RU153044U1 - WORK STATION WITH HARDWARE DATA PROTECTION FOR COMPUTER NETWORKS WITH CUSTOMER SERVER OR TERMINAL ARCHITECTURE - Google Patents

Abstract

1. A workstation with hardware-based data protection for computer networks with a client-server or terminal architecture, functionally a thin client (TK) computer containing a central part in the form of a processor and memory, including a reprogrammable read-only memory a device that stores critical data and is hardware-protected from unauthorized overwriting of such, and the peripheral part in the form of connection interfaces - both the TC to the network and the peripheral equipment of the user's workplace I to the TC - characterized in that its central and peripheral parts are made in the form of two units equipped with electrical connectors in separate housings, which, when electrically connected and mechanically jointed (mated), form a compact unit geometrically similar to the one-piece TC body, and the central part block is made mobile (allowing for disconnection and wearing by the user in the intervals between work sessions), and the peripheral unit block - stationary (permanently connected cables to the network and to peripheral equipment ny) .2. The workstation according to claim 1, characterized in that the mobile unit is made personified (containing, in a secure part of its memory, the personal / identification data of the user to whom it is assigned), and the stationary unit is non-personified (in principle, allowing each of the legal users to work at any workplace).

Description

The utility model relates to the field of computer technology and information technology.

In the rapidly developing in recent years computer networks with a client-server or terminal architecture as workstations - stationary computers as part of local computer networks with respect to the server [1] - usually not ordinary personal computers (PCs) are used, but their models, significantly simplified in architecture and hardware configuration, which, in particular, include computers (microcomputers) of the “thin client” (TC) type [2]. Due to the fact that all or most of the tasks for processing TC information are transferred to the server, they are relatively inexpensive, miniature, without moving parts, and have reduced power consumption. Instead of hard drives for storing and loading a locally-specialized operating system that runs TCs, they usually use DOM (Disk-On-Module) - devices based on reprogrammable read-only memory devices (ROM) with flash memory and control chips that implement the logic of the hard drive.

For effective and safe operation of the shopping center with office and specialized applications that require an increased level of protection of critical data from unauthorized changes by an attacker, only software information protection methods, like PCs, are in most cases insufficient, and, as a rule, hardware protection methods are necessary [3] . However, these, being well developed for the PC, for workstations based on the TC - in particular, due to the lack of the latest free slots that allow you to install any additional hardware modules in them - are not applicable.

For such applications, simpler and at the same time quite effective technical solutions have been developed that allow controlling access in the recording mode to the memory ROM of the TC, which stores critical data. Of these, the closest to the claimed utility model is a TC with hardware data protection, containing a mechanical switch located inside its case, which allows blocking data recording in the EPROM [4]. Such a TC, being permanently connected to a computer network, essentially becomes a full-featured (monoblock) workstation itself, since it not only has computing resources (contains RAM and a processor), but also supports all connection interfaces - both from the network side and from the user's peripheral equipment.

However, the tight binding of the computing resources at the disposal of each of the users (personified parts of the system software environment) to the stationary equipment of their workstations (taking place, if they are monoblock workstations) entails a number of disadvantages, especially the complexity and high cost of system upgrades for which such workstations need to be modernized as a whole (replaced).

The objective of the utility model is to eliminate this drawback. The result associated with its solution is not limited solely to the economic aspect, but also has technical components, of which the most important is to increase the level of information security in the system by isolating (separating) the central and peripheral parts of user workstations.

The problem is solved in that in a workstation with hardware data protection for computer networks with a client-server or terminal architecture, functionally a computer of type TK, containing a central part in the form of a processor and memory, including an EPROM that retains critical data both hardware-protected from unauthorized overwriting of such data and the peripheral part in the form of connection interfaces - both the TC to the network and the peripheral equipment of the user's workstation to the TC - central and peripheral STI designed as two blocks provided with electrical connectors in separate housings forming at the electric connection and the mechanical articulation (docking) compact assembly, geometrically similar monoblock casing TC. In this case, the block of the central part is made mobile (allowing disconnection and carrying by the user in the intervals between work sessions), and the block of the peripheral part is stationary (permanently connected cables to the network and peripheral equipment).

These differences provide a solution to the problem, because now for modernization of systems aimed at updating available computing resources, it is enough to upgrade (replace) only removable central units, keeping all other equipment of user workstations unchanged. In addition, the execution of the central blocks by mobiles provides the most reliable isolation of critical information in the intervals between work sessions, in particular, when locking mobile blocks in a safe, security, or another method of responsible storage.

At the same time, it should be noted that these differences, with all their similarities in certain versions, in the general case cannot be reduced to the combined use of commercially available docking stations [5] and commercially available computers, since docking stations are optional external accessories for use, without which the corresponding devices do not lose their functional and constructive completeness, and here the stationary and mobile units are necessary additions to each other and are jointly designed so that, being articulated, they are obtained externally almost indistinguishable from a monoblock computer (microcomputer) of the TK type. In this regard, this utility model meets the criterion of "novelty."

In such a workstation, it is advisable that the mobile unit be personalized (containing, in a secure part of its memory, the personal / identification data of the user to whom it is assigned), and the stationary unit - non-personalized (in principle, allowing each of legal users to work at any workplace). This implementation, including for reasons of information security, for most cases is the most appropriate both in technical and organizational aspects.

INFORMATION SOURCES

1.http: //ru.wikipedia.org/w/index.php?title=Workstation&oldid=63076071

2. http://m.wikipedia.org/w/index.php?title=Thin_client&oldid=65773670.

3. Konyavsky V.A. Information security management on the basis of SZI NSD "Accord". - M .: Radio and communications, 1999.

4. Patent of Russia for utility model No. 118773.

5.Http: //ru.wikipedia.org/w/index.php?title=Doc-station&oldid=617651134.

Claims (2)

1. A workstation with hardware-based data protection for computer networks with a client-server or terminal architecture, functionally a thin client (TK) computer containing a central part in the form of a processor and memory, including a reprogrammable read-only memory a device that stores critical data and is hardware-protected from unauthorized overwriting of such, and the peripheral part in the form of connection interfaces - both the TC to the network and the peripheral equipment of the user's workplace I to the TC - characterized in that its central and peripheral parts are made in the form of two units equipped with electrical connectors in separate housings, which, when electrically connected and mechanically jointed (mated), form a compact unit geometrically similar to the one-piece TC body, and the central part block is made mobile (allowing for disconnection and wearing by the user in the intervals between work sessions), and the peripheral unit block - stationary (permanently connected cables to the network and to peripheral equipment ny). 2. The workstation according to claim 1, characterized in that the mobile unit is made personified (containing, in a secure part of its memory, the personal / identification data of the user to whom it is assigned), and the stationary unit is non-personified (in the principle that allows each of the legal users to work at any workplace).