Personal computer security system
First Claim
1. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk having sectors and a master boot record, and address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprising:
- means for establishing a single access path to the hard disk controller from the application program;
said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system;
said means for establishing only one access path further comprises a programmable restriction module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests; and
said programmable restriction module being coupled to the personal computer address, data and control busses and being operatable in a passive mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operatable in an active mode thereby preventing the servicing of any other requests.
2 Assignments
0 Petitions
Accused Products
Abstract
A personal computer subsystem, having a hardware module and protection software, is designed to protect files on a personal computer from inadvertent or intentional distortion, and can be used to protect personal computers from programs known as computer viruses. The hardware module is connected to the personal computer system busses and the software has a kernel which ensures the security of one access path to the hard disk controller and utilizes the above-mentioned module to block other access paths to the hard disk controller. The only permitted access path to the hard disk controller is a path which uses the computer'"'"'s operating system, modular device driver and basic input/output system. All other access paths to the hard disk controller are interpreted by the personal computer subsystem as forbidden.
-
Citations
38 Claims
-
1. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk having sectors and a master boot record, and address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprising:
-
means for establishing a single access path to the hard disk controller from the application program; said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system; said means for establishing only one access path further comprises a programmable restriction module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests; and said programmable restriction module being coupled to the personal computer address, data and control busses and being operatable in a passive mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operatable in an active mode thereby preventing the servicing of any other requests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk, an address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprising
means for establishing a single access path to the hard disk controller from the application program; -
said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system; said means for establishing only one access path further comprises a protection-program support module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests and wherein said means for monitoring requests by the application program resides in a memory in said protection program support module; and said protection-program support module being coupled to the personal computer address, data and control busses and being operable in a neutral mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operable in any other working mode thereby preventing the servicing of requests; and said protection-program support module comprising a first memory and a second memory, said first memory being inaccessible to the central processing unit and said second memory being accessible to the central processing unit. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification