GB2195477A - Data processing system security - Google Patents
Data processing system security Download PDFInfo
- Publication number
- GB2195477A GB2195477A GB08622572A GB8622572A GB2195477A GB 2195477 A GB2195477 A GB 2195477A GB 08622572 A GB08622572 A GB 08622572A GB 8622572 A GB8622572 A GB 8622572A GB 2195477 A GB2195477 A GB 2195477A
- Authority
- GB
- United Kingdom
- Prior art keywords
- long
- storage means
- term storage
- sequence
- initial part
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003860 storage Methods 0.000 claims abstract description 44
- 230000007774 longterm Effects 0.000 claims abstract description 41
- 238000000034 method Methods 0.000 claims description 16
- 230000002123 temporal effect Effects 0.000 claims description 8
- 238000012217 deletion Methods 0.000 claims description 4
- 230000037430 deletion Effects 0.000 claims description 4
- 238000011022 operating instruction Methods 0.000 claims 4
- 230000014759 maintenance of location Effects 0.000 claims 1
- 238000009434 installation Methods 0.000 abstract description 14
- 239000004065 semiconductor Substances 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
Abstract
A first security program (Y) is initially installed in the long-term storage region (16) together with a second security program (Z). A date item (X) is also installed in another long-term storage region (15). The first security program (Y) tests whether the current date provided by a calendar (C) is the same as the installation date in item (X) and, only if true, creates a copy (X') in a region (11) of long-term storage. The copy (X') is arranged to not allow copying of itself. The security program (Y) finally deletes itself. The second security program (Z) requires absence of the program (Y) and presence of an accurate copy (X') in the region (11) before user access to the main contents of regions (15) and (16) is allowed.
Description
SPECIFICATION
Data processing system security
This invention relates to the prevention of unauthorised use of a data processing system.
Data processing systems comprising a central processing unit and long-term storage means such as disc drives with magnetic discs are typically adapted for use in carrying out desired operations by the installation of sequences of instructions and information in the long-term storage means. The adaption of a system by an unauthorised person to carry out a particular operation by the installation of the necessary sequence of instructions and information is a problem which the present invention aims to make very difficult or impossible, especially where the system includes a time keeping means.
The invention and preferred features of embodiments thereof are defined in the claims hereinafter.
A preferred embodiment of the invention will now be described with reference to the accompanying drawings in which:
Fig. 1 is a diagrammatic representation of the memory contents of a data processing system.
Fig. 2 is a diagrammatic representation of the memory contents of the system during installation of a sequence of instructions and information in accordance with the invention;
Fig. 3 is a diagrammatic representation of the memory contents of the system after installation of the said sequence;
Fig. 4 is a diagrammatic representation of the contents of another system after unauthorised copying thereto of the contents represented in Fig. 3.
Fig. 1 represents a memory map of a data processing system using virtual memory. An example of such a system is a generalised data base management computer system known as Ultimate produced by Pick & Associates Inc. of Irvin, California, United States of
America. The physical basis of the memory map of Fig. 1 is a long-term storage means in the form of magnetic data storage discs in a disc drive, together with a semi-conductor main memory and semi-conductor ROM holding invariable instructions and information. In operation, instructions and information held on disc in the long-term storage means are loaded into the main memory as required for immediate use on a page by page basis.In
Fig. 1, the memory area is divided into three main regions: a system inventory region 11 which contains directories of programs and information files; a system programs region 12 which contains the programs listed in the system inventory and used in operating the basic functions of the data processing system, and an unoccupied region 13 into which further programs and information can be written through the system. The data stored in the region 13 is stored on disc in the disc drive.
In this example, the system programs include a calendar program C which runs continually from some specific point in time and provides a continually updated representation of time, including the date. This means for providing temporal information may comprise a ROM program and assigned locations in the main memory at which the representation of date and time are stored.
Fig. 2 represents the memory map of Fig. 1 during installation of a program stored on tape in tape cassette 14. The tape stores, in sequence, an auxiliary loader program, a main loader program, and a program of instructions and information to be loaded into the region 13 of the memory space of the data processing system. The auxiliary loader program is loaded first onto disc in the region 13 and then runs, causing the tape in the cassette 14 to be rewound to its beginning, three end of file markers followed by an end of storage medium instruction to be written over the initial portion of the auxiliary loader program on the tape, and the tape to be moved forward to the next end of the file marker which is at the beginning of the main loader program.The main loader program is then written to disc, i.e., loaded through the system into the region 13, by the auxiliary loader system, and run from the disc. The main loader program initially deletes the auxiliary loader program from disc (region 13), then causes the said program of instructions and information to be written to disc. The main loader program finally rewinds the tape in the cassette 14 and causes itself to be deleted from disc. Thus the contents of the tape can no longer be loaded into a system.
The said program of instructions and information is distributed into two areas of the region 13, a first region 15, labelled APPLiCA- TION in Fig. 2, and a second region 15, labelled PROGRAMS in Fig. 2. The region 15 contains the information and the region 16 contains the instructions of the said program.
Amongst the information is a predetermined item X which, in this example, represents a particular date and other details.
The instructions in region 18 include two security programs Y and Z. The security program Y is arranged to run immediately the first attempt to use the data in regions 15 and 16 is made. The authorised user is instructed to make this first attempt on the authorised date of installation which is the date represented in the item X.
When the security program Y runs, it first tests whether item X is also stored in a predetermined location in the region 11, and if it is, branches to an abort program in the region
16 which prevents further use of the data regions 15 and 16 and causes suitable warning notices to be displayed to the user.
If the item X is not present in region 11 at this test, the program Y compares the date in item X in region 15 with the date currently indicated by the calendar program C. If the dates are not the same, Y again branches to the abort program. If the dates are the same, program Y proceeds to cause a copy of item
X to be written into the predetermined location in region 11. The copy, X', is created in such a way that a further copy cannot be made from X'. This can be achieved by a suitable flag or other means, depending on the details of the operation of the system. The copy item X' is indicated in Fig. 3 which shows the memory map after installation, including the running of program Y. After the copy item X' has been written, program Y ends by deleting itself. Thus the system no longer c#ontains the security program Y, which was the means by which the copy item X' was created.
At any subsequent attempt to use the data stored in regions 15 and 16, the security program Z runs first.
The item X and its copy X' include in addition to a date a current password code. When a user attempts to use the data stored in regions 15 and 16, the program Z requires the user to enter, through a keyboard for example, a password. The password entered by the user is compared with the code held as part of X and, if this comparison is satisfied, tests whether the copy X' exists in region 11. If the password entered is not correct or the copy X' does not exist, the program Z branches to the abort program. The password code may be derived from a user name code also included in the item X.
If the entered password is correct and the copy X' exists in region 11, the copy X' is compared with the item X and if there is a difference between any of the information in the copy X' on the one hand and the item X on the other hand, the program Z branches to the abort program.
Finally, the security program Z tests whether the security program Y exists in region 16 and if Y is found to exist, the program Z branches to the abort program. If program Y does not exist, the user is permitted to use the data in regions 15 and 16, i.e., to execute programs held in region 16 and to process information held in region 15 or entered into the system during execution of the programs in region 16.
The program Z may also carry out a test on the calendar C such that at predetermined numbers of days from the installation date, the program Z requires a new password to be entered by the user. When the user enters the new password, the program Z may write the new date into the item X and its copy X'. If the new password is not entered or an incorrect new password is entered by the user, the program Z branches to the abort program.
Fig. 4 represents the memory map of a data processing system of a type capable of utilizing the contents of the memory map of Fig. 3 but having had entered into it an unauthorised copy of the contents of the memory map of
Fig. 3. Since the copy item X' is arranged to frustrate copying, no copy X' is present in region 11 of the map of Fig. 4. Consequently any attempt to use the contents of regions 15 and 16 will fail since the security program Z, which has been copied, will test for the presence of X', and on finding that X' is not present will branch to the abort program. Thus the deletion of the security program Y and the frustration of copying of the copy item X', together with the tests carried out by the security program Z, ensure that an unauthorised copy cannot be used.
It should be noted that the test carried out by the security program Y to check whether the current date represented by the calendar C is the same as the date encoded in the item
X ensures that unauthorised use of the cassette 14 on any day which is not the authorised installation day prevents proper installation of the contents of the tape, since the copy item X' will not be created, and the security program Y will not be deleted. Furthermore, no access to the main contents of the regions 15 and 16 will be allowed since the program Y branches to the abort program.
The use of an authorised installation date allows the intended user 24 hours to complete proper installation. Other arrangements can be made, for example by restricting the authorised installation time to a defined period of a particular day. The temporal information in the item X may then be a particular date together with a defined period such as 10 a.m. to 2 p.m. Alternatively, only a defined period within any day may be chosen, such as 10 a.m. to 2 p.m. with no restriction to a particular date. A set of separated or adjacent days may be defined. However, for maximum security it is preferred to define one date and a period of time on that date.
The method is preferably utilized with a virtual memory system, or at least in a system in which data can be accessed very rapidly by the processing unit or units of the system.
Claims (12)
1. A method of preventing unauthorised use of a data processing system having means for long-term storage of data written thereto through the system and means providing temporal information, the method comprising the steps of:
writing a sequence of operating instructions and information into the long-term storage means; and
executing an initial part of the said sequence, the initial part including a predetermined item of temporal information and the steps of comparing the current temporal infor mation provided by the said temporal information providing means with the said item, and executing the remainder of the said initial part if the predetermined item and the current tem poral information are determined by the said comparison to be compatible with each other, or executing a predetermined abort portion of the said sequence if the said item and the current temporal information are determined by the said comparison to be not compatible with each other,the said predetermined abort portion providing no access to the remainder of the sequence.
2. A method according to claim 1, wherein execution of the said remainder of the said initial part ends with deletion of the said initial part from the long-term storage means.
3. A method according to claim 2, wherein deletion of the said initial part is immediately preceded by deletion of information stored in the long-term storage means to identify the said initial part.
4. A method according to claim 2 or 3, further including the steps of testing whether the said initial part is present in the long-term storage means and restricting subsequent execution to a predetermined abort portion of the said sequence if the said initial part is present the steps of testing and restricting being executed in response to accessing of a further portion of the said sequence following the said initial part.
5. A method according to claim 4, wherein the first and second said abort portions are the same portion of the said sequence.
6. A method according to any preceding claim,wherein execution of the said initial part includes making a copy in the long-term storage means of a predetermined portion of the said sequence including the said predetermined item in such a manner that copying of the contents of the long-term storage means into further long-term storage means coupled to the data processing system fails to reproduce in the further long-term storage means the said copy.
7. A method according to claim 6, further
including the steps of testing whether the said copy is present in the first said long-term sto
rage means and restricting execution to a predetermined abort portion of the said sequence
if the said copy is not present, the step of testing for the presence of the said copy be
ing executed in response to accessing of a or the said further portion of the said sequence following the said initial part.
8. A method according to claims 4 and 7,
wherein the said abort portions are one and the same portion of the said sequence.
9. A method according to any preceding
claim wherein the said sequence is written
into the first said long-term storage means
from a portable long-term storage means, the
portable long-term storage means having
stored therein an auxiliary loader sequence, a main loader sequence, and the said sequence of operating instructions and information, and the step of writing the said sequence of operating instructions and information into the first said long-term storage means comprises the steps of writing the auxiliary loader sequence from the portable long-term storage means to the first said long-term storage means and executing the auxiliary loader sequence from the first said long-term storage means whereby the beginning of the auxiliary loader sequence in the portable long-term storage means is over-written by instructions including an end of storage indicator, the main loader sequence is written into the first said longterm storage means from the portable longterm storage means, and the auxiliary loader sequence is deleted from the first said longterm storage means, and executing the main loader sequence from the firstsaid long-term storage means whereby the said sequence of instructions and information is written from the portable long-term storage means to the first said long-term storage means, access to the portable long-term storage means is restricted to a beginning region terminated by the said end of storage indicator, and the main loader sequence is deleted from the first said long-term storage means.
10. A method of preventing unauthorised use of a data processing system having means for long-term storage of data written thereto through the system, the method comprising the steps of:
writing a sequence of operating instructions and information into the long-term storage means;
executing an initial part of the said sequence, the execution of the said initial part including making a copy in the long-term storage means of a predetarmined item of information in the said sequence and deleting the said initial part from the long-term storage means;
testing whether the said copy is present in the said long-term storage means; and
restricting execution to a predetermined abort portion of the said sequence if the said copy is not present, the steps of testing being executed in response to accessing of a further portion of the said sequence following the said initial part.
11. A method according to claim 10, wherein the making of the said copy is carried out in such a manner that copying of the contents of the long-term storage means into further long-term storage means coupled to the data processing system fails to reproduce in the further long-term storage means the said copy.
12. A method of preventing unauthorised use of a data processing system, substantially as described hereinbefore with reference to the accompanying drawings.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8622572A GB2195477B (en) | 1986-09-19 | 1986-09-19 | Data processing system security |
| ZA877033A ZA877033B (en) | 1986-09-19 | 1987-09-18 | Data processing system security |
| PCT/GB1987/000662 WO1988002142A1 (en) | 1986-09-19 | 1987-09-21 | Data processing system security |
| AU79671/87A AU608779B2 (en) | 1986-09-19 | 1987-09-21 | Temporal data processing security system |
| EP87906093A EP0325598A1 (en) | 1986-09-19 | 1987-09-21 | Data processing system security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8622572A GB2195477B (en) | 1986-09-19 | 1986-09-19 | Data processing system security |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB8622572D0 GB8622572D0 (en) | 1986-11-12 |
| GB2195477A true GB2195477A (en) | 1988-04-07 |
| GB2195477B GB2195477B (en) | 1990-07-18 |
Family
ID=10604447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB8622572A Expired - Lifetime GB2195477B (en) | 1986-09-19 | 1986-09-19 | Data processing system security |
Country Status (5)
| Country | Link |
|---|---|
| EP (1) | EP0325598A1 (en) |
| AU (1) | AU608779B2 (en) |
| GB (1) | GB2195477B (en) |
| WO (1) | WO1988002142A1 (en) |
| ZA (1) | ZA877033B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9754117B2 (en) | 2014-02-24 | 2017-09-05 | Northcross Group | Security management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1521959A (en) * | 1976-06-30 | 1978-08-23 | Ibm | Digital data processing apparatus |
| GB2061578A (en) * | 1979-05-30 | 1981-05-13 | Stockburger H | Data transmission system |
| GB2120434A (en) * | 1982-04-22 | 1983-11-30 | Enigma Logic Inc | A security system |
| GB2154344A (en) * | 1984-02-13 | 1985-09-04 | Nat Res Dev | Apparatus and methods for granting access to computers |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS57111792A (en) * | 1980-12-29 | 1982-07-12 | Fanuc Ltd | Program copying preventing system |
| US4590557A (en) * | 1983-09-12 | 1986-05-20 | Pitney Bowes Inc. | Method and apparatus for controlling software configurations in data processing systems |
-
1986
- 1986-09-19 GB GB8622572A patent/GB2195477B/en not_active Expired - Lifetime
-
1987
- 1987-09-18 ZA ZA877033A patent/ZA877033B/en unknown
- 1987-09-21 WO PCT/GB1987/000662 patent/WO1988002142A1/en not_active Application Discontinuation
- 1987-09-21 AU AU79671/87A patent/AU608779B2/en not_active Ceased
- 1987-09-21 EP EP87906093A patent/EP0325598A1/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1521959A (en) * | 1976-06-30 | 1978-08-23 | Ibm | Digital data processing apparatus |
| GB2061578A (en) * | 1979-05-30 | 1981-05-13 | Stockburger H | Data transmission system |
| GB2120434A (en) * | 1982-04-22 | 1983-11-30 | Enigma Logic Inc | A security system |
| GB2154344A (en) * | 1984-02-13 | 1985-09-04 | Nat Res Dev | Apparatus and methods for granting access to computers |
Non-Patent Citations (1)
| Title |
|---|
| WO 86/03864 * |
Also Published As
| Publication number | Publication date |
|---|---|
| ZA877033B (en) | 1988-09-28 |
| EP0325598A1 (en) | 1989-08-02 |
| WO1988002142A1 (en) | 1988-03-24 |
| GB8622572D0 (en) | 1986-11-12 |
| AU608779B2 (en) | 1991-04-18 |
| AU7967187A (en) | 1988-04-07 |
| GB2195477B (en) | 1990-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2182360C2 (en) | Method for computer system stored data access, method for data filing, and computer system for implementing these methods | |
| EP0339901B1 (en) | Improved version management tool | |
| US4930073A (en) | Method to prevent use of incorrect program version in a computer system | |
| US6055546A (en) | Method and apparatus for preserving non-current information that can be overwritten in a computer file | |
| JPH08504528A (en) | Optimization method of memory space in database | |
| JPS62293462A (en) | Document revisable data processor | |
| US5230075A (en) | Database shadowing system with data tags that select an operation of the save command | |
| US5761676A (en) | Method of removing unneeded data from DB2 logs and other data sets having displacement-dependent data | |
| US5155827A (en) | Method for inhibiting an executable program in a disk operating system by replacing the program with an unexecutable program | |
| GB2195477A (en) | Data processing system security | |
| US7480682B1 (en) | In-place preservation of file system objects during a disk clone operation | |
| JP2614361B2 (en) | How to change file contents | |
| US20020069376A1 (en) | Method, article of manufacture and apparatus for copying information to a storage medium | |
| JPH0158533B2 (en) | ||
| JPH0475544B2 (en) | ||
| WO2003083670A1 (en) | Protection of data by hiding the data | |
| JPH07319859A (en) | Retaining method for file in information processor | |
| JPH11212845A (en) | Device and method for backup data management and recording medium | |
| JPS6186831A (en) | Data processor | |
| JPH0581113A (en) | File managing method and computer system | |
| JP2001109618A (en) | History managing file system | |
| JPH06222915A (en) | Install system | |
| JPH0728674A (en) | Erased file restoring method | |
| IE61847B1 (en) | "A method and apparatus for retrieving data" | |
| Hogg et al. | Control system programming remote computing and data display |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 19920919 |