WO1999018493A1 - Improved data switch - Google Patents

Improved data switch Download PDF

Info

Publication number
WO1999018493A1
WO1999018493A1 PCT/AU1998/000829 AU9800829W WO9918493A1 WO 1999018493 A1 WO1999018493 A1 WO 1999018493A1 AU 9800829 W AU9800829 W AU 9800829W WO 9918493 A1 WO9918493 A1 WO 9918493A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
switch
data processing
data switch
processor
Prior art date
Application number
PCT/AU1998/000829
Other languages
French (fr)
Inventor
Peter Mogg
Robert Scott
Peter Penfold
Anthony Ashcroft
Colin Law
Original Assignee
Compucat Research Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Compucat Research Pty. Ltd. filed Critical Compucat Research Pty. Ltd.
Priority to GB0007520A priority Critical patent/GB2346465B/en
Priority to AU93323/98A priority patent/AU744891B2/en
Publication of WO1999018493A1 publication Critical patent/WO1999018493A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Definitions

  • This invention relates to an improved data switch for selectively switching a user interface (eg. keyboard, mouse and display) between two or more independent data processing systems.
  • a user interface eg. keyboard, mouse and display
  • the single data processing system there is the potential for data of differing security classifications to be mixed, allowing the possibility that classified data may be released to recipients not intended to possess that information.
  • An alternative method is to provide a plurality of independent data processing systems and user interfaces so that the separation of data of different security classifications is achieved by full physical separation between systems.
  • This approach is hardware intensive and also has ergonomic disadvantages in that the operator is forced to physically move between the different systems.
  • the present invention relates to a hybrid system in which a user can, via a single user interface (eg. keyboard, mouse etc) selectively input data to one of two or more independent data processing systems.
  • a single user interface eg. keyboard, mouse etc
  • the invention aims to provide an improved failsafe architecture which ensures that inadvertant data transfer between independent data processing systems is avoided.
  • This invention in one aspect resides in an improved data switch for selectively connecting a user interface to one of a plurality of independent data processing systems .
  • a data diode may be provided between the data processing systems for allowing data from the lower classification system to pass to the higher classification system, but not in the other direction.
  • the user interface is adapted so that it is incapable of transferring data between data processing systems during or after switching between processing systems.
  • a standard user interface includes a processor and buffer memory in the keyboard.
  • the user interface processor/buffer can retain data and can cause an inadvertant transfer of data between systems.
  • the invention resides broadly in an improved data switch in which no data can remain "upstream" of the data switch after switching.
  • the invention resides in a methodology of preventing inadvertant data transfer, such method involving the relocation and replication of the user interface processor/buffer on the "downstream" (or data processing system side) of the data switch.
  • FIG 1 is a schematic block diagram illustrating how the invention may be implemented
  • FIG 2 illustrates how the keyboard is reset when switching between processors according to the prior art
  • FIG 3 illustrates detail of the modified keyboard approach .
  • input devices ie. keyboard and mouse
  • processors in the illustrated case - processor B
  • processor B is selectively connected to the output device (ie. display monitor) of the user interface via an output switch.
  • the switches may be manually actuated to the alternative position in which connection to processor A is achieved.
  • the input switch includes a corresponding plurality (in this case two) of keyboard processor/buffers.
  • a single processor/buffer within the keyboard ie. upstream of the switch
  • the present invention has a significant architectural failsafe advantage over the prior art and is not reliant on any reset functions or the like to clear data.
  • the preferred embodiment of the present invention achieves a number of objectives :- (a) separation of data of differing classifications is guaranteed by full physical separation of the data processing systems.
  • (a) data from the keyboard can be directed to one (and only one) of the data processing systems at any one time.
  • the input switch will ensure that no information remains within the keyboard, mouse or switching mechanism when switching takes place.
  • the output switch will route the output of the selected data processing system to the display monitor. All of the fundamental requirements of both the input and output switches are implemented in hardware . This removes the requirement to utilise trusted software or firmware. This makes Government endorsement a much easier and faster task.
  • the present invention provides an alternative to existing solutions. The data is separated without the need of trusted software. The architecture of the invention ensures that data cannot be transferred between systems, in contrast to the prior art arrangement in which the operator is reliant on the reset mechanism functioning as intended. Thus, the present invention is failsafe unlike the prior art.
  • the user is given a clear indication of which data processing system has been selected and data cannot be transferred between systems during or after switching.

Abstract

An improved data switch in which no data can be retained on the upstream side of the data switch during switching of the data switch between data processing systems having differing security classifications. This is achieved via the repositioning and replication of the processor/buffer of the input device on the downstream side of the data switch.

Description

"IMPROVED DATA SWITCH"
TECHNICAL FIELD
This invention relates to an improved data switch for selectively switching a user interface (eg. keyboard, mouse and display) between two or more independent data processing systems.
BACKGROUND ART
A problem exists where a single data processing system is used to process data of differing security classifications. Within the single data processing system there is the potential for data of differing security classifications to be mixed, allowing the possibility that classified data may be released to recipients not intended to possess that information.
Traditionally system designers have sought to address this problem by using "trusted" software to identify and partition data of differing classifications within the single data processing system. The development and subsequent evaluation, certification and accreditation of such complex partitioning software has become extremely time consuming and expensive.
An alternative method is to provide a plurality of independent data processing systems and user interfaces so that the separation of data of different security classifications is achieved by full physical separation between systems. This approach is hardware intensive and also has ergonomic disadvantages in that the operator is forced to physically move between the different systems.
The present invention relates to a hybrid system in which a user can, via a single user interface (eg. keyboard, mouse etc) selectively input data to one of two or more independent data processing systems.
Such a system is broadly known from Australian Patent 691102 and this document is the most relevant prior art currently known to the applicant.
The invention aims to provide an improved failsafe architecture which ensures that inadvertant data transfer between independent data processing systems is avoided.
DISCLOSURE OF INVENTION
This invention in one aspect resides in an improved data switch for selectively connecting a user interface to one of a plurality of independent data processing systems .
Optionally, a data diode may be provided between the data processing systems for allowing data from the lower classification system to pass to the higher classification system, but not in the other direction.
To ensure that data cannot be inadvertantly transferred between the independent data processing systems (and especially from the higher security system to the lower security system) , the user interface is adapted so that it is incapable of transferring data between data processing systems during or after switching between processing systems.
A standard user interface includes a processor and buffer memory in the keyboard. The user interface processor/buffer can retain data and can cause an inadvertant transfer of data between systems.
This problem is overcome according to the present invention by using a modified user interface having no processor/buffer memory on the "upstream" side of the data switch. Rather, the buffer (s) /processor (s) are relocated and replicated "downstream" of the data switch. Necessarily, there is a buffer/processor for each of the independent data processing systems .
Thus, in one aspect the invention resides broadly in an improved data switch in which no data can remain "upstream" of the data switch after switching.
According to another aspect the invention resides in a methodology of preventing inadvertant data transfer, such method involving the relocation and replication of the user interface processor/buffer on the "downstream" (or data processing system side) of the data switch.
BRIEF DESCRIPTION OF DRAWINGS
In order that this invention may be more easily understood and put into practical effect, reference will now be made to the accompanying drawings which illustrate preferred embodiments of the invention, wherein: -
FIG 1 is a schematic block diagram illustrating how the invention may be implemented;
FIG 2 illustrates how the keyboard is reset when switching between processors according to the prior art; FIG 3 illustrates detail of the modified keyboard approach .
BEST MODE
With reference to FIG 1, input devices (ie. keyboard and mouse) of the user interface are selectively connectable to one of two processors (in the illustrated case - processor B) via an input switch.
Similarly, processor B is selectively connected to the output device (ie. display monitor) of the user interface via an output switch.
It will be appreciated that the input switch and output switch are linked or "ganged" so that switching of the input switch and output switch between processors occurs simultaneously.
The switches may be manually actuated to the alternative position in which connection to processor A is achieved.
It is important that no data be retained on the user interface side of the switch during or after switching, particularly when switching from the higher classification system to the lower classification system.
This can be achieved by resetting the input device (s) when switching between processors as per the prior art .
Referring to FIG 2, there is illustrated greater detail of the present invention. As can be seen, the input switch includes a corresponding plurality (in this case two) of keyboard processor/buffers. As mentioned previously, there is normally a single processor/buffer within the keyboard (ie. upstream of the switch), however in this case there are two processor/buffers located "downstream" of the switch. Accordingly, data contained within the respective keyboard processor/buffers cannot be transferred between data processing systems during or after switching and no reset function is required.
The present invention has a significant architectural failsafe advantage over the prior art and is not reliant on any reset functions or the like to clear data.
The preferred embodiment of the present invention achieves a number of objectives :- (a) separation of data of differing classifications is guaranteed by full physical separation of the data processing systems.
(b) the switching of the data input and the data output is a simple mechanical function which is electrically confirmed and can therefore be easily proved to provide data separation.
(c) the security enforcing functions are all physical in nature, and therefore no trusted software is required . (d) no specialised application software is required.
The fundamental requirements of the input switch are: -
(a) data from the keyboard can be directed to one (and only one) of the data processing systems at any one time.
(b) the operator can switch the data from the keyboard and mouse to the desired data processing system. (c) there is confirmation to the user of which data processing system has been selected, and validation that the switch is functioning correctly.
(d) there is complete electronic isolation between the data procesing systems.
(e) the input switch will ensure that no information remains within the keyboard, mouse or switching mechanism when switching takes place.
The" fundamental requirements of the output switch are : -
(a) there is a complete electronic isolation between data processing systems.
(b) the output switch will route the output of the selected data processing system to the display monitor. All of the fundamental requirements of both the input and output switches are implemented in hardware . This removes the requirement to utilise trusted software or firmware. This makes Government endorsement a much easier and faster task. The present invention provides an alternative to existing solutions. The data is separated without the need of trusted software. The architecture of the invention ensures that data cannot be transferred between systems, in contrast to the prior art arrangement in which the operator is reliant on the reset mechanism functioning as intended. Thus, the present invention is failsafe unlike the prior art.
The user is given a clear indication of which data processing system has been selected and data cannot be transferred between systems during or after switching.
It will of course be realised that whilst the above has been given by way of an illustrative example of this invention, all such and other modifications and variations hereto, as would be apparent to persons skilled in the art, are deemed to fall within the broad scope and ambit of this invention as is herein set forth.

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS : -
1. A system including : - a user interface; a data switch for selectively connecting the user interface to one of a plurality of data processing systems, characterised in that there is no processor/buffer located on the user interface side of the data switch.
2. A system as claimed in claim 1, wherein there are a plurality of processors/buffers located on the data processing system side of the data switch.
3. A system as claimed in claim 2, wherein each of the plurality of processors/buffers is connected in series with one of the plurality of the data processing systems.
PCT/AU1998/000829 1997-10-02 1998-10-01 Improved data switch WO1999018493A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0007520A GB2346465B (en) 1997-10-02 1998-10-01 Improved data switch
AU93323/98A AU744891B2 (en) 1997-10-02 1998-10-01 Improved data switch

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPO9598 1997-10-02
AUPO9598A AUPO959897A0 (en) 1997-10-02 1997-10-02 Data switch

Publications (1)

Publication Number Publication Date
WO1999018493A1 true WO1999018493A1 (en) 1999-04-15

Family

ID=3803878

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1998/000829 WO1999018493A1 (en) 1997-10-02 1998-10-01 Improved data switch

Country Status (3)

Country Link
AU (1) AUPO959897A0 (en)
GB (1) GB2346465B (en)
WO (1) WO1999018493A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011058552A3 (en) * 2009-11-10 2011-10-13 High Sec Labs Ltd. Secure kvm system having multiple emulated edid functions
EP2428911A3 (en) * 2010-09-09 2013-03-06 Honeywell International, Inc. High assurance authorization device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004062203B4 (en) * 2004-12-23 2007-03-08 Infineon Technologies Ag Data processing device, telecommunication terminal and method for data processing by means of a data processing device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4641262A (en) * 1983-03-07 1987-02-03 International Business Machines Corporation Personal computer attachment for host system display station
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
WO1996030840A1 (en) * 1995-03-31 1996-10-03 The Commonwealth Of Australia Method and means for interconnecting different security level networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4641262A (en) * 1983-03-07 1987-02-03 International Business Machines Corporation Personal computer attachment for host system display station
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
WO1996030840A1 (en) * 1995-03-31 1996-10-03 The Commonwealth Of Australia Method and means for interconnecting different security level networks

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011058552A3 (en) * 2009-11-10 2011-10-13 High Sec Labs Ltd. Secure kvm system having multiple emulated edid functions
US9501157B2 (en) 2009-11-10 2016-11-22 High Sec Labs Ltd. Secure KVM system having multiple emulated EDID functions
EP2428911A3 (en) * 2010-09-09 2013-03-06 Honeywell International, Inc. High assurance authorization device
US9426652B2 (en) 2010-09-09 2016-08-23 Joseph Nutaro High assurance authorization device

Also Published As

Publication number Publication date
GB0007520D0 (en) 2000-05-17
GB2346465A (en) 2000-08-09
GB2346465B (en) 2002-10-09
AUPO959897A0 (en) 1997-10-30

Similar Documents

Publication Publication Date Title
US5117225A (en) Computer display screen monitoring system
EP0485997A2 (en) Printer control device and method for controlling a printer
JPH0668041A (en) Computer system
CN101303681A (en) Dynamic reconfiguration of PCI EXPRESS links
WO2005106622A1 (en) Method and apparatus providing multiple single levels of security for distributed processing in communication systems
US20030163615A1 (en) Peripheral or memory device having a combined ISA bus and LPC bus
KR970049639A (en) Logical Address Bus Architecture for Multiprocessor Systems
EP0597013A1 (en) Apparatus and method for frame switching
JPH07146826A (en) Crossing-cable detecting system between sections
WO1999018493A1 (en) Improved data switch
US7631129B2 (en) Computer monitoring system and monitoring method
AU744891B2 (en) Improved data switch
EP0353249A1 (en) Parallel networking architecture
US6330694B1 (en) Fault tolerant system and method utilizing the peripheral components interconnection bus monitoring card
US5790889A (en) Method of selecting pointing device in a computer comprising responsive to a reconfiguration event, indentifying all connected pointing devices and selecting one of the devices
EP1482411B1 (en) Error detection in a circuit module
US7802041B2 (en) Information processing apparatus including transfer device for transferring requests
CN109542522A (en) A kind of FPGA starting method and device
US5896514A (en) Logic implementation of control signals for on-silicon multi-master data transfer bus
US6526528B1 (en) Ticket punch watchdog monitor
JP3174246B2 (en) Monitoring device and information transmitting / receiving device
CN111027108B (en) Sequential logic safety detection method and device for low-speed synchronous serial bus
CN117825921A (en) Test method and test system for chip pins
JP3008646B2 (en) Failure information processing method
KR100305872B1 (en) Duplicated system using state information of the other side

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 93323/98

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: GB0007520.0

Country of ref document: GB

WWE Wipo information: entry into national phase

Ref document number: 09509730

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA

WWG Wipo information: grant in national office

Ref document number: 93323/98

Country of ref document: AU