RU2321055C2 - Device for protecting information from unsanctioned access for computers of informational and computing systems - Google Patents

Abstract

FIELD: computer engineering, possible use for trusted loading of a computer and for protection from unsanctioned access to information, which is stored in personal computers and in computerized informational and computing systems.

SUBSTANCE: device contains controller for exchanging information with external information carrier, controller for exchanging information with computer, processor for identification and authentication of users, blocks of energy-independent memory, module for blocking common control bus and exchanging computer data when an attempt of unsanctioned access to it is made, power management device, block of interfaces of external devices, module for blocking external devices, energy-independent flash memory, hardware indicator of random numbers, microcontroller of sensors of opening and extraction of computer components, random-access memory device, where introduced additionally to identification and authentication processor are module of constant user authentication, module for checking integrity and conditions of hardware components of protection device, module for controlling load on switches of hardware encoder, module for controlling network adapters, module for interaction with system for delimiting access and module for interaction with servers of informational and computing system.

EFFECT: expanded functional capabilities and increased efficiency of protection of information from unsanctioned access.

1 dwg

Description

The invention relates to the field of computer technology and is intended for trusted computer boot and protection against unauthorized access (unauthorized access) to information processed and stored in personal computers and in computer information and computing systems. Its use will allow to obtain a technical result in the form of expanding the functionality of the device and increasing the efficiency of protection of the specified information, including with a high level of confidentiality, up to the level of "secret".

A Dallas Lock 5.0 device (manufacturer of Confident LLC) is known, which is a hardware-software system for protecting personal computer resources from unauthorized access and containing an external medium of user identification information with a remote contact node, a user identification and authentication module before the operation of loading the operating system (OS) , a non-volatile memory block in which user credentials are recorded, a blocking module when trying to access the NSD to it, a module for registering NSD attempts in a special " log ”on the computer’s hard drive, a key lock module during computer boot, and modules for restricting user access to files and folders and monitoring file integrity. The hardware of the device is made in the form of a board installed in the PCI bus slot or ISA computer. An identifier such as Touch Memory or an electronic Proximity card is used as an external storage medium.

This device belongs to the hardware-software modules of the trusted boot (APMDZ) type "Electronic lock" (EZ) and performs a set of standard functions specific to devices of this class:

- registration of each user in the system, verification of his personal identifier and password;

- computer lock in case of an attempt to enter the system of an unregistered user;

- registration of events in the system log;

- monitoring the integrity of important user and system files, including the OS;

- prohibition of unauthorized loading of OS from external removable media.

Dallas Lock 5.0 provides protection of confidential information at the level of 3rd security class in accordance with the certificate of the State Technical Commission. The device can only function in a Windows NT 4.0 environment. User identification and authentication functions and all operations related to key information, as well as event logging, are performed by a computer processor rather than an EZ, which gives an attacker the opportunity to introduce special software “bookmarks” into the system that can carry out unauthorized access to data or modify them . The storage of the log of attempts to read the NSD is carried out on the hard disk, and not on the EZ board, which does not guarantee the protection of journal entries from modification. In addition, the device supports a limited number of file systems (only FAT and NTFS) and does not provide the ability to interact with other subsystems, in particular, it does not provide the ability to switch external devices.

EP “Shield” has a broader functionality and increased efficiency of protecting computer information from unauthorized access (manufacturer FSUE Concern “Systemprom”, see patent RU No. 2212705, class G06F 12/14, January 24, 2002, published September 20, 2003 .). The device comprises an external storage medium made in the form of non-volatile memory, a remote unit for reading information from an external storage medium, an information exchange controller with external storage medium that provides user identification and authentication, and a read-only memory device (ROM) located on a common board with a BIOS expansion program, a controller computer information exchange connected to its common control and data exchange bus, common bus blocking device, power control device and four power units non-volatile memory, in which user credentials, an event log, EZ settings and the time interval for locking the computer from its inclusion to the transfer of control to the BIOS expansion program are recorded, respectively.

The known device provides higher protection against unauthorized access due to the implementation of a number of additional functions and the placement of critical data and parameters on the EZ board in additional non-volatile memory blocks. In particular, the placement on the EZ board of service data used in organizing user access to information stored on a computer ensures the safety of storing this data. The introduction of a power control device on the controller bus with a lock on the common computer bus provides a reflection of attacks with power failures.

However, this device does not ensure the security of user identification and authentication programs when organizing access to information stored on a computer, and does not provide for the possibility of interaction with other subsystems and devices that implement protection functions, which limits its functionality and reduces the effectiveness of protecting computer information from unauthorized access. Indeed, in the known device, user identification and authentication functions and all operations related to key information, as well as event logging, are performed by a computer processor. Due to this circumstance, registered users with malicious intentions get the opportunity to introduce special software “bookmarks” into the system, which can perform various actions during the work of other registered users, including intercepting confidential data and storing them in the computer “on demand”.

Closest to the proposed device is a device for protecting against unauthorized access to information stored on a personal computer, in which user authentication and identification programs are performed in a trusted environment using an identification and authentication processor located on the device’s circuit board (“Shield-M” manufacturer FSUE Concern "Systemprom", see patent RU No. 2263950, class G06F 12/14, 11/28/2003, publ. 05/27/2005).

The known device contains an external storage medium, made in the form of non-volatile memory, a remote unit for reading information from an external storage medium with an information exchange controller with an external storage medium, a read-only memory device (ROM) with a BIOS expansion program, an information exchange controller connected to a computer connected to the shared board to its common control and data exchange bus, common bus blocking device, power control device, identification and authentication processor, data exchange input / output which is connected to the input / output of the exchange of data exchange controller with an external storage medium, the control output is connected to the input of the blocking device of the common control bus and computer data exchange, and the signal input is connected to the output of the power control device, and four non-volatile memory blocks are written into user credentials, event log, EZ settings, and the time interval for locking the computer from turning it on to transferring control to the BIOS expansion program.

Running authentication and user identification programs while organizing their access to information stored on a computer in a trusted environment using the identification and authentication processor located on the electronic board itself ensures the safety of authentication and identification programs and increases the efficiency of protecting information from unauthorized access.

However, the known device does not have a sufficient level of functionality for protection against unauthorized access to information stored and processed on a computer, and does not provide sufficient protection efficiency. Indeed, in the known device there is no hardware random number sensor (DCH), which provides reliable conversion of cryptographic information and the generation of encryption keys and user authentication information (AIP), it does not provide a multi-user mode with the ability to remotely control it, which is necessary for protection of information from high level of confidentiality; verification of the hardware components of the protection device is not implemented. In addition, only one time interval is subjected to control, which is critical in the process of starting the EZ and loading the computer after it is turned on, namely, the interval from the moment the computer is turned on to the transfer of control to the BIOS expansion program. However, during the operation of the EZ there are several critical time intervals (when unauthorized interference with the start-up procedure is possible), in addition to the specified time, in particular, the time for the user to enter the system (at this time the user is waiting and entering the password), time for downloading the encryption keys, time before the authentication procedure starts, the time until the ES shell starts (from the moment the authentication program ends to the launch of the system integrity control program), the time for the ES shell to work, the time until the ES is fully ready et al.

It should also be emphasized that one of the modern requirements for information protection systems against unauthorized access is to provide comprehensive protection, which involves the interaction of a computer access device with other means of protection (encryption, access control system, blocking devices, etc.) and the organization of a single a hardware-software complex for protecting information from unauthorized access based on existing means of protection. To implement this task, a backbone module is needed that provides interconnection and interaction between the components of the integrated protection system. The protection device for performing the functions of a backbone module must have interfaces for interacting with other protection means, as well as additional interlocks that increase the reliability and effectiveness of protection. It is also desirable that critical operations related to the control and processing of information during the interaction of security equipment should be performed in a protected environment on the device’s common board (in its own RAM EZ), and not in the computer’s RAM and when using its own trusted OS.

In addition, a modern protection device must take into account new trends in the development of information and computer systems. In particular, remote control and remote access have become popular at present, and the thin client technology is also being developed. These areas impose more stringent requirements for information security tools.

Remote access software allows the user to enter the organization’s network from a computer located outside it, and remote control software allows you to solve problems that occur on the remote computer and administer it. A serious problem is the danger of unauthorized access to the network, and therefore, it is necessary to have reliable authentication mechanisms and means and restrict user rights.

The term “thin client” (TC) refers to a specific software product that allows you to use a remote computer on a low-speed channel as a terminal, which may lack a hard disk and its own software. Software loading is carried out from the server. Information is processed on the application server, and only codes of pressed keys and screen changes are transmitted between the server and the client computer. When creating information and computing systems based on TC technology, the most important is the security issue, since it is necessary to protect both the workstation of the TC (terminal of the TC) and the server part and the communication channel. One of the reliable solutions is the use of a security device that provides reliable authentication and identification mechanisms, as well as the use of a trusted OS.

To eliminate these disadvantages characteristic of the prototype, it is necessary to introduce hardware and software modules into the device for trusted loading of the computer and protection against information stored on it, which increase the level of functionality for protection against differential pressure and the effectiveness of protection.

The technical result of the invention is to increase the level of functionality of a trusted computer boot device and the effectiveness of protection against unauthorized access to information stored and processed in a computer and in an information-computing system by introducing hardware and software blocks into the device to ensure its interaction with other protection means, the possibility of limiting and differentiation of access to hardware and software components of a computer and protection device, effective and reliable computer lock the user during various attempts of unauthorized actions, as well as performing the most critical operations directly in the protection device.

Due to such functionality, the proposed device for trusted computer boot and protection against unauthorized access to information stored and processed on it will be able to perform system-forming functions, and on its basis it will be possible to build an integrated computer protection system.

The technical result is achieved by the fact that in the known device for protecting information from unauthorized access for computers of information and computing systems, comprising a controller for exchanging information with an external storage medium, a controller for exchanging information with a computer, a user identification and authentication processor that operates independently of the computer’s central processor, blocks non-volatile memory with user credentials, device settings and electronic log, blocking module a common bus for managing and exchanging computer data when trying to unauthorized access to it, as well as a power control device, a block of external device interfaces has been introduced, including an inter-module hardware encoder interface and a network adapter management interface, an external device blocking module, including hard drive locking and control devices, electromagnetic latch of the computer case, RESET and POWER signals of the computer, non-volatile flash memory with storage blocks of the trusted operating systems, software for monitoring the integrity of device components, remote administration and device management, monitoring of all critical time intervals for starting and loading a computer, the client part of the thin client software, a random number sensor, a microcontroller for tampering and extracting computer components with its own independent source power supply, random access memory, moreover, a module is additionally introduced into the identification and authentication processor tinuous user authentication module checks the integrity and condition of the protection device hardware components, a download control unit key cryptographic token, the control network adapters, the module interaction with the system and access control module communicate with servers data-processing system.

As a result of the analysis of the prior art by the applicant, including a search by patent and scientific and technical sources of information and identification of sources containing information about analogues of the claimed technical solution, no source was found characterized by features identical to all the essential features of the claimed technical solution. The definition from the list of identified analogues of the prototype, as the closest in the totality of the characteristics of the analogue, made it possible to establish a set of essential characteristics of the claimed device of trusted computer loading and protection against unauthorized access to the information stored and processed on it, as set out in the claims, as set out in the claims . Therefore, the claimed technical solution meets the criterion of "novelty."

An additional search carried out by the applicant did not reveal known solutions containing features that match the distinctive features of the claimed device protection from unauthorized access to information stored and processed on a computer. The claimed technical solution does not follow explicitly from the prior art and is not based on a change in quantitative characteristics. Therefore, the claimed technical solution meets the criterion of "inventive step".

The drawing shows an electrical block diagram of one of the possible devices for trusted computer boot and protection against unauthorized access to information stored and processed on it, which is installed on a standard computer PCI bus slot.

The device for protecting information from unauthorized access for computers of information-computing systems contains a common board 1 with a controller 2 for exchanging information with a computer, a processor 3 for identifying and authenticating users (a security processor), a control and locking module 4 for the device, and a block for 5 external device interfaces , module 6 for blocking external devices, non-volatile flash memory 7 and EEPROM memory 8, hardware DSCH 9, additional random access memory (RAM) 10, stroystvom control supply 11, the microcontroller 12 opening sensors extraction components of a computer with its own independent power source 13, audio device 14 and the switch unit 15 for selecting the operating mode of the device. The device is connected to a common control and data exchange bus 16 of the computer, the hardware components of the device are connected via the local bus 17.

The security microprocessor 3 contains a number of software modules that implement the protective functions of the device: a user identification and authentication module 18 that implements an additional function compared to the prototype — constant user authentication, a module 7 for checking the integrity of the contents of the flash memory 7, a module 20 for diagnosing the state of the device components, network adapter management module 21, device configuration module 22, key information loading management module 23, mutual support module 24 actions with the access control system installed on the computer module 25 to support interaction with the server.

Block 5 of external device interfaces contains a universal RS232 or RS485 interface (item 26) for connecting external devices, for example, a plastic card reader or biometric identifier, Touch Memory identifier interface 27 (electronic tablet), USB interface 28 for USB identifier ( such as eToken, ruToken, etc.), the intermodule interface 29 for connecting to and protecting other hardware protection devices, for example, with a cryptographic data protection device (UKZD), as well as an interface 30 for managing network adapters, allowing ravlyaetsya them and form a secure local network or, conversely, to block (disable) protected computer from the network.

The external device blocking module 6 includes additional computer locks: a device (interface) 31 for locking and managing computer hard disks (access control to hard disks), a device (interface) 32 for locking and controlling the electromagnetic latch of the computer case, and a blocking and control device (interface) 33 the RESET signal of the computer (reboot), the device (interface) 34 locks and controls the POWER signal of the computer (power lock). At the same time, through the control and locking module 4 and controller 2, the common control and data exchange bus 16 of the computer is also locked (i.e., similarly to the prototype, module 4 performs the functions of the control bus and computer data exchange lock module). All locks are controlled by a safety microprocessor 3, connected by a local bus 17 to the control and lock module 4.

Non-volatile flash memory 7 contains the following memory blocks: block 35 with software for checking the integrity of the components of the device, block 36 with a list of controlled hardware and software objects, block 37 with software for remote control of the device, block 38 for monitoring all critical time intervals for starting and loading the computer , block 39 with a trusted OS (“truncated” versions of MS DOS, Linux, Windows CE, etc., in which user security parameters can be pre-installed) can be used as a trusted OS), block 40 with client th part of the thin client software. Since non-volatile flash memory 7 contains software running on the computer’s central processor, this memory can be accessed by both the security microprocessor 3 and the computer’s central processor (but with permission of the security microprocessor 3).

Non-volatile EEPROM memory 8 contains: BIOS expansion unit 41, an electronic journal 42 for recording all events, unit 43 with user credentials and unit 44 with settings and remote control keys. Access to this memory is made only by microprocessor 3.

In the device’s own RAM 10, operations are performed to identify and authenticate users, work with key information, manage external devices, verify the integrity of the internal software of the security device, interact with remote control servers (in particular, when working in the thin client architecture, with the protection server and terminal management TC) and other critical operations.

The device for protecting information from unauthorized access for computers of information-computing systems according to the drawing scheme works as follows.

Before starting operation of a computer with a security device installed (the device’s board is installed in an empty slot on the computer’s common bus, for example, PCI) and software for interacting with other security devices preinstalled on it (some of the software can be installed optionally at the request of the customer), users are registered, for which using the anti-tamper protection system software, variable parameters are written into the registration files - control information that determines the access rights of each user to computer resources :

- to flash memory module 36 7 — a list of monitored objects (a list of programs protected from changes, including the operating system, and files, as well as the full path to each monitored file and / or coordinates of each boot sector (name of the startup program for this user)) as well as a table of control vectors of controlled objects (values of checksums or the calculated value of the hash function of files protected from changes in the hard drive and / or boot sectors);

- to flash memory module 38 - controlled start-up time intervals, including two main ones (time to download encryption keys and time to enter the user into the system (to wait and enter the password) - the interval between starting the user authentication program and entering it into the system ) and eight additional (time intervals between the removal of the RESET (lock) signal from the computer, the launch of the 1st part of the BIOS of the protection device, the launch of the 2nd (main) part of the BIOS, the launch of the user authentication program, the time for changing the password, the time interval between the completion of the user authentication program and the launch of the system integrity program, the time interval for the operation of the system integrity control program, the time until the device is completely ready - the time interval until its initialization is successfully completed);

- to module 43 of the EEPROM-memory 8 — credentials for all users of this computer (name (registration number) of the user, his credentials (user access rights, each user can have his own set of rights), serial number of the user's key carrier, authentication standard user, password control vector (image), user password expiration date, number of allowed failed login attempts, etc.);

- to module 44 of the EEPROM-memory 8 — settings data and remote control keys;

- into module 22 of microprocessor 3 — device settings (list of users (names - registration numbers), number of allowed attempts to access the computer, blocking methods, etc.).

Decisions on all issues related to security are made by security microprocessor 3, which operates independently of the main processor of the computer using the software stored in its memory. In particular, it controls access to blocks of non-volatile memory, while block 43 of non-volatile memory 8 is allowed to read / write to exchange service information with application software for protection against unauthorized access (block 18), which authenticates the user. Access control to blocks 38 and 42 (electronic journal) of non-volatile memory 7 and 8, respectively, is performed by the security microprocessor 3 in cooperation with the BIOS expansion program recorded in the non-volatile memory block 41.

The software of the protection device consists of two interacting parts - microprocessor software (firmware) and software running on the main computer processor (software), which is downloaded to the computer from the non-volatile memory 7 of the protection device. The microprocessor software cannot be changed unauthorized, because it is not accessible from the computer side. The software running on the computer’s central processor runs in a potentially hostile environment, and therefore its operation and integrity is controlled by the security microprocessor 3 software (block 19).

Identification and authentication is carried out at each user login. To do this, when you turn on or restart the computer, boot control is initially performed normally, and then during the system BIOS program to test the hardware of the computer before loading the OS, the BIOS expansion program written in the non-volatile memory unit 41 takes control of the initial boot computer at the stage when it is already possible to perform read / write operations on sectors of the tracks of the hard disk of the computer.

At the same time, at the initial stage of computer boot after turning it on before transferring control to the BIOS expansion program, recorded in block 41 of non-volatile memory 8, processor 3 provides blocking access to the common control bus and computer data exchange via control unit 4 and controller 2. Information on controlled intervals time of the startup procedure, by which access blocking is performed, the processor 3 receives from the module 38 of the flash memory 7 through the local bus 17.

After intercepting the computer’s bootstrapping control, the BIOS expansion program recorded in block 41 of non-volatile memory 8, when interacting with processor 3, diagnoses all components of the device (using module 20 of processor 3), and also checks the integrity of software using module 19 of processor 3 and data located in flash memory 7 (blocks 35-40 with software for checking the integrity of controlled objects, a list of controlled objects, remote control software, data on the values of controlled time intervals, etc. launch procedures for which access is blocked, by its own trusted OS and the client part of the “thin client” software, respectively).

If, as a result of diagnostics, errors were detected in the operation of the device components and / or as a result of checking the integrity of the software and data, violations of the contents of the flash memory 7 were detected, the BIOS expansion program recorded in the block 41 of non-volatile memory 8, in interaction with the processor 3, displays on the computer display warning of a malfunction of the anti-tamper device, the user is not allowed to enter the system, the computer is blocked, and the corresponding event is logged in the event log (block 42 of non-volatile memory 8) yuschaya record of malfunction or breakage device flash memory contents.

Fixing violations or unauthorized access is additionally accompanied by a sound signal of a certain type associated with the type of violation, which is implemented by block 14.

Depending on the configuration of the computer in which the device is installed, the computer can be locked by several methods. The specific locking method is set by the settings stored in the internal memory of the device (block 22 of the security microprocessor 3). The main method of locking computers with an input for the RESET button on the motherboard is the RESET signal. Closing the contacts of the RESET button leads to a complete reset of the computer, and while the contacts are closed, the computer does not work, and when they open, the computer restarts. To lock the computer, a relay is installed on the protection device board (block 33 in module 6). After turning on the power of the computer, the relay remains off and holds the RESET signal of the computer, while the computer does not start. This continues until the microprocessor 3 of the protection device conducts an initial self-test of the device. In the case of a successful self-test result, the microcontroller turns on the relay, it opens the contacts and removes the RESET signal, after which the operation of the protection device in the electronic lock function begins.

In addition to the main locking channel (according to RESET), the device also uses a backup channel - PCI bus lock. When this channel is turned on, the device captures the PCI bus and blocks it through the control unit 4 and controller 2, as a result of which the computer freezes.

An alternative method of locking the computer is to lock through the POWER button. This refers to the software power off button in the ATX-type case, the contacts from it go directly to the motherboard. In the event of an error, microprocessor 3 blocks the computer via the PCI bus, gives an audio signal with an error code, and then turns on the relay, which closes the POWER button outputs with its contacts (block 34 in module 6), and the computer turns off.

If the results of diagnostics and integrity checks were successful, the BIOS expansion program recorded in block 41 of non-volatile memory 8 interacts with processor 3 (block 18) and identifies the user, for which he prompts the user to enter information into the computer from the computer’s media. Identification and authentication operations are implemented in the device’s own RAM 10.

The user installs their AIP media in the appropriate reader. As an AIP carrier, an identifier of the type Touch Memory (ТМ), a plastic card, a USB identifier, a biometric identifier, etc. can be used. To read information, a contact or reader for a specific AIP carrier, in particular, a contact device, is connected to the interface unit of external devices 5 TM connects to interface 27, a plastic card reader and a biometric identifier connects to interface 26, and a USB identifier connects to interface 28.

In the case when the presented AIP media is not registered in the registration file in block 22 of processor 3, the BIOS expansion program recorded in block 41 of non-volatile memory 8 gives a warning and a repeated invitation to carry out user identification on the computer display. After the number of unsuccessful identification attempts predefined in block 22 of processor 3, the user is denied access to the system, and an attempt to unauthorized access to the computer is recorded in the event log (in block 42 of non-volatile memory 8).

In the case when the presented AIP media is registered in the registration file in block 22 of processor 3, the BIOS expansion program recorded in block 41 of non-volatile memory 8, in cooperation with block 18 of processor 3, authenticates the user, for which he prompts the user to enter his password from the computer keyboard.

After the user enters the password, the security microprocessor 3 (block 18) determines the image of the entered password and compares it with the control image of the password registered in the block 43 of non-volatile memory 8.

In the case when the control image of the presented password does not coincide with the non-volatile memory 8 registered in block 43 or the time allotted for entering the password is expired, the BIOS expansion program recorded in the non-volatile memory block 41, in interaction with the block 18 of the processor 3 displays on the computer display warning and re-invitation to authenticate the user. After the number of unsuccessful authentication attempts, predefined in block 22 of processor 3, the user is denied access to the system, and an attempt to unauthorized access to the computer is recorded in the event log (in block 42 of non-volatile memory 8).

In the case when the control image of the password presented coincides with that registered in block 43 of non-volatile memory 8, the BIOS expansion program recorded in block 41 of non-volatile memory 8, in cooperation with block 18 of processor 3, checks the integrity of the controlled objects for this user using software that stored in block 35 of flash memory 7. To do this, the specified software calculates the values of the control vectors of objects (values of checksums or values of hash functions of files and / or boot sectors gesture computer disk), listed in the list of monitored objects, located in block 36 of flash memory 7, and then compares the obtained values with the corresponding values of the control vectors entered earlier in the table of control vectors of controlled objects stored in block 36 of non-volatile memory 7. When checking the integrity of the controlled objects uses a trusted OS that is downloaded to the computer from block 39 flash-memory 7 of the protection device.

If the calculated values of the control vectors of the objects for a given user do not coincide with the corresponding values of the control vectors stored in block 36 of non-volatile memory 7, the BIOS expansion program recorded in block 41 of non-volatile memory 8, in interaction with block 18 of processor 3, prohibits this user from accessing the computer, Starting the computer OS is also prohibited.

If the calculated values of the control vectors of the objects for a given user coincide with the corresponding values of the control vectors stored in the non-volatile memory block 36, the program. BIOS expansion, recorded in block 41 of non-volatile memory 8, in cooperation with block 18 of processor 3 allows this user access to the computer, and the computer's OS is also allowed to start.

Further, the BIOS expansion program, recorded in the block 41 of non-volatile memory 8, in cooperation with the block 18 of the processor 3 prohibits the possibility of unauthorized loading of the OS from removable media (floppy disk, CD-ROM, etc.) by blocking access to reading devices of the corresponding media when the computer starts up.

After that, the BIOS expansion program, recorded in block 41 of non-volatile memory 8, transfers control to the standard hardware and software of the computer to complete the BIOS, boot the OS from the computer’s hard drive.

After successful completion of the OS loading, access to the removable media readers is restored with a special driver program included in the software of the anti-tamper system.

After a user logs on to the system and loading the OS during the user's further work, the NSD protection device implements a number of additional functions, which increases the functionality level of the computer’s trusted boot device and the efficiency of protection from NSD of information stored and processed on the computer and allows using the device as a system-forming module.

Firstly, the module 18 of the processor 3 implements an additional function, performing not only a one-time authentication of the user when entering the system, but also further (permanent) authentication, thereby controlling the location of the authorized user at the computer. In the simplest case, it is not allowed to extract the identifier from the reader, otherwise the computer will be blocked. Additionally, periodic (at certain intervals) polling of the identifier with verification of information authenticating the user and the medium itself is possible. If the read information does not match the control values, the computer is also blocked. Finally, through the corresponding interfaces of block 5, for continuous authentication, data of external identification and authentication devices, for example, biometric devices, the absence or mismatch of the signal from which the computer also blocks, can be used. The presence of a permanent authentication channel is necessary to prevent the substitution of a registered user at the stage of operation of the system. In the existing device, authentication is performed only once at the entrance to the system when the computer is turned on, and during operation, the AIP media is not used and can be removed from the reader. There is no further control over the user's work, and anyone can work.

The presence of an intermodular interface 29 allows you to provide a device connection with another hardware-software security tool, for example, a cryptographic data protection device (UKZD). At the same time, the protection device using the block 23 of the processor 3 provides control of the loading of encryption keys in the UKZD, excluding the encryption keys from entering the computer RAM. In this case, all the necessary calculations are carried out in the RAM 10 of the device, which completely excludes the possibility of intercepting encryption keys or interfering with the downloading of key information to the UKZD.

Through the interface 30, the device is connected to network adapters. The device contains, as part of the microprocessor 3, a network adapter control module 21, with which you can connect the computer to a local network or disconnect from it, which allows you to create both a local workstation and a local virtual network. If cryptographic network adapters (KSA) are used, then the proposed security device allows you to organize a secure local network, the information on which is encrypted, while, as in the case of interaction with the UPC, the security device using the block 23 of the processor 3 provides key load control encryption in the KSA through the intermodule interface 29, eliminating the ingress of encryption keys in the RAM of the computer. All the necessary calculations are carried out in the RAM 10 of the device, which completely excludes the possibility of intercepting encryption keys or interfering with the downloading of key information to the KSA. If keys are not loaded in the KSA, then the KSA does not function (it is in the disconnected state).

The presence in the microprocessor 3 of the block 24 support system access control (RDS) ensures the interaction of the device with the computer's SRD, while the device transmits the user identification and authentication results and its identifier to the SRD, eliminating the need to repeat this procedure when the SRD is running. In addition, in the event that the DRS fixes attempts of unauthorized access, the DRS can send a command to the protection device to hardware lock the computer or block access to the hard drive, after which the protection device fulfills the blocking functions on the interfaces 31-34 included in the external device blocking module 6. At the same time, in the event log (in block 42 of non-volatile memory 8), a registered DRR attempt of unauthorized access to the computer is recorded.

Using block 25 in microprocessor 3, support is provided for interaction with servers when working in remote control mode, as well as when operating in a system built on the architecture of a “thin client”.

The presence in the flash-memory 7 of block 40 with the client part of the “thin client” software allows you to use the device for the operation of TC terminals in protected mode. To work in the TC mode, together with the TC software, the trusted OS is loaded from the unit 39 flash-memory 7 of the device.

To fix the fact of unauthorized access to computer components and hardware components of the protection system for the purpose of removing or replacing them, the protection device provides a microcontroller 12 tamper sensors and extracting computer components with its own independent power source 13. This microcontroller constantly monitors the state of the sensors, and in case of a trip any of them carries out registration of an unauthorized access attempt to a computer in its own memory. When you turn on the computer, registered NSD attempts are displayed on the monitor screen, and the computer is blocked to analyze the status of components to which unauthorized access has been registered.

The protection device has a separate electromagnetic latch control channel for locking the computer case (interface 32 of the protection device module 6). Only a user with administrator functions has access to this channel, and other users cannot open the computer case.

An important element of protecting a computer from unauthorized access to information stored and processed on it is controlling access to computer memory devices, primarily hard drives. In the claimed protection device in the module 6 for blocking external devices, a device for locking and managing hard disks 31 is provided, which provides access control to hard disks (hardware access control) and their blocking (in the implemented device, up to 4 HDDs) through a switch of the interface used for them (for example, an IDE or other used interface for external memory devices, in particular SATA). The configuration of access control to the disks is set by microprocessor 3 (block 22), and the enable signal to the output register is supplied from the control unit 4. Therefore, if any of these components fails, the hard disks will be blocked (disconnected).

The presence of additional channels to lock the computer increases the effectiveness of protection. In the proposed protection device, the main types of blocking are provided for: blocking via the RESET channel (module 33), when the computer starts a reboot when it is trying to unload and other emergency situations, blocking through the control and data exchange bus 16 of the computer and blocking via the POWER channel (interface 34) when the computer power is turned off.

For effective and reliable locking of the computer during various attempts of unauthorized actions, the relays used for control and blocking have two duplicate contact groups connected in parallel, which reduces the likelihood of non-contact. To control the reset signal, normally closed relay contacts are used, which ensures the computer is locked in case of device failures (lack of power, malfunction of the processor, control unit or controller, etc.).

The proposed device protects against unauthorized access to information stored and processed on a computer, can be implemented using well-known purchased components.

For example, in the prototype device implemented by the applicant, blocks 2 and 4 and their interfaces are made on a PLD programmable logic chip (EP1K30QC144-3). Security microprocessor 3 is implemented on the MSP430F149IPM chip, module 7 on the K9F2808UOB FLASH memory, and module 8 on the 24C512 EEPROM memory, which allows at least 10 ⁶ rewrite cycles.

Hardware DSCH 9 is made in the form of a random number generator on noise diodes 2G401B and digital signal shaper LM319AM.

As RAM 10, the AS7C3256-15JI chip (Alliance, SOJ-28) was used.

The power control device 11 is made in the form of a TPS3838K33DBVT power supervisor of microprocessor 3, which controls the voltage level of +3.3 V. This voltage is generated on the protection device circuit board by the LD1117DT-3.3 stabilizer from the +5 V input voltage and is used to power most of the device nodes, including including microprocessor 3. If the voltage of +3.3 V drops below the threshold of the supervisor, then it generates a reset signal of the protection device. The microprocessor 3 stops at this signal. After the supply voltage returns to normal, the reset signal is removed and the microprocessor starts to execute its program from the start address. This ensures that attacks with power failures are repelled.

The microcontroller 12 sensors blocking the computer components from opening and extraction is implemented on a microcontroller with ultra-low power consumption and with its own memory to record tampering with components (for example, the MSP430 Ultra Low Power Microcontroller series). As a power source 13 uses a standard battery. Reading the state of the sensors is carried out on the interface formed on the basis of resistive assemblies and connectors of the WK-8 type.

Block 14 is a piezoceramic emitter. In case of violation of the device’s operating modes, as well as when an unauthorized access attempt is made, a certain type of sound signal (siren) is issued to the computer, depending on the type of violation, additionally informing about emergency situations in the system via the sound channel.

Block 15, which sets the operating modes of the device, is a switch SWD1-8.

Block 5 contains the interfaces of external devices. Interface 26 runs on the SN75LP185ADW chip (RS232 interface) or MAX148CSA (RS485 interface) with a DB9 connector. To work with a smart card as an external AIP carrier, a specialized interface can be installed on the SN74AHC244DW chip and a VN-10 connector. When using an electronic key of type TM as an AIP carrier, it is connected through block 27, and the device has two options for connecting it: external through the TJ4-4P4C connector and internal through the PLS-3 connector. USB-interface 28 is a USB Host Controller, which can be performed on a Cypress chip CY7C67300. Intermodule interface 29 is a serial interface made on a chip. SN74AHC125AD and connected via the WK-R-2 connector. The management interface for network adapters 30 is made in the form of a key circuit that connects / disconnects adapters, logical signals from a protection device are transmitted to network adapters through WK-3 connectors. When using cryptographic network adapters, communication with them is via the intermodule interface 29, while the adapter disconnects the computer from the network if keys are not loaded into it, or connects if keys are loaded. Key loading operations are carried out similarly to the interaction of the protection device with the UKZD described above.

Module 6 blocking external devices contains blocks with communication interfaces and connectors for organizing a channel of interaction with the corresponding objects of blocking and control. The device for locking and managing hard disks 31 for controlling the operation and locking of hard disks, for example, via the IDE interface, can be implemented on the SN74HCT574DW microcircuit, which provides control of the IDE interface switches (up to 4 IDE devices are supported in the implemented prototype device) and WK-R-4 connectors for connecting IDE interface switches. The remaining blocks of module 6 contain a device for locking and controlling the electromagnetic latch of the computer case (block 32), a device for locking and controlling the computer by the RESET signal (block 33) and power (block 34), which are implemented on the SN74AHC125AD chip, TX2-12V relay, and WF connectors -3R and PLD-6. The keys for controlling the relay and locking external devices are made on the ULN2003AD chip.

On the basis of these components, the applicant has implemented a prototype device for protecting information stored and processed on computers from unauthorized access for computers of information and computing systems (electronic lock "CRIPTON-Lock / PCI"). The tests of the prototype carried out by the applicant and certification organizations confirmed the possibility of its implementation with the achievement of the indicated positive technical result.

The above information indicates the fulfillment of the following set of conditions when using the claimed technical solution:

- means that embody the claimed device in its implementation, are intended for use in industry, namely, in computer-based automated information processing systems to protect processed and stored information from unauthorized access;

- for the claimed device in the form described in the independent clause of the claims, the possibility of its implementation using the means described in the application is confirmed.

Therefore, the claimed technical solution meets the criterion of "industrial applicability".

When using the proposed device for protection against unauthorized access to information stored and processed on a computer in an information-computing system, access to information resources of unregistered users is prevented by creating a closed program-logical environment for each user.

In this case, the security processor 3 located on the device’s common board 1 in cooperation with the BIOS expansion program recorded in the non-volatile memory unit 41, also located on the device’s common board 1, not only user identification and authentication programs are executed, but also all critical trusted operations loading the computer while ensuring control of all critical time intervals when unauthorized interference with the startup procedure is possible. In addition, all operations related to the conversion of critical information, in particular cryptographic operations and the generation of AIP encryption keys, are carried out by the security processor 3 in RAM 10, and not by the central processor in the RAM of the computer, when using the hardware DSCH 9 installed on the device’s board, and your own trusted OS, which results in a positive result - reliable performance of the most important security operations in a trusted environment, which ensures the security of their execution and increase the efficiency of awards of protection against tampering.

Increases the reliability and effectiveness of protection as well as the presence of additional locks implemented during various attempts of unauthorized actions. The device implements testing of its hardware components, provides a multi-user mode with the ability to remotely control it, which is necessary for electronic protection, designed to protect information with a high level of confidentiality, and implements the ability to limit and differentiate access to the hardware and software components of a computer. In particular, hardware differentiation of access to the computer’s hard disks was introduced, which significantly increases protection against unauthorized access to information stored on the computer’s hard disks, as well as the management of network interface adapters, which allows you to build secure virtual networks or, conversely, hardware-based disconnect the computer from the network when processing information with a high security stamp on it, forming a local workplace. When installing the KSA, as already noted, the claimed security device can provide control of the loading of encryption keys in the KSA, excluding the encryption keys from entering the RAM of the computer. Moreover, all necessary calculations can be carried out in the RAM 10 of the protection device, which completely eliminates the possibility of intercepting encryption keys or interfering with the downloading of key information to the KSA.

In addition, a higher level of functionality and high protection efficiency of the proposed device is ensured by the presence of communication interfaces with other means of protection (encryption, access control system, locking devices, etc.), which allows you to use the claimed device as a backbone module and build on its basis hardware and software systems for protecting information from unauthorized access based on existing means of protection, which is not ensured by using known devices of the same type values. The device also takes into account new trends in the development of information and computing systems, in particular, it provides reliable protection for remote control and remote access, as well as in information and computer systems using the thin client technology.

Thus, due to its broad functionality, as well as to perform the most critical operations directly in the protection device, the proposed device for trusted computer boot and protection against unauthorized access to information stored and processed on it can perform system-forming functions, and on its basis it becomes possible to build an integrated system for effective protection not not only a personal computer (workstation - AWP), but also an information and computing system based on local computer systems s, including virtual ones.

Claims (1)

A device for trusted loading and protection of information from unauthorized access for computers of information and computing systems, comprising a controller for exchanging information with a computer, a user identification and authentication processor that operates independently of the computer’s central processor, a control bus and computer data blocking module when an unauthorized person tries to access it , information exchange controller with an external storage medium, non-volatile memory blocks with credentials the user settings of the device and the electronic journal, as well as a power control device, wherein the external main input / output of the computer communication controller is connected to the computer control and data exchange bus, its control input is connected to the control output of the computer control and data bus lock module, and its internal trunk I / O is connected to the local bus line of the device; internal trunk I / O of the user identification and authentication processor through the local bus bus of the device is connected to the main input / output of non-volatile memory and to the input of the control bus and computer data blocking module, the external main input / output of the processor is connected to the information exchange controller with an external storage medium and the signal input of the processor is connected to the output of the power control device, characterized in that an interface unit is introduced into the device Owls of external devices, including the intermodular interface of the hardware encoder and the network adapter management interface, the inputs of which are connected to the external trunk inputs / outputs of the identification and authentication processor, and the outputs are connected to the inputs of the hardware encoder and network adapters, respectively; an external device blocking module, including devices for locking and controlling hard disks, an electromagnetic latch for the computer case, RESET and POWER signals of the computer, the inputs of which are connected to the additional control outputs of the computer control and data bus lock module and the control output of the identification and authentication processor, and the outputs are to the inputs / outputs of the respective controlled and blocked devices; non-volatile flash memory with storage units of a trusted operating system, software for monitoring the integrity of device components, remote administration and device management, monitoring of all critical time intervals for starting and loading a computer, the client part of the thin client software, the main input / output of which is connected to the local bus line of the device; a microcontroller for opening and extracting computer components with its own independent power source, the external inputs of which are connected to the outputs of the respective sensors, and the output to the signal input of the identification and authentication processor; a random number hardware sensor, the output of which is connected to the input of the control bus lock module and computer data exchange; random access memory device, the main input / output of which is connected via the local bus of the device with the internal main input / output of the identification and authentication processor; moreover, a permanent user authentication module, a hardware encryption key loading control module, and network adapter management module that additionally interact with an external storage medium, hardware encoder, and network adapters, respectively, are additionally introduced into the identification and authentication processor; a module for checking the integrity and condition of the hardware components of the protection device, which carries out their diagnostics through communication channels of the internal trunk inputs / outputs of the identification and authentication processor with the components of the device; a module for interacting with an access control system that provides information communications between the identification and authentication processor via the local device bus, a computer information exchange controller, and a computer control and data exchange bus with a computer access control system; as well as a module for interacting with servers of an information-computing system, which ensures computer operation in remote control mode or a “thin” client using software loaded into the computer’s random access memory from the corresponding non-volatile flash memory blocks through its main input / output, local device bus , a controller for exchanging information with a computer and a control bus and computer data exchange.