[go: up one dir, main page]

WO1999018493A1 - Commutateur de donnees perfectionne - Google Patents

Commutateur de donnees perfectionne Download PDF

Info

Publication number
WO1999018493A1
WO1999018493A1 PCT/AU1998/000829 AU9800829W WO9918493A1 WO 1999018493 A1 WO1999018493 A1 WO 1999018493A1 AU 9800829 W AU9800829 W AU 9800829W WO 9918493 A1 WO9918493 A1 WO 9918493A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
switch
data processing
data switch
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/AU1998/000829
Other languages
English (en)
Inventor
Peter Mogg
Robert Scott
Peter Penfold
Anthony Ashcroft
Colin Law
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mogg Blereau Research Pty Ltd
Original Assignee
Compucat Research Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Compucat Research Pty Ltd filed Critical Compucat Research Pty Ltd
Priority to AU93323/98A priority Critical patent/AU744891B2/en
Priority to GB0007520A priority patent/GB2346465B/en
Publication of WO1999018493A1 publication Critical patent/WO1999018493A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Definitions

  • This invention relates to an improved data switch for selectively switching a user interface (eg. keyboard, mouse and display) between two or more independent data processing systems.
  • a user interface eg. keyboard, mouse and display
  • the single data processing system there is the potential for data of differing security classifications to be mixed, allowing the possibility that classified data may be released to recipients not intended to possess that information.
  • An alternative method is to provide a plurality of independent data processing systems and user interfaces so that the separation of data of different security classifications is achieved by full physical separation between systems.
  • This approach is hardware intensive and also has ergonomic disadvantages in that the operator is forced to physically move between the different systems.
  • the present invention relates to a hybrid system in which a user can, via a single user interface (eg. keyboard, mouse etc) selectively input data to one of two or more independent data processing systems.
  • a single user interface eg. keyboard, mouse etc
  • the invention aims to provide an improved failsafe architecture which ensures that inadvertant data transfer between independent data processing systems is avoided.
  • This invention in one aspect resides in an improved data switch for selectively connecting a user interface to one of a plurality of independent data processing systems .
  • a data diode may be provided between the data processing systems for allowing data from the lower classification system to pass to the higher classification system, but not in the other direction.
  • the user interface is adapted so that it is incapable of transferring data between data processing systems during or after switching between processing systems.
  • a standard user interface includes a processor and buffer memory in the keyboard.
  • the user interface processor/buffer can retain data and can cause an inadvertant transfer of data between systems.
  • the invention resides broadly in an improved data switch in which no data can remain "upstream" of the data switch after switching.
  • the invention resides in a methodology of preventing inadvertant data transfer, such method involving the relocation and replication of the user interface processor/buffer on the "downstream" (or data processing system side) of the data switch.
  • FIG 1 is a schematic block diagram illustrating how the invention may be implemented
  • FIG 2 illustrates how the keyboard is reset when switching between processors according to the prior art
  • FIG 3 illustrates detail of the modified keyboard approach .
  • input devices ie. keyboard and mouse
  • processors in the illustrated case - processor B
  • processor B is selectively connected to the output device (ie. display monitor) of the user interface via an output switch.
  • the switches may be manually actuated to the alternative position in which connection to processor A is achieved.
  • the input switch includes a corresponding plurality (in this case two) of keyboard processor/buffers.
  • a single processor/buffer within the keyboard ie. upstream of the switch
  • the present invention has a significant architectural failsafe advantage over the prior art and is not reliant on any reset functions or the like to clear data.
  • the preferred embodiment of the present invention achieves a number of objectives :- (a) separation of data of differing classifications is guaranteed by full physical separation of the data processing systems.
  • (a) data from the keyboard can be directed to one (and only one) of the data processing systems at any one time.
  • the input switch will ensure that no information remains within the keyboard, mouse or switching mechanism when switching takes place.
  • the output switch will route the output of the selected data processing system to the display monitor. All of the fundamental requirements of both the input and output switches are implemented in hardware . This removes the requirement to utilise trusted software or firmware. This makes Government endorsement a much easier and faster task.
  • the present invention provides an alternative to existing solutions. The data is separated without the need of trusted software. The architecture of the invention ensures that data cannot be transferred between systems, in contrast to the prior art arrangement in which the operator is reliant on the reset mechanism functioning as intended. Thus, the present invention is failsafe unlike the prior art.
  • the user is given a clear indication of which data processing system has been selected and data cannot be transferred between systems during or after switching.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

L'invention concerne un commutateur de données perfectionné dans lequel aucune donnée ne peut être conservée côté amont du commutateur lors de la commutation de celui-ci entre des systèmes de traitement de données présentant différentes classifications de sécurité. On y parvient grâce au repositionnement et à la réplication du processeur/tampon du périphérique d'entrée côté aval du commutateur de données.
PCT/AU1998/000829 1997-10-02 1998-10-01 Commutateur de donnees perfectionne Ceased WO1999018493A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU93323/98A AU744891B2 (en) 1997-10-02 1998-10-01 Improved data switch
GB0007520A GB2346465B (en) 1997-10-02 1998-10-01 Improved data switch

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPO9598A AUPO959897A0 (en) 1997-10-02 1997-10-02 Data switch
AUPO9598 1997-10-02

Publications (1)

Publication Number Publication Date
WO1999018493A1 true WO1999018493A1 (fr) 1999-04-15

Family

ID=3803878

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1998/000829 Ceased WO1999018493A1 (fr) 1997-10-02 1998-10-01 Commutateur de donnees perfectionne

Country Status (3)

Country Link
AU (1) AUPO959897A0 (fr)
GB (1) GB2346465B (fr)
WO (1) WO1999018493A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011058552A3 (fr) * 2009-11-10 2011-10-13 High Sec Labs Ltd. Système kvm sécurisé doté de multiples fonctions edid émulées
EP2428911A3 (fr) * 2010-09-09 2013-03-06 Honeywell International, Inc. Dispositif d'autorisation à haute sécurité

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004062203B4 (de) * 2004-12-23 2007-03-08 Infineon Technologies Ag Datenverarbeitungseinrichtung, Telekommunikations-Endgerät und Verfahren zur Datenverarbeitung mittels einer Datenverarbeitungseinrichtung

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4641262A (en) * 1983-03-07 1987-02-03 International Business Machines Corporation Personal computer attachment for host system display station
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
WO1996030840A1 (fr) * 1995-03-31 1996-10-03 The Commonwealth Of Australia Procede et dispositif d'interconnexion de reseaux a degres de securite differents

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4641262A (en) * 1983-03-07 1987-02-03 International Business Machines Corporation Personal computer attachment for host system display station
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
WO1996030840A1 (fr) * 1995-03-31 1996-10-03 The Commonwealth Of Australia Procede et dispositif d'interconnexion de reseaux a degres de securite differents

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011058552A3 (fr) * 2009-11-10 2011-10-13 High Sec Labs Ltd. Système kvm sécurisé doté de multiples fonctions edid émulées
US9501157B2 (en) 2009-11-10 2016-11-22 High Sec Labs Ltd. Secure KVM system having multiple emulated EDID functions
EP2428911A3 (fr) * 2010-09-09 2013-03-06 Honeywell International, Inc. Dispositif d'autorisation à haute sécurité
US9426652B2 (en) 2010-09-09 2016-08-23 Joseph Nutaro High assurance authorization device

Also Published As

Publication number Publication date
GB0007520D0 (en) 2000-05-17
GB2346465A (en) 2000-08-09
AUPO959897A0 (en) 1997-10-30
GB2346465B (en) 2002-10-09

Similar Documents

Publication Publication Date Title
US5117225A (en) Computer display screen monitoring system
US7293125B2 (en) Dynamic reconfiguration of PCI express links
US5680288A (en) Hot plugging of an adapter card
CN101447923B (zh) 互联网协议地址解析的方法和交换机栈的地址管理系统
EP0485997A2 (fr) Commande de l'imprimante et procédé pour commander imprimante
EP0404414A2 (fr) Appareil et procédé d'attribution d'adresses à des dispositifs périphériques assistés par SCSI
US20030163615A1 (en) Peripheral or memory device having a combined ISA bus and LPC bus
EP0817045A3 (fr) Mixage et séparation de plusieurs flux de données audio dans le noyau d'un système d'exploitation
US20040225883A1 (en) Method and apparatus providing multiple single levels of security for distributed processing in communication systems
KR970049639A (ko) 멀티프로세서 시스템용의 논리 어드레스 버스 아키텍처
EP0597013A1 (fr) Appareil et procede de commutation de blocs de donnees
US7631129B2 (en) Computer monitoring system and monitoring method
JPH07146826A (ja) セクション間交差ケーブル検出システム
WO1999018493A1 (fr) Commutateur de donnees perfectionne
AU744891B2 (en) Improved data switch
EP0353249A1 (fr) Architecture de gestion de reseau parallele
US6330694B1 (en) Fault tolerant system and method utilizing the peripheral components interconnection bus monitoring card
EP1482411B1 (fr) Détection d'erreur dans un module de circuit
CN109542522A (zh) 一种fpga启动方法及装置
AU597674B2 (en) Multiprocessor level change synchronization apparatus
US7802041B2 (en) Information processing apparatus including transfer device for transferring requests
EP0299523A2 (fr) Système interface pour connexion virtuelle à un réseau "MAP CASE"
US5896514A (en) Logic implementation of control signals for on-silicon multi-master data transfer bus
US6526528B1 (en) Ticket punch watchdog monitor
JP3174246B2 (ja) 監視装置及び情報送受信装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 93323/98

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: GB0007520.0

Country of ref document: GB

WWE Wipo information: entry into national phase

Ref document number: 09509730

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA

WWG Wipo information: grant in national office

Ref document number: 93323/98

Country of ref document: AU