Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | The multiple address space (MAS) facility of the present invention provides 16 32-bit access registers numbered 0-15. In the access register mode, which results when the DAT is on and PSW bits 16 and 17 are 01 binary, an instruction B or R field that is used to specify the logical address of a storage operand designates not only a general register but also an access register. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 5023773 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | International Business Machines Corporation |
| Relevant Pages, Columns, or Lines | col. 17, ln 63 - col. 18, ln 1 |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | February 10, 1988 |
| Additional Information | The publication date is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
FIG. 12 shows the format of an ASTE. Bit 0 of the ASTE is an invalid bit for indicating the validity of the ASTE. The authority table origin (ATO) and the authority table length (ATL) indicate the authority table designation (ATD) of the associated authority table. Bits 96-127 contain the associated linkage-table designation (LTD) and bits 128-160 contain the associated access-list designation. Bits 160-191 contain an ASTE sequence number (ASTESN) for the address space. Since the ASTE may be reallocated as address spaces are created and deleted by the control program, each newly created ASTE has a new, unique ASTESN assigned to it. When an ART operation takes place, the ASTESN in the access-list is compared with the ASTESN in the ASTE as a validity check.
FIG. 13 shows an authority table which is associated with each ASTE. As with the DAS facility, each authority table entry has a P bit and a S bit. The entries in the authority table are indexed such that there is one entry in the authority table for each of the values of EAX in use to access the associated address space. As will be discussed, the entry of the authority table which corresponds to the value of EAX in control register 8 may be used to determine if a program is authorized to access the address space associated with the ASTE.
Relevance
Claims
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
