AU745031B2 - Apparatus and method for preventing disclosure of protected information - Google Patents
Apparatus and method for preventing disclosure of protected information Download PDFInfo
- Publication number
- AU745031B2 AU745031B2 AU55971/99A AU5597199A AU745031B2 AU 745031 B2 AU745031 B2 AU 745031B2 AU 55971/99 A AU55971/99 A AU 55971/99A AU 5597199 A AU5597199 A AU 5597199A AU 745031 B2 AU745031 B2 AU 745031B2
- Authority
- AU
- Australia
- Prior art keywords
- entity
- untrusted
- protected information
- exposed
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Landscapes
- Storage Device Security (AREA)
Description
S F Ref: 481136
AUSTRALIA
PATENTS ACT 1990 COMPLETE SPECIFICATION FOR A STANDARD PATENT
S
*r
S.
ORIGINAL
Name and Address of Applicant: Actual Inventor(s): Address for Service: Canon Kabushiki Kaisha 30-2, Shimomaruko 3-chome Ohta-ku Tokyo 146
JAPAN
Seppo Relno Keronen Spruson Ferguson, Patent Attorneys Level 33 St Martins Tower, 31 Market Street Sydney, New South Wales, 2000, Australia Apparatus and Method for Preventing Disclosure of Protected Information Invention Title: ASSOCIATED PROVISIONAL [31] Application No(s) PP6602 APPLICATION DETAILS [33] Country
AU
[32] Application Date 20 October 1998 The following statement is a full description of this invention, including the best method of performing it known to me/us:- 5815 -1- APPARATUS AND METHOD FOR PREVENTING DISCLOSURE OF PROTECTED INFORMATION Field of Invention The present invention relates to an apparatus and method for preventing disclosure of protected information on a platform. The present invention also relates to a method and apparatus for marking an entity as having been exposed to protected information. The invention also relates to a A computer readable medium comprising a computer program for preventing disclosure of protected information, for preventing disclosure of protected information on a platform and/or for marking an entity as having been exposed to protected information.
Background to the Invention Confidential and other sensitive information is increasingly stored and processed on computer systems. It is common for these computer systems to be nowadays connected to communication networks. There is a danger that programs executing on computer systems that contain confidential and sensitive information will either deliberately or inadvertently, reveal the information to outside parties.
The publications "General Overview of the P3P Architecture" and "Grammatical Model and Data Design Model" (hereinafter referred to as the P3P publications) disclose the model drafts of the platform for privacy preferences project. A copy of these publications may be found on the Australian priority document; Patent Application No.
PP6602. These P3P publications were obtained on the website HTTP:\\www.w3.org\TR\WD-P3P-ARCH.HTML on the 19 May 1998. The P3P publications disclose a model for privacy conversations between a user agent and a service. The model enables sides to express privacy practices and for the user to express their preferences about those practices and have their agent act on it accordingly. The user agent can then provide the user a safe and seamless interaction. The P3P publications disclose a P3P interaction as resulting in an agreement between the service and the user agent regarding the practices associated with a user's implicit or explicit data.
The agreement may comprise service side permissions regarding the storage and release of data written by the service and accepted by the user agent. However this privacy CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\481136.DOC protection model is implemented on a remote computer system and the user will have to trust the other computer system to keep the information confidential.
Summary of the Invention It is an object of the present invention to ameliorate one or more disadvantages of the prior art.
According to one aspect of the invention, there is provided a method of preventing disclosure of protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information, wherein said method comprises the steps of: requesting an unsafe operation of a trusted first said entity by a second said entity; (ii) notifying the security manager of the requested operation; and (iii) halting the requested operation of the trusted first entity, if the second entity is untrusted and contains protected information or has been exposed to protected information.
According to another aspect of the invention, there is provided a method of marking an entity as having been exposed to protected information in a platform, wherein .the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has :not been exposed to the protected information, wherein said method comprises the steps of: requesting information from a first said entity by an untrusted second said •entity; 25 (ii) marking the data of the untrusted second entity by the security manager to ooo indicate that the untrusted second entity has been exposed, if the first entity contains protected information or has been exposed to protected information; and (iii) supplying the requested information from the first entity to the untrusted second entity.
According to another aspect of the invention, there is provided apparatus for preventing disclosure of protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been Sexposed to the protected information, wherein said apparatus comprises: 481136.DOC request means for requesting an unsafe operation of a trusted first said entity by a second said entity; first notification means for notifying the security manager of the requested operation; and halting means for halting the requested operation of the trusted first entity, if the second entity is untrusted and contains protected information or has been exposed to protected information.
According to another aspect of the invention, there is provided apparatus for marking an entity as having been exposed to protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information, wherein said apparatus comprises: request means for requesting information from a first said entity by an untrusted second said entity; 15 marking means for marking the data of the untrusted second entity by the security manager to indicate that the untrusted second entity has been exposed, if the first entity contains protected information or has been exposed to protected information; and oo supply means for supplying the requested information from the first entity to the untrusted second entity.
According to another aspect of the invention, there is provided a computer :readable medium comprising a computer program for preventing disclosure of protected information, wherein the computer program comprises a first entity, wherein said first entity comprises data indicating whether the entity is trusted or untrusted and whether the •o entity has or not been exposed to the protected information, and said first entity 25 comprises: S• request means for requesting an unsafe operation from a trusted second said entity; first notification means for notifying a security manager of the requested operation; and halting means for halting the requested operation of said trusted second entity, if the first entity is untrusted and contains protected information or has been exposed to protected information.
481136.DOC According to another aspect of the invention, there is provided a computer readable medium comprising a computer program for preventing disclosure of protected information, wherein the computer program comprises a security manager comprising: means for receiving a request by a first entity to perform an unsafe operation from a trusted second entity, wherein said first and second entities comprise data indicating whether the entity is trusted or untrusted and whether the entity has or not been exposed to the protected information; and notification means for notifying the first entity that the request is refused, if the first entity is untrusted and contains protected information or has been exposed to protected information.
According to another aspect of the invention, there is provided a computer readable medium comprising a computer program for marking an entity as having been exposed to protected information, wherein the computer program comprises a first entity, herein said entity comprises data indicating whether the entity is trusted or untrusted and whether the entity has or not been exposed to the protected information, and wherein the i first entity comprises: request means for requesting information from an untrusted second said entity;
S.
marking means for marking the data of the first entity by a security manager to indicate that the first entity has been exposed, if the untrusted second entity contains protected information or has been exposed to protected information; and receiving means for receiving the requested information from the second entity.
According to another aspect of the invention, there is provided a computer readable medium comprising a computer program for marking an entity as having been exposed to protected information, wherein the computer program comprises a security no 25 manager comprising: receiving means for receiving requests by an untrusted first entity for information from a second entity, wherein each said entity has data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information; marking means for marking data of the first entity to indicate that the first entity has been exposed, if the second entity contains protected information or has been exposed LI to protected information; and 4O 481136.DOC 4a permission means for permitting the supply of the requested information from the second entity to the untrusted first entity.
Brief Description of the Drawings Embodiments of the invention are described with reference to the drawings, in which: Fig. 1 shows the architecture of a platform for use in the methods of the preferred embodiments; Figs 2A and 2B are block diagrams of two types of entities shown in Fig. 1; Figs. 3A and 3B illustrate the internal structure of the entity shown in Fig. 1; Fig. 4 illustrates a control flow diagram of a method of marking an untrusted entity as having been exposed to protected information, in accordance with a first preferred embodiment; 481 136.DOC Fig. 5, illustrates a control flow diagram of a method of preventing disclosure of protected information on the platform, in accordance with a second preferred embodiment; Fig. 6 illustrates a control flow diagram of a method of marking an entity as having been exposed to protected information as a result of a read operation, in accordance with a third preferred embodiment; Fig. 7 illustrates a control flow diagram of a method of marking an entity as having been exposed to protected information as a result of a write operation, in accordance with a fourth preferred embodiment; Fig. 8 illustrates a control flow diagram of a method of preventing disclosure of protected information on the platform, in accordance with a fifth preferred embodiment; and Fig. 9 shows in more detail a preferred example of such a platform shown in Fig.
Detailed Description Where reference is made in any one or more of the accompanying drawings to steps and/or features, which have the same reference numerals, those steps and/or features have for the purposes of this description the same function(s) and/or operation(s), unless the contrary intention appears.
20 Before proceeding with a description of the preferred embodiment, a brief review of terminology used herein is discussed. The preferred method of preventing disclosure of protected information and of marking an untrusted entity as having been exposed to protected information, may be implemented on a general-purpose computer or any other appliance such as a domestic, service and industrial appliance that incorporates such a general-purpose computer. For example, the invention may be implemented in a digital telephone, a personal digital assistant, a video recorder, and so on. The platform may also comprise a network of computers, such as an intranet, in which case the communication of confidential information to a wider network, such as the internet, is to be prevented.
The platform may also be realized as a virtual machine or software system, such as an internet browser or database system. The term platform is used herein to refer to any such computer, appliance, network, virtual machine or software system.
CFP1 496AU IMMEDIATE04 1: \ELEC\C ISRA\I M MEDIAT\I MME D04\481 1 36. DOC _77 I -6 The term protected information used herein is taken to define any confidential information that is marked as not to be communicated outside the platform. Protected information may comprise personal or proprietary information and information made available under license, copyright or other contractual or informal agreement of nondisclosure or copy protection. The term an unsafe operation used herein is taken to define any operation, such as wireless or wire transmission, printing, writing on a removable storage medium, display on a monitor etc. that results in communication of the protected information outside the platform.
Preferred Embodiments of Method(s) Fig. 1 shows the architecture of a platform on which a method of preventing disclosure of protected information and on which a method of marking an entity as having been exposed to protected information are implemented. The platform 100 comprises a plurality of components, called entities 102. The platform also comprises a security manager 104, which controls the security of the information on the platform 100.
As shown in Fig. 1, the entities 102 comprise either trusted 104 or untrusted *entities 106. It is preferable that untrusted entities 106 be encapsulated as software entities. The entity encapsulation should prevent uncontrolled read and write operations outside the memory address base of the entities. This can be achieved by known hardware and software means, comprising memory management hardware and careful software language design, such as Java. It is not necessary that trusted entities be so encapsulated. However, for the purposes of simplicity of description, the trusted entities described herein are encapsulated. The information encapsulated in the entities is classified as either protected or public. As shown in Fig. 1, an entity 102 may contain just public 108, just protected 1 10 or both public and protected information 112.
Turning now to Figs 2A and 2B there is shown block diagrams of two types of such entities 102 disposed in the memory of the platform 100. The entity 102 may be either a passive entity 200 or an active entity 202. The passive entity 200 comprises a software or hardware entity that does not comprise executable executions. Some examples of passive entities 200 are data files and machine registers containing data that is not interpreted as executable instructions. The active entity 202 comprises a software or hardware entity that contains some executable instructions. The active entity 202 can also contain non-executable data. Some examples of active entities are programs and active CFP1 496AU IMMEDIATE04 1: \E LEC\CISRA\ M ME DIAT\IM ME D04\48 11 36. DOC components. The passive entity 200 consists of two sections, a status section 204 and a data section 206. In similar manner, the active entity 202 consists of two sections, a status section 204 and a code and data section 208. The status section 204 of passive entity 200 contains information concerning any disclosure of any protected information contained in the data section 206. Similarly, the status section 204 of active entity 202 contains information on disclosure of any protected information contained in the data and code section 208. The entities 200,204 communicate through well defined interfaces and these interfaces may be constructed by known methods comprising message passing operations.
Turning now to Figs. 3A and 3B, there is illustrated the internal structure of the 10 entity 102 disposed in the memory of the platform 100. As mentioned above, the entity 102 consists of a status section 204 and a data section 206 or a code and data section 208.
°Untrusted entities, comprising the entity itself, are not able to change the contents of the status section 204. The status section 204 can only be updated by a trusted entity or a security manager application 104. The status section 204 contains three kinds of data 15 fields; Trust level 300, exposure level 302 and protection level 304. The trust level 300 can have at least two values for marking the entity as either trusted or untrusted. The exposure level 302 has at least two values to indicate whether the entity is clean or has been exposed to protected information. The protection level 304 has at least two values public and protected. The protection levels indicate the sensitivity of information contained in the entity. Each protection level may refer to the entity as a whole or individual sensitive information that has been made available by the entity. A entity 102 whose status section 204 indicates that the entity is trusted may freely exchange information with other trusted entities. However an untrusted entities may only exchange data under certain restrictions. The exposure data field 302 applies to whether an untrusted entity has been exposed to protected data. Such an untrusted entity usually begins execution in a clean state until he becomes exposed to protected information.
Turning now to Fig. 4, there is illustrated a control flow diagram of a method of marking an untrusted entity as having been exposed to protected information in accordance with a first preferred embodiment. In this embodiment, there is shown a platform having an untrusted active software entity 400 and an active software entity 402, which may be either trusted or untrusted. The data field 300 of the untrusted software entity 400 is set to untrusted and the exposure data field 302 is initially set to clean. The CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\4811 36.DOG software entity 402 has its data field 300 set to untrusted or untrusted, as the case may be, and its data fields 302 or 304 are set to exposed or protected. There is also shown a security manager application 104. In the first step 404 of the first preferred method, the untrusted software entity 400 requests information from software entity 402. As can be seen from Fig. 4, the status section 204 of software entity 400 indicates that the software entity 400 is initially clean. In the next step 406, the software entity 402 determines whether said requested information is indicated in its status section 204 as being protected information or having been exposed to protected information. In these circumstances, software entity 402 notifies the security manager 104 and the execution of software entity 10 402 is halted. In the next step 408 of the method, the security manager 104 changes the ••"exposure level 302 of software entity 400 from clean to exposed. In the next step 410, the security manager 104 then allows software entity 402 to continue its execution. Finally in step 412, software entity 402 replies to software entity 400 and supplies the requested protected information. As a result of this method, the untrusted software entity 400 is 15 now marked in its status section 204 as having been exposed to protected information.
Any untrusted software entity having which is marked as having been exposed to protected information is not able to communicate that information by performing any unsafe operation. An unsafe operation comprises any operation that actually discloses the protected information. It may comprise the communication of the protected information over the internet. It may also comprise the printing of the information on a printer. It S* could also comprise the display of the information on a monitor. Thus untrusted software can be given access to protected information in order to provide a useful service without compromising the confidentiality of that protected information.
Turning now to Fig. 5, there is shown a control diagram of a method of preventing disclosure of protected information on the platform, in accordance with a second preferred embodiment. The platform 100 comprises an untrusted active software entity 500 whose status section 204 indicates that it has been exposed or contains protected information. The platform 100 also contains a trusted active software entity 502 and security manager 104. In the first step 504 of the second preferred method, the untrusted software entity 500 requests an unsafe operation from the trusted software entity 502. In the next step 506, the security manager application 104 is notified by software entity 502 that software entity 500 is untrusted and contains protected information or has CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\4811 36.DOC been exposed to protected information and has requested an unsafe operation.
Subsequently, software entity 502 halts its execution. In the next step 508, the security manager 104 then notifies the untrusted software entity 500 that the requested operation was not performed.
Turning now to Fig. 6, there is shown a control flow diagram of a method of marking an entity as having been exposed to protected information as a result of a read operation, in accordance with a third preferred embodiment. In this embodiment, there is shown a platform 100 having an active software entity 600 and a software entity 602, which may be either active or passive. The software entities 600 or 602 may either be 10 trusted or untrusted. In this example, the exposure data field 302 of entity 600 is initially set to clean and its data field 300 set to untrusted or trusted, as the case may be. The software entity 602 has its data field 300 set to untrusted or untrusted, as the case may be, and its data fields 302 or 304 set to exposed or protected. There is also shown a security manager application 104. In the first step 604 of the method, the entity 600 requests to 15 read information from entity 602. This request is supplied to the security manager application 104, which processes the request. In the next step 606, the security manager 104 determines whether the entity 602 contains protected or exposed information. If the entity 602 contains protected information or has been exposed to protected information, then the processing continues with step 608. Otherwise, the processing continues with step 610. In step 608, the security manager 104 marks the exposure data field 302 of entity 600 as being exposed. In step 610, the security manager 104 accesses the information in entity 602 and allows the supply of the information to entity 600 in step 612.
Turning now to Fig. 7, there is shown a control flow diagram of a method of marking an entity as having been exposed to protected information as a result of a write operation, in accordance with a fourth preferred embodiment. In this embodiment, there is shown a platform 100 having an active software entity 700 and a software entity 702, which may be either active or passive. The software entities 700 or 702 may be trusted or untrusted. In this example, the exposure data field 302 of entity 702 is initially set to clean and its data field 300 set to untrusted or trusted, as the case may be. The software entity 700 has its data field 300 set to untrusted or untrusted, as the case may be, and its data fields 302 or 304 set to exposed or protected. There is also shown a security manager CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\4811 36.DOC application 104. In the first step 704 of the method, the entity 700 requests to write information to entity 702. This request is sent to security manager 104, which processes the request. In the next step 706, the security manager determines whether the entity 700 contains protected information or has been exposed to protected information. If the entity 700 does contain protected information or has been exposed to protected information, the method continues at step 708. Otherwise, the processing continues at step 710. In step 708, the security manager 104 marks entity 702 as having been exposed to protected information. In step 710, the security manager accesses the information from entity 700 and writes 712 it to entity 702.
10 Turning now to Fig. 8, there is shown a control diagram of a method of preventing disclosure of protected information on the platform, in accordance with a fifth preferred embodiment. In this embodiment, there is shown a platform 100 having an untrusted active software entity 800 whose status section 204 indicates that it has been exposed or contains protected information. The platform 100 also contains a trusted 15 software entity 802, which may be active or passive as the case may be. The platform 100 o also contains a security manager 104. In the first step 804 of the fifth preferred method, the untrusted entity 800 requests an unsafe operation from trusted entity 802 via the security manager 104. In the next step 806, the security manager 104 determines whether entity 800 is untrusted and contains protected information or has been exposed to 20 protected information. If so, the security manager 104 denies the requested unsafe S"operation and informs the untrusted entity 800 that the requested operation was not performed.
Preferred Embodiment of Apparatus(s) Fig. 9 shows in more detail a preferred example of such a platform shown in Fig 1. The platform consists of a conventional general-purpose computer wherein the processes of Figs. 2 to 8 may be implemented as software executing on the computer. In particular, the steps of the method for preventing disclosure of the protected information and the steps of the method of marking protected information are affected by instructions in software that are carried out by the computer. This software in one form is implemented as one or more entities and in another form as a security manager.
CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\481136.DOC -11- The software may be stored in a computer readable medium, comprising the storage devices described below, for example. The software is loaded into the computer from the computer readable medium, and then executed by the computer.
The computer system 900 consists of the computer 902, a video display 916, and input devices 918, 920. In addition, the computer system 900 can have any of a number of other output devices comprising line printers, laser printers, plotters, and other reproduction devices connected to the computer 902. The computer system 900 can be connected to one or more other computers via a communication interface 908c using an appropriate communication channel 930 such as a modem communications path, a :i 10 computer network, or the like. The computer network may comprise a local area network (LAN), a wide area network (WAN), an Intranet, and/or the Internet.
The computer 902 itself consists of a central processing unit(s) (simply referred to as a processor hereinafter) 904, a memory 906 which may comprise random access memory (RAM) and read-only memory (ROM), input/output (IO) interfaces 908a, 908b 15 908c, a video interface 910, and one or more storage devices generally represented by a block 912 in Fig. 9. The storage device(s) 912 can comprise one or more of the following: a floppy disc, a hard disc drive, a magneto-optical disc drive, CD-ROM, magnetic tape or any other of a number of non-volatile storage devices well known to those skilled in the art. Each of the components 904 to 912 is typically connected to one or more of the other devices via a bus 914 that in turn can comprise data, address, and control buses.
The video interface 910 is connected to the video display 916 and provides video signals from the computer 902 for display on the video display 916. User input to operate the computer 902 can be provided by one or more input devices 908b. For example, an operator can use the keyboard 918 and/or a pointing device such as the mouse 920 to provide input to the computer 902.
The system 900 is simply provided for illustrative purposes and other configurations can be employed without departing from the scope and spirit of the invention. Exemplary computers on which the embodiment can be practiced comprise IBM-PC/ATs or compatibles, one of the Macintosh (TM) family of PCs, Sun Sparcstation or the like. The foregoing are merely exemplary of the types of computers with which the embodiments of the invention may be practiced. Typically, the processes of the CFP1496AU IMMEDIATE04 I:\ELEC\ISRA\IMMEDIAT\IMMED 04\481136.DOC -12embodiments, described hereinafter, are resident as software or a program recorded on a hard disk drive (generally depicted as block 912 in Fig. 9) as the computer readable medium, and read and controlled using the processor 904. Intermediate storage of the program and pixel data and any data fetched from the network may be accomplished using the semiconductor memory 906, possibly in concert with the hard disk drive 912.
In some instances, the program may be supplied to the user encoded on a CD-ROM or a floppy disk (both generally depicted by block 912), or alternatively could be read by the user from the network via a modem device connected to the computer, for example. Still further, the software can also be loaded into the computer system 900 from 10 other computer readable medium comprising magnetic tape, a ROM or integrated circuit, a magneto-optical disk, a radio or infra-red transmission channel between the computer and another device, a computer readable card such as a PCMCIA card, and the Internet and Intranets comprising email transmissions and information recorded on websites and the like.
15 The foregoing are merely exemplary of relevant computer readable mediums.
Other computer readable mediums may be practiced without departing from the scope and spirit of the invention.
g In the context of this specification, the word "comprising" means "including principally but not necessarily solely" or "having" or "including" and not "consisting only 20 of'. Variations of the word comprising, such as "comprise" and "comprises" have corresponding meanings.
CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\481136.DOC
Claims (2)
13- The claims defining the invention are as follows: 1 A method of preventing disclosure of protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information, wherein said method comprises the steps of: requesting an unsafe operation of a trusted first said entity by a second said entity; (ii) notifying the security manager of the requested operation; and (iii) halting the requested operation of the trusted first entity, if the second entity is untrusted and contains protected information or has been exposed to protected information. 2. A method as claimed in claim 1, wherein the method comprises the step of: (iv) notifying the second entity that the requested operation was not ****performed. 3. A method as claimed in claim 1, wherein the trusted first entity is an active entity and the requesting step comprises: directly requesting, by the untrusted said second entity, said unsafe operation of the trusted first entity; and the notifying step comprises: notifying, by the trusted first entity, the security manager of the request; 4. A method as claimed in claim 1, wherein the trusted first entity is a passive entity and the requesting step comprises: requesting, by the untrusted second entity, permission from the security manager to allow the unsafe operation from the trusted first entity. 5. A method as claimed in claim 1, wherein said platform is a general purpose computer. CFP1 496AU IMMEDIATE04 1:\ELEC\CIS RA\I MME DIAT\I M MED_04\481 1 3 6.DOC -14- 6. A method as claimed in claim 1, wherein said platform is a domestic appliance. 7. A method as claimed in claim 1, wherein said platform is an industrial appliance. 8. A method as claimed in claim 1, wherein said platform is a service appliance. 9. A method as claimed in claim 1, wherein said platform is a network of computers. 10. A method of marking an entity as having been exposed to protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information, wherein said method comprises the steps of: requesting information from a first said entity by an untrusted second said entity; (ii) marking the data of the untrusted second entity by the security manager to indicate that the untrusted second entity has been exposed, if the first entity contains protected information or has been exposed to protected information; and 0 0 (iii) supplying the requested information from the first entity to the untrusted second entity. 11. A method as claimed in claim 10, wherein the platform comprises a security o0 manager and step comprises the sub-steps of: 25 notifying the security manager of the request; and requesting said information from said first said entity by said untrusted second said entity. 12. A method as claimed in claim 10, where step (ii) comprises the sub-steps of: halting the operation of the untrusted second entity;
481136.DOC marking the data of the untrusted second entity to indicate that the untrusted second entity has been exposed, if the first entity contains protected information or has been exposed to protected information; and notifying the untrusted second entity to resume operation. 13. A method as claimed in claim 10, wherein said platform is a general purpose computer. 14. A method as claimed in claim 10, wherein said platform is a domestic appliance. i 15. A method as claimed in claim 10, wherein said platform is an industrial appliance. 16. A method as claimed in claim 10, wherein said platform is a service applicance. 17. A method as claimed in claim 10, wherein said platform is a network of *computers. ooooo 18. Apparatus for preventing disclosure of protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected information, wherein said apparatus comprises: request means for requesting an unsafe operation of a trusted first said entity by a second said entity; first notification means for notifying the security manager of the requested operation; and halting means for halting the requested operation of the trusted first entity, if the second entity is untrusted and contains protected information or has been exposed to protected information. 19. Apparatus as claimed in claim 18, wherein the apparatus comprises: CFP1496AU IMMEDIATE04 I:\ELEC\CISRA\IMMEDIAT\IMMED 04\4811 36.DOC -16- second notification means for notifying the untrusted second entity that the requested operation was not performed. Apparatus as claimed in claim 18, wherein the trusted first entity is an active entity and the request means comprises: means for directly requesting, by the untrusted said second entity, the unsafe operation from the trusted first entity; and the first notification means comprises: means for notifying, by the trusted first entity, the security manager of the request; 21. Apparatus as claimed in claim 18, wherein the trusted first entity is a passive entity and the request means comprises: means for requesting, by the untrusted second entity, permission from the security manager to allow the unsafe operation from the trusted first entity. S22. Apparatus as claimed in claim 18, wherein said platform is a general purpose computer. 23. Apparatus as claimed in claim 18, wherein said platform is a domestic appliance. 24. Apparatus as claimed in claim 18, wherein said platform is an industrial •appliance. .25. Apparatus as claimed in claim 18, wherein said platform is a service appliance. *CCC 26. Apparatus as claimed in claim 18, wherein said platform is a network of computers. 27. Apparatus for marking an entity as having been exposed to protected information in a platform, wherein the platform comprises a plurality of entities and a security manager, each entity having data indicating whether the entity is trusted or R- AL untrusted and whether the entity has or has not been exposed to the protected information, Swherein said apparatus comprises: 481136.DOC -17- request means for requesting information from a first said entity by an untrusted second said entity; marking means for marking the data of the untrusted second entity by the security manager to indicate that the untrusted second entity has been exposed, if the first entity contains protected information or has been exposed to protected information; and supply means for supplying the requested information from the first entity to the untrusted second entity. 28. Apparatus as claimed in claim 27, wherein the platform comprises a security manager and said request means comprises: means for notifying the security manager of the request; and means for requesting said information from said first said entity by said untrusted second said entity; and if the first entity contains protected information or has been exposed to protected informiation then performing the operations of the marking and supply means. 29. Apparatus as claimed in claim 27, where the marking means comprises: means for halting the operation of the untrusted second entity; :**:means for said marking the data of the untrusted second entity to indicate that the untrusted second entity has been exposed; and means for notifying the untrusted second entity to resume operation. Apparatus as claimed in claim 27, wherein said platform is a general purpose computer. Sos 31. Apparatus as claimed in claim 27, wherein said platform is a domestic appliance. 32. Apparatus as claimed in claim 27, wherein said platform is an industrial appliance. 4811 36.DOC 18- 33. Apparatus as claimed In claim 27, wherein said platform is a service applicance. 34. Apparatus as claimed in claim 27, wherein said platform is a network of computers. A computer readable medium comprising a computer program for preventing disclosure of protected information, wherein the computer program comprises a first entity, wherein said first entity comprises data indicating whether the entity is trusted or untrusted and whether the entity has or not been exposed to the protected information, and said first entity comprises: request means for requesting an unsafe operation from a trusted second said entity; first notification means for notifying a security manager of the requested operation; and 15 halting means for halting the requested operation of said trusted second *entity, if the first entity is untrusted and contains protected information or has been exposed to protected information. 36. A computer readable medium comprising a computer program for preventing disclosure of protected information, wherein the computer program comprises a security manager comprising: means for receiving a request by a first entity to perform an unsafe operation from a trusted second entity, wherein said first and second entities comprise data indicating whether the entity is trusted or untrusted and whether the entity has or not been exposed to the protected information; and notification means for notifying the first entity that the request is refused, if the first entity is untrusted and contains protected information or has been exposed to protected information. 37. A computer readable medium comprising a computer program for marking an entity as having been exposed to protected information, wherein the computer program comprises a first entity, wherein said entity comprises data indicating whether the entity is CFP1 496AU IMMEDIATE04 1:\E LEC\CIS RA\I M MEDIAT\ M ME D04\48 11 36. DOC -19- trusted or untrusted and whether the entity has or not been exposed to the protected information, and wherein the first entity comprises: request means for requesting information from an untrusted second said entity; marking means for marking the data of the first entity by a security manager to indicate that the first entity has been exposed, if the untrusted second entity contains protected information or has been exposed to protected information; and receiving means for receiving the requested information from the second entity. 38. A computer readable medium comprising a computer program for marking an entity as having been exposed to protected information, wherein the computer program comprises a security manager comprising: receiving means for receiving requests by an untrusted first entity for information from a second entity, wherein each said entity has data indicating whether the entity is trusted or untrusted and whether the entity has or has not been exposed to the protected 15 information; S°marking means for marking data of the first entity to indicate that the first entity o: .has been exposed, if the second entity contains protected information or has been exposed OS 00 to protected information; and permission means for permitting the supply of the requested information from 20 the second entity to the untrusted first entity. SOQ S39. A method of preventing disclosure of protected information, the method r substantially as described herein with reference to Figs. 1, 2A, 2B, 3A, 3B and 5, or sees Figs. 1, 2A, 2B, 3A, 3B and 8 of the accompanying drawings. 0. 00 A method of marking an entity as having been exposed to protected information in a platform, the method substantially as described herein with reference to Figs. 1, 2A, 2B, 3A, 3B and 4, or Figs. 1, 2A, 2B, 3A, 3B and 6, or Figs. 1, 2A, 2B, 3A, 3B and 7 of the accompanying drawings. 41. Apparatus for preventing disclosure of protected information, the apparatus R substantially as described herein with reference to Figs. 1, 2A, 2B, 3A, 3B and 5, or I igs. 1, 2A, 2B, 3A, 3B and 8 of the accompanying drawings. 481136.DOC I I~ I rsr~;l~:~Li:~iC~i~_ 20 42. Apparatus for marking an entity as having been exposed to protected information in a platform, the apparatus substantially as described herein with reference to Figs. 1. 2A, 2B, 3A, 3B and 4, or Figs. 1, 2A, 2B, 3A, 3B and 6, or Figs. 1, 2A, 2B, 3A, 3B and 7 of the accompanying drawings. 43. A computer readable medium comprising a computer program for preventing disclosure of protected information, wherein said computer program comprises an entity, said entity substantially as described herein with reference to Figs. 1, 2B, 3A, 3B and 5 or Figs. 1, 2B, 3A, 3B and 8 of the accompanying drawings. 44. A computer readable medium comprising a computer program for marking an entity as having been exposed to protected information, said entity substantially as described herein with reference to Figs. 1, 2A, 2B, 3A, 3B and 4 or Figs. 1, 2A, 2B, 3A, 3B and 6, or Figs. 1, 2A, 2B, 3A, 3B and 7 of the accompanying drawings. A computer readable medium comprising a computer program, wherein the computer program comprises a security manager substantially as described herein with reference to Figs. 1 and 4, or Figs. 1 and 5, or Figs. 1 and 6, or Figs. 1 and 7, or Figs. 1 fee 20 and 8 of the accompanying drawings. DATED this fifteenth Day of January, 2002 Canon Kabushiki Kaisha Patent Attorneys for the Applicant SPRUSON FERGUSON 4811 36.DOC
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU55971/99A AU745031B2 (en) | 1998-10-20 | 1999-10-20 | Apparatus and method for preventing disclosure of protected information |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPP6602 | 1998-10-20 | ||
| AUPP6602A AUPP660298A0 (en) | 1998-10-20 | 1998-10-20 | Apparatus and method for preventing disclosure of protected information |
| AU55971/99A AU745031B2 (en) | 1998-10-20 | 1999-10-20 | Apparatus and method for preventing disclosure of protected information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU5597199A AU5597199A (en) | 2000-05-04 |
| AU745031B2 true AU745031B2 (en) | 2002-03-07 |
Family
ID=25631047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU55971/99A Ceased AU745031B2 (en) | 1998-10-20 | 1999-10-20 | Apparatus and method for preventing disclosure of protected information |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU745031B2 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7613930B2 (en) | 2001-01-19 | 2009-11-03 | Trustware International Limited | Method for protecting computer programs and data from hostile code |
| EP1225513A1 (en) * | 2001-01-19 | 2002-07-24 | Eyal Dotan | Method for protecting computer programs and data from hostile code |
| US8850428B2 (en) | 2009-11-12 | 2014-09-30 | Trustware International Limited | User transparent virtualization method for protecting computer programs and data from hostile code |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
| US5590266A (en) * | 1994-10-11 | 1996-12-31 | International Business Machines Corporation | Integrity mechanism for data transfer in a windowing system |
| US5675510A (en) * | 1995-06-07 | 1997-10-07 | Pc Meter L.P. | Computer use meter and analyzer |
-
1999
- 1999-10-20 AU AU55971/99A patent/AU745031B2/en not_active Ceased
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
| US5590266A (en) * | 1994-10-11 | 1996-12-31 | International Business Machines Corporation | Integrity mechanism for data transfer in a windowing system |
| US5675510A (en) * | 1995-06-07 | 1997-10-07 | Pc Meter L.P. | Computer use meter and analyzer |
Also Published As
| Publication number | Publication date |
|---|---|
| AU5597199A (en) | 2000-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6871277B1 (en) | Apparatus and method for preventing disclosure of protected information | |
| US7870198B2 (en) | Content rights management for email and documents contents and systems, structures, and methods therefor | |
| US7469050B2 (en) | Organization-based content rights management and systems, structures, and methods therefor | |
| US7570768B2 (en) | Systems, structures, and methods for decrypting encrypted digital content when a rights management server has been decommissioned | |
| US7890428B2 (en) | Flexible licensing architecture for licensing digital application | |
| Park et al. | Originator control in usage control | |
| Kent | Protecting externally supplied software in small computers | |
| US7225157B2 (en) | Limited-use browser and security system | |
| RU2421789C2 (en) | Safety markers, including displayed statements | |
| US20160335445A1 (en) | Owner Controlled Transmitted File Protection and Access Control System and Method | |
| US6289450B1 (en) | Information security architecture for encrypting documents for remote access while maintaining access control | |
| US20150082453A1 (en) | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights | |
| US7549062B2 (en) | Organization-based content rights management and systems, structures, and methods therefor | |
| US20070185982A1 (en) | Ticket issuing system, storage medium and electronic ticket issuing and managing method | |
| US10133875B2 (en) | Digital rights management system implementing version control | |
| JP2009151605A (en) | Information usage control system and information usage control device | |
| US8739291B2 (en) | System and method for providing access to OMA DRM protected files from java application | |
| KR100739474B1 (en) | Method and Apparatus for presenting contents service using DRM | |
| KR100948873B1 (en) | Security and management device for database security and control method thereof | |
| AU745031B2 (en) | Apparatus and method for preventing disclosure of protected information | |
| US20050134894A1 (en) | Remote access printing systems and methods | |
| US7607176B2 (en) | Trainable rule-based computer file usage auditing system | |
| JPH11212849A (en) | Common file transmission and reception system, and access right discrimination device | |
| US20160217443A1 (en) | Digital rights management system providing trial use and facilitating purchase of managed documents | |
| Arnab et al. | Experiences in implementing a kernel-level DRM controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) |