DE2148689A1 - DEVICE FOR AREA PROTECTION OF INFORMATION STORAGE - Google Patents

Description

Device for area protection of information stores.

In message processing systems and telephone switching systems are often fixed information, semi-permanent information and variable Store information at the same time. For reasons of economical storage organization only two types of memory are required for this purpose, namely read-only memory for fixed information and easily changeable memories, for example magnetic core memories for the semi-permanent ones and uses the variable information. In the latter, the In this case, special measures to protect the semi-permanent information containing memory areas are taken to prevent the content erroneously deleted these areas. Such an error can for example occur that together with a write or delete command due to an address falsification, one located in such a protected area Information is controlled and overwritten or deleted. Such a falsification of addresses one could counteract by adding a so-called parity bit to the address, which enables close checking of the correctness of the address. However, that would still be Inadequate protection was achieved, as the unwanted destruction of a protected one Information can also be obtained from this if the address has been delivered without errors It is possible that a read command is corrupted into a write or delete command.

So additional measures need to be taken to avoid it one Destruction of information can be taken.

In a known memory protection device (cf.

DT-AS 1 114 049), memory protection is sought under the aspect, that if necessary, in selected more or less large parts of the memory To permanently delete information that is no longer required, care must be taken must that such a deletion is not erroneous in a manner not intended for this purpose Memory areas is made.

For this purpose, the entire memory or any parts of it, if only those are eligible for such treatment, one or more Allocated storage elements, whose storage inlialte a permanent deletion of the Prevent information in the assigned memory areas. this happens there in that the areas that are no longer worthy of protection are controlled by a control circuit by changing the memory content of the additional memory elements accordingly A read command given for the purpose of deletion then has only with such memories are the information content read out and finally deleted result. When all other memory areas are activated, the protective information in the additional memory locations that the one transferred to a buffer register when reading Information on the one hand not passed on, on the other hand in the subsequent write process is transferred back to the memory.

To make such a memory protection device more flexible in that way to make that individual memory areas not simply but only opposite Access to certain programs is protected by another known institution (DT-AS 1 499 203) the memory areas to be protected Instead of just one protective information item, an entire storage keyword is assigned, that compared to a command keyword before executing a delete command and in which the execution of a deletion process is prevented, if neither a match between storage keyword and command keyword was found is, another f, est specified which represents the actual protection information Part of the keywords is recognized.

The protection information or the key words require these known facilities additional storage space, including with larger storage units a considerable effort is required, especially if the to Protective memory areas always remain the same, are no longer represented can.

It is also already known to counter information stored in a buffer memory to secure a normally intended transfer to a main memory by this informstion about memory protection information stored in special memory locations which represent the address of the area by adding the Information is located. Every time information is transferred from the buffer memory The addressing circuits that progress cyclically are stored in the main memory generated addresses with the e also entered one after the other in a field protection register starting addresses serving as protection information are compared. If they match The transfer of information to the main memory is prevented for the two addresses (see DT-OS 2044 () 49). Here, too, the area protection requires an extension of the memory to record the protection information to enable. In addition, there can be a fault in the control circuit that is the override of the Protection information of the next memory area to be protected in the sequence in the protection register causes the memory area in question is controlled by the address control, unless the relevant protection information is in the field protection register. In this case, there would be an undesired handover the information in the main memory is not avoided.

The object of the invention is therefore to provide area protection for information stores to be achieved with little effort, without having to accept a lower level of security would have to be.

The invention therefore relates to a device for protecting information in certain areas of an information store, which if the each of the address generated by the control circuit of the memory with the address information about the loss of information located in the memory area to be protected Filling memory operations blocked. This device is according to the invention characterized in that they contain all addresses of information to be protected at the same time is included in the comparison used to establish a match, and that the blockage occurs at the same time as the operation command in question Release signal cancels.

So while with the prior art first a decision about it It is determined whether memory operations leading to information loss in protected Areas may or may not be carried out and accordingly these areas then provided with protection information become or existing Schu tzinforna onen "are made accessible for comparison, is made by the invention Device carried out an address comparison in each case, with all addresses protected areas are included in the comparison, and only then in the event a blocking caused by an address match due to the presence or the absence of a release signal about the admissibility of the relevant memory operations leading to loss of information are decided.

This eliminates the need for the device according to the invention on the one hand, addresses of the areas to be protected that serve as protective information to include in the memory, these addresses can rather once and for all can be set in the address evaluator, on the other hand is a double safeguard guaranteed, namely by destroying information in the protected areas can erroneously only occur if both the, from the address control delivered address and the release signal are falsified. With the known Arrangements, on the other hand, as already stated, can only be a fault in the control circuit, the input of the protection information in the memory or the transfer of a there stored protection information in a field protection register has the effect that there is an unwanted destruction of information.

According to a further embodiment of the device according to the invention are used in address evaluation from the addresses of information to be protected Areas criteria derived about whether the whole information or a specific one Part of the same is to be protected. In this way it is then without much effort possible, three bits in a memory area of 4 bits, for example the same to protect the fourth, however, to make freely accessible without this memory area would have to be subdivided by assigning two addresses.

Further configurations of the device according to the invention relate to (1 expedient for blocking or releasing the write and delete operations Details, both in the case of full range protection and in the case of the partial area protection.

The following is an embodiment of the device according to the invention explained in more detail using a block diagram.

The control unit labeled St in the figure gives the ones generated by it Addresses in the address register AR. From there, these are processed according to the Invention as part of the information protection device provided address evaluator AB offered for evaluation.

This address evaluator AB is set up in such a way that, it recognizes can determine whether the offered address matches the address of an area to be protected and whether to protect the entire area or only a specific part of it is. This differentiation ability of the address evaluator is shown in the figure Division of the same into the part VZ serving for full character protection recognition and symbolizes the part serving the partial character protection recognition TZ.

It is assumed that the address evaluator is those in the address register AR as an area to be protected in its entirety properly recognizes. It then gives a signal to its output vz, to one input of the logic element K1, which is a coincidence element with two non-negated and is a negated input.

The negated input of this coincidence element is with the output aF of the control unit, via which in each case together with a delete or write command a price signal can be issued. The third input of the coincidence term K1 is connected to the output of the OR gate 01, the two inputs of which are from Command register BR either a write command. or a delete command representing signal is supplied.

So if a memory area is controlled, the total is to be protected and if the command to be executed is a write -or delete command, the coincidence element Ki always gives an output signal if not simultaneously with that of the outputs vz of the address evaluator AS or the OR gate 01 at their inputs supplied signals from the control unit whose output aP is supplied with an enable signal. this output signal of the coincidence element I, 1 is passed on on the one hand via the blocking output ASp and is used to block the "write" and "delete" memory operations, on the other hand, together supplied with a clock pulse to the coincidence element K2, the output signal of which is a Fault flip-flop FF actuated, which is used to initiate a fault message, In Write or delete operations can only be carried out in protected memory areas be carried out if an enable signal is issued at the same time as the relevant command occurs, whereby the delivery of an output signal by the coincidence element K1 prevented and thus the blockage is lifted.

If the address evaluator AB of the device according to the invention a Address located in the address register AR as ru One to be partially protected Area, it applies a signal via its output tz that one non-negated input of the coincidence element K3 is led, the two non-negated and has a negated input. The second non-negated entrance as well as the The negated input of this coincidence element will be exactly the same as with the coincidence element Kl is the output signal of the OR element Ol or that at the output aF of the control unit St released release signal supplied.

Located when a partially protected memory area is activated a release signal is present, then the link condition of the coincidence element is K3 is fulfilled and a signal is emitted via its output.

If it is to be carried out in the partially protected area Operation is a writing operation, the following processes take place: Before the write operation is carried out, the information to be rewritten is via the coincidence element K6, one input of which is from the command output AB of the control unit ST a write command and whose other input eJ the information is fed, is entered into a Less write register LSR. If the write command is not from accompanied by an enable signal, then during the preceding write operation Read process bits 1 to 3 of those buffered in the read-write register new information is overwritten with the information read out, whereas Bit.4 the new information remains unchanged in the read-write register LSR.

The mentioned partial overwriting of the read-write register standing information is caused by the fact that the coincidence element K3 its output signal passes to one input of the coincidence element K4, the second input of which a sampling pulse from the memory sequence control fed so that this coincidence element K4 corresponding to the occurrence of sampling pulses Emits output impulses which are sent via the OR element 02 to one input of the coincidence element K5 arrives. The read signals are sent to the other input of the coincidence element K5 the sense amplifier LV assigned to the first three information bits. Of the the sense amplifier LV assigned to the fourth bit sends its signals to one input of the coincidence element K8, whose other input connects to the output of the coincidence element K7 is connected, which only emits an output signal if its two inputs apart from the scanning pulse of the sequence control supplied by the control input eS from Output aL of the command register BE ago a read command is delivered, which is in the currently considered situation is not the case because the command register As a prerequisite, BR contains a write command. So there will be a release signal not present, the sense amplifiers 1 to 3 are sampled, which means the first three bits the new information with the corresponding bits of those previously in the memory Information are overwritten, whereas the coincidence element K8 has no output signal outputs, bit 4 in the read-write register remains unchanged.

Therefore, if the content of the read-write register LSR by appropriate control of the inhibit amplifier IVin the actual information memory is written, this means that the Bits 1 to 3 of the original information are written back unchanged, Bit 4, however, assumes a value corresponding to the new information.

If, on the other hand, an area to be partially protected is controlled together with a write command that too Release signal occurs, the bits initially buffered in the read-write register LSR also remain 1 to 3 of the new information unchanged because the link condition for the Coincidence term K3 and thus also for the coincidence terms K4 and K not fulfilled and accordingly no sampling of the first three sense amplifiers LV takes place. During the writing process, all of the new information is replaced by the old information entered into the information store, lies for a partial to be protected memory area before a delete command, then the admissibility of the Delete operation also made dependent on whether there is an enable signal or not 0 If there is no release signal, then the coincidence element enters K3 Signal from what in the manner described above for scanning the first to third Sense amplifier LV leads. This means that in the case of the d-em deletion process, the preceding Read operation, bits 1 to 3 are entered in the read-write register LSR. The fourth sense amplifier, however, is not scanned, so that the fourth digit remains empty in the read-write register. A subsequent write process then has to the bellows that on points 1 to 3 of the protected area the original Information is rewritten, but the fourth digit remains in the deleted state caused by the readout 0 If simultaneously with a Deletion command for an area to be partially protected, the release signal is delivered If the coincidence element K3 does not emit an output signal, none of the sense amplifiers will be LV scanned, so that the entire read-write register remains empty and accordingly no heucine writing in the subsequent writing process takes place so that all 4 bits of information in this area are deleted.

6 claims 1 figure

Claims (1)

Claims 1. Device for the protection of information in certain Areas of an information store that, when the Control circuit of the memory generated address with the address of one to be protected Information in the memory area leading to memory operations leading to loss of information blocked, d; a d u r c h e k e n n n z e i n e t that they contain all addresses Information to be protected with the help of an address evaluator (AB) at the same time is included in the comparison used to establish a match, and that they block when occurring at the same time as the operation command in question Release signal cancels, 2. Device according to claim 1, d a du r c h g e -k e n It is not indicated that they can be extracted from the addresses with the help of the address evaluator (AB) from information in areas to be protected derives criteria about whether the whole information or a certain part of it is to be protected. 3. Device according to one of claims 1 or 2, d a d u r c h g I do not acknowledge that they have given the release signal for one of their flours The entirety of information to be protected, which the writing or. Initiate delete operations Prevents clock pulses and causes a fault message to be issued. 4. Device according to claim 2, d a d u r c h g e -k e n n z e i c h n e t that in the absence of the enable signal for a partially to be protected information in the case of a write command, the new one to write Information is entered in a read-write register (LSR), which is then sent to the one to be protected Set by the corresponding pieces of information read out from the information memory overwrites, and thereupon the transfer of the Initiates read-write register contents in the information memory. 5. Device according to claim 4, d a d u r c h g e -k e n n z e i c Not that they are used to partially overwrite the files buffered in the read-write register Information only the sense amplifiers assigned to the protected information points releases. 6. Device according to claim 2, d a d u r c h g e -k-e n n z e i c n e t, that in the absence of the enable signal for a partially to be protected Information in the case of the presence of an erase command only when reading out of the protected information parts occurring read signals in the read-write register (LSR), so that only these parts are new in the subsequent write process be written into the information store. L e r s e i t e