ACCORD-TSHM

ACCORD-TSHM

Overview

DST PUA Accord-TSHM is a trusted startup hardware module (TSHM) for IBM-compatible computers ‑ servers and local network workstations, protecting devices and information resources from unauthorized access.

"Trusted Startup" is a startup of a variety of operating systems only from pre-defined permanent carriers (for example, from a hard disk) after successful completion of special procedures: a check of the integrity of PC hardware and software (using a step-by-step integrity check) and user identification/authentication.

The complex begins to work immediately after implementing the regular computer's BIOS (before starting up the operating system) and provides a trusted startup of operating systems that support file systems FAT 12, FAT 16, FAT 32, NTFS, HPFS, EXT2FS, EXT3FS, FreeBSD, Sol86FS, QNXFS, MINIX. These include, in particular, OS families of MS DOS, Windows (Windows 9x, Windows ME, Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista), QNX, OS/2, UNIX, LINUX, BSD, etc.

Controllers

Accord-TSHM can be implemented on different controllers, but its basic functionality will always remain the same and correspondent to the statements and specifications indicated in compliance certificates.

In order to choose a right option, at first you should determine what kind of open slot the computer has, where you plan to install Accord-TSHM.

These can include the following bussed interface:

  • PCI or PCI-X - so you need controllers Accord-5MX or Accord-5.5
  • PCI-express - so you need controllers Accord-5.5.e or Accord-GX
  • Mini PCI-express - so you need a controller Accord-GXM
  • Mini PCI-express half card - so you need a controller Accord-GXMH

 

Accord-5MX

Controller "Accord-5MX"

Accord-5.5

Controller "Accord-5.5"

Accord-5.5.e

Controller "Accord-5.5 PCI-Express"

Accord-GX

Controller "Accord-GX"

Accord-GXM

Controller "Accord-GXM"

Accord-GXMH

Controller "Accord-GXMH"

Accord-LE

Controller "Accord-5.5.e new (Accord-LE)"

Characteristic features of packaging of the board

Accord-TSHM with a FSS certificate is produced in accordance with special technical specifications, which include a number of additional requirements, so if you need this very Accord, look for a line with comment "FSS certificate" in the price list. It differs through the packaging of the board, in particular, the possibility to switch off the power in case BIOS of TSHM does not start working within N seconds.

However, you can order additional components for Accord-TSHM with basic internal software, but in this case you should at first get to know the availability of such components and delivery terms.

Thus, apart from real-time timers, controllers can be equipped with an interface of blocking two or more physical channels (FDD, HDD(IDE), ATX, EATX). One should bear in mind that blocking of channels needs not only interfaces, but also channel blocking devices, which are indicated in the price list under the name "additional devices".

                        

Tool for controlling IDE interface                           Tool for controlling SATA interface

                           

Tool for controlling USB interface                           Tool for blocking FDD channel

Tool for power control of ATX/EATX

Identifiers

On default, user identifiers for Accord-TSHM based on any of the controllers are TM-identifiers.

Readers for TM-identifiers can be different: they can be external (with laces) or internal (installed in the computer casing), with fixing mechanisms for TM-identifiers and without them, they can be connected to a controller plug or a USB-port. On default, when you order a set you are offered an external reader without a fixing mechanism, and if you need another one, you should specify it in your order. These are the photos of readers for the sake of convenience.

 


DS-03E

DS-03TE (with a fixing mechanism for TM)
 
DS-03 (internal)

For COM-port

DS-USB

If you plan to use not TM, but PCDST SHIPKA as an identifier in the future (based on SHIPKA-lite or other models), you need to choose Accord-TSHM marked in the following way: "Expansion possibilities: using PCDST SHIPKA as an identifier" . This is important!

Adding functions to Accord-TSHM up to the level of hardware and software complex DPT PUA Accord (including TSE)

All controllers allow expanding the functions of Accord-TSHM up to the hardware and software complex Accord (Accord-Win32, Accord-Win64 and Accord-X). You can choose Accord-TSHM based on any controller without fear that the components will be incompatible in the future when you decide to add special software of access isolation.

If you plan to expand Accord-TSHM to Accord-U in the future, you should choose one of those Accord-TSHMs in the price list, the description of which states: "FSS certificate, the possibility to expand functions. Expansion possibilities: using PCDST SHIPKA as a user identifier, adding special software of access isolation for using embedded hardware cryptographic functions".

Regulatory compliance

The complex is suitable for constructing data security systems protecting against unauthorized access in accordance with governing documents of the Federal Service for Technical and Export Control of Russia "Protection against unauthorized access to information. Part 1. Software for data protection. Classification in accordance with the level of control of the lack of non-declared possibilities"- in accordance with the 3rd level of control, "Automated Systems. Protection against unauthorized access to information. Classification of automated systems and requirements to information security" - in accordance with protection class 1D, as well as for using as a means of user identification/authentication, monitoring PC software and hardware environments' integrity while creating automated systems that meet the requirements of the regulatory document of the Federal Service for Technical and Export Control of Russia "Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements to information security" - up to and including class 1B.

Unlike some other developments, PCI devices of «OKB SAPR» are legal, since «OKB SAPR» is a member of PCI Association. The identifier of PCI devices designed by «OKB SAPR» is 1795.

Certificates:

The certificate of compliance with the Federal Security Service requirements to hardware and software modules for trusted startup of computers for Accord-TSHM (version 3.2 based on controller Accord-5.5) № SF/127-1602.

The certificate of the Federal Technical Commission № 246/7 for complex DST PUA "Accord-TSHM".

The resolution of the Ministry of Defense of the Russian Federation № 61 dated 04.10.2010 about the compliance of the hardware and software complex DST PUA "Accord-TSHM" with the requirements to information security.