Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: 3 months ago
Summary / Description
| Summary / Description | An object of the present invention, in view of the above problems, is to provide a memory protection system in which memory protection information can be readily altered with no intervention of a control program. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4434464 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | Hitachi, Ltd. |
| Relevant Pages, Columns, or Lines | col. 3, ln 26-56 |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | March 31, 1981 |
| Additional Information | The publication date given is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
FIG. 2 shows a memory protection system according to an embodiment of the present invention. In FIG. 2, reference numeral 1 designates a table which stores memory protection information provided in correspondence to the respective memory areas, and numeral 2 identifies a register which stores memory protection information corresponding to respective programs to be executed by the processor. Now, explanation will be made of the memory protection information employed in the present embodiment.
Let us assume that the utilization of the memory as shown in FIG. 1 is employed. Then, a peculiar memory key is allotted to each of the subsystems a, b, c and so on. For example, the memory keys "0", "1" and "2" are assigned to the subsystems a, b and c respectively. For programs within each subsystem, it may be established that a control program can access the areas P.sub.1, P.sub.2 and P.sub.3 and a user program can access only the areas P.sub.2 and P.sub.3. In the present example, therefore, memory keys "0", "1" and "2" are given as protection information to the areas P.sub.1, P.sub.2 and P.sub.3, respectively, while program keys "0" and "1" are given to the control program and the user program respectively. A program key indicating one subsystem is also provided for each program. By allowing access of a program to the memory when the program key in that program indicating a certain memory subsystem coincides with the memory key allotted to the subsystem and the key given to the program for areas in the subsystem is smaller than or equal to the key given to the memory for areas in the subsystem, the above-required memory protection can be realized.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Claim Chart
All
