Prior Art submitted for Computer system security method and apparatus having program authorization information data structures

Compound Principals in access control lists

Mon, 13 Jun 2011 06:21:53 +0000

Patent/Application #: 5315657
Description: US Patent 5315657 lists, in claims 3 and 6, a method for defining access based on user and program doing the access. The patent is oriented towards specifying multiple kinds of principals (users,programs,groups,machines), and how one would assign ACLs to combinations of principals.

System for providing high security for personal computers and workstations

Fri, 10 Jun 2011 05:58:28 +0000

Patent/Application #:
Description: The 5,263,147 patent describes a hardware/software device, added to a standard PC, which monitors memory and bus access, to adding Discretionary Access Control and Mandatory Access Control mechanisms, including program/subject controls.

Security mechanism for a computer system

Thu, 09 Jun 2011 00:17:25 +0000

Patent/Application #: 5283830
Description: Patent 5283830 refers to a variant of UNIX that implements object ACLs which can include a program identifier, and which can grant or deny access to the object by the program.

Program Attribute Control in a Computer System

Thu, 09 Jun 2011 00:00:38 +0000

Patent/Application #: 5295266
Description: This patent appears to cover a variant of the UNIX operating system in which privileges can be assigned to programs as well as to users. Privileges are expressed in a Program Access List, which is associated with the program.

Patent 4584639

Mon, 10 Jan 2011 07:47:10 +0000

Patent/Application #: 4585639
Description: Patent 4584639, titled "Computer Security System", describes a capability based system that is designed to solve the problem of programs which have permissions to access files which they should not properly access.

Gatekeeper Anti Virus

Sat, 20 Jun 2009 07:30:20 +0000

Title: Gatekeeper false alarm?
Description: Chris Johnson's Gatekeeper Anti Virus, developed in the 1980s and until 1993, provided a UI for controlling application functions on a per-program basis and storing the privileges in a file.

Process for securing and for checking the integrity of the secured programs

Mon, 08 Jun 2009 05:08:31 +0000

Patent/Application #: 5224160
Description: Siemens patent describes a system where a hash code is computed for original program files and for program files at load time, and if the hash code is different then the loader halts the loading with an alert signal.

Software security system for maintaining integrity of compiled object code

Sun, 07 Jun 2009 16:25:49 +0000

Patent/Application #: 5111390
Description: The Ketcham patent describes a system which prevents a program from generating executable code files by associating the privilege to do so with said program.

Electronic data processing security system and method

Sun, 07 Jun 2009 06:23:58 +0000

Patent/Application #: 3931504
Description: Patent describing a computer security system that includes checking all executable statements for authority which is attached to a program, and includes checking the integrity of program library and OS files in order to execute the program.

Defending systems against viruses through cryptographic authentication

Sat, 06 Jun 2009 15:18:02 +0000

Title: Defending systems against viruses through cryptographic authentication/Proceedings., 1989 IEEE Sympo
ISBN: 0818689390
Description: A paper presented at 1989 IEEE Symposium on Security and Privacy, describing code authentication and runtime checking to prevent unauthorized code from executing.

Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys

Tue, 26 May 2009 19:55:48 +0000

Patent/Application #: 4366537
Description: To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control.

Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys

Tue, 26 May 2009 19:53:37 +0000

Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys

Tue, 26 May 2009 19:51:07 +0000

Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys

Tue, 26 May 2009 19:49:09 +0000

Modular digital computer system for storing and selecting data processing procedures and data

Tue, 26 May 2009 19:44:16 +0000

Patent/Application #: 4366536
Description: The present invention is a modular digital computer system including first, second, third and fourth memories for storing data, data procedure programs and linking addresses, and digital apparatus for accessing these memories to select and link procedures and associated data therefrom in response to assembly level commands contained in the selected procedures.

Modular digital computer system for storing and selecting data processing procedures and data

Tue, 26 May 2009 19:34:53 +0000

Memory protection system for effecting alteration of protection information without intervention of control program

Tue, 26 May 2009 19:28:55 +0000

Patent/Application #: 4434464
Description: An object of the present invention, in view of the above problems, is to provide a memory protection system in which memory protection information can be readily altered with no intervention of a control program.

Memory protection system for effecting alteration of protection information without intervention of control program

Tue, 26 May 2009 19:26:15 +0000

Code protection using cryptography

Tue, 26 May 2009 19:22:05 +0000

Patent/Application #: 4757534
Description: This invention is directed to a cryptographic method for discouraging the copying and sharing of purchased software programs by allowing an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card.

Code protection using cryptography

Tue, 26 May 2009 19:19:29 +0000

Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor

Tue, 26 May 2009 19:12:41 +0000

Patent/Application #: 4817140
Description: The invention provides a software asset protection mechanism which is based on the separation of the software to be protected from the right to execute that software.

Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor

Tue, 26 May 2009 19:10:18 +0000

Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software

Tue, 26 May 2009 19:05:25 +0000

Patent/Application #: 4864494
Description: A computer based function control system is particularly suited for use as a software security device on the highly popular personal computers or a micro-processor driven function. The system includes an encrypted security message uniquely encoded at predetermined locations within the software or function program.

Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software

Tue, 26 May 2009 19:01:18 +0000

Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software

Tue, 26 May 2009 18:59:10 +0000

Linkage mechanism for program isolation

Tue, 26 May 2009 18:53:14 +0000

Patent/Application #:
Description: This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces.

Linkage mechanism for program isolation

Tue, 26 May 2009 18:51:26 +0000

Patent/Application #: 5220669
Description: This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces.

Linkage mechanism for program isolation

Tue, 26 May 2009 18:49:28 +0000

Software protection method and apparatus

Tue, 26 May 2009 18:33:35 +0000

Patent/Application #: 4593353
Description: The present invention relates generally to software protection, and more particularly toward a method of and apparatus for enabling execution of software with only a data processing system authorized to execute the software. The software protection method and apparatus are particularly useful in a microprocessor based environment.

Software protection method and apparatus

Tue, 26 May 2009 18:31:04 +0000

Software protection method and apparatus

Tue, 26 May 2009 18:28:43 +0000

Hierarchical security mechanism for dynamically assigning security levels to object programs

Tue, 26 May 2009 18:24:01 +0000

Patent/Application #: 4104721
Description: It is accordingly a primary object of the present invention to provide a hierarchical security mechanism which allows an object programmer to establish quite arbitrarily a security level for the primary program as well as any sub-applications or called programs.

Hierarchical security mechanism for dynamically assigning security levels to object programs

Tue, 26 May 2009 18:21:19 +0000

Authorization mechanism for establishing addressability to information in another address space

Tue, 26 May 2009 18:15:08 +0000

Patent/Application #: 4430705
Description: The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space.

Authorization mechanism for establishing addressability to information in another address space

Tue, 26 May 2009 16:38:10 +0000

Authorization mechanism for establishing addressability to information in another address space

Tue, 26 May 2009 16:32:51 +0000

Authorization mechanism for establishing addressability to information in another address space

Tue, 26 May 2009 16:30:28 +0000

Software protection system

Tue, 26 May 2009 16:25:59 +0000

Patent/Application #: 4471163
Description: This invention contemplates a digitally encoded program or process which is electronically stored or storable in a memory associated with a computer or process controller such as might control a proprietary industrial process.

Software protection system

Tue, 26 May 2009 16:23:14 +0000

Access verification arrangement for digital data processing system which has demand-paged memory with page crossing detection

Tue, 26 May 2009 16:17:52 +0000

Patent/Application #: 4821169
Description: The invention therefore provides an arrangement in which a processor, in response to a request from a program to access a location in memory, tests to determine if the access requires transfers to multiple locations in different pages.

Access verification arrangement for digital data processing system which has demand-paged memory with page crossing detection

Tue, 26 May 2009 16:14:18 +0000

Access verification arrangement for digital data processing system which has demand-paged memory with page crossing detection

Tue, 26 May 2009 16:10:27 +0000

Authorization for selective program access to data in multiple address spaces

Tue, 26 May 2009 16:05:46 +0000

Patent/Application #: 5023773
Description: The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register.

Authorization for selective program access to data in multiple address spaces

Tue, 26 May 2009 16:03:12 +0000

Authorization for selective program access to data in multiple address spaces

Tue, 26 May 2009 15:59:16 +0000

Authorization for selective program access to data in multiple address spaces.

Tue, 26 May 2009 15:56:03 +0000

Multiple address space token designation, protection controls, designation translation and lookaside

Tue, 26 May 2009 15:38:40 +0000

Multiple address space token designation, protection controls, designation translation and lookaside

Tue, 26 May 2009 15:27:25 +0000

Multiple address space token designation, protection controls, designation translation and lookaside

Tue, 26 May 2009 15:10:06 +0000

Patent/Application #: 4979098
Description: This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces. Thus, the system provides proper authority and control over access to address spaces so that the user cannot directly work with a system managed resource. The user also has the option of selecting among operating modes as to which addressing system of several possible is invoked.

A model for verification of data security in operating systems

Wed, 20 May 2009 19:31:46 +0000

Title: Communications of the ACM archive
ISBN:
Description: An article that anticipates storing protection data which contains access permitted actions for protected objects.

Modular digital computer system for storing and selecting data processing procedures and data

Wed, 20 May 2009 18:33:59 +0000

Patent/Application #: 4366536
Description: A digital computer system for selecting and linking multiple separately stored data processing procedures consisting of assembly level commands and for selecting a variable data area from a plurality of variable data areas. The system includes memories for storing the data processing procedures, the variable data areas and linking addresses; a program counter for accessing the memory containing the stored data processing procedures; registers for accessing the memories containing the data and the linking addresses; and a hardware unit which is adapted to execute the assembly level commands contained in selected data processing procedures and to provide addresses to the respective memories and the program counter for accessing the memories and the program counter to select linking addresses, variable data areas and data processing procedures in accordance with assembly level commands in the data processing procedure being executed and previously selected addresses.

Language features for process interaction

Wed, 20 May 2009 17:58:38 +0000

Title: Proceedings of an ACM conference on Language design for reliable software
ISBN:
Description: Article that anticipates limiting access to compute resources by means of capabilities. A capability restricts instances to the specified resources. Also anticipates the checking of the access rights for the instance is checked at run time.

Authorization for selective program access to data in multiple address spaces.

Wed, 20 May 2009 17:52:16 +0000

Patent/Application #: 5,023,773
Description: Patent that Anticipates using an access list which contains information on whether a program is allowed to access a computer resource. In this case the computer resource is an address space in the main memory.