Computer file protection system
First Claim
1. A computer file protection method for a digital computer accessible by a user, said computer having a file storage device for storing files and interconnected with a central processing unit by a bus carrying control logic signals, address signals, and data signals, said computer further being supplied with a computer operating system, which comprises:
- (a) providing a file security subsystem for said digital computer which comprises a programmable auxiliary memory and a control unit;
(b) attaching said programmable auxiliary memory and said control unit to the bus in a manner so that it resides in the bus between said file storage device and said central processing unit;
(c) allowing access to said file security subsystem by the computer operating system for initialization and modification only during an installation stage of the file security subsystem and disallowing access to said file security subsystem by said computer operating system following said installation stage;
(d) providing the programmable auxiliary memory system with supervisor entered access criteria for access permission for read operations, write operations and execute operations for each one of all of the files stored in said file storage device;
(e) requiring each user to provide to said programmable auxiliary memory a valid user identification, whereupon said programmable auxiliary memory and control unit will indicate to the computer operating system only those of said files which are accessible to that user and whether read operations, write operations and execute operations may be performed upon said accessible files, said auxiliary memory and control unit denying access to users with invalid access criteria and refusing to write data to any of the files stored in said file storage device when operations without valid access criteria have been attempted.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention is a system for protecting the security of computer files. It has hardware elements, including a programmable auxiliary memory and control unit along with associated software elements. The security subsystem is installed on the host computer bus so that it resides in the control logic, address, and data signal path between the computer storage device and central processing unit. The security system is accessible by the computer operating system only during installation and initialization. Thereafter it is inaccessible to or by the operating system. Supervisor determined criteria for access permission to read, write and execute files are entered into the auxiliary memory system where they are protected from alteration. The security system will deny access to users with invalid entry criteria and refuse to write data to the file storage device when unauthorized operations have been attempted. When breaches of these types occur the security system can lock the computer against further activity until it is released by entry of a master password from supervisory or security personnel. The system maintains a protected area in the computer memory device where, among other data, file signatures of all valid files are retained. The protected area of memory also maintains appropriate signatures of all internal files in the security system so that they can be automatically checked for integrity.
196 Citations
10 Claims
-
1. A computer file protection method for a digital computer accessible by a user, said computer having a file storage device for storing files and interconnected with a central processing unit by a bus carrying control logic signals, address signals, and data signals, said computer further being supplied with a computer operating system, which comprises:
-
(a) providing a file security subsystem for said digital computer which comprises a programmable auxiliary memory and a control unit; (b) attaching said programmable auxiliary memory and said control unit to the bus in a manner so that it resides in the bus between said file storage device and said central processing unit; (c) allowing access to said file security subsystem by the computer operating system for initialization and modification only during an installation stage of the file security subsystem and disallowing access to said file security subsystem by said computer operating system following said installation stage; (d) providing the programmable auxiliary memory system with supervisor entered access criteria for access permission for read operations, write operations and execute operations for each one of all of the files stored in said file storage device; (e) requiring each user to provide to said programmable auxiliary memory a valid user identification, whereupon said programmable auxiliary memory and control unit will indicate to the computer operating system only those of said files which are accessible to that user and whether read operations, write operations and execute operations may be performed upon said accessible files, said auxiliary memory and control unit denying access to users with invalid access criteria and refusing to write data to any of the files stored in said file storage device when operations without valid access criteria have been attempted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification