Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | The primary object of the present invention is to provide a problem program operating in a present address space to call a program in a different address space or obtain addressability to another address space by utilizing a supervisor provided index value for accessing an authority table associated with the new address space. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4430705 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | International Business Machines Corporation |
| Relevant Pages, Columns, or Lines | col. 15, ln 62 - col. 16, ln 1 |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | May 23, 1980 |
| Additional Information | The publication date given is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
In summary, the problem program which is executing in the primary address space utilizing the primary segment table descriptor in CR1 executes the SSAR instruction to obtain addressability to data contained in another address space. As indicated previously, each address space has an associated set of address translation tables, and therefore the associated segment table descriptor for the new address space must be stored into CR7 for performing address translation to obtain data in the other address space. CR7 will receive at 55 the primary segment table description if the ASN specified happens to be equal to the primary ASN. Otherwise, if the secondary ASN to be loaded into CR3 is different from the primary ASN, the address translation operation must be performed to obtain the associated segment table descriptor from the ASN second table entry 37, and transferred to CR7 by the path 60. Further, authority checking must be accomplished by effecting access to the authority table 47 to determine whether or not the program executing in the system has authority to establish addressability to the address space as a secondary address space.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
