Method and apparatus for controlling access to and corruption of information in computer systems

US 5,657,473 A
Filed: 10/21/1992
Issued: 08/12/1997
Est. Priority Date: 02/21/1990
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for controlling access to and modification of information stored on a storage medium of a computer system, the information on the storage medium being divided into a plurality of non-overlapping partitions including a boot partition and a plurality of general partitions, each partition being capable of containing ties and each partition further being divided into a plurality of sectors, any designated subset of the general partitions being capable of being made active at any given time when the computer system is in use, wherein the apparatus comprises a supervising means separate of a central processing unit (CPU) of the computer system for, in use, allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition, and whether if the partition is a user partition the partition is active or inactive, and allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive, and reset means connected with said supervisor means for resetting the computer system should an attempt be made to perform a prohibited read, write or format operation, in use.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method restrict the corruption or destruction of data held on a storage medium forming part of a computer system by hostile programs such as "viruses"by employing a "Supervisor" which controls the reading, writing and formatting of sectors within partitions of a storage medium. The control is dependent upon which type of partition the sector is within, i.e. the boot partition, or an active or inactive general partition, and which type of data the sector contains, i.e. operating system or user information. The Supervisor may be implemented in hardware or firmware, and preferably provides a processor which is inaccessible to the user and to any virus contained in any partition of, for example, a hard disk. The computer system may be reset should an attempt be made to perform a prohibited read, write or format operation.

Citations

20 Claims

1. An apparatus for controlling access to and modification of information stored on a storage medium of a computer system, the information on the storage medium being divided into a plurality of non-overlapping partitions including a boot partition and a plurality of general partitions, each partition being capable of containing ties and each partition further being divided into a plurality of sectors, any designated subset of the general partitions being capable of being made active at any given time when the computer system is in use, wherein the apparatus comprises a supervising means separate of a central processing unit (CPU) of the computer system for, in use, allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition, and whether if the partition is a user partition the partition is active or inactive, and allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive, and reset means connected with said supervisor means for resetting the computer system should an attempt be made to perform a prohibited read, write or format operation, in use.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An apparatus as claimed in claim 1, wherein the apparatus comprises hardware adapted to be incorporated into the computer system.
  - 3. An apparatus as claimed in claim 1, wherein the apparatus comprises firmware adapted to be incorporated into the computer system.
  - 4. An apparatus as claimed in claim 1, wherein the apparatus comprises a combination of both hardware and firmware, both being adapted to be incorporated into the computer system.
  - 5. An apparatus as claimed in claim 1, said apparatus further comprising a processor which is made inaccessible to a user and to any virus and which supervises all data transfers between and within sub-divisions of the storage medium or storage media placed under its control.
  - 6. An apparatus as claimed in claim 2, said apparatus further comprising a processor which is made inaccessible to a user and to any virus and which supervises all data transfers between and within sub-divisions of the storage medium or storage media placed under its control.
  - 7. An apparatus as claimed in claim 3, said apparatus further comprising a processor which is made inaccessible to a user and to any virus and which supervises all data transfers between and within sub-divisions of the storage medium or storage media placed under its control.
  - 8. An apparatus as claimed in claim 4, said apparatus further comprising a processor which is made inaccessible to a user and to any virus and which supervises all data transfers between and within sub-divisions of the storage medium or storage media placed under its control.

9. A method of controlling access to and modification of information stored on a storage medium forming part of a computer system including a supervising means separate from a central processing unit (CPU) of the computer system, wherein information stored on the storage medium is divided into a plurality of non-overlapping partitions, including a boot partition and a plurality of general partitions, each of the partitions being capable of containing files and each partition further being divided into a plurality of sectors, any designated subset of the general partitions being capable of being made active at any given time when the computer system is in use, comprising the steps of:
- allowing/restricting/prohibiting read/write operations upon the storage medium using said supervision means depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition, and whether if the partition is a general partition the partition is active or inactive;
  
  allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive, andcausing a reset of the computer system should an attempt be made to perform a prohibited read, or format operation.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. A method as claimed in claim 9, wherein read operations are allowed on any information in the boot partition, but an attempt to write or format the boot partition causes a system reset.
  - 11. A method as claimed in claim 10, wherein boot sectors of the storage medium are considered to be part of the boot partition, irrespective of the position of the starting sector of the boot partition as may be defined by the storage medium operating system.
  - 12. A method as claimed in claim 11, wherein an active general partition includes operating system information sectors and user-generated information sectors and wherein reading of any of said operating system information sectors or user-generated information sectors in said active general partition is allowed, writing to said user-generated information sectors is allowed, and writing to said operating system information sectors is restricted such that an attempt to modify the size or boundaries of the active general partition causes a system reset.
  - 13. A method as claimed in claim 10, wherein an active general partition includes operating system information sectors and user-generated information sectors and wherein reading of any of said operating system information sectors or user-generated information sectors in said active general partition is allowed, writing to said user-generated information sectors is allowed, and writing to said operating system information sectors is restricted such that an attempt to modify the size or boundaries of the active general partition causes a system reset.
  - 14. A method as claimed in claim 9, wherein boot sectors of the storage medium are considered to be part of the boot partition, irrespective of the position of the starting sector of the boot partition as defined by the storage medium operating system.
  - 15. A method as claimed in claim 14, wherein an active general partition includes operating system information sectors and user-generated information sectors and wherein reading of any of said operating system information sectors or user-generated information sectors in said active general partition is allowed, writing to said user-generated information sectors is allowed, and writing to said operating system information sectors is restricted such that an attempt to modify the size or boundaries of the active general partition causes a system reset.
  - 16. A method as claimed in claim 9, wherein an active general partition includes operating system information sectors and user-generated information sectors and wherein reading of any of said operating system information sectors or user-generated information sectors in said active general partition is allowed, writing to said user-generated information sectors is allowed, and writing to said operating system information sectors is restricted such that an attempt to modify the size or boundaries of the active general partition causes a system reset.
  - 17. A method as claimed in claim 9, wherein inactive general partitions include operating system sectors and the reading of information from said operating system sectors of said inactive general partitions is allowed, and an attempt to perform any other read, write or format operation on said inactive general partitions is either denied or causes a system reset.
  - 18. A method as claimed in claim 9, wherein the restriction or prevention of the performance of read, write and format operations can be removed to allow set-up or maintenance of the storage medium and thereafter reinstated.
  - 19. A method as claimed in any of claims 9 to 18, wherein the storage medium is any one of a hard disk, a floppy disk, an optical disk and a tape.
  - 20. A method as claimed in any of claims 9 to 18, wherein the storage medium is a fileserver, and the computer system is a local area network including a plurality of user computers, and an identity of each user computer that is using a partition of the fileserver is determined such that an attempt by a user computer to perform a prohibited operation causes a reset to be required of that user computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ERAN & Torra BV LLC (Intellectual Ventures LLC)
Original Assignee
Arendee Limited
Inventors
Killean, Reginald, Robb, David, White, Norman Jackson
Primary Examiner(s)
Chan, Eddie P.
Assistant Examiner(s)
Nguyen, Hiep T.

Application Number

US07/920,571
Time in Patent Office

1,756 Days
Field of Search

364/200 MS File, 364/900 MS File, 395/400, 395/425, 395/490, 395/491, 395/182.21, 395/186, 395/187.01, 395/188.01, 395/497.04, 395/456, 395/700, 395/405, 395/838, 380/3, 380/4
US Class Current

711/163
CPC Class Codes

G06F 12/1441   for a range

G06F 21/56   Computer malware detection ...

G06F 21/567   using dedicated hardware

G06F 21/80   in storage media based on m...

Method and apparatus for controlling access to and corruption of information in computer systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for controlling access to and corruption of information in computer systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links