GB2181281A - Device for controlling access to computer peripherals - Google Patents

Device for controlling access to computer peripherals Download PDF

Info

Publication number
GB2181281A
GB2181281A GB8623370A GB8623370A GB2181281A GB 2181281 A GB2181281 A GB 2181281A GB 8623370 A GB8623370 A GB 8623370A GB 8623370 A GB8623370 A GB 8623370A GB 2181281 A GB2181281 A GB 2181281A
Authority
GB
United Kingdom
Prior art keywords
access information
address
access
signal
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB8623370A
Other versions
GB8623370D0 (en
GB2181281B (en
Inventor
G Peter Arato
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Isolation Systems Ltd
Original Assignee
Isolation Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB858524455A external-priority patent/GB8524455D0/en
Application filed by Isolation Systems Ltd filed Critical Isolation Systems Ltd
Priority to GB8623370A priority Critical patent/GB2181281B/en
Publication of GB8623370D0 publication Critical patent/GB8623370D0/en
Publication of GB2181281A publication Critical patent/GB2181281A/en
Application granted granted Critical
Publication of GB2181281B publication Critical patent/GB2181281B/en
Expired legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

An access control module (30) selectively controls each user's access to associated computer peripherals such as data storage units printers (12, 14, 16, Figure 1), and communications equipment. In response to the entry of a valid user identification code, the microprocessor (40) retrieves from a main non-volatile storage unit (44), pre-recorded information regarding the user's authority to access each of the peripherals, and loads the information into a secondary storage unit (58) comprising random access memory (60) and an address decoder (62) adapted to retrieve data therefrom. The decoder (62) responds to each peripheral address signal generated in the input/output channel (18) and retrieves from the secondary storage unit (58) the corresponding peripheral access information. The microprocessor (40) responds to a signal indicating security violation generated by latch (76), by applying signals to the input-output channel (18) which interrupt the operation of the computer system and interfere with access to the selected peripheral. <IMAGE>

Description

SPECIFICATION Device for controlling access to computer peripherals The invention relates generally to devices and methods for controlling access to the resources of a computer system and, more particularly, for con- trolling access to computer peripherals such as data storage units, printers and communications equipment.
There are several aspects to the problem ofensur- ing the security of data stored in a computer system.
First, it may be desirableto ensure that onlyauthorized individuals have access to any of the resources associated with the computer system.
Second, it may be desirable to restrict an authorized user's ability to retrieve and review data stored in particular peripherals associated with the computer system. Lastly, although a user may be authorized to review certain data intemporaryform on a display screen, it may be desirable to restrict the user's ability to produce printed copies of the data orto transferthe data from the computer system by other means such as peripherals constituting or accessing communication channels.
Security control systems which meet the requirements above have been implemented in software form either as part of a computer's operating system or as specific application softwa re. However, software routines can very often be circumvented. The design of trusted software whose operation cannot be readily defeated is difficult, and an entire field of computer science has developed relating to the implementation of secure operating systems and the analysis of how such systems can be verified and validated.
It would accordingly be desirable to provide access control means for a computer system which can be implemented essentially in hardware form. Because the operation of hardware devices is more difficult to circumvent than that of software routines, and since attempts to modify or remove hardware can be more readily detected, hardware-type devices would potentially provide better security. Additionally, hardwa re-type security devices would lend themselves more readily to verification and validation thereby further ensuring that there are no inherent means of circumvention.
It would also be desirable to provide access control means which can be conveniently adapted for use with microprocessors such as personal computers.
Such computers are now widely used and have a potential to access confidential information sur reptitiouslyfrom main frame computers or mass storage devices in a local area network. A satisfactory means for regulating use of such computers is ac cordingly required.
In one aspect, the invention provides an access control device for use with a computer system in which an address signal uniquely identifying a part icularperipheral is conducted along an inputloutput channel (I/O channel) whenever a user selects aparticular peripheral. The device includes access information generating means which can be actuated to provide access information regarding each peripheral, information indicating whether use of a peripheral is authorized or restricted. Addressresponsive means detect an address signal in the I/O channel and cause the access information generating means to generate access information forthe associated peripheral.The access information generating means are preferably in the form of storage means which store access information, and the address-responsive means are preferably adapted to retrieve the required access information from appropriate storage locations. Interrupted means re sponsive to the access information apply a signal to the I/O channel which interferes with use of the peripheral if the access information indicates that such use is unauthorized.
The signal applied by the interruption means to the I/O channel to impede use of a restricted peripheral may be as simple as a halt signal ofthetype com monlygenerated by computer peripherals to instruct a central processing unit (CPU) to pause in its oper ations.+Alternatively, the signal or signals may be selected not only to take control of a system CPU but also to include instructions derived from a software routine invoked by the device which cause the com putersystemtodisplayuserwarning messages or which implement other more sophisticated security measures.
For the purposes of the disclosure and the appended claims, the term "input/outputchannel" should be understood as any data transfer mechanism by which a CPU of a computer system communicates with various peripherals. This data transfer mechanism maytaketheform of a data bus whose lines are dedicated exclusively to peripheral I/O operations, or in certain computer architectures, such as that described below i connection with preferred embodiments of the invention, may involve a single general purpose data bus serving both internal memory and peripherals, but which during I/O operations has certain lines dedicated to conduction of addresssignals,transferofcontrol signals (including address validation signals) between the CPU and various peripherals, and transfer of data. Theterm "address signal" should be understood as any signal uniquely identifying a particular peripheral, and an "address validation signal" should be understood as a signal whose function at least in part isto confirm thatavalid address signal has been generated.
Other aspects and advantages of the present invention will be described below in connection with a description of certain preferred embodiments.
The invention will be better understood with referenceto drawings in which: Figure 1 diagrammatically illustrates the overall configuration of a computer system incorporating an access control module constructed according to the invention; Figure 2 schematically illustrates a first embodi- ment of an access control module which essentially halts the operation of a computer system in response to a security violation; Figure 3 illustrates a second embodiment of an access control module permitting implementation of a user authorization routine, re-programming of system access restrictions and other functions; and Figure 4 diag ra mmatica I Iy illustratestheform in which access information is stored in the access control module of Figure 3.
Reference is made to figure 1 which illustrates a computer system comprising a CPU 10, internal memory 12, and two peripherals, a printer 14 and a disk drive 16. The CPU 10 communicates with the two peripherals via an I/O channel 18 having address lines 20 which conduct peripheral address signals, control lines 22 which conduct interalia address val- idation signals, and a data bus 24 which serves to transfer data between the CPU 10 and the peripherals during read and write operations. The I/O channel 18 is constituted by a general purpose data bus whose various lines 20, 22, 24 are also used to address memory locations in the internal memory 12 when the data bus is not being used in connection with peripheral I/O operations.The computer architecture il lustratediswell known and common to a variety of computers, including a number of personal computers, and consequently the interaction between the CPU 10 and the peripherals in such a computer system will be described below onlyto the extent necessary to understand the present invention.
A user's request at a keyboard or other input means causes the CPU 10 to generate an address signal, propagated along the address lines 20, which uniquely identifies the selected peripheral. The CPU contemporaneously generates an address validation signal which indicates to each peripheral attached to the I/O channel 18 that a valid address signal directed to a peripheral has in fact been generated. Avalidation signal is required in this particular computer architecture as the state of each of the address lines 20,typically a logic high or low value representing one bit of information, changes in an unpredictable fashion before final states indicating a requestfora particular peripheral are achieved. The various intermediates states of the address lines 20 might be misconstrued as requests for access to other peripherals.Also, signals generated on the various lines 20, 22, 24 may at some times be directed to memory locations in the internal memoryl2.Theaddressval- idation signal is typically a read or write pulse applied by the CPU 10 to the control lines 22 together with an address signal on the address lines 20. Since the peripherals are connected in parallel to the address and control lines, each peripheral receives and effectively considers each valid address signal generated, but only the peripheral uniquely identified by the address signal responds for purposes of read and write operations.
An access control module (ACM) 26 is attached to the I/O channel 18 in much the same manner as are the peripherals 14, 16. In the computer architecture illustrated, each peripheral might typically have an interfacing board commonly referred to as a "card" which is mounted in a receptacle commonly referred to as a "slot".Acomputerofthearchitectureillustra- ted mighttypically have in its interior a number of such slots so that various peripherals can be conveniently added to the system. For such systems, the ACM 26 is preferably formed on a card which can be inserted directly into a vacant slot, permitting very convenient connection to the system I/O channel.
The attachment of the ACM 26 to the I/O channel 18 permits interaction with the CPU 10 and detection of address signals generated by the system. To that end, the ACM 26 is coupled to the address lines 20 for receipt of address signals and to the control lines 22 for receipt of address validation signals. The ACM 26 is optionally connected to the data bus 24 for transfer of information between the ACM 26 and the CPU 10 or other devices which might potentially be attached to the I/O channel 18 for communication with the ACM 26. Unlike conventional peripherals attached to the I/O channel 18, the ACM 26 responds to and acts on each valid address signal generated by the CPU.
In response to each address signal, the ACM 26 generates access information regarding the peripheral identified by the address signal, determines whether access to the peripheral should be impeded, and ac cordinglyappliesa signal orsignalsto the control lines 22 and optionally to the data bus 24 which interfere with normal operation ofthe CPU and the user's operation of the selected peripheral.
A first comparatively simple embodiment of the ACM is illustrated in figure 2 and indicated by re- ference numeral 28. A second embodiment 30 which permits programming of user access restrictions and implementation of a relatively more complex re sponse to security violations is illustrated in figure 3.
It should be noted that in figures 2 and 3the only component of the computer system which has been illustrated is the I/O channel 18. The general relationship between the two embodiments 28,30 and the computer system can be understood from the general description of operation above and with referenceto Figure 1.
The ACM 28 includes address responsive means 32 which effectively monitor the address lines 20 for generation of an address signal. The address responsive means 32 determine whether access to the peripheral identified by an address signal is restricted, and generate an output signal indicating whether operation ofthe peripheral should be impeded. The address responsive means 32 may be constructed as a conventional random access memory (RAM) unit with an associated address decoder. The decoder would essentially locate in the RAM unit those memory locations or units where access information associated with a peripheral identified by a particular address signal is located. One bit among these memory units might be regarded as a "restriction bit". The polarity ofthe restriction bit would constitute a signal indicating whether access to the peripheral is restricted or authorized.
A conventional key and lock mechanism 34 serves as an actuatorfor initiating operation of the address responsive means 32. The address responsive means 32 are otherwise conditioned to produce an output signal indicating restricted access for all address signals generated on the address line, preventing any access to system peripherals. If desired, the required access information can be loaded into the above-mentioned RAM unit from programmable or permanent storage units located in the actuator 34.
The ACM 28 includes latching circuitry 36 which re sponds to the access information contained in the output signal of the address responsive means 32.
The operation of the latch 36 is controlled by trigger circuitry 38, which may be constituted by conventional logic gates responsive to address validation signals in the control lines 22. Upon generation of an address validation signal, such as a read or write pulse, thetrigger circuitry 38 triggers the latch 36 to produce an output signal. If the access information received atthattime bythe latch 36 from the address responsive means 32 indicates that access to the selected peripheral is restricted, the latch 36 applies a halt signal to the control lines 22 thereby caus- ing the CPU 10 to cease further operation. The halt signal is in effect "latched", as the latch 36 maintains any output signal until it is once again triggered.The latch 36 may take the form of a clocked flip-flop which effectively passes the restriction bit when a trigger or clock signal is applied to its clock terminal bythe trigger circuitry 38.
The halt signal applied by the latch 36 is preferably the same signal which is applied by any peripheral requiring the CPU 10 to cease operation until information received from orto be delivered to the CPU 10 can be processed. The haltsignal may alternatively be any signal which disrupts operation ofthe CPU 10.
Since the CPU 10 is no longer responsive, another address signal and address validation signal cannot be generated to alterthe operating state of the ACM 28. Accordingly, the computer system remains in a locked state, unresponsive to further user requests, and can only be returned to an operative state by shutting off power and restarting the system or alternatively by resetting the system if provision has been madeforsuch afunction.
The second ACM 30 includes a microprocessor40 having associated program storage 42 and nonvolatile parameterstorage44. The program storage 42 contains software routines permitting the implementation of a variety of functions such as log-on procedures for authentication of system users, up- dating of system access restrictions, and more complex responsetovarious levels of security violation than possible with the ACM 28, including generation ofuserwarning messages and generation and stor ageofaudittrail data (recording of peripheral accessing and security violations). The implementation of software to perform such functions will be readily apparent to those skilled in the art.The non-volatile parameterstorage44servesprimarilyasa mainstorage means containing access information regarding all authorized system users and peripherals.
The microprocessor 40 is coupled to the I/O channel 18 in a mannerwhich permitstheACM 28to be addressed in response to a predetermined address signal for read and write operations and which permits general interaction with the CPU 10.
To that end, the m icro processor 40 is connected by a conventional input/output port 46 to the address lines 20 and to the data bus 24. Connection ofthe input/output port46to the address lines 20 permits the ACM 30 to be addressed, for example, for receipt of data such as new access information. The input/ out port 46 is also coupled bya local data bus 48 to the control lines 22 for receipt of address validation signals (which would indicate not only that the microprocessor has been validly addressed for I/O operations but whether the microprocessor 40 is required to perform read orwritefunctions).Signal lines 50 permitthe microprocessor 40 to apply control signals to the I/O channel requesting the attention of the CPU 10, including signals such as a halt signal capable of interrupting CPU operation. This arrangement facilitates the implementation of the various functions described above.
The access information in the parameter storage 44 is arranged in sets, each set consisting of the access information for a particular user of the computer system on a peripheral-by-peripheral basis. This will be more apparent with reference to figure 4 where the memory locations or units associated with the storage unit have been symbolically represented.
One set of access information relating to a first user of the computer system may be stored in memory locations 52,54. The memory location 52 may contain access information forthe printer 14, while the memory location 54 may contain access information for the disk drive 16. The stored access information regarding the printer is typical, comprising a restric tion bit 56 and a numberofinformation bits which might identify the exact nature of the peripheral. The parameterstorage unit44 is shown as defining sets of access information for a total of four users in re spect of two peripherals.It will be appreciated that figure 4 is not a true depiction of the parameter stor age unit 44, and that in practice such a storage unit would likely have sufficient resources to store access information for a much larger number of users and peripherals.
Access information can be loaded into the storage unit44byaddressingtheACM30asaconventional peripheral. Data can then be loaded into the storage unit 44 from the data bus 24 in a standard write operation controlled in part by a software routine located in program storage 42. The software routine adapts the microprocessor 40 to receive from the input/ output channel a user identification code, a number of address signals identifying particular peripherals and access information associated with each ofthe peripherals. The microprocessor 40 responds to each address signal by locating unique memory locations in the parameter storage 44 and storing at those memory locations the access information associated with the particular peripherals as appropriate for the user identified by the code. For example, in response to a user identification code for the first user mentioned above, and address signals forthe printer 14 and disk drive 16, the microprocessor would locate the memory locations or units 52,54, and would load access information received on the data bus 24 into those unique memory locations. The most convenient construction of the parameter storage 44 would involve a conventional address decodercapable of locating unique memory in response to the combination of a user identification code and each peripheral's address signal. Such a decoderwould thereafter permit a mode of operation in which the stored information can be retrieved from the main storage unit by once again applying the combination of a user identification code and a peripheral address signal to the decoder.
In an analogous fashion, current access restrictions can be reviewed oraudittrail information can be retrieved from storage locations in the storage unit 44 for review by a security officer, in a standard read operation.
The ACM 30 includes an addressed storage device 58. The storage device 58 comprises a RAM unit 60 and associated address decoder 62, these being of conventional design and commonly available as a single package. The RAM unit 60 serves as a sec ondarystorageunitcontaining at any given time one set of access information retrieved from the parameterstorage 44 and corresponding to a particular user.
This arrangement is symbolically illustrated in figure 4wheretwo memory locations in the RAM unit 60 have been shown. One memory location 64 might contain access information for the printer 14, the other memory location 66, access information for the disk drive 16, both related to one of the authorized system users. In response to an address signal, the decoder 62 locates and causes to be output from the RAM unit 60 (when the address storage unit 58 is appropriately triggered) the access information for the peripheral identified.It should be noted that the representation ofthe RAM unit 60 in figure4 issym- bolic only, and that in practice the addressed storage unit 58 would define sufficient storage locations to accommodate any number of peripherals which might practically be connected to the I/O channel 18.
Acontrollable multiplexer68 permitsthestorage device 58, specifically the address decoder 62, to be selectively coupled eitherto the address lines 20 for receipt of address signals generated in response to user requestsfortransfer of data, commands and status information to and from peripherals or altern atively to the microprocessor 40, along a local line 70.
The latter arrangement permits receipt of address signals from the microprocessor during loading of access information relevantto a particular user into the RAM unit 60. The microprocessor 40 applies control signals along a control line 72 to the multiplexer 68, effectively selecting the data path from which address signals are to be delivered to the address due coder 62.
Afterstart-up of the computersystem and identific- ationofaparticularuserina log-on routinedescri bed more fully below, the addressed storage unit 58 effectively monitors the address lines 20. In response to an address signal detected on the address lines 20, the address decoder 62 effectively locates the memory units or locations in the RAM unit 60 con taining the access information relating to the per ipheral identified by the address signal, and causes the RAM unit60to produceanoutputsignalcor- responding to the located memory bits (when the address storage unit 58 is otherwise triggered for output).For example, the access information in the memory locations 64,66 of the RAM unit 60 may cor~ respond respectively to the first user's authority to access the printer 14 and disk drive 16. If an address signal identifying the printer 14 is generated in the I/O channel 18, the bits of access information in the memory location 64 may be located by the address decoder 62 and made available by the RAM unit 60. These bits include the restriction bit which indicates whether access to the particular peripheral is restricted to the first user and identify bits which identify the selected peripheral as the printer 14.
The output signal of the addressed storage unit 58 istransmitted along a local bi-directional data path 74to a conventional bi-directional latched transceiver 76. When appropriately triggered, the trans ceiver 76 produces an output signal corresponding to the bits of information produced by the RAM unit 60 including the restriction bitforthe identified peripheral. Depending on the state of the restriction bit, the transceiver 76 applies a signal the microprocessor 40 along a control line 78 instructing the microprocessor 40 to examine the bits of thetransceiver output signal, which are available to the mic roprocessor40 on a local data bus 82.If the restriction bit indicates that access to the peripheral, such as the printer 14, should not be allowed, the microprocessor 40 considers the restriction and information bits, applies a halt signal to the control lines 22, and then proceeds to invoke a software routine stored in the program storage 42 causing the CPU 10to display a user warning. The microprocessor 40 may simultaneously invoke an audit trail routine also contained in the program storage 42 which recordsthe security violation in the non-volatile parameter storage 44 for later review by a security officer.
During start-up ofthe computersystem,the microprocessor40 interrupts normally operating system procedures and invokes a log-on routine stored in the program storage unit 42 to obtain a user identification code. This log-on routine has a dual function: first, it ensures that only preselected authorized users ofthe computer system are allowed access to any of the resources associated with the computer system; and second, once a user identification code has been entered, the microprocessor 40 can retrieve from the main non-volatile parameter storage 44the set of access information corresponding to the user identified by the code and load the set of information into the seconda ry storage u nit, the RAM unit60.
During this start-up process, the microprocessor 40 applies a control signaltothecontrol line72 requiringthe multiplexer68to placethe address dec- oder62ofthesecondarystorageunitintocom- munication with the microprocessor 40 for receipt of address signals. In responsetotheuseridentification code, the microprocessor 40 sequentially retrieves from the non-volatile parameter storage 44the setof access information associated with the identified user, such as the access information in memory location 52,54 assuming that the first user has been iden- tified. The microprocessor 40 generates in succession the address signals associated with each of the peripherals of the computer system such as the printer 14 and disk drive 16, and contemporaneously delivers in succession to the RAM unit 60 via the local data bus 66, the transceiver 76 and the data bus 74, the access information associated with each of the peripherals, as defined forthe particular user. The decoder62 responds to each address signal gener ated by the microprocessor 40 by locating unique memory units in which the access information re ceived from the microprocessor 40 is stored for later retrieval.Accordingly, assuming thatthefirst user of the system mentioned above has been identified, the access information in memory location 52 ofthe nonvolatile parameter storage 44 relating to the printer might be loaded into memory location 64 of the RAM unit 60, and the access information in memory location 54 ofthe non-volatile parameter storage 44 relat- ing to the disk drive 16 might next be loaded into memory location 66 ofthe RAM unit 60. It should be noted thatthe operation of the transceiver 76, either to transmit access information generated by RAM unit 60 to the microprocessor 40 or to transmit access information from the main storage unit of the microprocessor 40 to the RAM unit 60 during system startup, is controlled by the microprocessor40 by signals applied along a control line 80.
The practice of loading one set of access information in response to a user identification code from the main storage mean defined by the non-volatile parameterstorageunit44tothesecondarystorageunit defined by the address storage device 58 reduces the amount of active electronic memory required to store access information for purposes of normal operation. More significantly, it greatly simplifies the address decoding function as the user identification code (which would otherwise have to be stored and operated upon) need no longer be considered in determining whether access to a particular peripheral is authorized.This arrangement reduces considerably thecomplexityofoperationsfollowing start-up, and, most significantly, generates required access information atasufficientspeedthattheACM can in fact respond in a timely fashion to address signals generated in conventional microcomputers. It should be noted that the latching ofthetransceiver output signal also contributes to proper response to address signals by maintaining the access information generated until the microprocessor40 is able to considerthe information and respond accordingly.
ltshould be noted thattheACM 30 hastriggercir- cuitrywhich effectivelytimesorenablesvariousoperations associated with the device.
The ACM 30 has trigger logic circuitry 84 which controls the generation of access information by the addressed storage unit 58 and the loading of access information into the addressed storage unit 58. During monitoring of the address lines 20 for userselection of peripherals, the trigger circuitry 84 responds to address validation signals (such as read and write pulses) generated on the control lines 22. Upon detection ofan address validation signal,thetriggercircuitry 84 applies a read enable signal to the addressed storage unit 58 along a control line 86, which enables the generation of an output signal from the RAM unit 60.Accordingly, access information is provided bythe RAM unit 60 only upon generation of a valid address signal identifying a particular per ipheral. Du rind During log-on,thetriggercircuitry84re- spondstosignalsapplied by the microprocessor 40 along a local control bus 88, and applies a write enable signal to a signal line 90 which conditions the RAM unit 60 for receipt and storage of access inform ation transmitted by the microprocessor 40 to the RAM unit 60 ultimately along the bi-directional data path 74.
Additional trigger circuitry 92 controls ortriggers the response of the transceiver 76 to the output signals generated by the address storage unit 58. The trigger circuitry 92 responds to the output signal of the RAM unit 60, specifically the polarity ofthe re- trieved restriction bit. It triggers the transceiver 76 thereby enabling the transceiver 76 to generate its output signals.
It will be apparent that the ACM's described lend themselvestousewith personal computers. When formed as cards adapted for insertion into con ventional slots, they can be conveniently installed into existing computers to retrofit such machines for access control without noticeably interfering with normal authorized operation. Alternative methods of connecting such ACM's to 1/Ochannelstoaccommo- date alternative computer architectures will be readily apparenttothose skilled in the art. Itwill also be apparent that the ACM's described herein arees- sentially hardware devices.Accordingly, they are in herentlycapableofproviding more reliable security control than either operating system software or specific application software.
Particularembodimentsofthe invention have been described and these should not be construed as limiting the scope of the invention or the scope of the appended claims. In particular, storage and retrieval of access information using appropriate memory units represents only one form of access information generating means. twill be apparenttothose skilled in the artthat combinatorial or boolean logic may be used to translate each address signal generated in an I/O channel (together with any user identification code if security requires user authentication) into a signal indicating whetheraccessto a particular peripheral should be impeded. Such logic can be implemented as hard-wired logic gates orasasoftware algorithm stored in appropriate non-volatile memory provided in the ACM.Appropriate wiring or interfacing means may couple the logic circuitry orsoftware device to the I/O channel for actuation in response to address signals generated by the computer system.
Use of logic gates would, however, have limited application, as an ACM employing such gates cannot be readily reconfigured to permit access information to be changed. The parameters of a software routine, on the other hand, can be easily changed by conventional techniques to permit modification of access restrictions. A software implementation of the required function may not permit ACM operating speeds appropriate fortimely response to the address signals generated in most computer sys tems,unlesstheACM hasa microprocessorwhich operates markedlyfasterthan that ofthe monitored computer system itself. Storage and retrieval of access information in appropriate memory units has been emphasized in this specification as these are viewed as a singularly advantageous meansforgenerating access information for purposes of the invention, allowing both timely operation and convenient reconfiguration of an ACM.

Claims (10)

1. 1. A device for controlling access to computer peripherals attached to the input/output channel of a computer system in which an address signal is conducted along then input/output channel whenever a user selects a peripheral, characterized in: storage means for storing access information associated with each of the peripherals; address-responsive means for detecting the address signal in the input/output channel and retrieving from the storage means the access information associated with the selected peripheral; and, interruption means responsive to the retrieved access information for applying a signal to the input/ output channel which interferes with use of the selected peripheral if the retrieved access information in dicates that access to the selected peripheral is restricted.
2. A device according to claim 1 furthercharacterized in thatthe storage means comprise: main storage means having a multiplicity of storage unitsforstoring sets of access information for preselected users of the computer system, each set comprising information regarding access to each peripheral by one ofthe preselected users; and secondary storage means having a multiplicity of storage units for storing the access information associated with one of the sets.
3. Adeviceaccordingtoclaim2furtherchar- acterized in: log-on meansforapplyingsignalstotheinput/ output channel during start-up ofthe computer system which require entry into the computer system of a user indentification code identifying one ofthe preselected users;and processor means responsive to entry ofthe user identification code for loading into the memory units of the secondary storage means the set of access information of the main storage means associated with the user identified by the indentification code.
4. A device according to claim 3 further characterized in that the address-responsive means comprise decoder means responsiveto the address signal for locating the memory units in the secondary storage means where the access information associated with the selected peripheral is stored.
5. A device according to claim4furtherchar- acterized in: controllable switching means for selectively coupling the address-responsive means to one of the processor means and the input/output channel for receiptofaddresssignals; the processor means being adapted during startup ofthe computer system to A. actuate the switching means so that the decoder means respond to address signals generated by the processor means, B. applyto the decoder means successively address signals associated with the peripherals, and C. transferthe set of access information associated with the preselected user identified by the user ident if location code on a peripheral-by-perpheral basis to those memory units ofthe secondary storage means located by the decoder means.
6. A device according to any one of claims 3 to 5 further characterized in data transfer meansforcoup ling the processor means to the input/output channel, the data transfer means being adapted to make the processor means responsive to a predetermined address signal generated on the input/ output channel for transfer of information between the processor means and the input/output channel.
7. A device according to claim 6 characterized in that: the processor means are adapted to receive from the input/output channel a user identification code, a preselected number of address signals identifying particular peripherals and access information associated with each ofthe particular peripherals; the processor means are adapted to respond to each of the preselected number of address signals and to the user identification code by locating unique memory units in the main storage means and storing at the unique memory units the user access information associated with the user and one of the peripherals; and, the processor means have a mode of operation in which the processor means are adapted to retrieve the stored access information form the unique memory units in response to the user identification code.
8. A device according to any one of the preceeding claims for use with a computer system in which an address validation signal is generated in the input/ output channel together with the address signal, the address-responsive means being characterized in: decoder means for receiving the address signal from the input/output channel and locating in the storage means the access information associated with the selected peripheral is located, the decoder means being adapted to cause the storage meansto generate an output signal corresponding to the access information; triggerable latching means for producing from the storage means output signal a latched output signal indicating whether access to the selected peripheral is restricted; and trigger means for triggering the latching means to producethe latched output signal in response to the address validation signal conducted by the input/ output channel.
9. A device for controlling access to computer peripherals attached to the input/output channel of a computer system in which an address signal is conducted along then input/output channel whenever a user selects a peripheral, characterized in: access information generating means which can be actuated to generate access information regarding each peripheral; address-responsive means for detecting the address signal in the input/output channel and actuating the access information generating means to generate the access information forthe selected peripheral; and interruption means responsive to the generated access information for applying a signal to the input/ output channel which interferes with use of the selected peripheral if the generated access information indicates that access to the selected peripheral is restricted.
10. A device according to claim 9 for use with a computer system in which an address validation signal is generated in the input/output channel together with the address signal, characterized in that: the access information generating means comprise storage means having a multiplicity of memory units for storing the access information associated with the peripherals; the address-responsive means comprise decoder means for receiving the address signal and locating the memory units inthe storage meanswherethe access information forthe selected peripheral is located, the decoder means being adapted to cause the storage means to generate an output signal corresponding to the access information; ; latching means for producing from the storage means output signal, when triggered, a latched output signal indicating whether access to the selec- ted peripheral is restricted; and triggermeansfortriggeringthelatching means to produce the latched output signal in response to the address validation signal.
GB8623370A 1985-10-03 1986-09-29 Device for controlling access to computer peripherals Expired GB2181281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB8623370A GB2181281B (en) 1985-10-03 1986-09-29 Device for controlling access to computer peripherals

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB858524455A GB8524455D0 (en) 1985-10-03 1985-10-03 Monitoring activity of peripheral devices
GB8623370A GB2181281B (en) 1985-10-03 1986-09-29 Device for controlling access to computer peripherals

Publications (3)

Publication Number Publication Date
GB8623370D0 GB8623370D0 (en) 1986-11-05
GB2181281A true GB2181281A (en) 1987-04-15
GB2181281B GB2181281B (en) 1989-09-13

Family

ID=26289841

Family Applications (1)

Application Number Title Priority Date Filing Date
GB8623370A Expired GB2181281B (en) 1985-10-03 1986-09-29 Device for controlling access to computer peripherals

Country Status (1)

Country Link
GB (1) GB2181281B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2222899A (en) * 1988-08-31 1990-03-21 Anthony Morris Rose Computer mass storage data protection
FR2638868A1 (en) * 1988-11-09 1990-05-11 Bull Cp8 SECURE DOWNLOAD SYSTEM FOR A TERMINAL AND METHOD IMPLEMENTED
GB2238636A (en) * 1989-12-01 1991-06-05 Sun Microsystems Inc X-window security system
FR2675602A1 (en) * 1991-04-16 1992-10-23 Hewlett Packard Co METHOD AND DEVICE FOR PROTECTING A COMPUTER SYSTEM.
GB2276472A (en) * 1993-03-24 1994-09-28 Icl Systems Ab Preventing unauthorised access to computer
US5434999A (en) * 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
WO1995024696A2 (en) * 1994-03-01 1995-09-14 Integrated Technologies Of America, Inc. Preboot protection for a data security system
WO1996016366A1 (en) * 1994-11-17 1996-05-30 Siemens Aktiengesellschaft Arrangement with master and slave units
DE4440789B4 (en) * 1994-11-17 2004-04-08 Siemens Ag Slave unit
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1142465A (en) * 1965-05-12 1969-02-05 Ibm Improvements in or relating to data processing systems
GB2019060A (en) * 1978-03-31 1979-10-24 Pitney Bowes Inc Computer accessing system
GB2061578A (en) * 1979-05-30 1981-05-13 Stockburger H Data transmission system
GB2087606A (en) * 1980-07-01 1982-05-26 Mastiff Security Syst Ltd Computer Systems
GB2136175A (en) * 1983-03-07 1984-09-12 Atalla Corp File access security method and means
EP0175359A2 (en) * 1984-09-20 1986-03-26 Wang Laboratories Inc. Apparatus for providing security in computer systems

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1142465A (en) * 1965-05-12 1969-02-05 Ibm Improvements in or relating to data processing systems
GB2019060A (en) * 1978-03-31 1979-10-24 Pitney Bowes Inc Computer accessing system
GB2061578A (en) * 1979-05-30 1981-05-13 Stockburger H Data transmission system
GB2087606A (en) * 1980-07-01 1982-05-26 Mastiff Security Syst Ltd Computer Systems
GB2136175A (en) * 1983-03-07 1984-09-12 Atalla Corp File access security method and means
EP0175359A2 (en) * 1984-09-20 1986-03-26 Wang Laboratories Inc. Apparatus for providing security in computer systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WO 86/03864 *

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2222899B (en) * 1988-08-31 1993-04-14 Anthony Morris Rose Securing a computer against undesired write operations or from a mass storage device
GB2222899A (en) * 1988-08-31 1990-03-21 Anthony Morris Rose Computer mass storage data protection
US5144660A (en) * 1988-08-31 1992-09-01 Rose Anthony M Securing a computer against undesired write operations to or read operations from a mass storage device
FR2638868A1 (en) * 1988-11-09 1990-05-11 Bull Cp8 SECURE DOWNLOAD SYSTEM FOR A TERMINAL AND METHOD IMPLEMENTED
EP0368752A1 (en) * 1988-11-09 1990-05-16 CP8 Transac Protected remote loading system of a terminal, and method used
WO1990005347A1 (en) * 1988-11-09 1990-05-17 Bull Cp8 Protected terminal downloading system and implementation process
US5434999A (en) * 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
GB2238636B (en) * 1989-12-01 1993-11-17 Sun Microsystems Inc X window security system
US5073933A (en) * 1989-12-01 1991-12-17 Sun Microsystems, Inc. X window security system
GB2238636A (en) * 1989-12-01 1991-06-05 Sun Microsystems Inc X-window security system
US5535409A (en) * 1991-04-16 1996-07-09 Hewlett-Packard Company Apparatus for and method of preventing changes of computer configuration data by unauthorized users
FR2675602A1 (en) * 1991-04-16 1992-10-23 Hewlett Packard Co METHOD AND DEVICE FOR PROTECTING A COMPUTER SYSTEM.
EP0514289A1 (en) * 1991-04-16 1992-11-19 Hewlett-Packard Company Computer protection system
US5781793A (en) * 1991-04-16 1998-07-14 Hewlett-Packard Company Appratus for preventing changes of computer configuration data by unauthorized users
US5610981A (en) * 1992-06-04 1997-03-11 Integrated Technologies Of America, Inc. Preboot protection for a data security system with anti-intrusion capability
GB2276472A (en) * 1993-03-24 1994-09-28 Icl Systems Ab Preventing unauthorised access to computer
WO1995024696A3 (en) * 1994-03-01 1996-02-01 Integrated Tech America Preboot protection for a data security system
WO1995024696A2 (en) * 1994-03-01 1995-09-14 Integrated Technologies Of America, Inc. Preboot protection for a data security system
AU703856B2 (en) * 1994-03-01 1999-04-01 Integrated Technologies Of America, Inc. Preboot protection for a data security system
WO1996016366A1 (en) * 1994-11-17 1996-05-30 Siemens Aktiengesellschaft Arrangement with master and slave units
US6141736A (en) * 1994-11-17 2000-10-31 Siemens Aktiengesellschaft Arrangement with master and slave units
DE4440789B4 (en) * 1994-11-17 2004-04-08 Siemens Ag Slave unit
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers

Also Published As

Publication number Publication date
GB8623370D0 (en) 1986-11-05
GB2181281B (en) 1989-09-13

Similar Documents

Publication Publication Date Title
US5202997A (en) Device for controlling access to computer peripherals
US3931504A (en) Electronic data processing security system and method
KR960003058B1 (en) Pc system withsecurity features and the method thereof
EP0851358B1 (en) Processing system security
US4791565A (en) Apparatus for controlling the use of computer software
US5483649A (en) Personal computer security system
US6304970B1 (en) Hardware access control locking
US5325430A (en) Encryption apparatus for computer device
US5887131A (en) Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password
US8332653B2 (en) Secure processing environment
US4525599A (en) Software protection methods and apparatus
US6510522B1 (en) Apparatus and method for providing access security to a device coupled upon a two-wire bidirectional bus
US4523271A (en) Software protection method and apparatus
EP0647896B1 (en) Local area network peripheral lock method and system
EP0588511A2 (en) Method of securing a Lan station personal computer and system
EP0692166A1 (en) Security access and monitoring system for personal computer
US6823463B1 (en) Method for providing security to a computer on a computer network
EP0602867A1 (en) An apparatus for securing a system platform
GB2181281A (en) Device for controlling access to computer peripherals
EP0436365A2 (en) Method and system for securing terminals
US5754647A (en) Software protection apparatus and the method of protection utilizing read-write memory means having inconsistent input and output data
WO1994012923A2 (en) A safety critical processor and processing method for a data processing system
GB1158339A (en) Data Processing Arrangements.
US20100077465A1 (en) Key protecting method and a computing apparatus
US6460139B1 (en) Apparatus and method for programmably and flexibly assigning passwords to unlock devices of a computer system intended to remain secure

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 19930929