Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores

US 4,947,318 A
Filed: 11/15/1984
Issued: 08/07/1990
Est. Priority Date: 11/16/1983
Status: Expired due to Term

First Claim

Patent Images

1. A data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas in said storage volume from unauthorized access by said data processor and being response to an access request from said data processor for reading or writing data stored therein, comprising:

first means provided in said storage unit and responsive to the mounting of said storage volume on said storage unit for automatically storing into said internal memory all of the protection key information stored in said storage volume;

second means provided in said storage unit and responsive to receipt of an access request to effect access to a specific data area accompanied by protection information for that protection information accompanying the access request and protection key information corresponding to the specified data area as stored in said internal memory; and

third means provided in said storage unit and connected to said second means for controlling access to said specified data area in said storage volume in accordance with a result of the comparison operation by said second means;

wherein protection area information includes a start address and an end address of a data area to be protected in said storage volume, and said second means includes means for determining if the data area designation information of an access request designates a data area in said storage volume in a range between the start address and the end address included in a protection key information stored in said internal memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer system in which a storage unit is accessed by a host computer, protection key information for each of a plurality of areas of a storage volume, is stored into the storage volume mounted in the storage unit. When the storage volume is mounted on the storage unit, the storage unit reads out protection key information stored in the storage volume and stores it into a memory provided in the storage unit. When an access request for one of the plurality of areas of the storage volume is received from the host computer, the access request is collated with the protection key information stored in the memory relating to the requested area, and the access request is permitted or inhibited in accordance with the collating result.

Citations

12 Claims

1. A data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas in said storage volume from unauthorized access by said data processor and being response to an access request from said data processor for reading or writing data stored therein, comprising:
- first means provided in said storage unit and responsive to the mounting of said storage volume on said storage unit for automatically storing into said internal memory all of the protection key information stored in said storage volume;
  
  second means provided in said storage unit and responsive to receipt of an access request to effect access to a specific data area accompanied by protection information for that protection information accompanying the access request and protection key information corresponding to the specified data area as stored in said internal memory; and
  
  third means provided in said storage unit and connected to said second means for controlling access to said specified data area in said storage volume in accordance with a result of the comparison operation by said second means;
  
  wherein protection area information includes a start address and an end address of a data area to be protected in said storage volume, and said second means includes means for determining if the data area designation information of an access request designates a data area in said storage volume in a range between the start address and the end address included in a protection key information stored in said internal memory.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A data processing system according to claim 1 wherein an access request from said data processor includes data designation information for designating a data area of said storage volume to be accessed, wherein each protection key information includes protection area information indicating a data area in said storage volume to be protected and related control information for permitting or inhibiting access to said data area, wherein said second means includes means for comparing the data area designation information included in an access request with protection area information in said internal memory and for comparing protection information accompanying an access request with related control information, and wherein said third means operates to inhibit access to said storage volume when no comparison is found by said second means.
  - 3. A data processing system according to claim 1, further comprising fourth means for generating an access permission signal to control said third means irrespective of the result of the comparison operation by said second means, and wherein said third means includes means for permitting transfer access to said storage volume in response to the access permission signal.
  - 4. A data processing system according to claim 3 wherein said fourth means includes manually operable switch means for generating said access permission signal.
  - 5. A data processing system according to claim 1 wherein said protection information accompanying an access request includes a password, and said second means includes means for checking the correspondence between the password in said protection information and control information stored in said internal memory.
  - 6. A data processing system according to claim 1 wherein protection area information includes a data set name of a data set to be protected in said storage volume, and said second means includes means for determining if data area designation information in an access request matches a data set name in protection area information stored in said internal memory.

7. A method of protecting data in a storage volume of a data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas on said storage volume from unauthorized access by said data processor and being responsive to an access request from said data processor for reading or writing data stored therein, comprising the steps of:
- automatically storing into said internal memory all of the protection key information stored in said storage volume in response to the mounting of said storage volume on said storage unit;
  
  receiving in said storage unit an access request to effect access to a specific data area accompanied by protection information for that specific data area;
  
  comparing in said storage until the protection information accompanying a received access request and the protection key information corresponding to the specified data area of the access request as stored in said internal memory upon receipt of an access request from said data processor; and
  
  controlling in said storage unit access to said storage volume in accordance with a result of the comparing step;
  
  wherein an access request from said data processor includes data designation information for designating a data area of said storage volume to be accessed, wherein each protection key information includes protection area information indicating a data area of said storage volume to be protected and related control information for permitting or inhibiting access to said data area, wherein said comparing step includes comparing the data area designation information included in an access request with said protection area information in an internal memory and comparing protection information with related control information, and wherein said controlling step includes inhibiting access to said storage volume when no comparison is found during said comparing step.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method according to claim 7, further comprising the step of generating an access permission signal to effect access to said storage volume irrespective of the result of said comparison operation, and wherein said controlling step includes permitting an access to said storage volume in response to an access permission signal.
  - 9. A method according to claim 8 wherein said generating step includes operating a manual switch for generating said access permission signal.
  - 10. A method according to claim 7 wherein said protection information accompanying an access request includes a password, and said comparing step includes checking the correspondence between the password in said protection information and control information stored in said internal memory.
  - 11. A method according to claim 7 wherein protection area information includes a start address and an end address of a data area to be protected in said storage volume, and said comparing step includes determining if the data area designation information of an access request designates a data area in said storage volume in a range between the start address and the end address included in a protection key information stored in said internal memory.
  - 12. A method according to claim 7 wherein protection area information includes a data set name of a data set to be protected in said storage volume, and said comparing step includes determining if the data area designation information in an access request matches a data set name in protection area information stored in said internal memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Mineo, Akira
Primary Examiner(s)
Williams, Jr., Archie E.
Assistant Examiner(s)
Chan, Emily Y.

Application Number

US06/671,877
Time in Patent Office

2,091 Days
Field of Search

364/200 MS File, 364/900 MS File, 380/3, 380/4, 380/25
US Class Current

726/19
CPC Class Codes

G06F 12/14 Protection against unauthor...

G06F 12/1466 Key-lock mechanism

Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links