Computer file protection system

US 5,144,659 A
Filed: 04/19/1989
Issued: 09/01/1992
Est. Priority Date: 04/19/1989
Status: Expired due to Term

First Claim

Patent Images

1. A computer file protection method for a digital computer accessible by a user, said computer having a file storage device for storing files and interconnected with a central processing unit by a bus carrying control logic signals, address signals, and data signals, said computer further being supplied with a computer operating system, which comprises:

(a) providing a file security subsystem for said digital computer which comprises a programmable auxiliary memory and a control unit;

(b) attaching said programmable auxiliary memory and said control unit to the bus in a manner so that it resides in the bus between said file storage device and said central processing unit;

(c) allowing access to said file security subsystem by the computer operating system for initialization and modification only during an installation stage of the file security subsystem and disallowing access to said file security subsystem by said computer operating system following said installation stage;

(d) providing the programmable auxiliary memory system with supervisor entered access criteria for access permission for read operations, write operations and execute operations for each one of all of the files stored in said file storage device;

(e) requiring each user to provide to said programmable auxiliary memory a valid user identification, whereupon said programmable auxiliary memory and control unit will indicate to the computer operating system only those of said files which are accessible to that user and whether read operations, write operations and execute operations may be performed upon said accessible files, said auxiliary memory and control unit denying access to users with invalid access criteria and refusing to write data to any of the files stored in said file storage device when operations without valid access criteria have been attempted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a system for protecting the security of computer files. It has hardware elements, including a programmable auxiliary memory and control unit along with associated software elements. The security subsystem is installed on the host computer bus so that it resides in the control logic, address, and data signal path between the computer storage device and central processing unit. The security system is accessible by the computer operating system only during installation and initialization. Thereafter it is inaccessible to or by the operating system. Supervisor determined criteria for access permission to read, write and execute files are entered into the auxiliary memory system where they are protected from alteration. The security system will deny access to users with invalid entry criteria and refuse to write data to the file storage device when unauthorized operations have been attempted. When breaches of these types occur the security system can lock the computer against further activity until it is released by entry of a master password from supervisory or security personnel. The system maintains a protected area in the computer memory device where, among other data, file signatures of all valid files are retained. The protected area of memory also maintains appropriate signatures of all internal files in the security system so that they can be automatically checked for integrity.

196 Citations

10 Claims

1. A computer file protection method for a digital computer accessible by a user, said computer having a file storage device for storing files and interconnected with a central processing unit by a bus carrying control logic signals, address signals, and data signals, said computer further being supplied with a computer operating system, which comprises:
- (a) providing a file security subsystem for said digital computer which comprises a programmable auxiliary memory and a control unit;
  
  (b) attaching said programmable auxiliary memory and said control unit to the bus in a manner so that it resides in the bus between said file storage device and said central processing unit;
  
  (c) allowing access to said file security subsystem by the computer operating system for initialization and modification only during an installation stage of the file security subsystem and disallowing access to said file security subsystem by said computer operating system following said installation stage;
  
  (d) providing the programmable auxiliary memory system with supervisor entered access criteria for access permission for read operations, write operations and execute operations for each one of all of the files stored in said file storage device;
  
  (e) requiring each user to provide to said programmable auxiliary memory a valid user identification, whereupon said programmable auxiliary memory and control unit will indicate to the computer operating system only those of said files which are accessible to that user and whether read operations, write operations and execute operations may be performed upon said accessible files, said auxiliary memory and control unit denying access to users with invalid access criteria and refusing to write data to any of the files stored in said file storage device when operations without valid access criteria have been attempted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer file protection method of claim 1 further including the steps of developing a file signature for each and everyone of the files, and archiving each such file signature.
  - 3. The file protection method of claim 2 which further includes checking the file signature of each of the files stored in the file security subsystem with the archived file signatures of the files stored in the file security subsystem for correspondence prior to notifying a user that entry has been denied or an unauthorized operation has been attempted.
  - 4. The file protection method of claim 1 wherein accessing said file security subsystem after installation requires entry of a proper master password.
  - 5. The file protection method of claim 1 further including the steps of creating a protected area within the file storage device inaccessible to the computer operating system.
  - 6. The file protection method of claim 5 further including the steps of(f) determining a file signature for each one of all pertinent files within the digital computer;
    - (g) storing each one of said file signatures for archival reference in the protected storage area;
      
      (h) comparing the unique file signatures stored in said protected area with the current file signature of any file prior to permitting access to the file to a user; and
      
      (i) write protecting the storage device if the current file signature does not correspond with the file signature stored in said protected area.
  - 7. The file protection method of claim 6 which further includes locking the computer system from further activity when the current file signature does not correspond with the file signature stored in said protected area, said computer system remaining disabled until unlocked by a person with access to a master password.
  - 8. The file protection method of claim 5 which further includes creating a transaction log in the protected storage area, said transaction log being accessible only to a person having a master password.
  - 9. The file protection method of claim 5 in which said supervisor entered criteria are specific for each user or user group.
  - 10. The file protection method of claim 1 which further includes taking possession of the central processing unit by the file security subsystem and disabling all other access to said central processing unit at such time as the file security subsystem detects invalid access criteria or an attempted unauthorized operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures Fund 24 LLC (Intellectual Ventures LLC)
Original Assignee
Richard P. Jones
Inventors
Jones, Richard P.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US07/340,886
Time in Patent Office

1,231 Days
Field of Search

364/200 MS File, 364/900 MS File, 380/3, 380/4, 380/23, 380/25, 380/49, 380/50, 340/825.31, 340/825.34, 395/425, 395/725
US Class Current

713/165
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Computer file protection system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Computer file protection system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links