Personal computer security system

US 5,483,649 A
Filed: 07/01/1994
Issued: 01/09/1996
Est. Priority Date: 07/01/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk having sectors and a master boot record, and address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprising:

means for establishing a single access path to the hard disk controller from the application program;

said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system;

said means for establishing only one access path further comprises a programmable restriction module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests; and

said programmable restriction module being coupled to the personal computer address, data and control busses and being operatable in a passive mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operatable in an active mode thereby preventing the servicing of any other requests.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal computer subsystem, having a hardware module and protection software, is designed to protect files on a personal computer from inadvertent or intentional distortion, and can be used to protect personal computers from programs known as computer viruses. The hardware module is connected to the personal computer system busses and the software has a kernel which ensures the security of one access path to the hard disk controller and utilizes the above-mentioned module to block other access paths to the hard disk controller. The only permitted access path to the hard disk controller is a path which uses the computer'"'"'s operating system, modular device driver and basic input/output system. All other access paths to the hard disk controller are interpreted by the personal computer subsystem as forbidden.

Citations

38 Claims

1. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk having sectors and a master boot record, and address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprising:
- means for establishing a single access path to the hard disk controller from the application program;
  
  said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system;
  
  said means for establishing only one access path further comprises a programmable restriction module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests; and
  
  said programmable restriction module being coupled to the personal computer address, data and control busses and being operatable in a passive mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operatable in an active mode thereby preventing the servicing of any other requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1 wherein said programmable restriction module comprises means for monitoring the bus cycles involving access by the central processing unit to peripheral devices whenever said module is in said active mode.
  - 3. The system of claim 2 wherein said programmable restriction module comprises means for producing a blocking signal in the bus cycle of data output to the command register of the hard disk controller whenever said module is operating in said active mode and an attempt is made to access the hard disk controller.
  - 4. The system of claim 1 wherein said means for monitoring requests by the application program controls said passive or active mode of said programmable restriction module.
  - 5. The system of claim 4 wherein said means for monitoring requests by the application program comprises means for switching said module into said passive mode before computer control is transferred to the basic input/output system and for switching said module into said active mode after control is received from the basic input/output system.
  - 6. The system of claim 5 wherein said means for monitoring requests by the application program further comprises means for requiring that both the basic input/output system and the operating system kernel must be used for access to the hard disk controller in order to write information onto the hard disk.
  - 7. The system of claim 1 wherein said means for establishing only one access path further comprises means for initialization, said means for initialization being stored in the first sector of the hard disk while the master boot record is transferred from the first sector to the ninth sector, said means for initialization being the first program to receive control once the operating system is loaded.
  - 8. The system of claim 4 wherein said means for monitoring requests by the application program further comprises a basic input/output system level request check program having an address in the memory on the hard disk, said basic input/output system level request check program comprises means for linking to the basic input/output system by replacing the address of the original handler of the 13h basic input/output interrupt used by the modular device driver with said address.
  - 9. The system of claim 8 wherein said basic input/output system level request check program further comprises means for preventing the use of the basic input/output system to format the hard disk, said means for preventing the use of the basic input/output system to format the hard disk identifying formatting requests and preventing the servicing of the formatting requests by returning control with an error flag.
  - 10. The system of claim 8 wherein said means for monitoring requests by the application program further comprises a modular device driver-level request check program having an address in the memory on the hard disk, said modular device driver-level request check program comprises means for linking to the modular device driver by replacing the address of the original handler of the 13h interrupt in the interrupt vector table with said address of said modular device driver-level request check program, said modular device driver-level request check program further comprises means for monitoring the use of the 13h modular device driver interrupt and for setting a modular device driver activity flag.
  - 11. The system of claim 10 wherein said basic input/output system-level request check program comprises means for requiring the use of both the modular device driver and the basic input/output system to write information on the hard disk, said means for requiring the use of both the modular device driver and the basic input/output system verifies the presence of said modular device driver activity flag and prevents servicing of write requests in the absence of said flag by returning control with an error flag.
  - 12. The system of claim 10 wherein said modular device driver-level request check program further comprises means for preventing the use of the modular device driver to format the hard disk, said means for preventing the use of the modular device driver to format the hard disk identifying formatting requests and preventing the servicing of formatting requests by returning control with an error flag.
  - 13. The system of claim 8 wherein said means for monitoring requests by the application program further comprises an operating system kernel-level request check program having an address in the memory on the hard disk, said operating system kernel-level request check program comprises means for linking to the operating system kernel by removing from the operating system kernel the call of the 82h function of the 2Ah program interrupt and placing in the operating system kernel the call of said operating system kernel-level request check program, said operating system kernel-level request check program further comprises means for monitoring the use of the 21h operating system program interrupt and setting an operating system kernel activity flag.
  - 14. The system of claim 13 wherein said modular device driver-level request check program further comprises means for requiring the use of both the operating system kernel and the modular device driver to write information on the hard disk, said means for requiring the use of both the operating system kernel and the modular device driver verifying the presence of said operating system kernel activity flag and preventing servicing of write requests in the absence of said flag by returning control with an error flag.
  - 15. The system of claim 13 wherein said operating system kernel-level request check program further comprises means for preventing the use of the operating system kernel to write a track on a logic device that is a prototype of the hard disk and for preventing the servicing of requests to write a track on the logic device by returning control with an error flag.
  - 16. The system of claim 13 wherein said operating system kernel-level request check program further comprises a means for changing the status of files created using the 16h function of the 21h operating system program interrupt and wherein the files have the extension .BIN, .COM, .DLL, .EXE, LIB, .OVL or .SYS, said means for changing the status of files created using the 16h function determining the extensions of such files and placing the attribute "READ ONLY" in the file control block.
  - 17. The system of claim 13 wherein said operating system kernel-level request check program further comprises means for changing the status of files created using the 3Ch or 6Ch function of the 21h operating system program interrupt and wherein the files have the extension .BIN, .COM, .DLL, .EXE, LIB, .OVL, or .SYS, said means for changing the status of files created using the 3Ch or 6Ch function determining the extension of such files and placing the attribute "READ ONLY" in the stack of the program creating such files.
  - 18. The system of claim 13 wherein said operating system kernel-level request check program further comprises means for monitoring the use of a protection control program having the privilege of using the operating system kernel to change the status of files, the protection control program being privileged to use the 4301h function of the 21h operating system program interrupt to change the attributes of a file and wherein the protection control program sets its own activity flag whenever there is a request to change the status of a file, the protection control program being enabled to use the 4301h function of the 21h operating system program interrupt by said operating system kernel-level request check program, said means for monitoring the use of the protection control program verifying the presence of the activity flag of the protection control program and for preventing the servicing of requests to change the status of files in the absence of the activity flag by returning control with an error flag.

19. A system of protecting data stored on the hard disk of a personal computer from inadvertent or intentional distortion, the personal computer having a central processing unit and memory, a hard disk controller having a command register, a hard disk, an address bus, a data bus, a control bus, and peripheral devices coupled thereto, the memory comprising a basic input/output system, a modular device driver, an operating system kernel, an application program and an interrupt vector table containing original interrupt handlers, said system comprisingmeans for establishing a single access path to the hard disk controller from the application program;
- said means for establishing only one access path comprises means for monitoring requests by the application program to the operating system kernel, the modular device driver and the basic input/output system;
  
  said means for establishing only one access path further comprises a protection-program support module that permits the servicing of only those requests that utilize the operating system kernel, the modular device driver and the basic input/output system while precluding the servicing of any other requests and wherein said means for monitoring requests by the application program resides in a memory in said protection program support module; and
  
  said protection-program support module being coupled to the personal computer address, data and control busses and being operable in a neutral mode thereby allowing servicing of those requests utilizing the operating system kernal, the modular device driver, and the basic input output system or being operable in any other working mode thereby preventing the servicing of requests; and
  
  said protection-program support module comprising a first memory and a second memory, said first memory being inaccessible to the central processing unit and said second memory being accessible to the central processing unit.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 20. The system of claim 19 wherein said protection program support module comprises means for monitoring the bus cycles involving access by the central processing unit to peripheral devices whenever said module is in said working mode.
  - 21. The system of claim 20 wherein said protection program support module comprises means for producing a blocking signal in the bus cycle of data output to the command register of the hard disk controller whenever said module is operating in said working mode and an attempt is made to access the hard disk controller.
  - 22. The system of claim 21 wherein said means for monitoring requests by the application program comprises a basic input/output system level request check program, a modular device driver level request check program and an operating system kernel-level request check program, said basic input/output system level request check program, said modular device driver request check program and said operating system kernel-level request check program residing in said first memory.
  - 23. The system of claim 22 wherein means for monitoring requests by the application program further comprises key programs that reside in said second memory, said key programs comprise means for switching said protection program support module into said neutral or working mode.
  - 24. The system of claim 23 wherein said basic input/output system level request check program comprises means for transferring control to or receiving control from a first key program having a first address in said second memory, said modular device driver level request check program comprises means for transferring control to or receiving control from a second key program having a second address in said second memory and said operating system kernel-level request check program comprises means for transferring control to or receiving control from a third key program having a third address in said second memory.
  - 25. The system of claim 24 wherein said means for switching in said first key program switches said module into said neutral mode before computer control is transferred to the basic input/output system and for switching said module into said working mode after control is received from the basic input/output system.
  - 26. The system of claim 25 wherein said means for monitoring requests by the application program further comprises means for requiring that both the basic input/output system and the operating system kernel must be used for access to the hard disk controller in order to write information on the hard disk.
  - 27. The system of claim 26 wherein said basic input/output system level request check program further comprises means for linking to the basic input/output system by replacing the address of the original handler of the 13h basic input/output interrupt in the interrupt vector table with said first address of said first key program.
  - 28. The system of claim 27 wherein said modular device driver-level request check program further comprises means for linking to the modular device driver by replacing the address of the original handler of the 13h basic input/output interrupt of the modular device driver with said second address of said second key program, said modular device driver-level request check program further comprises means for monitoring the use of the 13h modular device driver interrupt and setting a modular device driver activity flag.
  - 29. The system of claim 28 wherein said operating system kernel-level request check program further comprises means for linking to the operating system kernel by removing from the operating system kernel the call of the 82h function of the 2Ah program interrupt and placing in the operating system kernel the call code for said third key program, said operating system kernel-level request check program further comprises means for monitoring the use of the 21h operating system program interrupt and setting an operating system kernel activity flag.
  - 30. The system of claim 29 wherein said basic input/output system level request check program further comprises means for monitoring queries at the 13h interrupt of the basic input/output system, and queries including hard disk formatting requests and attempts at recording on the hard disk without the use of the basic input/output system.
  - 31. The system of claim 30 wherein said basic input/output system level request check program further comprises means for preventing the use of the basic input/output system to format the hard disk, said means for preventing use of the basic input/output system to format the hard disk identifying formatting requests and preventing the servicing of the formatting requests by returning control with an error flag via said first key program.
  - 32. The system of claim 31 wherein said basic input/output system-level request check program further comprises means for requiring the use of both the modular device driver and the basic input/output system to write information on the hard disk, said means for requiring the use of both the modular device driver and the basic input/output system verifying the presence of said modular device driver activity flag and preventing servicing of write requests in the absence of said flag by returning control with an error flag via said first key program.
  - 33. The system of claim 32 wherein said modular device driver-level request check program further comprises means for preventing the use of the modular device driver to format the hard disk, said means for preventing the use of the modular device driver to format the hard disk identifying formatting requests and preventing the servicing of formatting requests by returning control with an error flag via said second key program.
  - 34. The system of claim 33 wherein said modular device driver-level request check program further comprises means for requiring the use of both the operating system kernel and the modular device driver to write information on the hard disk, said means for requiring the use of both the operating system kernel and the modular device driver verifying the presence of said operating system kernel-level activity flag and preventing servicing of write requests in the absence of said flag by returning control with an error flag via said second key program.
  - 35. The system of claim 29 wherein said operating system kernel-level request check program further comprises means for preventing the use of the operating system kernel to write a track on a logic device that is a prototype of the hard disk wherein said means for preventing denies servicing of requests to write a track on the logic device by returning control with an error flag via said third key program.
  - 36. The system of claim 35 wherein said operating system kernel-level request check program further comprises means for changing the status of files created using the 16h function of the 21h operating system program interrupt and wherein the files have the extension .BIN, .COM, .DLL, .EXE, .LIB, .OVL or SYS, said means for changing the status of files created using the 16h function determining the extensions of such files and placing the attribute "READ ONLY" in the file control block.
  - 37. The system of claim 36 wherein said operating system kernel-level request check program further comprises means for changing the status of files created using the 3Ch or 6Ch function of the 21h operating system program interrupt and wherein the files have the extension .BIN, .COM, .DLL, .EXE, LIB, .OVL, or .SYS, said means for changing the status of files created using the 3Ch or 6Ch function determining the extension of such files and placing the attribute "READ ONLY" in the stack of the program creating such files.
  - 38. The system of claim 37 wherein said operating system kernel-level request check program further comprises means for monitoring the use of a protection control program having the privilege of using the operating system kernel to change the status of files, the protection control program being privileged to use the 4301h function of the 21h operating system program interrupt to change the attributes of a file and wherein the protection control program sets its own activity flag whenever there is a request to change the status of a file, the protection control program being enabled to use the 4301h function of the 21h OS program interrupt by said operating system kernel-level request check program, said means for monitoring the use of a protection control program verifying the presence of the activity flag of the protection control program and preventing the servicing of requests to change the status of files in the absence of the activity flag by returning control with an error flag via said third key 1716 program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MNAP Technologies International Incorporated
Original Assignee
YBM Technologies, Inc.
Inventors
Luchuk, Dmitry A., Kuznetsov, Oleg V.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elmore, Stephen C.

Application Number

US08/269,591
Time in Patent Office

557 Days
Field of Search

395/575, 395/425, 380/4, 364/286.4, 364/286.5
US Class Current

726/22
CPC Class Codes

G06F 21/567 using dedicated hardware

G06F 21/80 in storage media based on m...

Personal computer security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Personal computer security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links