RU187247U1 - MULTI-CIRCUIT TERMINAL OF ACCESS TO DIFFERENT CATEGORIES - Google Patents

Abstract

The proposed utility model relates to devices used for user interaction with local or remote computer systems. A computer terminal with multi-circuit hardware division of digital information contains a control board. The terminal is equipped with a power supply connected to the control board, which summarizes an optical unidirectional interface and a terminal device that has four independent hardware-separated information processing loops, each of which is designed as a separate terminal board, which receives its activating signals from a reader module that recognizes information about feature of a particular circuit stored on an external retrievable storage medium. The video signal is output from the active terminal board to the monitor via the aforementioned summing optical unidirectional interface. This ensures the prevention of the probability of information of various types (various purposes) from one computer network to another. 1 ill.

Description

Technical field

The proposed utility model relates to devices used for user interaction with local or remote computer systems.

State of the art

During the work of almost any state institution, there is a need for parallel work with information of various types (secret, top secret, official (DSP), publicly available (only 4 information stamps).

For example, the company needs to process information from the Internet, documents for official use (DSP), as well as documents containing state secrets. When three circuits isolated from each other are used for the indicated purpose, the operation slows down significantly in view of the impossibility of parallel operation simultaneously in all circuits, and it may also be difficult to transfer information between the indicated information processing circuits.

The partially mentioned problem of separating information of different types from each other can be solved by using “guest” operating systems. Virtual machines with installed “guest” operating systems are created on a server running a specific operating system. But it should be noted again that the existing problem is not completely solved, since physically the circuits are still not separated relative to each other, and therefore there is a likelihood of information leakage.

However, it should be pointed out that other methods and systems are known from the prior art that protect the transmission of information from one computer system to another.

So, from the prior art, a system is known for protecting against leakage of confidential data in wireless networks (see RU2602956, class H04W12 / 02, publ. 2016).

The known invention is intended to protect against leakage of confidential user data when transmitting said data via a wireless network to a remote server.

The specified system performs the safe transfer of confidential information through a network having an access point through which traffic is transmitted and contains means for transmitting traffic containing confidential information over the created secure connection.

As a drawback, it can be noted that the implementation of the well-known data protection technology is carried out according to a rather complex algorithm that is accessible for reflection and understanding, as well as practical implementation only for specialists in this field of technology with special knowledge and skills.

An additional drawback can be considered a fairly narrow area of use, limited by the security of the transmission of exclusively outgoing information.

The closest from the point of view of the technical nature with respect to the proposed utility model is a device for access control to a computer system (see RU2625721, class G06F21 / 82, publ. 2017).

In the known device is structurally provided for the possibility of multi-circuit hardware separation of information and the presence of a control board.

Among the shortcomings of the known technology can be noted the instability of the processes of identification and verification of peripheral devices. Thus, identification is not always carried out systematically in a static field, which will require observation of data exchange cycles between the peripheral device on the one hand and the computer system on the other hand, before determining the category of the peripheral device, and in case of unsuccessful verification, it is necessary to either stop the data transfer and interrupt access to the information system, while introducing an additional level of access control or modify data “on the go” to make it safe.

The features disclosed above directly affect the reduction of the technical and operational characteristics of this device, in particular, such as the speed of receiving and processing data, as well as the degree of their protection (vulnerability).

Utility Model Disclosure

The disclosure of the proposed utility model with its essential features characterizing it is based on the following.

As a rule, in the conditions of state institutions, when working with documentation, various sources of information are used, for example, information from the Internet and internal information of an institution (confidential or official) or information from the Internet and information constituting a state secret. Most often, computers intended for these purposes are located in different rooms and are not connected to each other at the same time, and information of limited distribution can only be processed on specially prepared and certified computers, so the preparation of the necessary documents is inevitably associated with the movement of employees from one premises of the institution to another with the purpose of transferring information on special media between computers, which in turn delays paperwork, and employees are provoked to n violation of the workflow regime, which with a certain probability can lead to the leak of important data.

However, if at one workplace you realize the ability to work with various types of information (secret, top secret, service (DSP), publicly available, you will be able to quickly transfer information from a "low" category to a workstation with a higher "category", for example, information from the Internet to the workstation for information marked “C” (secret), which will greatly simplify the work and, as a result, increase its efficiency, and there will be no violations of the established workflow regime.

To achieve the above goals, terminal information processing technology is best suited when information is stored centrally on servers, and a computer terminal serves exclusively for input / output of information and its visual display.

According to the proposed utility model, a computer terminal with multi-circuit hardware division of digital information is proposed as such a terminal.

Based on the foregoing, it can be argued that the technical problem (task) of the proposed utility model is the creation of a computer terminal with the ability to physically separate the diverse information used in the work (secret, top secret, service (DSP), generally available), while creating conditions for effective safe operation.

The technical result of the proposed utility model, which is objectively manifested in the course of its use, is to prevent the possibility of getting (leakage) of the aforementioned heterogeneous information from one computer network to another.

Moreover, the above technical result and technical problem are achieved as a result of the fact that the proposed computer terminal with multi-circuit hardware separation of digital information contains a control board, while the terminal is equipped with a power supply connected to the control board, summing up the optical unidirectional interface and a terminal device having four independent hardware-separated information processing loops, each of which is designed as a separate terminal board, in which The signals that activate it are received from the reader module, which recognizes information about the characteristic of a particular circuit stored on an external removable storage medium, while the video signal is output from the active terminal board to the monitor via the aforementioned summing optical unidirectional interface.

In the proposed computer terminal with multi-circuit hardware division of digital information there is no non-volatile memory, after turning off the power, all information in the terminal is erased. Information of each category (public, secret, service, etc.) is stored and processed on a separate server or group of servers, i.e. in other words (figuratively), each information is stored and processed in its independent hardware-separated information processing circuit, each of which is made in the form of a separate terminal board.

Using the proposed terminal technology, namely, a computer terminal with multi-circuit hardware separation of digital information, characterized by a set of essential features presented above, the technical possibility of unidirectional transfer of information between servers (information processing loops) is formed, and the selection of a hardware-separated data processing loop is implemented using removable external storage medium made in the form of a smart card, on which x all initial boot information for a certain (necessary) terminal board is wounded in encrypted form.

In this case, the video signal is output from the active terminal board to the monitor by means of a summing optical unidirectional interface.

When a smart card is removed from the reader module, from which signals activating a certain terminal board are received, the power of the computer terminal is turned off with its memory completely erased.

Thus, the constructive implementation of the proposed computer terminal with its characteristic technical features form a set of essential features necessary to solve the specified technical problem and achieve a given technical result.

Brief Description of the Drawings

In FIG. 1 shows a block diagram of the proposed computer terminal with multi-circuit hardware division of digital information.

Utility Model Implementation

The proposed utility model is illustrated by a specific example of implementation and implementation, which, however, are not the only possible, but clearly demonstrates the achievement of the solution of a technical problem and the achievement of a given technical result by the set of essential features.

In FIG. 1 presents the following functional blocks:

1 - terminal device;

2 - control board;

3 - reading module (reader);

4 - smart card;

5 - monitor;

6 - summing optical unidirectional interface;

7 - power supply.

The proposed computer terminal with multi-circuit hardware separation of digital information contains a control board 2.

A reading module 3, a power supply 7, summing the optical unidirectional interface 6 and terminal device 1 are connected to the control board 2.

The terminal device 1 has four independent hardware-separated information processing loops, each of which is made in the form of a separate terminal board (in Fig. 1 are designated as terminal 1, terminal 2, terminal 3, terminal 4).

Each of these terminal boards contains a power relay, a USB relay, a USB port, and a monitor connector (see Fig. 1).

A certain terminal board (terminal 1, terminal 2, terminal 3, terminal 4) receives its activating signals coming from the reading module (reader) 3, which recognizes information about the sign of the selected circuit, or in other words about the sign of the terminal board that needs to be activated.

Information about the characteristic of a particular circuit is stored on an external retrievable storage medium, made in the form of a smart card 4, inserted into a reading module (reader) 3.

At the same time, the video signal from the active (working) terminal board (terminal 1, terminal 2, terminal 3, terminal 4) is output to the monitor via the summing optical unidirectional interface 6.

The proposed computer terminal operates as follows.

Each hardware-separated information processing loop or, in other words, each terminal board (terminal 1, terminal 2, terminal 3, terminal 4) of terminal device 1 is connected to only one computer network, for example, a network for working with publicly available information (Internet, etc.), confidential, secret and official, only one board works, which excludes the possibility of information from one network to another due to all kinds of hardware buffers (memory pockets).

A smart card 4 containing features that activate a circuit designed to work, for example, with the Internet (a public type of information) is inserted into a reader module (reader) 3.

Typically, on a smart card 4, a sign of a terminal board (independent circuit) is stored, which needs to be powered (turned on), a BIOS boot code, and a digital signature.

Next, the control board 2 reads the information contained on the smart card 4 and performs verification. In case of successful verification, the control board 2 gives a command to supply power to the selected terminal board (independent circuit), in this case, an independent circuit for working with the Internet.

It is important to note that the simultaneous inclusion of two or more independent hardware-separated circuits of information processing is impossible.

The terminal is ready to work on the Internet.

The user selects information on the Internet, puts it in a folder on the desktop of the computer terminal “Transfer”, and all user actions are visually displayed on monitor 5, which receives a video signal from the active terminal board via a summing optical unidirectional interface 6. Information of the “Transfer” folder ”Through a unidirectional gateway is automatically transmitted from the server serving the circuit with open public information (Internet) to the server serving the circuit with the service information.

Next, the user removes the smart card 4 from the reader module (reader) 3.

Since a separate motherboard is allocated for each independent hardware-separated information processing circuit, all information is stored on a terminal server separate for each circuit (in this example, on a terminal server for information from the Internet), and if smart card 4 is removed directly at the workplace no information remains, namely, the power supply to the computer terminal is turned off with its memory completely erased.

Then the user inserts a smart card 4 containing features that activate the circuit designed to work with confidential information (DSP) in the reading module (reader) 3. Similarly, verification occurs in the process by which the computer terminal is turned on and loaded to work.

In the “Information from the Internet” folder, the user extracts information previously transmitted from the Internet and continues to work.

After completing work in this circuit, in a similar way (as indicated above), smart card 4 is removed and no information remains at the workplace, since the terminal memory is completely erased, and the necessary information is stored on a separate (other) terminal server for chipboard information.

It is important to note that these separate for each server circuit are interconnected via devices using unidirectional information transfer.

Thus, as a result of the fact that the computer terminal is equipped with a power supply unit 7 connected to the control board 2, a summing optical unidirectional interface 6 and a terminal device 1 having four independent processing loops, each of which is made in the form of a terminal board into which the activating its signals from the reading module (reader) 3, which recognizes information about a particular circuit, and the video signal is output from the active board to the monitor 5 by means of a summing optical nonapravlennogo interface 6 - provided a predetermined achievement of technical result consisting in preventing the probability that the information of different types (different purposes) from one network to another.

But in general, the urgent task of creating a computer terminal is solved, with the ability to physically separate the heterogeneous information used in the work (confidential, secret, official, public), while creating conditions for effective safe work with various documents.

The proposed terminal technology can be successfully implemented in the work of state institutions in which a regulated procedure for paperwork and work with documents is established.

Claims (1)

A computer terminal with multi-circuit hardware division of digital information containing a control board, characterized in that it is equipped with a power supply connected to the control board, summing up the optical unidirectional interface and a terminal device having four independent hardware-separated information processing loops, each of which is made in the form of a separate terminal board, into which the signals activating it from the reading module, which recognizes information about the characteristic of a specific ntura stored in the external removable medium information, wherein the video output with an active terminal of monitor board carried by said summing optical unidirectional interface.

Images