Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
#125Multiple address space token designation, protection controls, designation translation and lookaside
Last updated: about 1 year ago
Summary / Description
| Summary / Description | This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4979098 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | International Business Machines Corporation |
| Relevant Pages, Columns, or Lines | col. 5, ln 52 - col. 6, ln 6 |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | June 8, 1990 |
| Additional Information | The publication date is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
An access list contains the maximum potential addressability to address spaces at one time. The ART process further includes the determination of the authority level of an ALE that may limit the maximum addressability by authority tests. All program code operates under some predetermined authority level and access to an ALE is controlled by authority tests. There are three levels of tests. The first level is the public/private bit in the ALE. If it is public, any user of the access list may use the entry. If it is private, the second level test is that an extended authorization index (EAX) in control register 8 must be the same as an authorization index (ALEAX) associated with the accessed address space in the ALE. Control register 8 specifies the space accessing authority of the executing program. This is in effect the owner of a controlled space accessing the space. Finally, a third test is performed if the EAX does not equal the ALEAX. An authority table of the accessed ASTE is indexed by the EAX value from control register 8. If the particular EAX finds an allowed access in the authority table then the access is permitted. This is the equivalent of the owner of a space allowing special usage.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
