AU608779B2 - Temporal data processing security system - Google Patents
Temporal data processing security system Download PDFInfo
- Publication number
- AU608779B2 AU608779B2 AU79671/87A AU7967187A AU608779B2 AU 608779 B2 AU608779 B2 AU 608779B2 AU 79671/87 A AU79671/87 A AU 79671/87A AU 7967187 A AU7967187 A AU 7967187A AU 608779 B2 AU608779 B2 AU 608779B2
- Authority
- AU
- Australia
- Prior art keywords
- long
- storage means
- term storage
- sequence
- copy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Description
i
.M
AU-Ai-/aO/II/I WORLD INTELLECTUAL PROPERTY ORGANIZAT International Bureau PCT
UC
INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (51) International Patent Classification 4 (11) International Publication Number: WO 88/ 02142 G06F 1/00, 9/44 Al (43) International Publication Date: 24 March 1988 (24.03.88) (21) International Application Number: PCT/GB87/00662 D S e; Reddie Grose, 16 Lo n X 8PL (GB).
(22) International Filing Date: 21 September 1987 (21.09.87) (81) Designated States: AT (European patent), AU, BE (Eu- (31) Priority Application Number: 8622572 ropean patent), CH (European patent), DE (European patent), FR (European patent), GB (European (32) Priority Date: 19 September 1986 (19.09.86) patent), IT (European patent), LU (European patent), NL (European patent), SE (European patent), US.
(33) Priority Country: GB Published (71) Applicant (for all designated States except US): LOOP- With international search report.
FINISH LIMITED [GB/GB]; Clement House, 99 Aldwych, London WC2B 4JY (GB).
(72) Inventors; and Inventors/Applicants (for US only) RUSSELL, Roger B J P. 2 MAY 1988 [GB/GB]; 15 Lovett Road, Harefield, Middlesex (GB).
CHARRINGTON, Neil, Tracey, Wignall [GB/GB]; Woodbury, 36 Plymouth Road, Barnt Green, Worces- AUSTRALIAN tershire B45 8JE (GB).
7 APR 1988 51 atle. PATENT OFFICE j l i,;'Yt foii (54) Title: DATA PROCESSING SYSTEM SECURITY Io o
SYSTEM
INVENTORY
SYSTEM
PROGRAMS
APPLICATION f6 PROGRAMS
LJ-
(57) Abstract A first security program is initially installed in the long-term storage region (16) together with a second security program A date item is also installed in another long-term storage region The first security program tests whether the current date provided by a caindar is the same as the installation date in item and, only if true, creates a copy in a region (11) of long-term storage. The copy is arranged to not allow copying of itself. The security program finally deletes itself. The second security program requires absence of the program and presence of an accurate copy in the region (11) before user access to the main contents of regions (15) and (16) is allowed.
-j IJi I r -i Lialtstation required) i/VY 1' cza t-t,96 N ote' Initial all DAVIES COLLISON, MELBOURNE and CANBERRA.
1 -1- DATA PROCESSING SYSTEM SECURITY This invention relates to the prevention of unauthorised use of a data processing system.
Data processing systems comprising a central processing unit and long-term storage means such as disc drives with magnetic discs are typically adapted for use in carrying out desired operations by the installation of sequences of instructions and information in the long-term storage means. The adaption of a system by an S 10 unauthorised person to carry out a particular operation by the installation of the necessary sequence of instructions and information is a problem which the present invention aims to make very difficult or impossible, especially where the system includes a time keeping means.
a* According to one aspect of the present invention there is provided a method of preventing unauthorised use of a data processing system having means for longterm storage of data written thereto through the system and means providing temporal information, the method comprising the steps of: writing a sequence of operating instructions and information into the long-term Sstorage means; and 20 executing the beginning of an initial part of the said sequence, the said beginning including the steps of comparing the current temporal information provided by the said temporal information providing means with a predetermined item of Stemporal information included in the said information written into the long-term storage means, and then executing the remainder of the said initial part if the predetermined item and the current temporal information are determined by the said comparison to be compatible with each other, or executing a predetermined abort portion of the said sequence if the said item and the current temporal information are determined by the said comparison to be not compatible with each other, the said predetermined abort portion providing no access to the remainder of the sequence, and execution of the said remainder of the said initial part ending with deletion of the said initial part from the long-term storage means.
901128,vrsspe.001,loopfinish,1 la According to another aspect of the invention there is provided a method of preventing unauthorised use of a data processing system having means for long-term storage of data written thereto through the system, the method comprising the steps of: writing a sequence of operating instructions and information into the long-term storage means; executing an initial part of the said sequence, the execution of the said initial part including testing for temporal validity of a predetermined item of the said information written into the long-term storage means and, if and only if the said testing is affirmative, making a copy in the long-term storage means of a S" *predetermined item of information and deleting the said initial part from the long-term storage means; testing whether the said copy is present in the said long-term storage means; and 15 restricting execution to a predetermined abort portion of the said sequence of the said copy is not present, the steps of testing being executed in response to ll99 accessing of a further portion of the said sequence following the said initial part.
o A preferred embodiment of. the invention will now be described, by way of example only, with reference to the accompanying drawings in which: 20 Fig. 1 is a diagrammatic representation of the memory contents of a data processing system; SFig. 2 is a diagrammatic representation of the memory contents of the system Sduring installation of a sequence of instructions and information in accordance with the invention; Fig. 3 is a diagrammatic representation of the memory contents of the system after installation of the said sequence; and Fig. 4 is a diagrammatic representation of the contents of another system after unauthorised copying thereto of the contents represented in Fig. 3.
9 01128,vrsspe.001,Ioopfinish,2 'WO 88/02142 PCT/GB87/00662 -2- Fig. 1 represents a memory map of a data processing system using virtual memory. An example of such a system is a generalised data base management computer system known as Ultimate produced by Pick Associates Inc. of Irvin, California., United States of America. The physical basis of the memory map of Fig.
1 is a long-term storage means in the form of magnetic data storage discs in a disc drive, together with a semi-conductor main memory and semi-conductor ROM holding invariable instructions and information. In operation, instructions and information held on disc in the long-term storzage means are loaded into the main memory as required for immediate use on a page by page basis. In Fig. 1, the memory area is divided into three main regions: a system inventory region 11 which contains directories of programs and information files; a system -programs region 12 which contains the programs listed in the system inventory and used in operating the basic functions of the data.processing system; and an unoccupied region 13 into which further programs and information can be written through the system. The data stored in the region 13 is stored on disc in the disc drive.
In this example, the system programs include a calendar program C which runs continually from some specific point in time and provides a continually updated representation of time, including the date.
This means for providing temporal information may comprise a ROM program and assigned locations in the main memory at which the representation of date and time are stored.
Fig. 2 represents the memory map of Fig. 1 during installation of a program stored on tape in tape cassette 14. The tape stores, in sequence, an i -x WO 88/02142 PCT/G B87/00662 -3auxiliary loader program, a main loader program, and a program of instructions and information to be loaded into the region 13 of the memory space of the data processing system. The auxiliary loader program is loaded first onto disc in the region 13 and then runs, causing the tape in the cassette 14 to be rewound to its beginning, three end of file markers followed by an end of storage medium instruction to be written over the initial portion of the auxiliary loader program on the tape, and the tape to be moved forward to the next end of the file marker which is at the beginning of the main loader program. The main loader program is then written to disc, loaded through the system into the region 13, by the auxiliary loader system, and run from the disc. The main loader program initially deletes the auxiliary loader program from disc (region 13), then causes the said program of instructions and information to be written to dis.c. The main loader program finally rewinds the tape in the cassette 14 and causes itself to be deleted from disc. Thus the contents of the tape can no longer be loaded into a system.
The said program of instructions and information is distributed into two areas of the region 13, a first region 15, labelled APPLICATION in Fig. 2, and a second region 15, labelled PROGRAMS in Fig. 2. The region contains the information and the region 16 contains the instructions of the said program. Amongst the information is a predetermined item X which, in this example, represents a particular date and other details.
The instructions in region 16 include two security programs Y and Z. The security program Y is arranged to run immediately the first attempt to use the data in regions 15 and 16 is made. The authorised user is instructed to make this first attempt on the WO 88/02142 PCT/GB87/00662 -4authorised date of installation which is the date represented in the item X.
When the security program Y runs, it first tests whether item X is also stored in a predetermined location in the region 11, and if it is; branches to an abort program in the region 16 which prevents further use of the data regions 15 and 16 and causes suitable warning notices to be displayed to the user.
If the item X is not present in region 11 at this test, the program Y compares the date in item X in region 15 with the date currently indicated by the calendar program C. If the dates are not the same, Y again branches to the abort program. If the dates are the same, program Y proceeds to cause a copy of item X to be written into the predetermined location in region 11. The copy, is created in such a way that a further copy cannot be made from This can be achieved by a suitable flag or other means, depending on the details of the operation of the system. The copy item X' is indicated in Fig. 3 which shows the memory map after installation, including the running of program Y. After the copy item X' has been written, program Y ends by deleting itself. Thus the system no longer contains the security program Y, which was the means by which the copy item X' was created.
At any subsequent attempt to use the data stored in regions 15 and 16, the security program Z runs first.
The item X and its copy X' include in addition to a date a current password code. When a user attempts to use the data stored in regions 15 and 16, the program Z requires the user to enter, through a keyboard for example, a password. The password entered by the user is compared with the code held as part of X and, if rz i_ i i iii .i.li WO 88/02142 PCT/GB87/00662 this comparison is satisfied, tests whether the copy X' exists in region 11. If the password entered is not correct or the copy X' does not exist, the program Z branches to the abort program. The password code may be derived from a user name code also included in the item
X.
If the entered password is correct and the copy X' exists in regionll,the copy X' is compared with the item X and if there is a difference between any of the information in the copy X' on the one hand and the item X on the other hand, the program Z branches to the abort program.
Finally, the security program Z tests whether the security program Y exists in region 16 and if Y is found to exist, the program Z branches to the abort program. If.program Y does not exist, the user is permitted to 'use the data in regions 15 and 16, i.e., to execute programs held in region 16 and to process information held in region 15 or entered into the system during execution of the programs in region 16.
The program Z may also carry out a test on the calendar C such that at predetermined numbers of days from the installation date, the program Z requires a new password to be entered by the user. When the user enters the new password, the program Z may write the new date into the item X and its copy If the new password is not entered or an incorrect new password is entered by the user, the program Z branches to the abort program.
Fig. 4 represents the memory map of a data processing system of a type capable of utilizing the contents of the memory map of Fig. 3 but having had entered into it an unauthorised copy of the contents of the memory map of Fig. 3. Since the copy item X' is WO 88/02142 PCT/GB87/00662 -6arranged to frustrate copying, no copy X" is present in region 11 of the map of Fig. 4. Consequently any attempt to use the contents of regions 15 and 16 will fail since the security program Z, which has been copied, will test for the presence of and on finding that X' is not present will branch to the abort program.
Thus the deletion of the security program Y and the frustration of copying of the copy item together with the tests carried out by the security program Z, ensure that an unauthorised copy cannot be used.
It should be noted that the test carried out by the security program Y to check whether the currefrt date represented by the calendar C is the same as the date encoded in the item X ensures that unauthorised use of the cassette 14 on any day whicn is not the authorised installation day prevents proper installation of the contents of the tape, since the copy item X' will' not be created,, and the security program Y will not be deleted. Furthermore, no access to the main contents of the regions 15 and 16 will be allowed since the program Y branches to the abort program.
The use of an authorised installation date allows the intended user 24 hours to complete proper installation. Other arrangements can be made, for example by restricting the authorised installation time to a defined period of a particular day. The temporal information in the item X may then be a particular date together with a defined period such as 10 a.m. to 2 p.m.
Alternatively, only a defined period within any day may be chosen, such as 10 a.m. to 2 p.m. with no restriction to a particular date. A set of separated or adjacent days may be defined. However, for maximum security it is preferred to define one date and a period WO 88/02142 PCT/GIB87/0662 -7of time on that date.
The method is preferably utilized with a virtual memory system, or at least in a system in which data can be accessed very rapidly by the processing unit or units of the system.
i L L
Claims (7)
1. A method of preventing unauthorised use of a data processing system having means for long-term storage of data written thereto through the system and means providing temporal information, the method comprising the steps of: writing a sequence of operating instructions and information into the long-term storage means; and executing the beginning of an initial part of the said sequence, the said beginning including the steps of comparing the current temporal information provided by the said tempoial information providing means with a predetermined item of temporal information included in the said information written into the long-term storage means, and then executing the remainder of the said initial part if the predetermined item and the current temporal information are determined by the said comparison to be compatible with teach other, or executing a predetermined abort portion of the said sequence if the said item and the current temporal informac~cm are determined by the said comparison to be not compatible with each other, the said predetermined abort portion providing no access to the remainder of the sequence, and execution of the said remainder of the said initial part ending with deletion of the said i-nitial part from the long-term storage means.,~g
2. A method according to claim 1, wherein deletion of the said initial part is C immediately preceded by deletion of information stored in the long-term storage 0. 00 *means to identify the said initial part. *se 0C 0 0 0
3. A method according to claim 1 or 2, further including the steps of testing jwhether the said initial part is present in the long-term storage means and restricting subsequent execution to a predetermined abort portion of the said sequence if the said initial part is present, the steps of testing and restricting being executed in response to accessing of a further portion of the said sequence following the said initial part.
7. 1 1901 128,vrsspe.001 ,tooprmnish,8 K 9.. -9- 4. A method according to claim 3, wherein the first and second said abort portions are the same portion of the said sequence. A method according to any preceding claim, wherein execution of the said initial part includes making a copy in the long-term storage means of a predetermined portion of the said sequence including the said predetermined item in such a manner that copying of the contents of the long-term storage means into further long-term storage means coupled to the data processing system fails to reproduce in the further long-term storage means the said copy. A method according to claim 5, further including the steps of testing whether the said copy is present in the first said long-term storage means and restricting execution to a predetermined abort portion of the said sequence if the said copy is not present, the step of testing for the presence of the said copy being executed in S"f 15 response to accessing of a or the said further portion of the said sequence following the said initial part. 7. A method according tb claims 3 and 6, wherein the said abort portions are one and the same portion of the said sequence.
8. A method according to any preceding claim, wherein the said sequence is written into the first said long-term storage means from a portable long-term storage means having stored therein an auxiliary loader sequence, a main loader sequence, and the said sequence of operating instructions and information, and the step of writing the said sequence of operating instructions and information into the first said long-term storage means comprises the steps of writing the auxiliary loader sequence from the portable long-term storage means to the first said long-term storage means and executing the auxiliary loader sequence from the first said long-term storage means whereby the beginning of the auxiliary loader sequence in the portable long-term storage means is overwritten by instructions includj' g an end of storage indicator, the main loader sequence is written into the first said long-term storage means from the 901128,vTsspc.001,Iooprmish,9 "R L -1 1 Y~ 1 0 0 0 0 0 000 6690 portable long-term storage ilicans, and the auxiliary loader sequence is deleted from the first said long-term storage means, and executing the main loader sequence from the first said long-term storage means whereby the said sequence of instructions and information is written from the portable long-term storage means to the first said long-term, storage means, access to the portable long-term storage means is restricted to a beginning region terminated by the said end of storage indicator, and the main loader sequence is deleted from the first said long-term storage means.
9. A method of preventing unauthorised use of a data processing system having means for long-terill storage of data writtcn thereto through the system, the method comprising the steps of: writing a sequence of operating instructions and information into the long-term storage means; executing an initial part of the said equcnce, the execution of the said initial part including testing for tempoial validity of a predetermined item of the said information written into the long-7term storage means and, if and only if the said testing is affirmative, making a copy in the long-term storage means of a predetermined item of information and deleting the said initial part from the long-term storage means; testing whether the said copy is present in the said 'long-terril storage means; and restricting execution to a predetermined abort portion of the said sequence of the said copy is not present, the steps of testing being executed in response to accessing of a further portion of the said sequence following the said initial part. A method according to claim 9, wherein the making of the said copy is carried out in such a marmcr that copying of the contents of tile long-term storage means into further long-term storage means coupled to the data processing system fails to reproduce in the further long-term storage means the said copy. 90l128,Vr83PO.OOIIOOpflMshl0 11
11. A method of preventing unauthorised usC of a data processing system, substantially as described hercibcforc wvith reference to the accompanying drawings. 0 0 :0. Go* DATED this 28th day of November, 1990 @see 0 0 0 60 0 SS S0 0 0@ LOOPEINISH LIMITED By its Patent Attorneys 20 DAVIES COLLISION 901 128,yrsspe.001joopfinish,1 II
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8622572A GB2195477B (en) | 1986-09-19 | 1986-09-19 | Data processing system security |
| GB8622572 | 1986-09-19 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU7967187A AU7967187A (en) | 1988-04-07 |
| AU608779B2 true AU608779B2 (en) | 1991-04-18 |
Family
ID=10604447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU79671/87A Ceased AU608779B2 (en) | 1986-09-19 | 1987-09-21 | Temporal data processing security system |
Country Status (5)
| Country | Link |
|---|---|
| EP (1) | EP0325598A1 (en) |
| AU (1) | AU608779B2 (en) |
| GB (1) | GB2195477B (en) |
| WO (1) | WO1988002142A1 (en) |
| ZA (1) | ZA877033B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9754117B2 (en) | 2014-02-24 | 2017-09-05 | Northcross Group | Security management system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4087856A (en) * | 1976-06-30 | 1978-05-02 | International Business Machines Corporation | Location dependence for assuring the security of system-control operations |
| DE2921878C2 (en) * | 1979-05-30 | 1985-08-29 | Hermann 7742 St Georgen Stockburger | Data transmission device |
| JPS57111792A (en) * | 1980-12-29 | 1982-07-12 | Fanuc Ltd | Program copying preventing system |
| FR2525790A1 (en) * | 1982-04-22 | 1983-10-28 | Enigma Logic Inc | SECURITY DEVICE FOR CONTROLLING AND CONTROLLING ACCESS TO LOCATIONS AND DETERMINED OBJECTS |
| US4590557A (en) * | 1983-09-12 | 1986-05-20 | Pitney Bowes Inc. | Method and apparatus for controlling software configurations in data processing systems |
| US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
-
1986
- 1986-09-19 GB GB8622572A patent/GB2195477B/en not_active Expired - Lifetime
-
1987
- 1987-09-18 ZA ZA877033A patent/ZA877033B/en unknown
- 1987-09-21 AU AU79671/87A patent/AU608779B2/en not_active Ceased
- 1987-09-21 WO PCT/GB1987/000662 patent/WO1988002142A1/en not_active Ceased
- 1987-09-21 EP EP87906093A patent/EP0325598A1/en not_active Withdrawn
Also Published As
| Publication number | Publication date |
|---|---|
| ZA877033B (en) | 1988-09-28 |
| EP0325598A1 (en) | 1989-08-02 |
| GB8622572D0 (en) | 1986-11-12 |
| GB2195477A (en) | 1988-04-07 |
| WO1988002142A1 (en) | 1988-03-24 |
| AU7967187A (en) | 1988-04-07 |
| GB2195477B (en) | 1990-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6411969B1 (en) | Enhanced system and method for management of system database utilities | |
| US5475834A (en) | Integration of migration level two and backup tape processing using multiple inventory entries | |
| RU2182360C2 (en) | Method for computer system stored data access, method for data filing, and computer system for implementing these methods | |
| US4912637A (en) | Version management tool | |
| US5819275A (en) | System and method for superimposing attributes on hierarchically organized file systems | |
| US6374267B1 (en) | Database backup system and method utilizing numerically identified files for incremental dumping | |
| US4584641A (en) | Copyprotecting system for software protection | |
| US6385768B1 (en) | System and method for incorporating changes as a part of a software release | |
| US6128630A (en) | Journal space release for log-structured storage systems | |
| US5497472A (en) | Cache control method and apparatus for storing data in a cache memory and for indicating completion of a write request irrespective of whether a record to be accessed exists in an external storage unit | |
| EP0492071A2 (en) | Method and apparatus for providing single entity version management for source data | |
| JPH0827754B2 (en) | File management method and file management system in computer system | |
| US4855907A (en) | Method for moving VSAM base clusters while maintaining alternate indices into the cluster | |
| JPH09160725A (en) | Method and system for mass storage configuration management | |
| JPH08504528A (en) | Optimization method of memory space in database | |
| JPH02148235A (en) | Data drawback system | |
| AU608779B2 (en) | Temporal data processing security system | |
| US5155827A (en) | Method for inhibiting an executable program in a disk operating system by replacing the program with an unexecutable program | |
| US7480682B1 (en) | In-place preservation of file system objects during a disk clone operation | |
| US6779129B2 (en) | Method, article of manufacture and apparatus for copying information to a storage medium | |
| JPH0158533B2 (en) | ||
| WO2003083670A1 (en) | Protection of data by hiding the data | |
| Pilavakis | The UNIX File System | |
| JPH03116248A (en) | Data maintenance system for data base | |
| Lister et al. | The Filing System |