NZ229352A - Program security in data processing system - Google Patents
Program security in data processing systemInfo
- Publication number
- NZ229352A NZ229352A NZ22935289A NZ22935289A NZ229352A NZ 229352 A NZ229352 A NZ 229352A NZ 22935289 A NZ22935289 A NZ 22935289A NZ 22935289 A NZ22935289 A NZ 22935289A NZ 229352 A NZ229352 A NZ 229352A
- Authority
- NZ
- New Zealand
- Prior art keywords
- program
- binary
- electronic identification
- identification indicia
- programs
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Description
229558
Priority D*t*(t):
Comptega Specification Fil«d: iri S. S3
Qin; \l .V".
s^.Eikj..^.:
fSTiOKBSt
rnWhwUun Omk . .7 P.O. Jowrn»l, Mo; ..
# • • • * • I
NEW ZEALAND
PATENTS ACT. 1953
METHOD FOR MAINTAINING DATA PROCESSING SYSTEM SECURITY
{wK&Y
Myt. MICHAEL,T\ FRANCISCO, of 2780 Churchill Drive, Hillsborough, California 94010, United States of America, a citizen of the United States of America hereby declare the invention for which I / P*ay that a patent may be granted to me/yd, and the method by which it is to be performed, to be particularly described in and by the following statement:-
(followed by "ace
22 9 3 52
This invention relates to data processing system security and more particularly to a method for maintaining integrity through selectively coded preauthorized software program and user identification and subsequent automatic authentication of both a selected program and permitted user thereof when system resources are to be utilized.
BACKGROUND OF THE INVENTION The maintenance of data processing system security poses ever expanding problems due in part to the continual increase of masses of proprietary information being stored in such systems and the continual increase in the number of people who are becoming highly knowledgeable as to the nature and modes of operation of data processing systems and techniques employed therein. One area of growing primary concern is the controlling of access to, and the maintaining of integrity of, proprietary software program material in large business-type concerns, where unauthorized access to program material and/or loss of program integrity in conjunction^.with available stored data can lead to serious breaches of system security as well as to serious errors that materially affect the proprietary value of the program and the accuracy of information that results from usage thereof.
SUMMARY OF THE INVENTION The invention may be briefly described as an improved method for maintaining the integrity of a data processing system through controlled authentication and subsequent authorization of both selected programs and potential users thereof. In its broader aspects, the invention includes the generation and storage of a selective electronic identification indicia, based upon the nature and content of the program itself, for each software program in the system together with a separately stored correlation of such electronic identification indicia with user
229352
identity therewith in association with a regeneration of such electronic identification indicia each time the program is sought to be used and a checking of said regenerated electronic identification indicia against a stored catalog of such identification indicia and against a stored permitted user register therefor.
Among the advantages of the subject invention is a markedly improved system security to ensure only utilization of authenticated programs, the utilization of such programs only by authorized users thereof and the immediate detection of any modifications or changes introduced into a software program.
The primary object of this invention is the provision of an improved method of maintaining data processing system integrity and security.
Other objects and advantages of the subject invention will become apparent from the following portions of this specification and from the appended drawings which illustrate, in accordance with the mandate of the patent statutes, a presently preferred embodiment of a method incorporating the principles of this invention.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic flow chart illustrative of library type storage of electronic identification indicia for both software programs and authorized user profiles therefor;
Figure 2 is a schematic flow chart illustrative of the practice of the method steps of this invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to the drawings, the initial step of the practice of this invention is the generation of a selective electronic identification indicia for each software program that is to be authorized for use within a particular information handling system. Such a program, for example. Program A which may broadly be considered as an arbitrarily ordered series
22 9 3 52
of actions or instructions, in binary form, capable of being interpreted and executed by an information processing system for the purpose of manipulating information, is introduced into an electronic identification indicia generator 10. The generator 10, which is suitably a section of a general purpose digital computer, such as an IBM 370 or the like, or a preprogrammed microprocessor, such as a MOTOROLA 68020 microprocessor, or portion thereof, is adapted to generate a first electronic identification indicia 12 (EID-Program A) that uniquely and selectively identifies the submitted program. By way of example, in a relatively simple approach thereto such generator 10 could generate a selective and unique electronic identification indicia by use of a preprogrammed algorithm in accord with which the total number of ones and zeros in the binary coded input Program A could be totalled; the total number of "ones" multiplied by an arbitrary number, e.g. 22; the product of such multiplication could then be divided by the number of zeros in the binary coded
✓
program; and the remainder thereof be modified by addition to (or subtraction therefrom) of an arbitrary number, i.e. 7. The resulting electronic numerical indicia would then, in all probability, be selectively unique for the particular program. The algorithm would be periodically varied to enhance system security.
This first electronic identification indicia 12 for a particular program, herein termed EID (Program A), is stored, together with similarly generated indicia for other programs B, C, D ...., in an EID library 14, which could suitably be a read only memory (ROM) or a random access memory unit (RAM).
The first electronic identification indicia 12 for the program, i.e. EID (Program A), is also entered in an authorized
22 9 352
user profile library 16, again suitably a ROM or RAM, in correlative relation with an appropriate electronic identification of all authorized users thereof. As shown, electronic identifications of all authorized users are introduced from a source 18 thereof and entered into the authorized user library 16 and there correlated with the electronic identification indicia of the particular programs authorized for usage by each such user. This second memory may be considered as an authorized user profile as it includes a correlation of authorized user identification with all programs which each such user is entitled to use.
As shown in Figure 2 in the practice of the herein disclosed method, a selected program 30 requested to be released for use is introduced into an electronic identification indicia generator 32 and to therein generate a second electronic identification signal 34 (EID-Program S). This second electronic identification indicia 34 is first introduced into a comparator 36 together with the first electronic identification indicia 12, for such selected program (EID-Program S), the latter being retrieved from the library 14. Such comparator 36 may suitably comprise an automatic logic unit of a general purpose digital computer. If such first and second electronic identification indicia 12 and 34 for the selected Program S do not match, it is indicative of the fact that the requested program differs in some respects from the base or true program from which the first electronic identification indicia 12 (EID-Program S) was derived and such lack of match serves as a signal to management or to the system monitor to take appropriate investigative and corrective action.
If, on the other hand, the first and second electronic identification indicia 12 and 34 match, the selected program 30
22 9 3 5 2
is thus indicated to be authentic and in proper condition for use. At this time, the electronic identification of the user making the request for access is introduced into a second comparator 40. The comparator 40 may again suitably comprise the automatic logic unit of a general purpose digital computer. Also introduced into the second comparator 40 is the second electronic identification indicia 34 emanating from the generator 32 and the authorized user profile 42 obtained from the profile register 16.
If the paired inputs to the second comparator do not match, the requested program 30 will not be released for use and an appropriate signal made to the system monitor to initiate appropriate investigative and corrective action. If, however,, the paired signal inputs to the second comparator 40 provide a match, the requested program 30 may be released for use by the particular identified user.
Claims (3)
1. A method for maintaining the security and integrity of the content of proprietary software programs in data processing systems wherein each of said programs are individually accessible from a central stored source thereof and each contain a predetermined number of binary l's and a predetermined number of binary O's therein, comprising the steps of counting the number of binary l's contained in each of said programs, counting the number of binary O's contained in each of said programs, generating a first selective electronic identification indicia for each of said programs that is uniquely characteristic of said total number of binary l's and total number of binary O's therein by applying a predetermined algorithm to said counted total number of binary l's and counted total number of binary O's contained in each of said programs; storing said first selective electronic identification indicia in a first memory of said central stored program source, counting, in response to a request by a prospective user for access to a particular stored software program, the total number of binary l's and the total number of binary O's contained in said particular requested stored program, generating a second selective electronic identification indicia for said particular requested stored program by applying said predetermined algorithm to said counted total number of binary l's and counted total number of binary O's contained in said particular requested program, - 1 MAY 199 / nil - <L7 3 Jd comparing said first selective electronic identification indicia for said particular requested program stored in said first memory with said second electronic identification indicia generated m response to the request for access thereto, and accessing said requested program to said requesting prospective user only when said first selective electronic identification indicia for the requested program is identical with said second selective electronic identification indicia for uid requested program.
2 - Th« Method as set forth in claim 1 further including the steps of generating at least one third selective electronic ident if ication indicia uniquely identifying at least one user litvinf authorised access to one or more of said stored programs, storing said first selective electronic identification indicia for each of said programs in operative association with each of said third selective electronic identification indicia identifying authorized users thereof in a second memory of said central stored program source, generating, at the time of a prospective user request for access to a particular program, a fourth selective electronic identification indicia representative of the identity of said prospective user requesting access to said particular software program, and making said particular program available to said requesting user only if said first and second selective electronic identification indicia are identical to each other and said fourth selective electronic indicia is identical with one of said third selective electronic identification indicia stored in said second memory.
3. A method for maintaining the security and integrity of the content of proprietary software programs sfpsTantTal'Tyavtierei-nfe^fore described with reference to the accompanying drawings, *' ** ' o\ Hi to ' fiofuufiat-occc z- 1" If Ih/tMf —thwtort Afrtfc ' -1 MAY 19911" A. WUUt * SO*.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NZ22935289A NZ229352A (en) | 1989-05-30 | 1989-05-30 | Program security in data processing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NZ22935289A NZ229352A (en) | 1989-05-30 | 1989-05-30 | Program security in data processing system |
Publications (1)
Publication Number | Publication Date |
---|---|
NZ229352A true NZ229352A (en) | 1991-06-25 |
Family
ID=19922880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
NZ22935289A NZ229352A (en) | 1989-05-30 | 1989-05-30 | Program security in data processing system |
Country Status (1)
Country | Link |
---|---|
NZ (1) | NZ229352A (en) |
-
1989
- 1989-05-30 NZ NZ22935289A patent/NZ229352A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4845715A (en) | Method for maintaining data processing system securing | |
US3996449A (en) | Operating system authenticator | |
US6636973B1 (en) | Secure and dynamic biometrics-based token generation for access control and authentication | |
US5802590A (en) | Method and system for providing secure access to computer resources | |
US3931504A (en) | Electronic data processing security system and method | |
US4621334A (en) | Personal identification apparatus | |
CA1252907A (en) | Secure data processing system architecture with format control | |
KR100323604B1 (en) | Method for controlling access to electronically provided services and system for implementing such method | |
US5877483A (en) | Method and apparatus for automatically implementing computer power on and logon functions using encoded ID card | |
EP1584035B1 (en) | Authorized anonymous authentication | |
EP1672557A1 (en) | Two factor token identification | |
EP0809170A1 (en) | Access codes for computer resources | |
US20030200436A1 (en) | Access control method using token having security attributes in computer system | |
CN1299478A (en) | Method and agent for the protection agaist the unauthorised use of computer | |
JPH09212365A (en) | System, method, and product for information handling including integration of object security service approval in decentralized computing environment | |
CN113704718A (en) | Computer data protection system based on identity authentication | |
CN111641678A (en) | Task scheduling method and device, electronic equipment and medium | |
JP3329496B2 (en) | IC card | |
WO2005048015A2 (en) | Biometrics plc access control system and method | |
NZ229352A (en) | Program security in data processing system | |
US7350078B1 (en) | User selection of computer login | |
JPH10187266A (en) | Computer system | |
CN109344569B (en) | Software use authorization method and system | |
JPH0789351B2 (en) | Security management processing method | |
JP3761648B2 (en) | Computer system |