Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | This invention is a data processing system which has multiple virtual address spaces under system control and in which the user's management of the address spaces is by means of tokens provided by the system for identifying the spaces. The tokens allow the user to identify the address spaces to be accessed to the system but do not allow the user to directly control either real or virtual address spaces. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | 5220669 |
| Relevant Pages, Columns, or Lines | col. 24, ln 20-45 |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | July 19, 1991 |
| Additional Information | The publication date given is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
If the program is not yet authorized at 179, then at 181, the validity of the ASTE is checked by determining if the ASTE bits 30, 31, and 60-63 are 0. If not, an ASN translation specification exception is raised at 182 and the operation is suppressed. At 183, the value of the EAX bits 0-11 in control register 8 is compared against the length of the authority table to make sure that the EAX does not designate an entry outside of the bounds of the authority table. If the comparison at 183 is yes, an extended authorization exception is raised at 184 and the operation is suppressed. If the EAX designates an entry within the bounds of the authority table, the associated EAX entry is located in the authority table at 185. If the address of the authority table entry is not valid, an addressing exception is raised at 186 and the operation is suppressed. An extended authorization check is made at 187 by determining if the secondary authorization bit (S-bit) of the authority table entry located at 185 is equal to 1. If the check at 187 is yes, the program is one of those authorized by the authority table associated with the address space, and the STD for the address space is obtained from the ASTE at 188. If the comparison at 187 is no, the program is not authorized and an extended authority exception is recognized at 189, and the operation is nullified.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
