RU2289843C2 - Information processing system - Google Patents

Abstract

FIELD: information processing system, which is protected from destruction by a virus or hacker.

SUBSTANCE: information processing system consists of rewritable storage device, first and second input/output channels, connected to storage device, first computer connected to first input/output channel, and second computer connected to second input/output channel. First computer is connected to external network, like Internet. First input/output channel is implemented as channel exclusively for reading from the storage device, or exclusively for writing to the empty area of storage device depending on information processing system usage. First and second input/output channels are working independently.

EFFECT: protected information processing system from destruction by a virus or hacker.

24 cl, 11 dwg

Description

Technical field

The present invention relates to an information processing system that is protected from destruction by a virus program or hacker.

The invention also relates to an information recording apparatus that can be used in said information processing system.

State of the art

Japanese Patent Application Laid-Open No. H05-257613 discloses a hard disk drive (hereinafter referred to as the "known device"), which includes a plurality of write / read heads arranged so that the hard disk is divided into equal parts, thereby reducing read / write time from / to the hard drive, as well as reducing the time required to read / write multiple tasks, and / or random access time to each track.

In particular, this known device comprises a control unit, a main read / write buffer, two read / write heads A and B, and sub buffers, each of which is provided for one corresponding head. The following describes an exemplary sequence of operations performed by both heads in a known device for the case where the operating state in which head A writes to the disc and head B reads from the disc must be changed in response to an external request to switch to another state, in which head A will be in read mode, and head B in recording mode.

1. The control unit transmits to the head A a command to stop recording.

2. After receiving the command to stop recording, head A sends an acknowledgment of the command to stop recording back to the control unit.

3. The control unit waits for confirmation of receipt from head A. If a confirmation of receipt of the stop recording command is not received, the control unit again transmits the stop recording command to head A. If, despite the retransmission of the stop recording command, a predetermined number of times, confirmation of receipt of the stop recording from head A is not accepted, the control unit performs an error processing operation.

4. The control unit calculates the amount of data transferred to the recording sub-buffer of head A, and when this number reaches the end of one recording, it stops transmitting data from the main buffer.

5. Head A continues the recording operation until the data that it has written reaches the end of one recording.

6. Since it is forbidden to change the recording mode to the reading mode during the recording operation, when the command to change the head mode is transmitted from the control unit, this command will be ignored.

7. After the data has been recorded to the end, head A stops the recording operation and transfers to the control unit the track and sector numbers where head A has recorded the last data, together with the initial position of the data left unprocessed, in the main recording buffer.

8. The control unit returns the received data back to A.

9. Head A receives acknowledgment of receipt of data from the control unit, cancels the failure state of the mode change if the (returned) data is correct, and informs the control unit of this cancellation.

10. If the returned data contains an error, then head A again sends a command to the control unit to retransmit the returned data. If the data transmitted again in this way contained errors, then this write operation is interpreted as an error.

11. When a signal is received from head A indicating that the failure state of the mode change has been canceled, the control unit transmits to the head A a command to change the mode from write mode to read mode.

12. Head A sends back to the control unit an acknowledgment of receipt of a mode change command.

13. The control unit checks the returned command and, if it contains an error, sends the mode change command again to head A. If this repeatedly returned command still contains an error, then the mode change command is treated as an error.

14. The control unit transmits to the head In the command to stop reading.

15. After receiving the command to stop reading, head B sends an acknowledgment of the command to stop reading back to the control unit.

16. The control unit waits from the head In confirmation of receipt of the command to stop reading. If a confirmation of receipt of the command to stop reading is not accepted, then the control unit again transmits the command to stop reading to head B. If, despite the retransmission of the command to stop reading, a predetermined number of times, confirmation of the receipt of the command to stop reading from head B is not received, the control error handling.

17. Head B performs a read operation until the data that it reads has reached the end of one record, counting the amount of data read and checking the total amount of data.

18. After the read operation is completed, the transfer of new data from the read sub-buffer associated with head B to the main read buffer is stopped.

19. Since it is forbidden to change the reading mode to a recording mode during a read operation, when a command to change the head mode is transmitted from the control unit, this command will be ignored.

20. When the data has been read to the end of one record, head B stops the reading operation and transmits to the control unit track and sector numbers where head B read the last data.

21. The control unit returns the received data back to head B.

22. Head B receives confirmation of data reception from the control unit, cancels the failure state of the mode change if the (returned) data is correct, and informs the control unit of this cancellation.

23. If the returned data contains an error, then head B again sends a command to the control unit to retransmit the returned data. If the data transmitted again in this way contained errors, then this read operation is treated as an error.

24. When a signal is received from head B indicating that the failure state of the mode change has been canceled, the control unit transmits to the head B a mode change command from read mode to write mode.

25. Head B sends back to the control unit an acknowledgment of receipt of a mode change command.

26. The control unit checks the returned command and, if it contains an error, sends the mode change command again to head B. If this repeatedly returned command still contains an error, the mode change command is treated as an error.

27. The control unit confirms the fact of switching the operating modes of head A and head B.

28. The control unit informs head A of the track and sector numbers where reading is to be performed.

29. Head A copies the data thus read into the main read buffer.

30. The read operation continues.

31. The control unit informs head B of the track and sector numbers where recording should be performed.

32. Head B copies the specified data from the main recording buffer to the recording subbuffer associated with head B.

33. The recording operation continues.

In the known hard drive for reading and writing with two heads (i.e., a read head and a write head), in addition to the above-described sequential processing of a low level, it is always necessary to perform additional sequential processing of a high level, in which the track and the sector to which recording is currently being performed are determined , and the track and sector from which the reading is currently being performed, and from the file allocation table (FAT) find the track and sector from which it is necessary to read then the track and the sector where you want to record further, and then these four values are compared to determine what type of operation each head A and B should perform. One example of high-level sequential processing is the so-called “minimal processing” time. "

Below with reference to figure 3 describes the processing process with minimal time. It is assumed that the rotating magnetic disk rotates clockwise. FIG. 3 shows a case where the head A writes to the sixth recording position (first track, seventh sector) marked by hatching, while the head B has finished reading from the third record (first track, fourth sector).

The following options a and b are available for further processing:

a) head A moves to the third track to read the fourth record in the fifth sector, and head B moves to the fourth track to write to the seventh record in the eighth sector;

b) head A moves to the fourth track to write to the seventh record in the eighth sector, and head B moves to the third track to read the fourth record in the fifth sector.

In order to achieve processing with minimal time, all the calculations necessary to determine which of the above operations a or b will be completed within a shorter period of time must be performed in advance.

In addition, if the user requests the execution of a special function (for example, fast current playback), then additional processing will be needed, which cannot be implemented using a simple operation based on comparison, as with the processing described above with minimal time. With this additional processing, it will be necessary to constantly analyze whether the recording has been completed during the fast playback process, and if so, more complex control of many heads having the functions of switching from the reading mode to the recording mode and vice versa will be required.

As a result, the known magnetic disk drive must perform read and write operations in accordance with each combination of a huge number of combinations that differ depending on the location of the records that are accessed for reading / writing, the position of head A and head B, the operating modes of heads A and B and special functions. To implement these operations, a known hard disk drive must be equipped with a complicated and expensive control unit for changing the read / write mode, for which a control program containing a huge number of program steps, as well as a specialized integrated circuit (IC) with high speed, must be developed.

On the other hand, in an information processing system equipped with an information recording device that reads files from an external storage medium, such as a ROM on a compact disc (CD-ROM) and a magneto-optical disk, when an information recording device of a working information processing system activates a file in an external A storage medium containing a hidden virus program, then this virus program is executed, as a result of which the information processing system may be destroyed. Usually, to prevent such destruction, viruses are removed in advance using special software tools - “vaccines” designed to remove virus programs. However, since new viruses are constantly appearing, there are no perfect “vaccines” that can remove any virus program. In addition, any currently available “vaccine” requires constant updating when the latest versions appear.

In recent years, problems have appeared and become more and more serious, consisting in the fact that the home pages of government agencies and companies are subject to unauthorized interference by hackers. Typically, hackers entering the homepage are prevented by a firewall. However, hackers in one way or another create new methods of hacking against which the specified firewall is powerless, penetrate the server system of the home page and modify the contents of the home page, which is stored in the hard drive. Therefore, even when an enhanced firewall is provided, the level of protection against unauthorized entry to the homepage provided by such a firewall is limited by a certain limit. In other words, in a known system, as soon as the firewall is cracked, the system administrator will be unable to counteract the hacker. This is because in the storage device in the known server system only one read / write head is used, so that the hacker can change the home page if he can reach this head.

SUMMARY OF THE INVENTION

The objective of the present invention is to provide a device for recording information that eliminates the need for such a control program containing a large number of program steps and a specialized IC with high speed, which are necessary in a known hard drive.

It is also an object of the present invention to provide an information processing system that is protected from being destroyed by a virus program read from a storage medium, such as a ROM on a CD containing said virus program.

In addition, the object of the present invention is to provide an information processing system in which an attacker cannot penetrate from the outside through an external network to change information stored in the storage device of the server system, either secretly read mail in the mailbox, or change the registration files.

An information recording apparatus according to the present invention is characterized by having a rewritable disc; drive sections for driving a hard disk; a first head for reading data from a disk and writing data to a disk; drive sections of the first head for driving the first head; first head control circuits for controlling the first head; a first input / output channel connected to a first head control circuit; a second head for reading data from the disk; drive sections of the second head for driving the second head; second head control circuits for controlling the second head; and a second input / output channel connected to the second head control circuit, wherein the first head and second head are driven independently of each other. In the recording device according to the invention, the second head is designed so that it is used exclusively for reading, as a result of which a complex and expensive mechanism for controlling the read / write switching of a known hard disk drive can be dispensed with.

In the information processing system, which includes the above-described information recording apparatus, a first computer connected to the first input / output channel and provided with an external storage device, and a second computer connected to the second input / output channel, the first head being configured to perform as read and write, and the second head is configured to only read, while the second computer executes a file that is possibly infected with a virus when the system the effect is that if the file is really infected, the virus will not be able to destroy the files on the rewritable disc. If the effect of a viral infection manifests itself, it is necessary to check for the presence of the virus; at the same time, having detected a virus during this check, the first computer deletes the corresponding files that were recorded on the disk and external storage device. Therefore, an information processing system is obtained that can provide protection against destruction by a virus program read from a storage medium, such as a ROM on a CD.

An information processing system according to one aspect of the present invention includes: a rewritable disc; a drive section for driving a disk; a first head for reading data from a disk and writing data to a disk; a drive section of the first head for driving the first head; a first head control circuit for controlling a first head; a first input / output channel connected to a first head control circuit; a second head for reading data from the disk and writing data to the disk; a second head drive section for driving a second head; a second head control circuit for controlling the second head; a second input / output channel connected to a second head control circuit; a first computer connected to a first input / output channel; and a second computer connected to the second input / output channel, the first head and the second head being driven independently of each other, and the first computer is connected to an external network. In this information processing system, the first head and the second head are driven independently of each other, that is, the attacker cannot gain access to the second head even when he manages to penetrate this system from an external network, and therefore the attacker using the second heads will never be able to destroy or change information (homepage, mail, etc.) maintained and managed by a second computer.

When using an information processing system in which the first head is intended solely for reading, any intruder penetrating from an external network will not be able to record, so that more reliable protection of this information processing system is provided.

When using an information processing system in which the first head is a head designed exclusively for recording to an empty area of the disc, users entering this system from an external network can only record, so that such a system is suitable for use as an e-mail system or etc. In particular, users only record their mailings, but cannot read or modify already recorded mailings and / or access logs.

According to another aspect of the invention, the information processing system includes a rewritable storage device; a first input / output channel connected to the storage device and intended solely for reading from the storage device; a second input / output channel connected to the storage device and designed to read / write from / to the storage device; a first computer connected to a first input / output channel; and a second computer connected to the second input / output channel, wherein the first input / output channel and the second input / output channel are driven independently of each other, and the first computer is connected to an external network.

In this information processing system, the external network is not connected to the second I / O channel, while the first I / O channel and the second I / O channel are independently activated, so that the attacker cannot reach the second I / O channel output even when it enters this system from an external network. Thus, attackers will not be able to destroy and / or modify information (homepage or the like) maintained and managed by a second computer using the second channel.

Since the first I / O channel is a read-only channel for a storage device, attackers will not be able to write to the storage device even with the first computer. As a result, the protection of this information processing system is quite reliable.

An information processing system suitable for use as a write-only email system includes a rewritable storage device; a first input / output channel connected to the storage device and intended solely for recording in empty areas of the storage device; a second input / output channel connected to the storage device and designed to read / write from / to the storage device; a first computer connected to the first input / output channel and a second computer connected to the second input / output channel, the first input / output channel and the second input / output channel being driven independently of each other, and the first computer is connected to an external network .

In this information processing system, the external network is not connected to the second I / O channel, and the first I / O channel and the second I / O channel are independently activated, so that an attacker cannot reach the second I / O channel even then when it enters this system from an external network. Thus, attackers will not be able to destroy and / or modify mailings and / or access logs that are maintained and managed by a second computer.

Since the first I / O channel is a write-only channel, used exclusively for writing to empty areas of the storage device, attackers will not be able to read from the storage device or overwrite the records existing in the storage device. As a result, the protection of this information processing system is quite reliable.

In an information processing system that is reliable and relatively inexpensive, a rewritable storage device includes a rewritable disc; a head for reading data from a disk and writing data to a disk; a head drive section for driving the head; a head control circuit for controlling the head and a processing circuit connected to the first input / output channel and the second input / output channel for processing read / write requests from the first input / output channel and the second input / output channel, the processing circuit outputting processing results into the head control circuit and receives information from this circuit. In an information processing system, for example, a hard disk, a rewritable digital random access disk (DVD-RAM), or a magneto-optical disk can be used as a rewritable disc. These discs are currently the most popular and widely used as a storage medium, so the information processing system that uses this kind of rewritable disc is relatively inexpensive and reliable.

An information processing system in which a rewritable storage device is based on an electronic circuit is exceptionally durable and reliable due to the absence of moving parts such as a drive.

The information processing system, the protection of which is further improved compared to the above information processing systems, includes, in addition to the structure of the information processing system described above, a rewritable second memory device, a third write-only input / output channel connected to the second memory device and intended only for recording in empty areas of the second storage device, and a fourth input / output channel connected to the second storage device and designed to read / write from / to a second storage device, all of these components being connected between the first computer and the second computer.

Information for the homepage of the system administrator is recorded by the second computer through the second input / output channel in the first storage device and is maintained and controlled in it. When an external user tries to read the homepage thus stored in the first storage device, the first computer reads the homepage information from the first storage device using the first input / output channel and provides it to the user via the external network. When an external user wishes to record a mail message through an external network to this system, the first computer records the user's mail message to the second storage device via the third input / output channel.

The first channel, which can only read the contents of the first storage device, and the third input / output channel, which can only write to the second storage device in an empty area where neither mail messages nor access registration data can be recorded, are connected only to the first A computer connected to an external network. In other words, the first computer connected to the external network does not have a connection to the second computer, which supports and manages the home page and mail. Therefore, even if an attacker penetrates this system through an external network and manages to take complete control of the first computer, he will not be able to access the second computer and will not be able to secretly read or modify incoming mail messages, change the logs access or change the homepage using a second computer.

Since the first I / O channel is a read-only channel from the first storage device, an attacker will not be able to write to the first storage device simply using the first computer.

In addition, since the third I / O channel is a write-only channel to the empty area of the second storage device, an attacker will not be able to read data from the second storage device or rewrite existing records in this device. As a result, the protection of this system is quite reliable.

In an information processing system where a rewritable storage device is based on an electronic circuit, there is an option to construct a rewritable storage device using a semiconductor integrated circuit or the like, so that a compact and reliable system can be realized due to the absence of moving parts such as a drive for rotary type records.

According to another aspect of the invention, an information processing system includes: a disc having a plurality of recording areas; at least one head for reading / writing from / to disk; two or more input / output channels connected to the head; a first computer connected to one of the input / output channels (hereinafter referred to as the "first input / output channel"); and a second computer connected to another of the input / output channels (hereinafter referred to as the "second input / output channel"), the system being provided with an external storage device,

wherein the first recording area from the recording areas is arranged in the form of a region with which only reading through the second input / output channel can be made, while the second recording area, different from the first recording area, is arranged in the form of a region in which only additional recording through the second input / output channel,

the first and second recording areas are arranged in such a way that reading and writing from / to them can be done through the first input / output channel,

wherein the first computer reads the file that was recorded by the second computer into the second recording area, and writes it to the first recording area,

and the second computer reads the file from the external storage device and adds it to the second recording area.

In this information processing system, the second computer can only read from the first recording area (that is, cannot write there). Therefore, even when this second computer executes a file containing a virus, the contents of the first recording area will not be changed, and therefore, this information processing system will not be destroyed. On the other hand, the second computer cannot read from the second recording area, so under no circumstances will the second computer read any virus program recorded in the second recording area. Thus, even when a program containing a virus is running, the second computer will not change a single file in the first and second recording areas.

According to a further aspect of the invention, an information processing system that can be used as a server for a home page and mail includes a disc having a plurality of recording areas; at least one head for reading / writing from / to disk; two or more input / output channels connected to the head; a first computer connected to one of the input / output channels (hereinafter referred to as the "first input / output channel"); and a second computer connected to another of the input / output channels (hereinafter referred to as the "second input / output channel") and connected to the network,

wherein the first recording area from the recording areas is arranged in the form of a region with which only reading through the second input / output channel can be made, while the second recording area, different from the first recording area, is arranged in the form of a region in which only additional recording through the second input / output channel,

moreover, the first and second recording areas are arranged in such a way that reading and writing from / to them can be done through the first input / output channel,

the first computer reads the file that was recorded by the second computer into the second recording area, and writes it to the first recording area,

the second computer receives the file from the network and adds it to the second recording area.

In this information processing system, even if a hacker on the network tries to change the data of the home page or something similar written on the disk, the second computer can only read from the first recording area and cannot read from the second recording area. In addition, the second computer cannot record to the first recording area, so the hacker will not be able to change and / or delete the programs / data of the home page stored on the disk. Overwriting programs / data on the home page is done with the head connected to the first computer.

Mail messages recorded by network users in the second recording area are copied by the first computer to the first recording area. Since the second computer can read files in the first recording area, network users can read the mail messages addressed to them recorded in the first recording area.

In an information processing system of the above type, which includes only one head together with the head control device, the design of the hard disk can be simplified.

Brief Description of the Drawings

Figure 1 - device for recording information according to the invention;

figure 2 - information processing system according to the invention, which uses the information recording device of figure 1;

3 is an illustration explaining a read / write operation performed by a known hard disk drive;

4 is a structure of an information processing system according to an embodiment of the invention;

5 is a structure of an information processing system according to another embodiment of the invention;

6 is a structure of an information processing system according to an embodiment of the invention, including a storage device;

7 is a structure of an information processing system according to an embodiment of the invention, including two storage devices;

Fig. 8 shows a structure of a storage device having a rewritable single-head disc;

Fig.9 is an information processing system according to a variant of the invention, which is protected from destruction by a virus program;

figure 10 - information processing system according to a variant of the invention, which is protected from changing files by a hacker;

11 is a main part of the structure of an information processing system according to an embodiment of the invention, which includes a rewritable single-head disc.

Best Mode for Carrying Out the Invention

An information recording apparatus according to the present invention, as shown in FIG. 1, includes: a rewritable disc 11, such as a hard disk and DVD-RAM; a drive section for driving a disk 11; a first head 12 for reading data from a disc 11 and writing data to a disc 11 and a second head 13 for reading data from a rewritable disc 11.

The first head 12 is driven by the drive section 14 of the first head, while the second head 13 is driven by the drive section 15 of the second head. The first head 12 is controlled by the first head control circuit 16, which is connected to the first input / output channel 18. The second head 13 is controlled by the second head control circuit 17, which is connected to the second input / output channel 19 (which does not have a recording function). Thus, the first head 12 is for reading and writing, and the second head 13 is solely for reading. In addition, each of these heads 12 and 13 independently performs the functions of control, drive and input / output of data in relation to the external environment, regardless of the position and operating mode of the other head. The information recording device according to the invention supplies, for each head, sector and track numbers from where the reading should be made or where recording should be made, and has for each head a buffer for readable and accordingly recorded data.

The following describes the operation of the information recording apparatus according to the invention. It is assumed that when recording a movie program for television broadcasting, the first head 12 recorded this program on a rewritable disc 11 hours ago. When the user wants to see the recorded movie program, he first sends the appropriate command to the information recording device. In response to this command, the second head 13 determines the track and sector numbers corresponding to the beginning of this film program from its buffer, takes the disk position corresponding to these numbers, and, starting from this position, reads the file to be viewed (i.e., the film program that recorded the first head). This read operation differs from the known method of reading files in that the file recorded by the first head is incomplete. This problem can be solved during processing of reproducible data by checking the data read by the second head.

If the second head performs the read operation at the same speed as the first head writes, the read position of the second head will not affect the write position of the first head, so that reading and playback can be performed simultaneously, but independently.

When, as a result of fast reproduction, the reading position of the second head is located beyond the end of the file that the first head writes, as a result of fast reproduction, this state can be detected from the data read by the second head itself. From this data, for example, the fact can be detected that the pointer to the next record does not matter or that the end of the file has been reached, and in response to this, the second head can stop reading or go to the reading operation at the same speed. In the above situation, even if the second head continues the reading operation, reading of insignificant information will take place. Then the user can manually stop the process to eliminate the specified situation. The second head is a head designed exclusively for reading, and its operation is completely independent of the first head, so even if the reading section of the second head passes the recording section of the first head, this will not affect the write operation performed by the first head. That is, since the first and second heads can operate independently of each other, the information recording apparatus according to the present invention does not need a device for switching operation modes of the first and second heads.

Below, with reference to FIG. 2, an information processing system according to a possible embodiment of the invention is described for which the above-described information recording apparatus is applicable. The information processing system according to this embodiment comprises the information recording device shown in FIG. 1 (a part surrounded by dashed lines in FIG. 2), a first computer 22 connected to the first input / output channel 18, a second computer 23 connected to the second input channel I / O 19, and an external storage device 43, which is connected to the first computer 22 and allows reading / writing, for example, to a floppy disk, rewritable compact disc (CD-R) or ROM on a compact disc (CD-ROM). On the second input / output channel 19, connected to the second head 13, recording is not allowed. Thus, while the first head 12 can perform both reading and writing, the second head 13 can only perform reading. In addition, each of the heads 12 and 13 performs reading and writing regardless of the position and mode of operation of the other head.

The following describes the situation when, when reading the necessary files from an external storage device, such as a CD-ROM containing a hidden virus program, the computer system in question, executed in the manner described above, will not be destroyed by the virus program. First, suppose that the necessary files are read from a CD-ROM containing a hidden virus program, using an external storage device 43 for the first computer 22, and then copied to the hard drive 11. Infection of a computer system with a virus means the fact that existing in the file has changed (that is, the file has been overwritten). In this embodiment, the second computer 23 can only read from disk 11 (that is, cannot write to it). Therefore, even if the second computer 23 executes a file containing the above virus, the disk 11 will not be overwritten, and therefore, the computer system will not be destroyed. When the second computer 23 executes a file that could have been infected by a virus, the effect of its action will appear if the file was really infected. In this case, it is necessary to check for the presence of a virus. When a virus is detected during this check, the first computer 22 will delete the corresponding files that were written to disk 11 and the external storage device 43. If no virus is detected, the first computer executes the corresponding files. In this case, since the first computer can read / write from / to disk 11, the full execution of the program becomes possible. Thus, this information processing system is protected from destruction by the virus.

Figure 4 shows the structure of another information processing system according to the present invention. This information processing system includes a rewritable disc 11, such as a hard disk; a hard disk drive section for driving a rewritable disc 11; a first head 12 for reading data from a rewritable disc 11 and writing data to this disc having a protection function; a drive section 14 of the first head for mechanically moving the first head 12; a first head control circuit 16 for controlling so that the first head 12 reads / writes; a first input / output channel 18 connected to the control circuit of the first head; a second head 13 for reading data from a rewritable disc 11 and writing data to this disc; a drive section 15 of the second head for mechanically moving the second head 13; a control circuit 17 of the second head for performing control so that the second head 13 performs read / write; a second input / output channel 19 connected to the control circuit 17 of the second head; the first computer 22 connected to the first I / O channel 18, and the second computer 23 connected to the second I / O channel 19. In this case, the first head 12 and the second head 13 are driven independently of each other, while the first computer 22 is connected to a network 24, such as a public communication line and a local area network (LAN).

The operation of this information processing system is described below. First, a case is described when a system is used to maintain and / or manage a home page. In this case, the system administrator of the home page reads / writes information for the home page from / to the disk through the second head 13 using the second computer 23. On the other hand, an outsider who wants to read this home page reads information related to the home page on the disk 11, using the first head 12 through the first computer 22.

Consider the case where an attacker tries to change the home page stored on a rewritable disc 11. In this case, the computer connected to the external network 24 is the first computer 22, and the head connected to this computer is the first head 12. Therefore, even If an attacker manages to establish full control over the first computer 22, he will not be able to get to the second head 13 connected to the second computer, and he will not be able to either destroy or change the home page and / or mail ie messages in the case where the second computer 23.

When the first head 12 is used solely for reading, a user entering this information system from an external network cannot write to the disk 11 using the first head 12, so that the protection of such an information system is more reliable than that of the system described above.

The following describes the operation of the information processing system, in which the first head 12 is a write-only head, which is designed to perform recording in empty areas of the disc. This information system is suitable for maintaining and managing email. First, consider the case where an external user writes an email message over network 24. This user's email message is written to a rewritable disc 11 via a first computer connected to network 24 and a first head 12. Next, the system administrator reads this email message recorded on the disk, using the second computer 23 using the second head 13, checks it for the presence of a virus or the like, and then remembers it in the email box, provided on a local disk or the like, separated from the aforementioned disk 11. Then, the system administrator erases from the disk 11 the email message that was recorded using the second computer 23 using the second head 13. The recipient of this email message that uses the second computer 23, can open the email inbox on the local drive of the second computer 23 and read the mail message addressed to her / him.

When an attacker tries to secretly read a mail message recorded from an external network 12, he will not be able to do this, because the specified message, which was recorded by an authorized user, is stored on a local disk connected to the second computer. Even if an attacker tries to read a mail message before it reaches the local disk, it will not be able to read the contents of the mail message, since the first head 12 is used exclusively for writing to an empty area and, therefore, is unable to read. Thus, an attacker will not be able to read or destroy existing mail messages using the first head 12, so that the protection of this system is completely reliable.

Below, with reference to FIG. 5, an information processing system provided with two rewritable discs according to a second embodiment of the invention is described. This information processing system is created by adding to the structure of the first variant between the first computer 22 and the second computer 23 the following components: a second disk 11 '; drive sections for driving a second disk 11 '; a third head 12 'for performing read / write from / to the second disk 11'; sections of the drive 14 'of the third head for driving the third head 12'; control circuits 16 'of the third head for performing control so that the third head 12' performs read / write; third input / output channel 18 '; the fourth head 13 'for performing read / write from / to the second disk 11'; sections of the actuator 15 'of the fourth head for mechanically moving the fourth head 13'; fourth head control circuits 17 ′ for performing control such that the fourth head 13 ′ reads / writes; and a fourth I / O channel 19 'connected to the control circuit of the fourth head 17'.

In the above structure, the first head 12 is intended solely for reading, while the third head 12 'is a write-only head, intended only to write to empty areas on the disc 11'. The second head 13 and the fourth head 13 ', as in the first embodiment, are for reading / writing. The first head 12 and the third head 12 'are connected to the external network 24 through the first computer 22. The second read / write head 13 and the fourth read / write head 13' are connected to the second computer 23.

The principle of operation of this system is described below. The information for the homepage of the system administrator is maintained and controlled by the second computer 23, and the necessary data is recorded on the disk 11 using the second head 13. When the user tries to read the homepage stored in this system, the first computer 22 reads this homepage using the first head 12 and provides it to the user through an external network 24. On the other hand, mail messages from external users are maintained and managed by a second computer in the same way as o is done in the first embodiment described above. When a user writes a mail message in this system through an external network 24, the first computer 22 writes a mail message of this user to the disk 11 'using the third head 12'. Thus, the recorded mail message gets to the local drive of the second computer 23.

With such a system, even if an attacker penetrates this system through an external network 24 and establishes full control over the first computer 22, he will not be able to change and / or secretly read mail messages that have already arrived, he will not be able to change the access registration files, homepage or the like The reason for this is that a first head 12, which can only read from disk 11, and a third head 12 ', which can only write to empty areas of disk 11', are connected to the external network 24.

The second computer 23 writes information to the disk 11, for example, for the home page, which must be presented from the outside, and also reads information from the disk 11 ', for example, those mail messages received from the first computer 22 from the outside, and then puts the information thus read in a mailbox located, for example, on a separate local disk. Although the information read from disk 11 'should be carefully checked in terms of the possible presence of destructive viruses, such processing can be limited only to the types of damage that can be made via e-mail messages.

6 shows the structure of an information processing system proposed in accordance with another embodiment of the present invention.

This information processing system includes: rewritable storage device 21; the first and second input / output channels 18 and 19 connected to the storage device 21; a first computer 22 connected to the first I / O channel 18, and a second computer 23 connected to the second I / O channel 19. The first computer 22 is connected to an external network 24, such as the Internet and an Intranet corporate network. The first input / output channel 18 is made in the form of a channel designed solely for reading from the storage device 21, or a channel intended solely for writing to the empty area of the storage device 21, depending on the application of this information processing system. The first input / output channel 18 and the second input / output channel 19 are driven independently of each other.

The operation of this information processing system is described below for the case where the first input / output channel 18 is a read-only channel for the storage device 21. This information processing system can be used to maintain and / or manage the home page. The home page system administrator reads / writes information for the home page regarding the storage device 21 through the second input / output channel 19 using the second computer 23. At the same time, a third party reads this page in the storage device to view this home page 21 using the first I / O channel 18 through the first computer 22 connected to the external network 24.

Consider the case where an attacker tries to change the home page recorded in the storage device 21. The external network 14 is connected to the first computer 22, but is not connected to the second computer 23. Therefore, even if the attacker manages to establish full control over the first computer 22 , he will not be able to access the second input / output channel 19 connected to the second computer 23, so that the attacker can neither destroy nor change the home page stored in the storage device 21 from oschyu second computer as long as it does not establish control over the second computer 23.

Also, since the first input / output channel 18 is a read-only channel, a user entering this information system from an external network 24 cannot write to the storage device 21 even with the first computer. Thus, the protection of this information system is quite reliable.

The following describes the principle of operation of an information processing system in which the first input / output channel 18 is a recording-only channel intended solely for recording in empty areas of the storage device 21. This information processing system is suitable for maintaining and managing e-mail messages. When an external user records an e-mail message through the external network 24, the e-mail message of this user is recorded in the storage device 21 by the first computer 22 connected to the external network 24 and the first input / output channel 18. Then, the system administrator reads the message thus recorded e-mail in the storage device 21 using the second computer 23 through the second input / output channel 19, checks it for the presence of a virus or the like, and then stores it in the box for e-mail provided on a local disk or the like, which exists separately from the above storage device 21. After the e-mail message is stored in the email box, the e-mail message stored in the storage device 21 is deleted using the second computer 23 and the second input / output channel 19. A user who uses the second computer 23 can open the mailbox for e-mail on the local drive of the second computer 23 and read the mail address addressed to him bschenie.

Thus, mail messages recorded by authorized users are stored on a local disk connected to the second computer 23. Since an attacker cannot access the second input / output channel 19 from an external network 24, he will not be able to covertly read mail messages stored on a local drive. Even if an attacker tries to covertly read or modify the mail message recorded in the storage device 21 before it reaches the local drive, he will not be able to read or rewrite the contents of the mail message, since the first input / output channel 18 is a channel only for recording intended for recording in an empty area where the mail message was not recorded. Consequently, attackers will not be able to read or destroy existing mail messages, as a result of which reliable protection of this system is ensured.

Below, with reference to FIG. 7, an information processing system is described in which two rewritable memory devices are provided. In this information processing system, in addition to the structure of the information processing system of FIG. 6, a second memory 46 'is provided between the first computer 22 and the second computer 23; a third I / O channel 18 'associated with the second storage device 46'; and a fourth I / O channel 19 'associated with the second storage device 46'. The first input / output channel 18 is intended solely for reading from the first storage device 46, while the third input / output channel 18 'is a write-only channel that is only intended to write to empty areas of the second storage device 46'. The second I / O channel 19 and the fourth I / O channel 19 'are read / write channels, as in the information system of FIG. 6. The first I / O channel 18 and the third I / O channel 18 'are connected to the external network 24 through the first computer 22. The second I / O channel 19 for reading / writing and the fourth I / O channel 19' for reading / writing are connected to the second computer 23.

The operation of this information processing system is described below. Information for the system administrator’s homepage is recorded in the first storage device 46 and maintained and controlled by the second computer 23 through the second input / output channel 19. When an external user wants to read the homepage stored in this first storage device 46, the first computer 22 reads the homepage from using the first input / output channel 18 and delivers it to the user through the external network 24. On the other hand, the mail messages of external users are stored, maintained and managed in a mailbox on a local disk using a second computer 23 in the same way as described above for the information processing system of Fig.6. When a user sends an e-mail message to this system through an external network 24, the first computer 22 writes the message of this user to the second memory 46 'through the third input / output channel 18'. The mail message recorded in this way is placed in the mailbox on the local disk of the second computer 23.

The first I / O channel 18, which can only read the contents of the first storage device 46, and the third I / O channel 18 ', which can only write to those empty areas of the second storage device 46', where neither mail messages nor data are recorded access registrations are connected only to the first computer 22, which is connected to the external network 24. In other words, the first computer 22 connected to the external network 24 is not connected to the second computer 23, which supports and manages the home page and mail sales messages. Therefore, even if an attacker penetrates this system through an external network 24 and takes complete control of the first computer 22, he will not be able to access the second computer 23, so that this attacker will not be able to modify and / or secretly read mail messages that have already been delivered , and also will not be able to change access registration data, homepage, etc. using a second computer.

Since the first input / output channel 18 is a read-only channel for the first storage device 46, an attacker using the first computer cannot write to the first storage device 46.

In addition, since the third I / O channel 18 'is a write-only channel, intended only to be written to an empty area of the second storage device 46', an attacker will not be able to read the contents of the second storage device 46 'or rewrite existing records in this device. Therefore, the protection of this system is quite reliable.

The second computer 23 writes to the first storage device 46 information, for example, for the home page, which must be presented in an external environment. In addition, the second computer 23 reads information from the second storage device 46 ′, for example, those mail messages received by the first computer 22 and writes to the second storage device 46 ′, and puts the information thus read in a mailbox, presented, for example, on a separate local drive. Although information, such as mail messages read from the second storage device 46 ', should be carefully checked for the possible presence of programs contained therein that could destroy the system, such checking should be performed only for programs transmitted by e-mail.

If each of the storage devices 46 and 46 'is based on an electronic circuit, for example a semiconductor integrated circuit, it becomes possible to implement an information processing system that is compact and reliable due to the absence of moving parts such as a rewritable disc.

Below, with reference to Fig. 8, a storage device for an information processing system is described. A rewritable storage device 21 includes a rewritable disk 11; a head 26 for reading data from a rewritable disc 11 and writing data to it; a head drive section 27 for driving the head; a head control circuit 28 for controlling the head and a processing circuit 29. The processing circuit 29 is connected to the first input / output channel 18 and the second input / output channel 19 and processes read / write requests from the first input / output channel 18 and the second input / output channel 19. This processing circuit feeds the processing results to the head control circuit 28 and receives information from it.

Below, with reference to FIG. 9, an information processing system in which a rewritable disc has a plurality of recording areas is described. This information processing system includes a hard disk 11; heads 12 and 13 for performing read / write from / to disk 11; two or more input / output channels 18 and 19 connected to the heads; a first computer 22 connected to one of the input / output channels (first input / output channel 18); and a second computer 23 connected to another I / O channel (second I / O channel 19). The hard disk 11 has a plurality of recording areas 41 and 42, for which respective operating modes can be set independently of one another. The second computer 23 is connected to an external storage device 43 that allows reading / writing from / to a disc, such as a rewritable compact disc (CD-R) and CD-ROM.

The arrangement of the elements in this embodiment is such that between the first recording area 41 and the second recording area 42, on the one hand, and the first computer 22 and the second computer 23, on the other hand, the following relationship is established. Firstly, the first computer 22 is configured so that it can read and write data from / to any of the recording areas 41 and 42 using the head 12 connected to the first input / output channel 18. On the other hand, the second computer 23 is configured so that it can read data, but cannot write data to the first recording area 41 using the head 13 connected to the second I / O channel 19. In addition, the second computer 23 cannot read the data, but may just record additional data to the second recording area 42.

Below is the reason why an information processing system built on the above principle will not be destroyed by a virus program even when the necessary files are read from a compact disc (CD-ROM), which may contain an implicit virus program. First, suppose that the necessary files are read from a CD containing a hidden virus program using an external storage device 43 of the second computer, and then written to a disk in the second recording area 42. It is clear that the second memory area 42 will be recorded and a virus program. Then, the first computer 22 copies the files recorded in the second recording area 42 and containing the virus program to the first recording area 41.

Infection of the information processing system with a virus means that the file existing in it changes (in other words, this file is overwritten). Therefore, if the recording area in which the file was recorded is not rewritable, then the file will not be changed under any circumstances. In this embodiment, the second computer 23 can only read the first recording area 41 (that is, cannot write to it). Therefore, even if the second computer 23 executes a file containing the above virus, the first recording area 41 will not be overwritten and therefore this information system will not be destroyed. On the other hand, the second computer 23 cannot read data from the second recording area 42, and therefore, the second computer 23 cannot under any circumstances read the files recorded in the second recording area 42. Therefore, even when executing a program containing a virus, the second computer 23 cannot overwrite the files in either the first recording area 41, or the files in the second area 42.

Thus, the second computer 23 can execute the file containing the virus without causing damage to the files recorded in the first or second recording area 41 and 42, and evaluate its behavior. Based on these results, the first computer 22 checks to see if there is a virus in the recorded file. When a virus is detected, the corresponding files recorded in the first recording area 41 and the second recording area 42 are deleted. If no virus is found, the first computer 22 executes the corresponding files. In this case, since the first computer 22 can read / write in relation to any of the recording areas 41 and 42, it is possible to fully execute the program. Thus, this information processing system is protected from destruction by the virus.

Below, with reference to FIG. 10, an information processing system suitable for use as a server for a home page and mail messages is described. This computer system differs from the above-described embodiment in that the second computer 23 is connected to a network 24, for example, the Internet. The second computer 23, in addition, can be connected to an external storage device capable of reading / writing a disc, such as a CD-R and a CD-ROM. The system can be configured to establish relationships similar to those in the above embodiment between the first recording area 41 and the second recording area 42, on the one hand, and the first computer 22 and the second computer 23, on the other hand.

The first recording area 41 may be used to store data related to public information, such as a home page. It is assumed that the hacker in the network 24 took full control of the second computer 23 in order to change the data of the home page and the like recorded on the hard disk 11. However, the second computer 23 can only read the first recording area 41 and cannot read the data from the second recording area 42. In addition, the second computer 23 cannot record to the first recording area 41, and therefore, the hacker will not be able to change or delete programs and / data of the home page that were recorded on the hard disk 11. Rewrite programs and / if the data in the first recording region 41 is performed by a head unit 12 connected to the first computer 22.

The second recording area 42 is suitable for broadcasting user mail messages over the network 24. The mail message recorded by the network user 24 to the second recording area 42 is copied by the first computer to the first recording area 41. Since the second computer 23 can read files in the first recording area 41, the user on the network 24, it can read the mail messages addressed to it / him recorded in the first recording area 41.

The first computer 22 can not only read data from the second recording area 42, but also write data to this area, while the second computer 23 cannot read data from the second recording area 42, but can only add data to it. Therefore, the second recording area 42 can also be used to store private information, such as encryption keys, passwords and addresses. Third parties on the network 24, such as the Internet, will not be able to read data from the second recording area 42 through the second computer 23, so that the specified information does not leak. If the system administrator wants to change this information, such a change can be made using the head 12 connected to the first computer 22.

Here, it is assumed that the information of the mail message or the home page containing the virus was recorded in the second recording area 42 via the network 24. Then it becomes possible for the virus to directly destroy the contents of the memory of the second computer 23. When, based on the improper operation of the second computer 23, the memory contents destroyed, the first computer 22 deletes the mail message containing the virus from the second recording area 42 and restarts the second computer 23. In this way, this processing system in deformations of is protected from destruction under the influence sent through a network of 24 e-mail message containing the virus.

According to the options described above with reference to FIGS. 9 and 10, the information processing system comprises a hard disk equipped with two heads 12 and 13. However, the number of heads does not have to be equal to two, and one head may be sufficient. Below with reference to FIG. 11, an information processing system with a specified structure is described.

In the information processing system comprising a single-head hard drive, a head control device 45 is further provided. With regard to other aspects, the structure of this information processing system is similar to the options described with reference to FIGS. 9 and 10. The head control device 45 provides such control, that one head 12 performs the functions of two independent heads in time-sharing mode. For example, the head 12 is assigned the function of the first head in the first time interval, and then the function of the second head in the second time interval following the first time interval, after which the specified operation is repeated. According to this structure, the functions of multiple heads can be realized with a single head.

In any of the above information processing systems, a hard disk, DVD-RAM, magneto-optical disk or the like can be used as a rewritable disc 11. These discs are very popular and are currently widely used as a storage medium, so the information processing system in which the indicated rewritable disc is used is relatively inexpensive and reliable.

The external network 24 may be not only the Internet, but also a LAN or an Intranet. In the case of Intranet, information that may be open to employees, but which may not be changed, can be processed in a secure manner.

In the present invention, the external network 24 may contain any transmission medium, such as analog telephone lines, ISDN (Digital Integrated Services Network) telephone lines, DSL (digital subscriber loop), CATV (cable television) lines, fiber optic lines, Ethernet, options Ethernet implementations: 10BASE-T and 100BASE-T, infrared signals and radio signals.

Claims (27)

1. An information processing system comprising a rewritable disc (11); a drive section for driving a disk; the first head (12) is only for reading data from the disk; a drive section (14) of the first head for driving the first head; a control circuit (16) of the first head for controlling the first head; a first input / output channel (18) connected to the control circuit of the first head; a second head (13) for reading data from the disk and writing data to the disk; a drive section (15) of the second head for driving the second head; a control circuit (17) of the second head for controlling the second head; a second input / output channel (19) connected to a second head control circuit; a first computer (22) connected to the first input / output channel; and a second computer (23) connected to the second input / output channel; the first head and the second head are driven independently of each other, and the first computer is connected to an external network (24). 2. The information processing system according to claim 1, in which the disk is a hard disk. 3. The information processing system according to claim 1, further comprising a rewritable second disk (11 ') connected between the first computer (22) and the second computer (23), a section of the second drive to drive the second disk, a third head (12'), intended solely for recording in an empty area of the second disk, the drive section (14 ') of the third head for driving the third head, the control circuit (16') of the third head for controlling the third head, the third input / output channel (18 ') connected to the management scheme the third head, the fourth head (13 ') for reading data from the second disk and writing data to the second disk, the drive section (15') of the fourth head for driving the fourth head, the control circuit (17 ') of the fourth head for controlling the fourth head and a fourth input / output channel (19 ') connected to the fourth head control circuit. 4. An information processing system comprising a rewritable disc (11); a drive section for driving a disk; the first head (12) only for writing data to an empty area of the storage device (21); a drive section (14) of the first head for driving the first head; a control circuit (16) of the first head for controlling the first head; a first input / output channel (18) connected to the control circuit of the first head; a second head (13) for reading data from the disk and writing data to the disk; a drive section (15) of the second head for driving the second head; a control circuit (17) of the second head for controlling the second head; a second input / output channel (19) connected to a second head control circuit; a first computer (22) connected to the first input / output channel; and a second computer (23) connected to the second input / output channel; the first head and the second head are driven independently of each other, and the first computer is connected to an external network (24). 5. The information processing system according to claim 4, in which the disk is a hard disk. 6. An information processing system comprising a rewritable memory device (21, 46); the first input / output channel (18) associated with the storage device (21), solely for performing reads from the storage device (21); a second input / output channel (19) associated with the storage device (21) for performing read / write from / to the storage / its device / o (21); a first computer (22) connected to the first I / O channel (18), and a second computer (23) connected to the second I / O channel (19); wherein the first input / output channel (18) and the second input / output channel (19) are driven independently of each other, and the first computer (22) is connected to an external network (24). 7. The information processing system according to claim 6, in which a rewritable storage device (21) is formed by an electronic circuit. 8. The information processing system according to claim 6, in which a rewritable storage device (21) comprises a rewritable disk (11); a head (26) for reading data from a rewritable disc (11) and writing data to it; a head drive section (27) for driving the head; a head control circuit (28) for controlling the head and a processing circuit (29) connected to the first input / output channel (18) and the second input / output channel (19) for processing read / write requests from the first input / output channel ( 18) and a second input / output channel (19), wherein the processing circuit feeds the processing results to the head control circuit (28) and receives information from it, and only controls the reading or reading / writing of the first input / output channel (18) and second input / output channel (19). 9. The information processing system according to claim 6, further comprising a rewritable second memory device (46 ') connected between the first computer (22) and the second computer (23), a third write-only I / O channel (18') associated with the second a storage device (46 '), only to write to an empty area of the second storage device (46'), and a fourth I / O channel (19 ') associated with the second storage device (46') to perform read / write with / into the second storage / its device / o (46 '). 10. The information processing system according to claim 6, in which said disk is a hard disk. 11. An information processing system comprising a rewritable memory device (21); the first input / output channel (18) associated with the storage device (21), exclusively for recording in an empty area of the storage device (21); a second input / output channel (19) associated with the storage device (21) for performing read / write from / to the storage / its device / o (21); a first computer (22) connected to the first I / O channel (18), and a second computer (23) connected to the second I / O channel (19); wherein the first input / output channel (18) and the second input / output channel (19) are driven independently of each other, and the first computer (22) is connected to an external network (24). 12. The information processing system according to claim 11, in which a rewritable storage device (21) is based on an electronic circuit. 13. The information processing system according to claim 11, wherein the rewritable storage device (21) comprises a rewritable disk (11); a head (26) for reading data from a rewritable disc (11) and writing data to it; a head drive section (27) for driving the head; a head control circuit (28) for controlling the head and a processing circuit (29) connected to the first input / output channel (18) and the second input / output channel (19) for processing read / write requests from the first input / output channel ( 18) and a second input / output channel (19), wherein the processing circuit feeds the processing results to the head control circuit (28) and receives information from it, and only controls the reading or reading / writing of the first input / output channel (18) and second input / output channel (19). 14. The information processing system according to claim 11, in which said disk is a hard disk. 15. An information processing system comprising a rewritable disc (11) having a plurality of recording areas (41, 42), at least one head (12, 13) for reading / writing from / to a disc / to, two or more channels input / output (18, 19) connected to the head, the first computer (22) connected to one of the input / output channels (hereinafter referred to as the "first input / output channel (18)"), and the second computer (23) connected to another input / output channel (hereinafter referred to as the "second input / output channel (19)") and provided with an external storage device (43), wherein the first recording region (41) from the recording regions is made in the form of a region from which only reading through the second input / output channel (19) can be performed, and the second recording region (42), different from the first recording region, is made in the form of a region into which only additional recording can be performed through the second input / output channel (19), moreover, the first and second recording areas are arranged to read and write to them through the first input / output channel (18), wherein the first computer (22) reads the file recorded by the second computer into the second region, and writes it to the first region, and the second computer (23) reads the file from the external storage device (43) and adds it to the second area. 16. The information processing system according to clause 15, in which the head is the only one, while the system further comprises a head control device (45). 17. The information processing system according to claim 15, wherein the information processing system is used as a homepage server. 18. The information processing system according to clause 15, wherein the information processing system is used as an email server. 19. The information processing system of claim 15, wherein the disk is a hard disk. 20. An information processing system comprising a disk (11) having a plurality of recording areas (41, 42), at least one head (12, 13) for reading / writing from / to a disk, two or more input / output channels (18, 19) connected to the head, the first computer (22) connected to one of the I / O channels (hereinafter referred to as the "first I / O channel (18)"), and the second computer (23) connected to the other channel I / O (hereinafter referred to as the "second input / output channel (19)") and connected to the network (24), wherein the first recording region (41) from the mentioned recording regions is made in the form of a region from which only reading through the second input / output channel (19) can be performed, and the second recording region (42), different from the first recording region, is made in the form the area in which you can only perform additional recording through the second input / output channel (19), moreover, the first and second recording areas are arranged to read and write to them through the first input / output channel (18), wherein the first computer (22) reads the file recorded by the second computer into the second region, and writes it to the first recording region (41), and the second computer (23) receives the file from the network (24) and adds it to the second recording area (42). 21. The information processing system according to claim 20, in which the head is the only one, while the system further comprises a head control device (45). 22. The information processing system according to claim 20, wherein the information processing system is used as a homepage server. 23. The information processing system according to claim 20, wherein the information processing system is used as an email server. 24. The information processing system according to claim 20, in which the disk is a hard disk. Priority on points: 10/31/2000 - claims 1-10; 02.16.2001 - claims 1-14; 10/05/2001 - pp.15-24.

Images