WO2005121922A1 - Method to store electronic documents in a non-modifiable manner - Google Patents

Method to store electronic documents in a non-modifiable manner Download PDF

Info

Publication number
WO2005121922A1
WO2005121922A1 PCT/IB2005/001583 IB2005001583W WO2005121922A1 WO 2005121922 A1 WO2005121922 A1 WO 2005121922A1 IB 2005001583 W IB2005001583 W IB 2005001583W WO 2005121922 A1 WO2005121922 A1 WO 2005121922A1
Authority
WO
WIPO (PCT)
Prior art keywords
calculator
electronic
storage device
electronic documents
hereinbefore
Prior art date
Application number
PCT/IB2005/001583
Other languages
French (fr)
Inventor
Pier Luca Montessoro
Original Assignee
Universita' Degli Studi Di Udine
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universita' Degli Studi Di Udine filed Critical Universita' Degli Studi Di Udine
Publication of WO2005121922A1 publication Critical patent/WO2005121922A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Abstract

Method to store, in a non-modifiable manner, electronic documents generated by a calculator (11) and containing the description of the events and activities performed by the calculator (11) itself, or containing generic data of the users. The method comprises a step during which the documents present on the calculator (11) are intercepted or selected; a step during which the documents intercepted or selected are transmitted to a storage device (12a); and a step during which the documents received are memorized in the storage device (12a).

Description

"METHOD TO STORE ELECTRONIC DOCUMENTS IN A NON-MODIFIABLE MANNER" * * * * * FIELD OF THE INVENTION The present invention concerns a method to store, in a non-modifiable manner, information contained in electronic documents, for example the description of the events generated by a calculator or the activities performed by said calculator. Such documents are known in English as files in general and log files in the particular case when they contain the description of events or activities concerning a calculator. They can contain information concerning, for example, connection attempts, access to documents, malfunctioning. These files must be protected so that the memorization is exempt from possible breaches or cancellations by unauthorized third parties. Hereafter we shall use the word "document" to mean both whole files and also individual pieces of information (for example the description of a single event). The invention is applied indifferently to both cases. BACKGROUND OF THE INVENTION Methods to protect electronic calculators, or other devices similar thereto for the purposes of the present invention, from access by unauthorized third parties, even with a high level of protection, are known. Known protection methods have the disadvantage that, once the barriers have been passed, the calculator is freely accessible. One of the problems of calculators is that it is possible for an unauthorized third party to penetrate inside a calculator, bypassing the possible protections. In this case, having once obtained control of the calculator, the third party can cancel the traces of his unauthorized activity, either directly or indirectly by carrying out automatic programs to breach security. These traces are registered in the log files memorized in the calculator that has suffered the attack, and they can therefore be modified, altered or cancelled. The state of the art therefore makes it difficult, or impossible, to discover the provenance, date, time and modality of the attack. More generally, following an attack or a virus infection, documents being processed can be lost, which are hence without back-up copies. The US patent US-A-5,978,475 discloses a system for memorizing log files generated by an electronic calculator, linking them sequentially and encrypting them. This conventional system however does not prevent the risk that the log files, thus memorized, can be cancelled, so as to make it impossible, later, to retrieve the data contained therein before they were cancelled. The US patent US-A-5,361,359, instead, discloses a system and a method for the protection of an area of memory of an electronic calculator, for example that of a hard disk. The conventional system provides that the area to be protected is accessible, by means of a virtual communication channel, exclusively by an authorized person, but it does not prevent the data relating to the memorized files from being cancelled, and thus lost, for example when the whole hard disk is cancelled. One purpose of the present invention is to render available all the data necessary to discover the provenance, date, time and modality of the attack, even when the log files normally used in known methods are modified, altered or cancelled in an unauthorized manner. Another purpose of the present invention is to detect possible anomalies by analyzing the content of the log files and to signal such anomalies, for example by means of alarm messages, which can be displayed on a screen or transmitted automatically by means of normal channels of communication (for example by means of a cell phone system) . Another purpose of the present invention is to provide a protected archive for generic documents in the course of processing, which can be up-dated but not modified or cancelled by the system at risk of attack or virus. The Applicant has devised, tested and embodied this invention to overcome the shortcomings of the state of the art and to obtain these and other purposes and advantages . SUMMARY OF THE INVENTION The present invention is set forth and characterized in the main claim, while the dependent claims describe other characteristics of the invention or variants to the main inventive idea. In accordance with the above purposes, a method according to the present invention can be used to store, in a non- modifiable manner, electronic documents generated by an electronic calculator and containing the description of events and activities performed by the electronic calculator itself, the log files, or the files containing the generic data of users. The method according to the invention comprises a step to intercept or select the electronic documents present on the electronic calculator, on each occasion, according to a predetermined, or variable, pattern. According to a characteristic of the present invention, the method also comprises at least the following steps. During a transmission step, the electronic documents are transmitted by the electronic calculator to a storage device, which can be a second electronic calculator, or a dedicated storage device. The transmission is made by means of at least a communication channel of a unidirectional type, so that the electronic documents can be transmitted from the electronic calculator to the storage device, and not vice versa. During a subsequent memorization step, the electronic documents transmitted from the electronic calculator are memorized in the storage device. The physical architecture of the unidirectional connection and the devices used, as well as the program and the protocols employed, guarantee that it is impossible to alter the documents stored by the calculator which transmitted them, even when the security of the latter has been breached, precisely because the communication channel of a unidirectional type does not allow access from the first electronic calculator to the storage device. As is known, electronic documents, including log files, are normally memorized in the same calculator where they are generated. According to the present invention, said documents, having reached a storage device, are memorized in the latter without being able to be subsequently cancelled or altered by the calculator that transmitted them. Thanks to this technical solution, when storing log files, at least all the data necessary to discover the provenance and modality of a possible attack which has breached the security of the calculator are memorized in a non-modifiable manner. According to another characteristic, when storing log files, the invention provides one or more steps to analyze the content of said log files received, so as to detect possible anomalies on the first calculator. According to a variant, the transmission step comprises at least a step to label the above documents, so as to allow the reception step to reconstruct the documents transmitted. BRIEF DESCRIPTION OF THE DRAWINGS These and other characteristics of the present invention will become apparent from the following description of a preferential form of embodiment, given as a non-restrictive example with reference to the attached drawings wherein:
- fig. la is a schematic representation of the connection mode between a first and a second electronic calculator, according to the present invention;
- fig. lb is a schematic representation of the connection mode between the first calculator and a dedicated storage device, according to the present invention;
- fig. 2 is a schematic representation of a sequence of steps performed on the first calculator, according to the method;
- fig. 3 shows the structure of a particular message sent from the first to the second calculator or to the dedicated device;
- fig. 4 shows the structure of a generic message sent from the first to the second calculator or to the dedicated device; - fig. 5 is the block diagram of a first sequence of steps performed on the second calculator or inside the dedicated device;
- fig. 6 is the block diagram of a second sequence of steps performed on the second calculator or inside the dedicated device;
- fig. 7 is a variant of fig. 1;
- fig. 8 is another variant of fig. 1. DETAILED DESCRIPTION OF A PREFERENTIAL FORM OF EMBODIMENT With reference to fig. la, the memorization method according to the present invention provides a first calculator 11 that generates the log files and a second calculator 12a. The latter is able to receive data from the first calculator 11 by means of a dedicated connection 16 which can be for example the so-called serial communication port RS-232 or the USB (Universal Serial Bus), or otherwise . The first calculator 11 can communicate with a plurality of other calculators by means of a network of calculators 13, such as for example a network with TCP/IP protocols based on Ethernet technology, Token Ring, Wireless LAN (WiFi) or suchlike, and indicated in fig. 1 by the generic term "Internet". The second calculator 12a has no connection to the above- mentioned network of calculators 13, and communicates with the first calculator 11 by means of the dedicated connection 16 in a substantially exclusive manner, through a reserved communication protocol. The dedicated connection 16 is a unidirectional channel by means of which the first calculator 11 can transmit data to the second calculator 12a, but not vice versa. Thanks to this technical solution, an unauthorized person or a virus can penetrate into the first calculator 11, but is unable to penetrate into the second calculator 12a. According to a preferential embodiment of the present invention, the first calculator 11 performs a sequence of steps, called transmitting sequence, to intercept the log files generated by the first calculator 11, and to send them to the second calculator 12a. The latter in turn performs another sequence of steps, called receiving sequence, mating with the first sequence, in order to receive said log files and to store them. Said sequences of steps can be implemented on any calculator using any known operating system. To be more exact, trials have been made also using the Linux operating system, respecting all the criteria established by the POSIX standard (Portable Standard for Unix) . With reference to fig. 2, the transmitting sequence uses information with a configuration that can be defined a priori, for example to open the communication port used 20, or to identify the log files 21 to be memorized securely. According to one embodiment of the invention, the transmitting sequence performs as many other sequences of steps, called daughter steps, as there are log files 21 to be transmitted to the second calculator 12a. In turn, each daughter sequence activates a step 22 to intercept the writing operations on the log file 21 pertinent thereto. As is known, these writing operations are performed by the operating system of the first calculator 11. The data arriving from the different log files 21 are inserted in a memory register 23, substantially of the FIFO type (First In First Out), also called in English "pipe". Subsequently, since the data are sent by the first calculator 11 to the second calculator 12a through the same connection 16, the step 24 labels them. In this way the receiving sequence is able to associate each message received with the corresponding log file 21. The labelling step 24 of every message 26 (fig. 4) occurs according to the structure indicated hereafter. At the beginning of the message 26 a 3-byte heading is affixed: the first 27 contains the STX (start of text) character, also coded according to the known ASCII code (American Standard Code for Information Interchange) . The second byte 28 contains the information relating to the number of log files 21 from which the data come, and in the third byte 29 the length of the whole message 26 is inserted. At the end of the message a last byte 31 is affixed, in which the ASCII ETX code, end of text, is inserted, in order to indicate the end of the message 26. The body 30 of the message 26 contains the data arriving from the log file 21 to which the message 26 itself refers. Generally, given that the majority of the log files 21 are in a purely textual form, each message 26 is delimited by the characters STX and ETX, which are special characters for text transmissions. So that there are no characters present in the text that have the same code as STX or ETX, the second byte 28 contains the number of log files 21 from which the message arrives, increased by a number corresponding to the ASCII code for ETX, that is, the number 4 in the hexadecimal numerical base. To the same end, the third byte 29 indicates the length of the whole message 26, therefore including the 4 bytes of the label. Thanks to the information contained in the third byte 29, the receiving sequence is limited to controlling the presence of ETX in the last byte 31, avoiding the need to examine every individual byte in order to find the end of the message 26. According to a variant of the present invention, the above procedure makes it possible to transmit not only text messages, but also binary messages, since the body 30 of the message 26 is not analysed by the receiving sequence, as will be clarified in the following description. The receiving sequence comprises a first and a second sequence of steps. The first (fig. 5) provides a cycle of steps that deals with the reception (steps 35, 36, 38 and 39) of the data corresponding to one or more messages 26 transmitted by the first calculator 11. The first sequence also provides a step 37 to memorize the above data in a FIFO register. The second sequence of steps deals with the reconstruction of the messages 26 starting from the data memorized in said FIFO register during the first sequence. With reference to fig. 6, steps from 40 to 44 recompose the label (27, 28 and 29 in fig. 4) of one of the messages 26 received, and steps 51 to 53 and 55 deal with the reconstruction of the body 30 of the same message 26. Step 58 addresses the message 26 to the respective log file 21 to which it is intended. The second sequence of steps also performs a check on the correctness of the information received in every message 26, such as for example the heading (steps 45 to 47) and the end of the message 26 (steps 53 to 57). The transmitting sequence, if errors or malfunctions are detected, transmits to the second calculator 12a a message 25 of fig. 3. Consequently, the receiving sequence receives the message 25, identifying it by means of step 48 of fig. 6 and activating an alarm (step 49). It is clear that modifications and/or additions of parts may be made to the method for storing electronic documents in a non-modifiable manner as described heretofore, without departing from the field and scope of the present invention. A variant may provide to implement a procedure to correct the errors, for example on the level of the physical connection. According to a variant of the invention, the dedicated connection 16, apart from the already mentioned serial communication door RS-232, or the Universal Serial Bus (USB), can be made by means of any unidirectional data transmission device, via cable, or via radio, for example according to the Bluetooth® communication standard. It is also provided to use a connection by means of a network according to the known TCP/IP protocol, used in unidirectional transmission mode. According to the variant shown in fig. 7, the second calculator 12a is connected to a plurality of dedicated electronic calculators, such as generic servers 60, proxy servers 61, application servers 62, file servers 63, database servers 64 and firewalls 65. The connection between the plurality of dedicated electronic calculators 60-65 and the second calculator 12a is achieved by means of a corresponding plurality of unidirectional communication channels 16, which in the case shown here are via radio, according to the Bluetooth® communication protocol. In this way, a single device, the second calculator 12a, is sufficient for the secure storage of the log files generated by the plurality of calculators 60-65. According to the variant shown in fig. 8, the second electronic calculator 12a is connected to two farm servers 68 and 69, physically independent from each other, by means of a network of calculators 17 according to the TCP/IP communication protocol in unidirectional mode. In this case too, the second calculator 12a receives and memorizes securely the log files generated by the two farm servers 68 and 69. It is also clear that, although the present invention has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of method for storing electronic documents in a non-modifiable manner, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.

Claims

CLAIMS 1. Method to store, in a non-modifiable manner, electronic documents (21) generated by an electronic calculator (11) and containing the description of the events and activities performed by said electronic calculator (11), or containing generic data of the users, comprising a step of intercepting or selecting said electronic documents (21) present on said electronic calculator (11), characterized in that it also comprises at least the following steps: - a step of transmitting said electronic documents (21) from said electronic calculator (11) to a storage device (12a, 12b) by means of at least a communication channel of a unidirectional type (16), so that said electronic documents (21) can be transmitted from said electronic calculator (21) to said storage device (12a, 12b) and not vice versa, and; - a step of memorizing in said storage device (12a, 12b) said electronic documents (21) transmitted by said electronic calculator (11).
2. Method as in claim 1, characterized in that said storage device (12a, 12b) comprises a second calculator (12a) or a dedicated storage device (12b).
3. Method as in claim 1 or 2, characterized in that said communication channel of unidirectional type (16) is exclusively dedicated to the communication between said electronic calculator (11) and said storage device (12a, 12b).
4. Method as in claim, 1, 2 or 3, characterized in that said communication channel of unidirectional type (16) is a cable transmission channel.
5. Method as in claim, 1, 2 or 3, characterized in that said communication channel of unidirectional type (16) is a radio transmission channel.
6. Method as in any claim hereinbefore, characterized in that said electronic calculator (11) communicates with said storage device (12a, 12b) according to at least a communication protocol of unidirectional type.
7. Method as in any claim hereinbefore, characterized in that said electronic calculator (11) communicates with said storage device (12a, 12b) by means of at least a reserved communication protocol.
8. Method as in any claim hereinbefore, characterized in that said interception or selection step is performed on each occasion according to a pre-determined pattern or of variable type.
9. Method as in any claim hereinbefore, characterized in that said interception or selection step of said electronic documents (21) is performed substantially independently for each of said electronic documents (21).
10. Method as in any claim hereinbefore, characterized in that said transmission step comprises a step of labeling said electronic documents (21).
11. Method as in any claim hereinbefore, characterized in that said memorization step comprises at least a step of analyzing the content of said electronic documents (21) in order to detect possible errors or malfunctions.
12. Method as in claim 11, characterized in that said analysis step comprises at least a step of signaling said errors or malfunctions, during which step alarm signals are sent to an external alarm and/or display device.
13. Method as in any claim hereinbefore, characterized in that between the interception or selection step and the transmission step a step is provided to memorize on said electronic calculator (11) said electronic documents (21) arriving from the interception or selection step.
PCT/IB2005/001583 2004-06-07 2005-06-06 Method to store electronic documents in a non-modifiable manner WO2005121922A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITUD2004A000117 2004-06-07
ITUD20040117 ITUD20040117A1 (en) 2004-06-07 2004-06-07 PROCEDURE FOR THE ARCHIVING, IN A NON MODIFIABLE WAY, OF ELECTRONIC DOCUMENTS

Publications (1)

Publication Number Publication Date
WO2005121922A1 true WO2005121922A1 (en) 2005-12-22

Family

ID=34956635

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/001583 WO2005121922A1 (en) 2004-06-07 2005-06-06 Method to store electronic documents in a non-modifiable manner

Country Status (2)

Country Link
IT (1) ITUD20040117A1 (en)
WO (1) WO2005121922A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3030832A1 (en) * 2014-12-19 2016-06-24 Electricite De France SECURITY COMPUTING COMPONENT WITH CONTROLLED STORAGE SPACE

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5361359A (en) * 1992-08-31 1994-11-01 Trusted Information Systems, Inc. System and method for controlling the use of a computer
US5978475A (en) * 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
EP1202148A1 (en) * 2000-10-31 2002-05-02 Hewlett-Packard Company, A Delaware Corporation Virus check on altered data
WO2003090019A2 (en) * 2002-04-15 2003-10-30 Core Sdi, Incorporated Secure auditing of information systems
US20040003272A1 (en) * 2002-06-28 2004-01-01 International Business Machines Corporation Distributed autonomic backup

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5361359A (en) * 1992-08-31 1994-11-01 Trusted Information Systems, Inc. System and method for controlling the use of a computer
US5978475A (en) * 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
EP1202148A1 (en) * 2000-10-31 2002-05-02 Hewlett-Packard Company, A Delaware Corporation Virus check on altered data
WO2003090019A2 (en) * 2002-04-15 2003-10-30 Core Sdi, Incorporated Secure auditing of information systems
US20040003272A1 (en) * 2002-06-28 2004-01-01 International Business Machines Corporation Distributed autonomic backup

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3030832A1 (en) * 2014-12-19 2016-06-24 Electricite De France SECURITY COMPUTING COMPONENT WITH CONTROLLED STORAGE SPACE

Also Published As

Publication number Publication date
ITUD20040117A1 (en) 2004-09-07

Similar Documents

Publication Publication Date Title
EP2985974B1 (en) Malicious tunneling handling system
US8594331B2 (en) Dynamic password update for wireless encryption system
US7366916B2 (en) Method and apparatus for an encrypting keyboard
CN105530356B (en) Communication terminal and its data guard method and device
EP1121781A1 (en) Adapter having secure function and computer secure system using it
CN102521165B (en) Safe USB disk and its recognition methods and device
US6336140B1 (en) Method and system for the identification and the suppression of executable objects
NO316150B1 (en) Method, apparatus and device for encrypting message between interconnected networks
CA2481226C (en) Method and device for computer memory protection against unauthorized access
CN112073380B (en) Secure computer system based on double-processor KVM switching and password isolation
CN103973715B (en) Cloud computing security system and method
CN103646198A (en) Method, system and device for locking working region of mobile terminal
CN106921671A (en) The detection method and device of a kind of network attack
US6810355B1 (en) Balance and a method for operating a balance
CN110069266A (en) Application upgrade method, apparatus, computer equipment and storage medium
CN111754653A (en) Embedded system on an aircraft for detecting and responding to incidents using logging
WO2005121922A1 (en) Method to store electronic documents in a non-modifiable manner
CN107103470B (en) Method and system for improving information security in spot transaction process
US5838750A (en) Binary data electronic communication system
CN112953957B (en) Intrusion prevention method, system and related equipment
CN113901482A (en) Vulnerability detection method and device
CN114157501A (en) Parameter analysis method and device based on Tianri database
US8375226B1 (en) System and method for selectively isolating a computer from a computer network
CN112632583A (en) Internet of things integrated management system
CA2652532C (en) Device for receiving messages, in particular within the framework of secure data exchanges, associated aircraft and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase