System and method for controlling the use of a computer
First Claim
1. A computer-based method for controlling modification of an operating system and an approved application set of zero or more approved applications on a computer comprising a protected media, the protected media comprising a non-volatile storage device, the operating system and the approved application set being stored in the protected media, the method comprising the steps of:
- (1) loading the operating system from the protected media into a volatile memory of the computer and executing the operation system, the operating system having a trusted path mode and a general purpose mode;
(2) establishing a reliable communication path between an administrator and the operating system by entering the trusted path mode of the operating system;
(3) while said operating system is in said trusted path mode, carrying out a request by an administrator to modify the approved application set which resides on said protected media, wherein said operating system exits said trusted path mode and enters said general purpose mode upon detecting a request to do so by the administrator;
(4) while said operating system is in said general purpose mode,(a) denying any request by an application program or an ordinary user to modify the approved application set which resides on said protected media; and
(b) denying any request by said application program or said ordinary user to modify the operating system which resides on said protected media.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for auditing and controlling the use of a computer. An operating system and selected programs and data , referred to as approved applications and approved data , are stored on a protected media which cannot be modified by any ordinary user or application program, regardless of operating system privilege. The protected media can be modified by the operating system, as well as by an administrator using a trusted path mechanism. The trusted path mechanism establishes a reliable communication channel between the administrator and the computer system. The present invention may be configured to collect user audit data concerning user activity and system status and to write the audit data to the protected media. Also, the present invention may be configured to limit execution of application programs to the approved applications.
-
Citations
33 Claims
-
1. A computer-based method for controlling modification of an operating system and an approved application set of zero or more approved applications on a computer comprising a protected media, the protected media comprising a non-volatile storage device, the operating system and the approved application set being stored in the protected media, the method comprising the steps of:
-
(1) loading the operating system from the protected media into a volatile memory of the computer and executing the operation system, the operating system having a trusted path mode and a general purpose mode; (2) establishing a reliable communication path between an administrator and the operating system by entering the trusted path mode of the operating system; (3) while said operating system is in said trusted path mode, carrying out a request by an administrator to modify the approved application set which resides on said protected media, wherein said operating system exits said trusted path mode and enters said general purpose mode upon detecting a request to do so by the administrator; (4) while said operating system is in said general purpose mode, (a) denying any request by an application program or an ordinary user to modify the approved application set which resides on said protected media; and (b) denying any request by said application program or said ordinary user to modify the operating system which resides on said protected media. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-based system which controls modification of an operating system and an approved application set of zero or more approved applications on a computer, the computer-based system comprising:
-
(a) the operating system; (b) the approved application set; (c) trusted path mechanism means for reliably establishing a trusted path between an administrator and the operating system; (d) a protected media comprising a non-volatile storage device, the protected media also comprising, (i) an operating system portion stored in said non-volatile storage device, wherein said operating system portion can be modified only by said administrator once said trusted path mechanism means has established said trusted path, said operating system portion comprising said operating system, (ii) an application/data portion stored in said non-volatile storage device, wherein said application/data portion can be modified only by said administrator once said trusted path mechanism means has established said trusted path, said application/data portion comprising said approved application set, and (iii) an internal operating system portion, stored in said non-volatile storage device; (e) initialization means for loading the operating system into a volatile memory of the computer from said protected media, and for executing the operating system; and (f) means for enabling the administrator to modify data stored in said protected media once said trusted path mechanism means has established said trusted path. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-based system which reliably audits the usage of a computer, comprising:
-
(a) an operating system; (b) an audit log; (c) trusted path mechanism means for reliably establishing a trusted path between an administrator and said operating system; (d) a protected media comprising a non-volatile storage device, and also comprising, (i) an operating system portion which is stored in said non-volatile storage device, and which can be modified only by said administrator once said trusted path mechanism means has established said trusted path, said operating system portion comprising said operating system, (ii) an audit portion which is stored in said non-volatile storage device, and which can be modified only by said administrator once said trusted path mechanism means has established said trusted path, said audit portion comprising said audit log, and (iii) an internal operating system portion, stored in said non-volatile storage device; (e) initialization means for loading said operating system into a volatile memory of the computer from said protected media, and for executing said operating system; (f) means for collecting audit data; and (g) means for writing said audit data to said audit log. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer-based method for restricting which programs can be executed on a computer, the computer-based method comprising the steps of:
-
(1) loading an operating system from a protected media into a memory of the computer and executing said operating system, said operating system having a trusted path mode and a general purpose mode; (2) in said trusted path mode, carrying out a request by an administrator to modify an approved application set which resides on said protected media; (2a) exiting said trusted path mode and entering said general purpose mode upon detecting a request to do so by an administrator; (3) in said general purpose mode, (a) denying any request by an application program or an ordinary user to modify said operating system; (b) denying any request by said application program or said ordinary user to modify said approved application set; and (c) denying any request by said application program or said ordinary user to execute any application program which is not in said approved application set; and (4) repeating steps (2) and (3) as required. - View Dependent Claims (30, 31, 32, 33)
-
Specification