Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
#124Multiple address space token designation, protection controls, designation translation and lookaside
Last updated: about 1 year ago
Summary / Description
| Summary / Description | This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces. Thus, the system provides proper authority and control over access to address spaces so that the user cannot directly work with a system managed resource. The user also has the option of selecting among operating modes as to which addressing system of several possible is invoked. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4979098 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | International Business Machines Corp. |
| Relevant Pages, Columns, or Lines | Abstract |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | June 8, 1990 |
| Additional Information | The listed publication date is the date the patent application was filed. Information on first date of publication is unavailable at this time. |
Notes / To Do
| Notes | |
Excerpt
A method and apparatus is provided to translate the contents of access registers into information for use in performing addressing functions for multiple virtual address spaces. The access registers represent the full addressing capability of the system but do not directly contain the addressing information. The system has a plurality of general purpose registers, a plurality of access registers associated with the general registers, an access list having access list entries which is addressed by the contents of the access register, memory storage for holding address space number second table entries (ASTE), where the contents of the access list entry locate the ASTE and where the ASTE contains the addressing information needed to translate a virtual address when combined with the contents of a general purpose register. Access register translation (ART) consists of the process of determining addressing information by using the access list entry and the ASTE. The results of the ART process are stored in an ART lookaside buffer (ALB) which stores the results of ART while valid for later use.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
