Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Summary / Description
| Summary / Description | To provide enhancement needed for a System/370 to operate with MVS, the present invention introduces the concept of the use of storage protect key masks, and is included in a new subsystem control facility that provides: (1) basic authority control with dual address space memory references; (2) program subsystem linkages; and (3) Address Space Number translation to main memory addresses with authorization control. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4366537 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | International Business Machines Corp. |
| Relevant Pages, Columns, or Lines | Abstract |
| URL | http://patft.uspto.gov/netacgi/... |
| Publication Date | May 23, 1980 |
| Additional Information | The publication date given is actually the filing date. |
Notes / To Do
| Notes | |
Excerpt
Permits one program in one address space to obtain access to data in another address space or to call a program in another address space without invoking a supervisor, with authorization to use a storage protect key other than that specifically assigned to the program by a supervisor when in a new semi-privileged state. Programs executing in a particular address space have supervisor assigned storage protect key masks permitting the program, when authorized, to utilize a storage protect key other than the one specifically assigned by the supervisor. A second address space can be designated by a program, and when authorized, can cause transfer of data in main memory from one physical location to another associated with the different address space, and two different storage protect keys can be utilized. A calling program can provide addressability to data in its address space by combining storage protect key masks from the calling program with a key mask of a called program to permit access to data by the called program. Entering the called program causes the saving and changing of a problem/supervisor control bit and instruction address.
Relevance
Claims
Claim 61
In a digital computer system for providing improved computer security having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user; and
b) means for storing in at least one segment digital data for associating said authorization information with at least one program to be executed by said processing means.
Relevance
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user
a) means for storing digital authorization information in said memory means which restricts an associated program from performing operations, when executed by said processing means, which are available to said computer user
Claim Chart
All
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means
Claim Chart
All
Claim 120
In a digital computer system having digital data processing means for executing a plurality of digital computer programs for a computer user and memory means for storing digital program instructions and digital data, a method for providing improved computer security comprising the steps of:
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user; and
b) storing in at least one segment, digital data for associating said authorization information with at least one program to be executed by said processing means for said computer user.
Relevance
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user
a) storing digital authorization information in said memory means which restricts an associated program from accessing resources when executed by said digital data processing means which are accessible to said computer user
Claim Chart
All
