Secure data processing system architecture
First Claim
1. A data processing system for secure processing of data objects comprising:
- memory means for storing ordinary data objects and distinguished data objects, a first field of each distinguished data object including a main memory location of an associated ordinary data object, a second field of said distinguished data object including access right data for said associated ordinary data object;
entry means for entering instructions by a user, said instructions having access right data associated therewith, said instructions including a operation field and a field for locating an associated ordinary data object;
first processing means, connected to said entry means and said memory means, for processing said ordinary data objects; and
second processing means, connected to said memory means, for processing said distinguished data objects, said second processing means including means responsive to an instruction for comparing access rights associated with said instruction with access rights of said distinguished data object associated with said ordinary data object.
6 Assignments
0 Petitions
Accused Products
Abstract
A data processing system having an architecture for protecting selected system files. The data processing unit includes a secure processing unit operating in a manner independent of the operation of the remainder of the data processing unit for storing and comparing system file attributes and user entity attributes. The comparison of attributes is performed in accordance with a table in the secure processing unit containing the security context. The secure processing unit alone is able to manipulate special data groups called distinguished data objects. The secure processing unit also manipulates a data object identifier that isolates the identification of the system files from the actual memory storage locations. Apparatus and method are also disclosed for providing secure creation of protected system files by in part eliminates interruption, the data processing system in the process. The architecture also facilitates secure transfer of files between data processing systems.
-
Citations
19 Claims
-
1. A data processing system for secure processing of data objects comprising:
-
memory means for storing ordinary data objects and distinguished data objects, a first field of each distinguished data object including a main memory location of an associated ordinary data object, a second field of said distinguished data object including access right data for said associated ordinary data object; entry means for entering instructions by a user, said instructions having access right data associated therewith, said instructions including a operation field and a field for locating an associated ordinary data object; first processing means, connected to said entry means and said memory means, for processing said ordinary data objects; and second processing means, connected to said memory means, for processing said distinguished data objects, said second processing means including means responsive to an instruction for comparing access rights associated with said instruction with access rights of said distinguished data object associated with said ordinary data object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A data processing system for controlling manipulation of data fields comprising:
-
memory means for storing ordinary data objects, said ordinary data objects including said data fields; distinguished data objects stored in said memory means, each of said distinguished data objects associated with a one of said ordinary data objects and having an address data field determining a memory means location for said associated ordinary data object, each of said distinguished data objects including an access rights data field determining conditions for manipulation of said related ordinary data object; entry means responsive to signals from a user for entering instructions in said data processing system;
each user having access rights associated therewith;security context table means for determining relationships between access rights of an ordinary data object and acess rights of a user;
comparison means coupled to said security context table means and responsive to an instruction for automatically comparing access rights of an ordinary data object associated with said instruction and access rights of an instruction user; andprocessing means, connected to said security context table, said entry means and said memory means, for executing an instruction when said comparison means provides a first result. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A data processing system for secure processing of data fields comprising:
-
entry means for entering instructions in said data processing system, said entry means providing user data to said data processing system; ordinary data objects including data fields; distinguished data objects including control fields and an address of an associated ordinary data object; memory means for storing said ordinary data objects and said distinguished data objects; comparison means for comparing said user data with a distinguished data object associated with a data field referenced by an instruction of said user; and processing means, connected to said comparison means, said memory means and said entry means, for executing said instruction when said comparison means provides a first result. - View Dependent Claims (17, 18, 19)
-
Specification