RU154304U1 - COMPUTER WITH PROTECTED DATA STORAGE - Google Patents

Abstract

1. A computer with a secure data store containing a system bus, a FLASH chip containing UEFI, and a secure data store connected via a connector to the system bus, while the secure data store has its own controller for receiving a password and an identity certificate from UEFI and their comparisons with the password and the certifying certificate from their memory, and if they match, allowing access to the storage medium of the secure data warehouse. 2. A computer with a secure data warehouse according to claim 1, characterized in that the secure data warehouse is based on Flash memory. A computer with a secure data warehouse according to claim 2, characterized in that the Flash memory is based on one of the following formats: CompactFlash, MultiMediaCard, Secure Digital, miniSD, Memory Stick, Memory Stick Duo Pro.

Description

The proposed utility model relates to a computer with a secure data warehouse, namely, it is proposed to allow access to the data warehouse, only on certain computers.

Unified Extensible Firmware (UEFI) is currently being developed for modern motherboards. This interface is designed to replace the computer BIOS and is intended to correctly initialize the equipment when the system is turned on and transfer control to the bootloader of the operating system. UEFI has two phases: the preliminary EFI phase, at which the computer elements are initialized and the driver execution phase of the Driver Execution Environment (DXE), after which the computer’s operating system is already loaded, see, for example, US 2009319763 A1 dated 12.24.2009. Thanks to the use of UEFI, the loading of the computer operating system is accelerated.

The closest technical solution is a computer for working with a secure data warehouse, disclosed in the application for the invention of the Russian Federation No. 20088132185 from 02.20.2010. This technical solution contains the steps of starting the bootloader of the operating system, reading the encryption key, checking the integrity of the operating system and loading the operating system. At the same time, the bootloader is pre-recorded on an external medium, at the initial stage of the boot, all sectors of the computer hard drive are encrypted, before checking the integrity of the operating system, the encryption key necessary for this check and subsequent download is stored, which is previously stored in the protected memory of the external device for access to which require user authentication, and thus provide protection against unauthorized access to data stored on the hard drive. The disadvantage of this technical solution is the lack of data security, limited by the method of encryption of the hard disk, as well as complexity.

The proposed technical solution is aimed at creating a computer with a secure data warehouse, in which data from the data warehouse will be inaccessible without a computer with a previously initialized data warehouse.

The technical result of the proposed technical solution is to increase the data protection of a secure data warehouse.

The technical result is achieved in that a computer with a secure data storage contains a system bus, a FLASH chip containing UEFI, and a secure data storage connected via a connector to the system bus. At the same time, the secure data warehouse has its own controller that accepts the password and the certification certificate from UEFI and compares them with the password and the certification certificate from its memory, if the passwords match, the controller of the secure data warehouse allows access to the storage medium of the protected data warehouse.

2. A computer with a secure data warehouse according to claim 1, characterized in that the protected data warehouse is made in the form of Flash-memory.

3. The method of downloading a protected data storage by a computer according to claim 2, characterized in that the Flash memory is selected from one of the following CompactFlash, MultiMediaCard, Secure Digital, miniSD, Memory Stick, Memory Stick Duo Pro formats.

In this case, it is preferable to execute the protected data storage in the form of Flash memory selected in one of the following formats CompactFlash, MultiMediaCard, Secure Digital, miniSD, Memory Stick, Memory Stick Duo Pro. Or use another known Flash memory.

The operation of the proposed device contains the steps:

- turn on the computer,

- computer Unified Extensible Firmware (UEFI) downloads from its motherboard memory module (FLASH chip),

- at the stage of UEFI-transition to the driver execution environment (DXE), the implementation of power supply to the secure data warehouse and initialization of the access controller of this data warehouse,

- transfer of the UEFI password to the access controller of this data warehouse,

- transmitting the UEFI certification certificate to the access controller of this data warehouse and verifying the correctness of the response,

- with the positive fulfillment of all conditions, opening access by the access controller of the given store to its data,

- when the computer is shut down, access to the data warehouse is closed until the next initialization of the access controller of this data warehouse.

Figure 1 shows a diagram of a computer for working with a secure data warehouse.

Consider a more specific implementation of the proposed utility model. To implement the computer, a motherboard is used, in which UEFI is written in the FLASH chip instead of BIOS (BIOS). At the same time, password and / or certificate information is stored in the UEFI, which is transmitted to the controller of the connected secure data warehouse. The remaining elements of the computer represent standard computer elements: a processor with a cooling system, RAM, a video card, hard disks (SSD or HDD), a monitor, a case with a power supply, a keyboard and mouse. In addition, interfaces (sockets) for connecting at least one secure data storage to its system bus must be provided in the motherboard of the computer.

The computer works with the protected data storage as follows: the user turns on the computer, after which the UEFI download starts, while the monitor can form various graphic or textual design of the UEFI boot, after the UEFI transition to the driver execution environment - DXE, power is supplied to the pre-connected secure data storage (in case of its absence, UEFI can offer the user to connect such storage or, for the purpose of conspiracy, will start downloading from a regular hard drive) and accordingly, the UEFI initializes the given secure data warehouse, after which the UEFI transfers the password to the secure data controller, then the UEFI transfers the certifying certificate to the secure data controller and checks the response if the controller sends a positive password and certificate with its password and certificate it opens access to its internal memory of the data warehouse, if the result of comparing the password or certificate does not match, the controller will stvlyaet lock internal data memory storage, when switching off the computer controller of the protected data store also carries a lock internal memory storage.

Thus, the controller of the secure data warehouse is “tied” to the motherboard in such a way that only their joint work is possible. When you try to connect another similar motherboard to the storage or another storage to the motherboard, the devices do not work. The controller provides access to the FLASH memory of the storage, only during the implementation of a predefined procedure for processing data (in particular, when checking the password and certificate that certifies the motherboard), at other times, power is not supplied to the FLASH storage memory.

A specific embodiment of the proposed technical solution has been disclosed above, but it is obvious to any person skilled in the art that based on the disclosed data, it is possible to create variations of a computer with a secure data warehouse, for example, using excellent authentication procedures for the data warehouse controller and the computer motherboard. Thus, the scope of the utility model should not be limited to the specific embodiment described in the proposed utility model formula.

Claims (3)

1. A computer with a secure data store containing a system bus, a FLASH chip containing UEFI, and a secure data store connected via a connector to the system bus, while the secure data store has its own controller for receiving a password and a certificate from UEFI and their comparisons with the password and the certifying certificate from its memory, and if they match, it allows access to the storage medium of the secure data warehouse. 2. A computer with a secure data warehouse according to claim 1, characterized in that the secure data warehouse is based on Flash memory. 3. A computer with a secure data warehouse according to claim 2, characterized in that the Flash memory is based on one of the following formats: CompactFlash, MultiMediaCard, Secure Digital, miniSD, Memory Stick, Memory Stick Duo Pro.

Images