Secure computing device including operating system stored in non-relocatable page of memory
First Claim
1. A method of verification of the security of a resident program in a computer comprising the steps of:
- storing the resident program in a range of predetermined physical addresses in memory;
preventing any virtual address relocation of said range of physical addresses where the resident program is stored;
loading a diagnostic program;
employing said diagnostic program to check the resident program against a standard to determine whether the resident program has been altered; and
indicating verification of the resident program if it matches said standard and non-verification of the resident program if it fails to match said standard.
1 Assignment
0 Petitions
Accused Products
Abstract
A diagnostic program can check the security of a program. The program is stored at predetermined non-relocatable physical address in memory. The diagnostic program is loaded and checks the program at the predetermined physical address against a standard. The diagnostic program then indicates that the program is verified as secure if it meets the standard or non-verified as secure if it does not meet the standard. If the program is not verified as secure, then the diagnostic program may take remedial action such as disabling normal operation of the program, be transmitting a predetermined message via the system modem or downloading another copy of the program via the modem. The program is made non-relocatable using a special table look-aside buffer having a fixed virtual address register and a corresponding fixed physical address register.
-
Citations
9 Claims
-
1. A method of verification of the security of a resident program in a computer comprising the steps of:
-
storing the resident program in a range of predetermined physical addresses in memory;
preventing any virtual address relocation of said range of physical addresses where the resident program is stored;
loading a diagnostic program;
employing said diagnostic program to check the resident program against a standard to determine whether the resident program has been altered; and
indicating verification of the resident program if it matches said standard and non-verification of the resident program if it fails to match said standard. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
said step of preventing virtual address relocation of said physical addresses where the resident program is stored consists of providing a table look-aside buffer having a fixed virtual address register storing a virtual address fixed upon manufacture encompassing said range of predetermined physical addresses and a corresponding fixed physical address register storing a physical address fixed upon manufacture encompassing said range of predetermined physical addresses.
-
-
3. The method of claim 1, further comprising the step of:
disabling normal operation of the resident program on indication of non-verification of the resident program.
-
4. The method of claim 1, further comprising the step of:
transmitting a predetermined message via a modem to a predetermined phone number on indication of non-verification of the resident program.
-
5. The method of claim 1, further comprising the step of:
downloading another copy of all of the resident program via a modem on indication of non-verification of the resident program.
-
6. The method of claim 1, further comprising the step of:
transmitting a predetermined message via a modem to a predetermined recipient on indication of non-verification of the resident program.
-
7. The method of claim 1, further comprising the step of:
disabling the computer on indication of non-verification of the resident program.
-
8. The method of claim 1, further comprising the step of:
SECURE COMPUTING DEVICE INCLUDING VIRTUAL MEMORY TABLE LOOK-ASIDE BUFFER WITH NON-RELOCATABLE PAGE Of MEMORY enabling the computer to run some application programs and disabling the computer from running other application programs.
-
9. The method of claim 2, further comprising the steps of:
-
comparing a virtual address generated by the computer with a plurality of virtual address registers including the fixed virtual address register and at least one writeable virtual address register;
recalling the physical address from the fixed physical address register upon a match of the virtual address generated by the computer and the virtual address stored in the fixed virtual address register regardless of whether the virtual address generated by the computer matches any virtual address stored in the at least one writeable virtual address register; and
recalling a physical address from a writeable physical address register corresponding to a writeable virtual address register matching the virtual address generated by the computer unless the virtual address generated by the computer also matches the virtual address stored in the fixed virtual address register.
-
Specification