Chris Johnson's Gatekeeper Anti Virus, developed in the 1980s and until 1993, provided a UI for controlling application functions on a per-program basis and storing the privileges in a file.

Siemens patent describes a system where a hash code is computed for original program files and for program files at load time, and if the hash code is different then the loader halts the loading with an alert signal.

The Ketcham patent describes a system which prevents a program from generating executable code files by associating the privilege to do so with said program.

Patent describing a computer security system that includes checking all executable statements for authority which is attached to a program, and includes checking the integrity of program library and OS files in order to execute the program.

A paper presented at 1989 IEEE Symposium on Security and Privacy, describing code authentication and runtime checking to prevent unauthorized code from executing.

To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control.

To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control.

To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control.

To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control.

The present invention is a modular digital computer system including first, second, third and fourth memories for storing data, data procedure programs and linking addresses, and digital apparatus for accessing these memories to select and link procedures and associated data therefrom in response to assembly level commands contained in the selected procedures.

The present invention is a modular digital computer system including first, second, third and fourth memories for storing data, data procedure programs and linking addresses, and digital apparatus for accessing these memories to select and link procedures and associated data therefrom in response to assembly level commands contained in the selected procedures.

An object of the present invention, in view of the above problems, is to provide a memory protection system in which memory protection information can be readily altered with no intervention of a control program.

An object of the present invention, in view of the above problems, is to provide a memory protection system in which memory protection information can be readily altered with no intervention of a control program.

This invention is directed to a cryptographic method for discouraging the copying and sharing of purchased software programs by allowing an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card.

This invention is directed to a cryptographic method for discouraging the copying and sharing of purchased software programs by allowing an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card.

The invention provides a software asset protection mechanism which is based on the separation of the software to be protected from the right to execute that software.

The invention provides a software asset protection mechanism which is based on the separation of the software to be protected from the right to execute that software.

A computer based function control system is particularly suited for use as a software security device on the highly popular personal computers or a micro-processor driven function. The system includes an encrypted security message uniquely encoded at predetermined locations within the software or function program.

A computer based function control system is particularly suited for use as a software security device on the highly popular personal computers or a micro-processor driven function. The system includes an encrypted security message uniquely encoded at predetermined locations within the software or function program.

A computer based function control system is particularly suited for use as a software security device on the highly popular personal computers or a micro-processor driven function. The system includes an encrypted security message uniquely encoded at predetermined locations within the software or function program.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces.

The present invention relates generally to software protection, and more particularly toward a method of and apparatus for enabling execution of software with only a data processing system authorized to execute the software. The software protection method and apparatus are particularly useful in a microprocessor based environment.

The present invention relates generally to software protection, and more particularly toward a method of and apparatus for enabling execution of software with only a data processing system authorized to execute the software. The software protection method and apparatus are particularly useful in a microprocessor based environment.

The present invention relates generally to software protection, and more particularly toward a method of and apparatus for enabling execution of software with only a data processing system authorized to execute the software. The software protection method and apparatus are particularly useful in a microprocessor based environment.

It is accordingly a primary object of the present invention to provide a hierarchical security mechanism which allows an object programmer to establish quite arbitrarily a security level for the primary program as well as any sub-applications or called programs.

It is accordingly a primary object of the present invention to provide a hierarchical security mechanism which allows an object programmer to establish quite arbitrarily a security level for the primary program as well as any sub-applications or called programs.

The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space.

The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space.

The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space.

The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space.

This invention contemplates a digitally encoded program or process which is electronically stored or storable in a memory associated with a computer or process controller such as might control a proprietary industrial process.

This invention contemplates a digitally encoded program or process which is electronically stored or storable in a memory associated with a computer or process controller such as might control a proprietary industrial process.

The invention therefore provides an arrangement in which a processor, in response to a request from a program to access a location in memory, tests to determine if the access requires transfers to multiple locations in different pages.

The invention therefore provides an arrangement in which a processor, in response to a request from a program to access a location in memory, tests to determine if the access requires transfers to multiple locations in different pages.

The invention therefore provides an arrangement in which a processor, in response to a request from a program to access a location in memory, tests to determine if the access requires transfers to multiple locations in different pages.

The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register.

The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register.

The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register.

The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces.

This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces. Thus, the system provides proper authority and control over access to address spaces so that the user cannot directly work with a system managed resource. The user also has the option of selecting among operating modes as to which addressing system of several possible is invoked.

An article that anticipates storing protection data which contains access permitted actions for protected objects.

A digital computer system for selecting and linking multiple separately stored data processing procedures consisting of assembly level commands and for selecting a variable data area from a plurality of variable data areas. The system includes memories for storing the data processing procedures, the variable data areas and linking addresses; a program counter for accessing the memory containing the stored data processing procedures; registers for accessing the memories containing the data and the linking addresses; and a hardware unit which is adapted to execute the assembly level commands contained in selected data processing procedures and to provide addresses to the respective memories and the program counter for accessing the memories and the program counter to select linking addresses, variable data areas and data processing procedures in accordance with assembly level commands in the data processing procedure being executed and previously selected addresses.

Article that anticipates limiting access to compute resources by means of capabilities. A capability restricts instances to the specified resources. Also anticipates the checking of the access rights for the instance is checked at run time.

Patent that Anticipates using an access list which contains information on whether a program is allowed to access a computer resource. In this case the computer resource is an address space in the main memory.