Computer system security method and apparatus having program authorization information data structures
INFORMATION PROTECTION AND AUTHENTICATION OF TEXAS, LLCThe holder of the '717 patent has sued Microsoft, Symantec, CA, F-Secure, McAfee, Kaspersky, Sophos, Novell, and PC Tools for infringing this patent.
Last updated: about 1 year ago
Summary / Description
| Summary / Description | Patent 4584639, titled "Computer Security System", describes a capability based system that is designed to solve the problem of programs which have permissions to access files which they should not properly access. |
Basic Information
| Type of Prior Art | Issued Patents - US |
| Country | United States of America |
| Patent/Application # | 4585639 |
| Kind Code | United States (US) - United STATES Patent - A |
| Patentee Name | Hardy, Norman |
| Relevant Pages, Columns, or Lines | |
| URL | http://www.google.com/patents?i... |
| Publication Date | December 23, 1983 |
| Additional Information | |
Notes / To Do
| Notes | |
Excerpt
The second problem referred to above is that the authority to do things (e.g. run programs, access files) is associated with an individual username or address space. Thus if the data base manager has the authority to access a data base, any part of the application may access that data base directly (if it knows the passwords), completely bypassing internal security mechanisms and filters of the data base manager. Similarly, all of a user's files are accessible by any program run by the user. While some systems install monitors to keep logs of who accessed what file in order to detect people doing things that they shouldn't, few, if any, prior art systems provide an explicit mechanism to prevent this kind of penetration and none are believed to be as effective as a system incorporating the invention described herein. ... The present invention is directed primarily at one problem not even recognized as a problem in the cited articles and at several other problems involved in the practical implementation of a capability system. The major problem not recognized as such in the prior art is: that merely using a capability system to prevent unauthorized uses of system resources does not solve the practical problem that the user of an application may not trust the author of the application not to steal a copy of his data.
Relevance
Claims
Claim 1
In a digital computer system having a digital data processing means for executing a plurality of digital programs and a memory means for storing digital program instructions and digital data, apparatus for protecting a digital computer user from operations typically performable by a digital computer program executing on behalf of a user comprising:
a) means for storing a plurality of digital authorization entries in said memory means, wherein said entries qualify operations which an associated program is permitted to perform when executed by said processing means; and
b) means for storing in at least one segment, digital data for associating said authorization entries with at least one program.
Relevance
Applies to all the elements of the claim.
Applies to all the elements of the claim.
Claim Chart
All
