set of distinctive features of a useful model for solving the problem and achieving the specified technical result is quite obvious and does not need additional comments.

INFORMATION SOURCES

1. Wikipedia - the free encyclopedia ().

2. Konyavsky V.A. Information security management on the basis of SZI NSD "Accord". - M .: Radio and communications, 1999.

Claims (2)

1. A computer of the type "thin client" (TC) with hardware data protection against unauthorized changes, containing at least one additional circuit element that controls access in recording mode to critical data-saving reprogrammable memory device, in particular Disk-On-Module ( DOM), characterized in that the said element is a mechanical switch that allows you to block writing data to the DOM. 2. TK according to claim 1, characterized in that the mechanical switch is located inside the housing of the TK and is made in the form of a miniature switch or a jumper ("jumper") included in the electric circuit of the DOM "write permission" bus.