CA1267234A - Device for controlling access to computer peripherals - Google Patents
Device for controlling access to computer peripheralsInfo
- Publication number
- CA1267234A CA1267234A CA000519123A CA519123A CA1267234A CA 1267234 A CA1267234 A CA 1267234A CA 000519123 A CA000519123 A CA 000519123A CA 519123 A CA519123 A CA 519123A CA 1267234 A CA1267234 A CA 1267234A
- Authority
- CA
- Canada
- Prior art keywords
- address
- access
- access information
- peripherals
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
Abstract
INVENTION: DEVICE FOR CONTROLLING ACCESS TO
COMPUTER PERIPHERALS
ABSTRACT OF THE DISCLOSURE
An access control module restricts access to a computer system to authorized users and selectively controls each user's access to associated computer peripherals such as data storage units, printers, and communications equipment.
During start-up of the computer system, a microprocessor associated with the module invokes a software routine that requests entry of a valid user identification code. In response to the code, the microprocessor retrieves from a main non-volatile storage unit pre-recorded information regarding the user's authority to access each of the peripherals, and loads the information into a secondary storage unit comprising random access memory and an address decoder adapted to retrieve data therefrom.
Thereafter, the address decoder responds to each peripheral address signal generated in the input/output channel associated with the computer system and retrieves from the secondary storage unit the access information relating to the peripheral identified by the address signal A latching circuit generates and maintains a signal indicating a violation of computer security if the retrieved information indicates that the current user of the computer system is not authorized to access the selected peripheral. Themicroprocessor responds to the signal indicating security violation by applying signals to the input/output channel which interrupt the operation of the computer system and interfere with access to the selected peripheral.
COMPUTER PERIPHERALS
ABSTRACT OF THE DISCLOSURE
An access control module restricts access to a computer system to authorized users and selectively controls each user's access to associated computer peripherals such as data storage units, printers, and communications equipment.
During start-up of the computer system, a microprocessor associated with the module invokes a software routine that requests entry of a valid user identification code. In response to the code, the microprocessor retrieves from a main non-volatile storage unit pre-recorded information regarding the user's authority to access each of the peripherals, and loads the information into a secondary storage unit comprising random access memory and an address decoder adapted to retrieve data therefrom.
Thereafter, the address decoder responds to each peripheral address signal generated in the input/output channel associated with the computer system and retrieves from the secondary storage unit the access information relating to the peripheral identified by the address signal A latching circuit generates and maintains a signal indicating a violation of computer security if the retrieved information indicates that the current user of the computer system is not authorized to access the selected peripheral. Themicroprocessor responds to the signal indicating security violation by applying signals to the input/output channel which interrupt the operation of the computer system and interfere with access to the selected peripheral.
Description
FIELD OF ~E INVENTION
The invention relates generally to devices and methods for controlling access to the resources of a computer system and, more particularly, for controlling access to computer peripherals such as data storage units, printers and communications 5 equipment.
DESC~IPTION OF 1~ PRIOR ART
There are several aspects to the problem of ensuring the security of data stored in a computer system. First, it may be desirable to ensure that onlyauthorized individuals have access to any of the resources associated with the 10 computer system. Second, it may '~e desirable to restrict an authorlzed user's ability to retrieve alld review data stored in particular peripherals associated with the computer system Lastly, although a user may be authorized to review certain data in temporary form on a display screen, it may be desirable to restrict the user's ability to produce printed copies of the data or ts transfer the data from the computer system by other 1~ means such as peripheralx constituting or accessing communication channels.
Secunty control systems which meet the requirements above have been implemented in software form either as part of a computer's operating system or ~; as specific application software. However, software routines can very often be circumvented. The design of trusted software whose operation cannot be readily 20 de-feated is difficult, and an entire ~leld of computer science has developed Ielating to the implementation of secure o~rating systems and the analysis of how such systems can be verified and validated.
It would accoxdingly be desirabl to provide access control means for a computer system which can be i~plemented essentially in hardware form. Because25 the operation of hardware devices is more difficult to c~rcumvent than that of sofhvare : routines, and since attempts to modify or remove hardware can be more readily :
detected, hardware-type devices would potentially provide better security.
, ~ !
' ~ ,_ . ~ ,` ' . "' . `' . ~ ` ' . . " . .,~ , "'' " ' ' ~"' " ' "
' . " ~ .
7~3~
Additionally, hardware-type security devices would lend themselves rnore readily to verification and validation thereby further ensuring that there are no inherent means of circumvention.
It would also be desirable to provide access control means which can 5 be conveniently adapted for use with microprocessors such a personal computers.
Such computers are now widely used and have a potential to access confidential infonnation surreptitiously from main frame computers or mass storage devices in a local area network. A satisfactory means for regulating use of such computers isaccordingly required.
10 BRIEF SI~ARY OF THE INVENTION
In a general aspect, the invention provides a device for controlling access to computer peripherals connected to tbe inpuVoutput channel (I/C) channel) of a computer system in which a processing unit transrnits an address signal to the peripherals along the I/O channel whenever a user selects any one of the p~ripherals for 15 data transfer. The device comprises access information generating means which can be actuated to generate access info~matioll regarding each peripheral. The access in~ormation generating means are preferably in the forrn of a storage device in which such information can ~e recorded and effectively retrieved. Address-responsive means are provided for detecting the address signal in the VO channel and actuating the access 20 infoxmation generating means in response to the detected address signal to generate the access inforrnation for the selected peripheral. Interruption means responsive to the generated access information are provided for applying a signal to the I/O channel which interferes with use of the selected peripheral if the generated access information indicates that access to the selected peripheral is restricted.
In a more specific aspect, the invention pro~ides a device for controlling access to computer peripherals connected to the I/O channel of a computer system in which a processing unit transmits an address signal to the peripherals along : :
..
, - ~ ~,.: .
~~ .
, , ~
~67~3~
the I/O channel whenever a user selects any one of the peripherals for data transfer, which device comprises storage means for storing access inforrnation associated with each of the peripherals. Address-responsive means are provided for detecting theaddress signal transmitted in the VO channel to the peripherals and for retrieving from 5 the storage means in response to the detected address signal the access inforrnation associated with the selected peripheral. Interruption means responsive to the retrieved access information are provided for applying a signal to the I/O channel which interferes with use of the selected peripheral if the retrieved access information indicates that access to the selected peripheral is restricted.
The signal applied by the interruption means to ~e VO channel to impede use of a restricted peripheral may be as sirnple as a halt signal of the type commonly generated by computer peripherals to instruct a central processing unit(CPU) to pause in its operations. Alternatively, the signal or signals rnay be selected not only to take control of a system CPU but also to include instructions derived from a 15 software routine invoked by the device which cause the computer system to display user warning messages or which implement other more sophisticated seculity measures.
For the purposes of the disclosure and the appended claims, the term "input/output channel" should be understood as any data transfer mechanism by which 20 a CPU of a computer system communicates witb. various peripherals. This data transfer mechanism may take the form of a data bus whose lines are dedicated exclusively to per~pheral I/O operations, or in certain computer architectures, such as that described below in connection with preferred embodiments of the ~nvention, may ;nvolve a single general purpose data bus serving both internal memory and 25 peripherals, but which duTing I/O operations has certa3n lines dedicated to conduction of address signals, transfer of control signals (including address validation signals) between the CPU and various peripherals, and transfer of data. The tenn "addresssignal" should be understood as any signal uniquely identify~ng a particular peripheral, ;~ .
'`': . : ` .~ ;: ' ~26~2~
and an "address validation signal" should be ~mderstood as a signal whose function at least in part is to con~irm that a valid address signal has been generated.
Other aspects and advantages of the present invention will be described below in connection w;th a description of certain preferred embodiments and 5 will be more specifically defined in the appended claims.
DESC~RIPTI~N OF THE DRAWIN~S
The invention will be better understood with reference to drawings in which:
~ Ig. 1 diagrammatically illustrates the overall configuration of a10 computer system incorporating an access control module constructed according to the invention;
fig. 2 schematically illustrates a first embodiment of an access control module which essentially halts the operation of a computer system in response to a security violation; and, fig. 3 illustrates a second embodiment of an access control module permitting implementation of a user authorization routine, re-prograrnm~ng of system access restrictions and other functions; and, ~ lg. 4 diagrammatically illustrates the manner in which access information is stored and retrieved in the access control module of fig. 3.
20 DE~C RI}~IC)M OF P~eFERl~ED EMB~313I~ENTS
Reference is made to fig. 1 which illustrates a co~nputer system comprising a CPU 10, internal memory 12, and two peripherals, a printer 14 and a disk drive 16. The CPU 10 communicates with tbe two peripherals via an I/O channel 18having lines 20 which conduct penpheral address signals, control lines 22 which 25 conduct i~çr ~ address validation signals, and a data bus 24 which se~ves to transfer data between the CPU 10 and the peripherals during read and write operations. The VO channel 18 is constituted by a general purpose data bus whose valious lines 20, ~2, . .
- ~
. .
~6~
24 are also used to address memory location in the internal memory 12 when the data bus is not being used in connection with peripheral VO operations. The computer architecture illustrated is well known and common to a variety of computers including a number of personal computers, ~nd consequently the interaction between the CPU 10 5 and the peripherals in such a computer system will be described below only to the extend necessary to understand the present invention.
A user's request at a keyboard or other input means causes the CPU
10 to generate an address signal, propagated along the address lines 20, which uniquely identifies the selected pelipheral. The CPU contemporaneously generates an 10 address valiclation signal which indicates to each peripheral attached to ~e VO channel 18 that a valid address signal directed to a peripheral has in ~act been generated. A
validation signal is required in this particular computer architecture as the state of each of the address lines 20, typically a logic high or low value representing one bit of information, changes in an unpredictable fashion before ~mal states indicating a request 15 for a particular per~pheral are achieved. The various intermediates states of the address lines 20 might be misconstrued as requests for access to other peripherals. Also, signals generated Oll the various lines 20, 22, 24 may at sometimes be d~rected to memQry location in ~e internal memoly 12. The address validation signal is ~pically a read or write pulse applied by the CPU 10 to the con~ol lines 22 together with address 20 signal on the address lines 20. Since the peripherals are connected in parallel to the address and control lines, each peripheral receives and effectively considers each valid address signal generated, but only the peripheral uniquely identified by the address signal responds for pulposes of rçad and write operations.
An access control module (ACM) 26 can be attached to the VO channel 18 in much the sam~ manner as are the peripherals 14, 16. In the computer architecture illustrated, each peripheral r~ght typically have an interfacing board commonly referred to as a "card" which is mounted in a receptacle commonly referred to as a "slot". A computer of the architecture illustrated might typically have in its ~:
.... .. . . .
- ~' :. .
, - , .
' interior a number of such slots so that vanous peripherals can be convenisntly added to the system. For such systems, the ACM 26 is preferably forrned on a card which can be inserted directly into a vacant slot, permitting very convenient connection to the system I/O channel.
S The attachment of the ACM 26 to the I/O channel 18 permits interaction with the CPU 10 and detection of address signals generated by the system.
To that end, the ACM 26 is coupled to the address lines 20 ~or receipt of address signals and to the control line 22 for receipt of address validation signals. The ACM 26 is optionally connected to the data bus 24 for transfer of information between the ACM
10 26 and the CPU 10 or other devices which m~ght potentially be attached to the VO
channel 18 for comrnunication with lhe ACM 26. Unlike conventional peripherals attached to the I/O channel 18, the ACM 26 responds to and acts on each valid address signal generated by the CPU. In response to an address signal, the AS:~M 26 retr~eves access information regarding the peripheral identified by the address signal, determines 15 whether access to the peripheral should be impeded, and accordingly applies a signal or signals to the control lines 22 and optionally to the data bus 24 which inter~ere with norrnal operation of the CPU and ~e user's operation of the selected peripheral.A ~lrst comparatively simple embodiment of the ACM is illustrated in fig. 2 and indicated by ~e reference numeral 28. A second embodimen~ ~0 which 20 pe~nits programm~ng of user access restrictions and implementation of a relatively more complex response to security violations is illustrated in fig. 3. It should be noted that in figs. 2 and 3 the only component of the computer system which has been illustrated is the VO channel 18. The general relationship between the two embodiments 28, 30 and the computer system can be understood from the general 25 description of operation above and with reference to fig. 1.
The ACM 28 includes address responsive means 32 which effectively monitor the address lines 20 for generation of an address signal. I~e address ;~., ":, -.
:- ,::, :
i7~3~
responsive means 32 detennine whether access to the peripheral identi~led by an address signal is restricted, and generate an output signal indicating whether operation of the peripheral should be impeded. The address responsive means 32 may be constructed as a conventional random access memory (RAM) umt with an associated 5 address decoder. The decoder would essentially locate in the RAM lmit those memory locations Ol units where access information associated with a peripheral identified by a particular address signal is located. One bit among these memo7y units rs~ight be regarded as a "restriction bit". The polarity of the restriction bit would constitute a signal indicating whether access to the peripheral is restricted or authorized.
A conventional key and lock mechanism 34 serves as an actuator for initiating operation of the address responsive means 32. The address responsive means 32 are otherwise conditioned to produce an output signal indicating restricted access for all address signals generated on the address line, preventing any access to system peripherals. If desired, the required access information can be loaded into the lS above-mentioned RAM unit from programmable or permanent storage units located in the actuator 34.
The ACM 28 includes latching circuitry 36 which responds to the access information contained in the output signal of the address responsive means 32.
The operation of the latch 36 is controlled by trigger circui~y 38, which may be20 constituted by conventional logic gates responsive to address validation signals in the control line 22. Upon generation of an address validation signal, such as a read or write pulse, the trigger circuitry 38 triggers the latch 36 to produce an output signal. If the access information received at that time by the latch 36 from the address responsive means 32 indicates that access to the selected peripheral is res~icted, the latch 36 25 applies a halt signal to the control lines 22 thereby causing the CPU 10 to cease forther operation. The halt signal is in effect "latched", as the latch 36 maintains any output signal until it is once again triggered. The latch 36 may take the fonn of a clocked :
.. j, ' A ';
' ;''` ` ' ' ', ~
fli~flop which effectively passes the restriction bit when a trigger or clock signal is applied to its clock terminal by the trigger crrcuitry 38.
The halt signal applied by the latch 36 ;s preferably the same signal which is applied by any peripheral requiring the CPU 10 to cease operation until5 information received from or to be delivered to the CPU 10 can be processed. The halt signal may alternatively be any signal which disrupts operation of the CPU 10. Since the CPU lû is no longer responsive, another address signal and address validation signal cannot be generat~ to alter the operating state of the ACM 28. Accordingly, the computer systems remains in a locked state, unresponsive to further user requests, and 10 can only be returned to an operative state by shutting off pow~r and restarting the system or alternatively by resetting the system if provision has been made for such a function.
The second ACM 30 includes a microprocessor 40 having associated program storage 42 and non-volatile parameter storage 44. The program storage 4215 contains software routines perrnitting llle ~mplementation of a variety of functions such as log-on procedures for authentication of system users, updating of system arcess restrictions, and a more complex response to various levels of security violation than possible with the ACM 28, including generation of user warning messages and generation of storage of audit trail data ~recording of pelipheral accessing and seculity 20 violations~. The implementation of software to perform such functions to perform such functions will be readily apparent to those sldlled in the art. The non-volatile parameter storage 44 serves pr~manly as a main storage means containing access information regarding all auth~lized system users and peripherals.
The microprocessor 4û is coupled to the VO channel 18 in a manner 25 wh;ch perm~ts the A~M 28 to be addressed in response to a p~edeterrnined address signal ~or read and write operations and which permits general interaction with the CPU
lû~ To that end, the microprocessor 40 is connected by a conventional input/output port 46 to the address lines 20 and to the data bus 24. Connection OI thç input/output port ' , ' ; ::; ~ ~:. .
~ ' .
:. . . ~:
3~
46 to the address lines 20 permits the ACM 30 to be addressed, for example, for receipt of data such as new access information. The input/out port 46 is also coupled by a local data bus 48 to the control lines 22 for receipt of address validation signals (which would indicate not only that the microprocessor has been validly addressed for I/0 5 operations, but whether the microprocessor 40 is required to perform read or write functions). Signal lines 50 perrnits the microprocessor 40 to apply control signals to the I/0 channel requesting the attention of the CPU 10, including signals such as a halt signal capable of interrupting CPU operation. This a2Tangement facilitates ~e implementation of the various functions descnbed above.
The access info~mation in the parameter storage 44 is arranged in sets, each set consisting of the access information for a parti~ular user of the comput r system on a peripheral-by-peripheral basis. This will be more apparent with reference to fig. 4 where the memory locations or units associatçd with the storage unit have been symbolically represented. One set of access information relating to a first user of the 15 computer system may bç stored in memory locations 52, 54. The memo~y location 52 may contain access information for ~e printer 14, while the memory location 54 contains access in Formation for the disk drive 16. The stored access info~mation re8arding the pr~nter is typical, comprising a restrictio~n bit 56 and a number of ~ information bits which might identify the exact nature of the peripheral. The parameter 20 storage unit 44 is shown as defining sets of access information for a total of four users in respect of two periphe als. It will be appreciated that fig. 4 is not a true depiction o~
the parameter st~rage unit 44, and that in practice such a storage unit would l~ely have suf~l~ient resources to store access infonnation for a much large number of users and peripherals.
~ Access information can be loaded into the storage unit 44 by addressiDg the ACM 30 as a conventional peripheral. Data can then be loaded ~nto the storage unit 44 from the data bus 24 in a standard wr~te operation controlled in p~t by a ~:' ~:
:, : :~ ' .:
software routine located in program storage 42. The software routine adapts the microprocessor 40 to receive from the input/output channel a user identi~lcation code, a number of address signals identii~ying pc~icular peripherals and access information associated with each of the peripherals. The microprocessor 40 responds to ach 5 address signal by locating unique memory locations in the parameter storage 44 and storing at those memory locations the access information associated with the particular peripherals as appropriate for the user identified by the code. For example, in response to a user identification code for the first user mentioned above, and address signals for the printer 14 and the disk drive 16, the microprocessor would locate the memorylocations or units 52, 54 and would load access information received on the data bus 24 into those unique memory locations. The most convenient construction of the parameter storage 44 would involve a conventional address decoder capable of locating unique memory in response ~o the combination of a user identification code and each peripheral's address signal. Such a decoder would thereafter perrnit a mode of operation in which the stored inforrnation can be retrieved from the main storage unit by once aga~n applying the combination of a user identifilcation code and a peripheral address signal to ~e decoder. In an analogous fashion, current access restrictions can be reviewed or audit trail inforrnation can be retrieved from storage locations in the storage unit 44 for review by a securi~ offilcer, in a standard read operation.
The ACM 30 includes an addressed storage device 58. The storage device 58 comprises a RAM unit 60 and associated address decoder 62, &ese being of conventional design and commonly available as a single package. The RAM unit 60 serves as a secondary storage unit containing at any given time one set of access infolmation retrieved from the parameter storage 44 and cor;esponding to a particular user. This arr~ngement is symbolically illustrated in fig. 4 where two memory locations in the RAM unit 60 have been shown. One memory location 64 might contain access information for the printer 14, the other memory location 6S, access infor nation for the disk drive 16, both related to one of the authorized system users. In response to .
:, :
.. ~
: , ...
~L~?at~ 7234 1~
an address signal, the decoder 62 locates and causes to be output from the RAM unit 60 (when the addressed storage unit $8 is appropriately triggered) the access information for the peripheral identified. It should be noted that the representation of the RAM unit 60 in fig. 4 is symbolic only, and that in practice the addressed storage unit 58 would 5 define sufficient storage locations to accommodate any number of peripherals which rnight practically be connected to the l/O channel 18.
A controllable multiplexer 68 permits the storage device 58, specifically the address decoder 62, to be selectively coupled either to the address lines 20 for receipt of address signals generated in response to user requests for transfer of 10 data, commands and status information to and from peripherals or alternatively to the rnicroprocessor 40, along a local address line 70. The latter arrangement permits receipt of address signals from the microprocessor during loading of access information relevant to a particular user into the RAM unit 60. The rnicroprocessor 40 applies control signals along a control line 72 to the multiplexer 68, effectively selecting ~e 15 data path from which address signals are to be delive~ed to th~ address decoder 62.
After start-up of the computer system, and identification of a particular user ~n a log-on procedure described more fully below, the addressed storage Utlit 58 effectively monitors the address lines 20. In response to an address signal detected on the address lines 20, the address decoder ~ effectively locates the memory 20 units or locations ~n the RAM unit 60 containing the access information relating to the peripheral identified by the ~ddress signal, and causes the RAM unit 60 to produce an output signal co~esponding to the located memory bits (when the addressed storage unit 58 is otherwise triggered for output). For example, the access inforrnation in the memory locations 64, 66 of the RAM unit 60 rnay correspond respectively to the first 25 user's authority to access the printer 14 and disk ~ive 16. If an address signals identifying the printer 14 is generated in the I/() channel 18, the bits of access infonnation in ~e mem~ry location 64 may be located by ~e address decoder 6? and : . .:.
:
, ' ~ ~ ' ` ''' " ' made available by the RAM unit 60. These bits include the restriction bit which indicates whether access to the par~icular peripheral is restricted to the first user, and the identity bits which identify the selected peripheral as the printer 14.
The output signal of the addressed storage unit 58 is transmitted along S a local bi~irectional data path 74 to a conventional bi-directional latched transceiver 76. When appropriately triggered, the transceiver 76 produces an output signal corresponding to the bits of information produced by the RAM unit 60 including the restriction bit for the identified penpheral. Depending on the state of the restriction bit, the transceiver 76 applies a signal to the microprocessor 40 along a control line 78 10 instructing the microprocessor 40 to examine the bits of the transceiver OlltpUt signal, which are available to the microprocessor 40 on a local data bus 82. If the restriction bit indicates that access to the peripheral, such as the printer 14, should not be allowed, the microprocessor 40 considers the restriction and infonnation bits, applies a halt signal to the control lines 22, and then proceeds to invoke a software routine stored in 15 the program storage 42 causing the CPU 10 to display a user warning. The microprocessor 40 may simultaneously invoke an audit trail routine also contained in the progr~n storage 42 which records the security violation in the non-volatile parameter storage 44 for later review by a secunty officer.
During start-up of the computer system, the rnicroprocessor 40 20 interrupts normal operating system procedures and invokes a log-on routine stored in the program storage unit 42 to obtain a user identi~lcation code. ~his log-on routine has a dual function: ~irst, it ensures that only preselected authorized users of the cornputer system are allowed access to any of the resources associated with the computer system; and second, once a user identification code has been entered, the 25 microprocessor 40 can retrieve from the main non-volatile parameter stoMge 44 the set of access information col~esponding to the user identified by the code and load the set of in~ormation ~nt~ the secondary storage unit, the RAM unit 60.
Dur~ng this star~-up process, the microprocessor 40 applies a corltrol , , ., ~
, . . .
; ~, .
,..
- , . :; . , : .
~.
' ~7 signal to the control line 72 requiring the multiplexer 68 to place the address decoder 62 of the secondary storage unit into comrn~mication with the microprocessor 40 forreceipt of address signals. In response to the user identification code, the microprocessor 40 sequentially retrieves from the non-volati1e pararneter storage 44 the S set of access information associated w~th the identified user, such as the access information in memory locations 52, 54 assuming that the first user has been identified.
The microprocessor 40 generates in succession the address signals associated with each of the peripherals of the computer system such as the printer 14 and disk drive 16, and contemporaneously delivers in succession to the RAM unit 60 via the local data bus 82, lO the transceiver 76 and data bus 74, the access inforrnation associated with each of the peripherals, as de~med for the particular user. The decoder 62 responds to each address signal generated by the rnicroprocessor 4û by locating unique memory UILitS in which the access information received from the microprocessor 40 is stored for later re~ieval. Accordingly, assuming that the first user of the system mentioned above has 15 been identified, the access information in memory location 52 of the non-volatile parameter storage 44 relating to the printer might be loaded into memory location 64 of the RAM unit 60, and the access inforrnation in memory location 54 of the non-volatile parameter storage 44 relating to the disk dr~ve 16 might next be loaded into memory location 66 of ~he l~M unit 60. It should be noted that the operation of the kansceiver 20 76, either to transmit access information generated by RAM unit 60 to the rnicroprocessor 40 or to transmit access mformation from the main storage unit of the microprocessor 40 to the RAM unit 60 during system start-up, is controlled by the microprocessor 4û by signals applied along a control line 80.
The practice of loading one set of access information in response to a 25 user identifIcati~n code from the ma~n storage means defined by the non-volatile parameter storage lmit 44 to the seconda~y storage unit defined by the addressed storage device 58 reduces the amount of active electronic memory required to store access ~, , :
, - , .. .
. ~
~67~
inforrnation for puIposes of norrnal operation. More significantly, it greatly simplifies the address decoding function as the user identi~lcation code (which would otherwise have to be stored and operated upon~ need no longer be considered in detenniningwhether access to a particular peripheral is authorized. This arrangement reduces 5 considerably the complexity of operations following start-up, and, most significantly, generates required access information at a sufficient spçed that the ACM can in fact respond in a timely fashion to address signals generated in conventional microcomputers. It should be noted that the latching of the transceiver output signal also contributes to proper response to address signals by maintaining the access10 information generated until the microprocessor 40 is able to consider the information and respond accordingly.
It should be noted that the ACM 30 has trigger circuitry which effectively times or enable various operations associated with the device.
The ACM has trigger logic circuitry 84 which controls the generation 15 of access information by the addressed storage unit 58 and the loading of access information into the addressed storage unit 58. During monitoring of the address lines 20 for user selection of peripherals, trigger logic circuitry 84 responds to address validation signals (such as read and write pulses) generated on the control lines 22.
Upon detection of an address validation signal, the trigger cLrcuitry 84 applies a read 20 enable signal ~o the addressed storage unit 58 along a control line 86 which enables the generation of an output signal from the RAM unit 60. Accordingly, access infonnation is provided by the RAM unit 60 only upon generation of a valid address signal identi~ying a particular peripheral.
Dur~ng log on, the triggcr circuitry 84 responds to signals applied by 25 the microprocessor 40 along a local data bus 88, and applies a write enable signal to a signal line 90 which conditions the RAM unit 60 for receipt and storage of access information transmitted by the microprocessor 40 to the RAM unit 60 ultimately along ' ~
.
i7 the bi-directional data path 74.
Addit;onal trigger circuitry 92 controls or triggers the respc)nse of the transceiver 76 to the output signals generated by the addressed storage unit 58. The trigger circuitry 9~ responds to the output signal of the RAM unit 60, specifically the 5 polarity of the retrieved restriction bit. It triggers the transceiver 76 thereby enabling the transceiver 76 to generate its output signals.
It will be apparent that ~he ACM's described lend themselves to use with personal computers. When formed as cards adapted for insertion into conventional slots, they can be conveniently installed into existing computers to retro~lt lO such machines for access control without noticeably interfering with norrnal authorized operation. Alternative methods of connecting such ACM's to I/O channels to accornmodate alternative computer architectures will be readily apparent to those s~lled in the art. It will also be apparent that the ACM's described herein are essentially hardware devices. Accordingly, they are inherently capable of providing more reliable 15 securi~ control than either operating system softwa~e or specific appli-~.ation software.
Particular embodiments of the invention have been described and these should not be const~ued as limiting the scope of the invention or the scope of the appended claims. ln particular, storage and retrieval of access information using appropriate memory units represents only one form of access information generating 20 means. It w~ll be apparent to those skilled in the art that comb~nato~al or boolean logic may be us~d to transiate each address signal generated in an VO channel (together with any user identification code if the security requires user authentication) into a signal indicating whether access to a particular peripheral should be impeded. Such logic can be implemented as hard-w~red logic gates or as a software algorithm stored in 2S appropr~ate non-volatile memory provided in the ACM. Appropriate wiring or interfacing means may couple the logic circui~y or software device to ~le l/O channel for actuation in response to add~ss signals generated by the computer system. Use of logic gates wvuld, however, have limited application, as an ACM employing such gates ., .;
- ~.. .
,. ~. . .
,:-- ... ~:
7~;~4 cannot be readily reconfigured to permit access information to be changed. The parameters of a software routine, on the other hand, can be easily changed by conventional techniques to permit modification of access restrictions. A software implementation of the required function might not permit ACM operating speeds 5 appropriate for timely response to the address signals generated in most computer systems, unless the ACM has a microprocessor which operates markedly faster thanthat of the monitored computer system itself. Storage and retrieval of access info~rnation in appropriate memory units has been emphasized in this specification as these are viewed as a singularly advantageous means for generating access information 10 for purposes of the invention, allowing both timely operation and convenient reconfiguration of an ACM.
,
The invention relates generally to devices and methods for controlling access to the resources of a computer system and, more particularly, for controlling access to computer peripherals such as data storage units, printers and communications 5 equipment.
DESC~IPTION OF 1~ PRIOR ART
There are several aspects to the problem of ensuring the security of data stored in a computer system. First, it may be desirable to ensure that onlyauthorized individuals have access to any of the resources associated with the 10 computer system. Second, it may '~e desirable to restrict an authorlzed user's ability to retrieve alld review data stored in particular peripherals associated with the computer system Lastly, although a user may be authorized to review certain data in temporary form on a display screen, it may be desirable to restrict the user's ability to produce printed copies of the data or ts transfer the data from the computer system by other 1~ means such as peripheralx constituting or accessing communication channels.
Secunty control systems which meet the requirements above have been implemented in software form either as part of a computer's operating system or ~; as specific application software. However, software routines can very often be circumvented. The design of trusted software whose operation cannot be readily 20 de-feated is difficult, and an entire ~leld of computer science has developed Ielating to the implementation of secure o~rating systems and the analysis of how such systems can be verified and validated.
It would accoxdingly be desirabl to provide access control means for a computer system which can be i~plemented essentially in hardware form. Because25 the operation of hardware devices is more difficult to c~rcumvent than that of sofhvare : routines, and since attempts to modify or remove hardware can be more readily :
detected, hardware-type devices would potentially provide better security.
, ~ !
' ~ ,_ . ~ ,` ' . "' . `' . ~ ` ' . . " . .,~ , "'' " ' ' ~"' " ' "
' . " ~ .
7~3~
Additionally, hardware-type security devices would lend themselves rnore readily to verification and validation thereby further ensuring that there are no inherent means of circumvention.
It would also be desirable to provide access control means which can 5 be conveniently adapted for use with microprocessors such a personal computers.
Such computers are now widely used and have a potential to access confidential infonnation surreptitiously from main frame computers or mass storage devices in a local area network. A satisfactory means for regulating use of such computers isaccordingly required.
10 BRIEF SI~ARY OF THE INVENTION
In a general aspect, the invention provides a device for controlling access to computer peripherals connected to tbe inpuVoutput channel (I/C) channel) of a computer system in which a processing unit transrnits an address signal to the peripherals along the I/O channel whenever a user selects any one of the p~ripherals for 15 data transfer. The device comprises access information generating means which can be actuated to generate access info~matioll regarding each peripheral. The access in~ormation generating means are preferably in the forrn of a storage device in which such information can ~e recorded and effectively retrieved. Address-responsive means are provided for detecting the address signal in the VO channel and actuating the access 20 infoxmation generating means in response to the detected address signal to generate the access inforrnation for the selected peripheral. Interruption means responsive to the generated access information are provided for applying a signal to the I/O channel which interferes with use of the selected peripheral if the generated access information indicates that access to the selected peripheral is restricted.
In a more specific aspect, the invention pro~ides a device for controlling access to computer peripherals connected to the I/O channel of a computer system in which a processing unit transmits an address signal to the peripherals along : :
..
, - ~ ~,.: .
~~ .
, , ~
~67~3~
the I/O channel whenever a user selects any one of the peripherals for data transfer, which device comprises storage means for storing access inforrnation associated with each of the peripherals. Address-responsive means are provided for detecting theaddress signal transmitted in the VO channel to the peripherals and for retrieving from 5 the storage means in response to the detected address signal the access inforrnation associated with the selected peripheral. Interruption means responsive to the retrieved access information are provided for applying a signal to the I/O channel which interferes with use of the selected peripheral if the retrieved access information indicates that access to the selected peripheral is restricted.
The signal applied by the interruption means to ~e VO channel to impede use of a restricted peripheral may be as sirnple as a halt signal of the type commonly generated by computer peripherals to instruct a central processing unit(CPU) to pause in its operations. Alternatively, the signal or signals rnay be selected not only to take control of a system CPU but also to include instructions derived from a 15 software routine invoked by the device which cause the computer system to display user warning messages or which implement other more sophisticated seculity measures.
For the purposes of the disclosure and the appended claims, the term "input/output channel" should be understood as any data transfer mechanism by which 20 a CPU of a computer system communicates witb. various peripherals. This data transfer mechanism may take the form of a data bus whose lines are dedicated exclusively to per~pheral I/O operations, or in certain computer architectures, such as that described below in connection with preferred embodiments of the ~nvention, may ;nvolve a single general purpose data bus serving both internal memory and 25 peripherals, but which duTing I/O operations has certa3n lines dedicated to conduction of address signals, transfer of control signals (including address validation signals) between the CPU and various peripherals, and transfer of data. The tenn "addresssignal" should be understood as any signal uniquely identify~ng a particular peripheral, ;~ .
'`': . : ` .~ ;: ' ~26~2~
and an "address validation signal" should be ~mderstood as a signal whose function at least in part is to con~irm that a valid address signal has been generated.
Other aspects and advantages of the present invention will be described below in connection w;th a description of certain preferred embodiments and 5 will be more specifically defined in the appended claims.
DESC~RIPTI~N OF THE DRAWIN~S
The invention will be better understood with reference to drawings in which:
~ Ig. 1 diagrammatically illustrates the overall configuration of a10 computer system incorporating an access control module constructed according to the invention;
fig. 2 schematically illustrates a first embodiment of an access control module which essentially halts the operation of a computer system in response to a security violation; and, fig. 3 illustrates a second embodiment of an access control module permitting implementation of a user authorization routine, re-prograrnm~ng of system access restrictions and other functions; and, ~ lg. 4 diagrammatically illustrates the manner in which access information is stored and retrieved in the access control module of fig. 3.
20 DE~C RI}~IC)M OF P~eFERl~ED EMB~313I~ENTS
Reference is made to fig. 1 which illustrates a co~nputer system comprising a CPU 10, internal memory 12, and two peripherals, a printer 14 and a disk drive 16. The CPU 10 communicates with tbe two peripherals via an I/O channel 18having lines 20 which conduct penpheral address signals, control lines 22 which 25 conduct i~çr ~ address validation signals, and a data bus 24 which se~ves to transfer data between the CPU 10 and the peripherals during read and write operations. The VO channel 18 is constituted by a general purpose data bus whose valious lines 20, ~2, . .
- ~
. .
~6~
24 are also used to address memory location in the internal memory 12 when the data bus is not being used in connection with peripheral VO operations. The computer architecture illustrated is well known and common to a variety of computers including a number of personal computers, ~nd consequently the interaction between the CPU 10 5 and the peripherals in such a computer system will be described below only to the extend necessary to understand the present invention.
A user's request at a keyboard or other input means causes the CPU
10 to generate an address signal, propagated along the address lines 20, which uniquely identifies the selected pelipheral. The CPU contemporaneously generates an 10 address valiclation signal which indicates to each peripheral attached to ~e VO channel 18 that a valid address signal directed to a peripheral has in ~act been generated. A
validation signal is required in this particular computer architecture as the state of each of the address lines 20, typically a logic high or low value representing one bit of information, changes in an unpredictable fashion before ~mal states indicating a request 15 for a particular per~pheral are achieved. The various intermediates states of the address lines 20 might be misconstrued as requests for access to other peripherals. Also, signals generated Oll the various lines 20, 22, 24 may at sometimes be d~rected to memQry location in ~e internal memoly 12. The address validation signal is ~pically a read or write pulse applied by the CPU 10 to the con~ol lines 22 together with address 20 signal on the address lines 20. Since the peripherals are connected in parallel to the address and control lines, each peripheral receives and effectively considers each valid address signal generated, but only the peripheral uniquely identified by the address signal responds for pulposes of rçad and write operations.
An access control module (ACM) 26 can be attached to the VO channel 18 in much the sam~ manner as are the peripherals 14, 16. In the computer architecture illustrated, each peripheral r~ght typically have an interfacing board commonly referred to as a "card" which is mounted in a receptacle commonly referred to as a "slot". A computer of the architecture illustrated might typically have in its ~:
.... .. . . .
- ~' :. .
, - , .
' interior a number of such slots so that vanous peripherals can be convenisntly added to the system. For such systems, the ACM 26 is preferably forrned on a card which can be inserted directly into a vacant slot, permitting very convenient connection to the system I/O channel.
S The attachment of the ACM 26 to the I/O channel 18 permits interaction with the CPU 10 and detection of address signals generated by the system.
To that end, the ACM 26 is coupled to the address lines 20 ~or receipt of address signals and to the control line 22 for receipt of address validation signals. The ACM 26 is optionally connected to the data bus 24 for transfer of information between the ACM
10 26 and the CPU 10 or other devices which m~ght potentially be attached to the VO
channel 18 for comrnunication with lhe ACM 26. Unlike conventional peripherals attached to the I/O channel 18, the ACM 26 responds to and acts on each valid address signal generated by the CPU. In response to an address signal, the AS:~M 26 retr~eves access information regarding the peripheral identified by the address signal, determines 15 whether access to the peripheral should be impeded, and accordingly applies a signal or signals to the control lines 22 and optionally to the data bus 24 which inter~ere with norrnal operation of the CPU and ~e user's operation of the selected peripheral.A ~lrst comparatively simple embodiment of the ACM is illustrated in fig. 2 and indicated by ~e reference numeral 28. A second embodimen~ ~0 which 20 pe~nits programm~ng of user access restrictions and implementation of a relatively more complex response to security violations is illustrated in fig. 3. It should be noted that in figs. 2 and 3 the only component of the computer system which has been illustrated is the VO channel 18. The general relationship between the two embodiments 28, 30 and the computer system can be understood from the general 25 description of operation above and with reference to fig. 1.
The ACM 28 includes address responsive means 32 which effectively monitor the address lines 20 for generation of an address signal. I~e address ;~., ":, -.
:- ,::, :
i7~3~
responsive means 32 detennine whether access to the peripheral identi~led by an address signal is restricted, and generate an output signal indicating whether operation of the peripheral should be impeded. The address responsive means 32 may be constructed as a conventional random access memory (RAM) umt with an associated 5 address decoder. The decoder would essentially locate in the RAM lmit those memory locations Ol units where access information associated with a peripheral identified by a particular address signal is located. One bit among these memo7y units rs~ight be regarded as a "restriction bit". The polarity of the restriction bit would constitute a signal indicating whether access to the peripheral is restricted or authorized.
A conventional key and lock mechanism 34 serves as an actuator for initiating operation of the address responsive means 32. The address responsive means 32 are otherwise conditioned to produce an output signal indicating restricted access for all address signals generated on the address line, preventing any access to system peripherals. If desired, the required access information can be loaded into the lS above-mentioned RAM unit from programmable or permanent storage units located in the actuator 34.
The ACM 28 includes latching circuitry 36 which responds to the access information contained in the output signal of the address responsive means 32.
The operation of the latch 36 is controlled by trigger circui~y 38, which may be20 constituted by conventional logic gates responsive to address validation signals in the control line 22. Upon generation of an address validation signal, such as a read or write pulse, the trigger circuitry 38 triggers the latch 36 to produce an output signal. If the access information received at that time by the latch 36 from the address responsive means 32 indicates that access to the selected peripheral is res~icted, the latch 36 25 applies a halt signal to the control lines 22 thereby causing the CPU 10 to cease forther operation. The halt signal is in effect "latched", as the latch 36 maintains any output signal until it is once again triggered. The latch 36 may take the fonn of a clocked :
.. j, ' A ';
' ;''` ` ' ' ', ~
fli~flop which effectively passes the restriction bit when a trigger or clock signal is applied to its clock terminal by the trigger crrcuitry 38.
The halt signal applied by the latch 36 ;s preferably the same signal which is applied by any peripheral requiring the CPU 10 to cease operation until5 information received from or to be delivered to the CPU 10 can be processed. The halt signal may alternatively be any signal which disrupts operation of the CPU 10. Since the CPU lû is no longer responsive, another address signal and address validation signal cannot be generat~ to alter the operating state of the ACM 28. Accordingly, the computer systems remains in a locked state, unresponsive to further user requests, and 10 can only be returned to an operative state by shutting off pow~r and restarting the system or alternatively by resetting the system if provision has been made for such a function.
The second ACM 30 includes a microprocessor 40 having associated program storage 42 and non-volatile parameter storage 44. The program storage 4215 contains software routines perrnitting llle ~mplementation of a variety of functions such as log-on procedures for authentication of system users, updating of system arcess restrictions, and a more complex response to various levels of security violation than possible with the ACM 28, including generation of user warning messages and generation of storage of audit trail data ~recording of pelipheral accessing and seculity 20 violations~. The implementation of software to perform such functions to perform such functions will be readily apparent to those sldlled in the art. The non-volatile parameter storage 44 serves pr~manly as a main storage means containing access information regarding all auth~lized system users and peripherals.
The microprocessor 4û is coupled to the VO channel 18 in a manner 25 wh;ch perm~ts the A~M 28 to be addressed in response to a p~edeterrnined address signal ~or read and write operations and which permits general interaction with the CPU
lû~ To that end, the microprocessor 40 is connected by a conventional input/output port 46 to the address lines 20 and to the data bus 24. Connection OI thç input/output port ' , ' ; ::; ~ ~:. .
~ ' .
:. . . ~:
3~
46 to the address lines 20 permits the ACM 30 to be addressed, for example, for receipt of data such as new access information. The input/out port 46 is also coupled by a local data bus 48 to the control lines 22 for receipt of address validation signals (which would indicate not only that the microprocessor has been validly addressed for I/0 5 operations, but whether the microprocessor 40 is required to perform read or write functions). Signal lines 50 perrnits the microprocessor 40 to apply control signals to the I/0 channel requesting the attention of the CPU 10, including signals such as a halt signal capable of interrupting CPU operation. This a2Tangement facilitates ~e implementation of the various functions descnbed above.
The access info~mation in the parameter storage 44 is arranged in sets, each set consisting of the access information for a parti~ular user of the comput r system on a peripheral-by-peripheral basis. This will be more apparent with reference to fig. 4 where the memory locations or units associatçd with the storage unit have been symbolically represented. One set of access information relating to a first user of the 15 computer system may bç stored in memory locations 52, 54. The memo~y location 52 may contain access information for ~e printer 14, while the memory location 54 contains access in Formation for the disk drive 16. The stored access info~mation re8arding the pr~nter is typical, comprising a restrictio~n bit 56 and a number of ~ information bits which might identify the exact nature of the peripheral. The parameter 20 storage unit 44 is shown as defining sets of access information for a total of four users in respect of two periphe als. It will be appreciated that fig. 4 is not a true depiction o~
the parameter st~rage unit 44, and that in practice such a storage unit would l~ely have suf~l~ient resources to store access infonnation for a much large number of users and peripherals.
~ Access information can be loaded into the storage unit 44 by addressiDg the ACM 30 as a conventional peripheral. Data can then be loaded ~nto the storage unit 44 from the data bus 24 in a standard wr~te operation controlled in p~t by a ~:' ~:
:, : :~ ' .:
software routine located in program storage 42. The software routine adapts the microprocessor 40 to receive from the input/output channel a user identi~lcation code, a number of address signals identii~ying pc~icular peripherals and access information associated with each of the peripherals. The microprocessor 40 responds to ach 5 address signal by locating unique memory locations in the parameter storage 44 and storing at those memory locations the access information associated with the particular peripherals as appropriate for the user identified by the code. For example, in response to a user identification code for the first user mentioned above, and address signals for the printer 14 and the disk drive 16, the microprocessor would locate the memorylocations or units 52, 54 and would load access information received on the data bus 24 into those unique memory locations. The most convenient construction of the parameter storage 44 would involve a conventional address decoder capable of locating unique memory in response ~o the combination of a user identification code and each peripheral's address signal. Such a decoder would thereafter perrnit a mode of operation in which the stored inforrnation can be retrieved from the main storage unit by once aga~n applying the combination of a user identifilcation code and a peripheral address signal to ~e decoder. In an analogous fashion, current access restrictions can be reviewed or audit trail inforrnation can be retrieved from storage locations in the storage unit 44 for review by a securi~ offilcer, in a standard read operation.
The ACM 30 includes an addressed storage device 58. The storage device 58 comprises a RAM unit 60 and associated address decoder 62, &ese being of conventional design and commonly available as a single package. The RAM unit 60 serves as a secondary storage unit containing at any given time one set of access infolmation retrieved from the parameter storage 44 and cor;esponding to a particular user. This arr~ngement is symbolically illustrated in fig. 4 where two memory locations in the RAM unit 60 have been shown. One memory location 64 might contain access information for the printer 14, the other memory location 6S, access infor nation for the disk drive 16, both related to one of the authorized system users. In response to .
:, :
.. ~
: , ...
~L~?at~ 7234 1~
an address signal, the decoder 62 locates and causes to be output from the RAM unit 60 (when the addressed storage unit $8 is appropriately triggered) the access information for the peripheral identified. It should be noted that the representation of the RAM unit 60 in fig. 4 is symbolic only, and that in practice the addressed storage unit 58 would 5 define sufficient storage locations to accommodate any number of peripherals which rnight practically be connected to the l/O channel 18.
A controllable multiplexer 68 permits the storage device 58, specifically the address decoder 62, to be selectively coupled either to the address lines 20 for receipt of address signals generated in response to user requests for transfer of 10 data, commands and status information to and from peripherals or alternatively to the rnicroprocessor 40, along a local address line 70. The latter arrangement permits receipt of address signals from the microprocessor during loading of access information relevant to a particular user into the RAM unit 60. The rnicroprocessor 40 applies control signals along a control line 72 to the multiplexer 68, effectively selecting ~e 15 data path from which address signals are to be delive~ed to th~ address decoder 62.
After start-up of the computer system, and identification of a particular user ~n a log-on procedure described more fully below, the addressed storage Utlit 58 effectively monitors the address lines 20. In response to an address signal detected on the address lines 20, the address decoder ~ effectively locates the memory 20 units or locations ~n the RAM unit 60 containing the access information relating to the peripheral identified by the ~ddress signal, and causes the RAM unit 60 to produce an output signal co~esponding to the located memory bits (when the addressed storage unit 58 is otherwise triggered for output). For example, the access inforrnation in the memory locations 64, 66 of the RAM unit 60 rnay correspond respectively to the first 25 user's authority to access the printer 14 and disk ~ive 16. If an address signals identifying the printer 14 is generated in the I/() channel 18, the bits of access infonnation in ~e mem~ry location 64 may be located by ~e address decoder 6? and : . .:.
:
, ' ~ ~ ' ` ''' " ' made available by the RAM unit 60. These bits include the restriction bit which indicates whether access to the par~icular peripheral is restricted to the first user, and the identity bits which identify the selected peripheral as the printer 14.
The output signal of the addressed storage unit 58 is transmitted along S a local bi~irectional data path 74 to a conventional bi-directional latched transceiver 76. When appropriately triggered, the transceiver 76 produces an output signal corresponding to the bits of information produced by the RAM unit 60 including the restriction bit for the identified penpheral. Depending on the state of the restriction bit, the transceiver 76 applies a signal to the microprocessor 40 along a control line 78 10 instructing the microprocessor 40 to examine the bits of the transceiver OlltpUt signal, which are available to the microprocessor 40 on a local data bus 82. If the restriction bit indicates that access to the peripheral, such as the printer 14, should not be allowed, the microprocessor 40 considers the restriction and infonnation bits, applies a halt signal to the control lines 22, and then proceeds to invoke a software routine stored in 15 the program storage 42 causing the CPU 10 to display a user warning. The microprocessor 40 may simultaneously invoke an audit trail routine also contained in the progr~n storage 42 which records the security violation in the non-volatile parameter storage 44 for later review by a secunty officer.
During start-up of the computer system, the rnicroprocessor 40 20 interrupts normal operating system procedures and invokes a log-on routine stored in the program storage unit 42 to obtain a user identi~lcation code. ~his log-on routine has a dual function: ~irst, it ensures that only preselected authorized users of the cornputer system are allowed access to any of the resources associated with the computer system; and second, once a user identification code has been entered, the 25 microprocessor 40 can retrieve from the main non-volatile parameter stoMge 44 the set of access information col~esponding to the user identified by the code and load the set of in~ormation ~nt~ the secondary storage unit, the RAM unit 60.
Dur~ng this star~-up process, the microprocessor 40 applies a corltrol , , ., ~
, . . .
; ~, .
,..
- , . :; . , : .
~.
' ~7 signal to the control line 72 requiring the multiplexer 68 to place the address decoder 62 of the secondary storage unit into comrn~mication with the microprocessor 40 forreceipt of address signals. In response to the user identification code, the microprocessor 40 sequentially retrieves from the non-volati1e pararneter storage 44 the S set of access information associated w~th the identified user, such as the access information in memory locations 52, 54 assuming that the first user has been identified.
The microprocessor 40 generates in succession the address signals associated with each of the peripherals of the computer system such as the printer 14 and disk drive 16, and contemporaneously delivers in succession to the RAM unit 60 via the local data bus 82, lO the transceiver 76 and data bus 74, the access inforrnation associated with each of the peripherals, as de~med for the particular user. The decoder 62 responds to each address signal generated by the rnicroprocessor 4û by locating unique memory UILitS in which the access information received from the microprocessor 40 is stored for later re~ieval. Accordingly, assuming that the first user of the system mentioned above has 15 been identified, the access information in memory location 52 of the non-volatile parameter storage 44 relating to the printer might be loaded into memory location 64 of the RAM unit 60, and the access inforrnation in memory location 54 of the non-volatile parameter storage 44 relating to the disk dr~ve 16 might next be loaded into memory location 66 of ~he l~M unit 60. It should be noted that the operation of the kansceiver 20 76, either to transmit access information generated by RAM unit 60 to the rnicroprocessor 40 or to transmit access mformation from the main storage unit of the microprocessor 40 to the RAM unit 60 during system start-up, is controlled by the microprocessor 4û by signals applied along a control line 80.
The practice of loading one set of access information in response to a 25 user identifIcati~n code from the ma~n storage means defined by the non-volatile parameter storage lmit 44 to the seconda~y storage unit defined by the addressed storage device 58 reduces the amount of active electronic memory required to store access ~, , :
, - , .. .
. ~
~67~
inforrnation for puIposes of norrnal operation. More significantly, it greatly simplifies the address decoding function as the user identi~lcation code (which would otherwise have to be stored and operated upon~ need no longer be considered in detenniningwhether access to a particular peripheral is authorized. This arrangement reduces 5 considerably the complexity of operations following start-up, and, most significantly, generates required access information at a sufficient spçed that the ACM can in fact respond in a timely fashion to address signals generated in conventional microcomputers. It should be noted that the latching of the transceiver output signal also contributes to proper response to address signals by maintaining the access10 information generated until the microprocessor 40 is able to consider the information and respond accordingly.
It should be noted that the ACM 30 has trigger circuitry which effectively times or enable various operations associated with the device.
The ACM has trigger logic circuitry 84 which controls the generation 15 of access information by the addressed storage unit 58 and the loading of access information into the addressed storage unit 58. During monitoring of the address lines 20 for user selection of peripherals, trigger logic circuitry 84 responds to address validation signals (such as read and write pulses) generated on the control lines 22.
Upon detection of an address validation signal, the trigger cLrcuitry 84 applies a read 20 enable signal ~o the addressed storage unit 58 along a control line 86 which enables the generation of an output signal from the RAM unit 60. Accordingly, access infonnation is provided by the RAM unit 60 only upon generation of a valid address signal identi~ying a particular peripheral.
Dur~ng log on, the triggcr circuitry 84 responds to signals applied by 25 the microprocessor 40 along a local data bus 88, and applies a write enable signal to a signal line 90 which conditions the RAM unit 60 for receipt and storage of access information transmitted by the microprocessor 40 to the RAM unit 60 ultimately along ' ~
.
i7 the bi-directional data path 74.
Addit;onal trigger circuitry 92 controls or triggers the respc)nse of the transceiver 76 to the output signals generated by the addressed storage unit 58. The trigger circuitry 9~ responds to the output signal of the RAM unit 60, specifically the 5 polarity of the retrieved restriction bit. It triggers the transceiver 76 thereby enabling the transceiver 76 to generate its output signals.
It will be apparent that ~he ACM's described lend themselves to use with personal computers. When formed as cards adapted for insertion into conventional slots, they can be conveniently installed into existing computers to retro~lt lO such machines for access control without noticeably interfering with norrnal authorized operation. Alternative methods of connecting such ACM's to I/O channels to accornmodate alternative computer architectures will be readily apparent to those s~lled in the art. It will also be apparent that the ACM's described herein are essentially hardware devices. Accordingly, they are inherently capable of providing more reliable 15 securi~ control than either operating system softwa~e or specific appli-~.ation software.
Particular embodiments of the invention have been described and these should not be const~ued as limiting the scope of the invention or the scope of the appended claims. ln particular, storage and retrieval of access information using appropriate memory units represents only one form of access information generating 20 means. It w~ll be apparent to those skilled in the art that comb~nato~al or boolean logic may be us~d to transiate each address signal generated in an VO channel (together with any user identification code if the security requires user authentication) into a signal indicating whether access to a particular peripheral should be impeded. Such logic can be implemented as hard-w~red logic gates or as a software algorithm stored in 2S appropr~ate non-volatile memory provided in the ACM. Appropriate wiring or interfacing means may couple the logic circui~y or software device to ~le l/O channel for actuation in response to add~ss signals generated by the computer system. Use of logic gates wvuld, however, have limited application, as an ACM employing such gates ., .;
- ~.. .
,. ~. . .
,:-- ... ~:
7~;~4 cannot be readily reconfigured to permit access information to be changed. The parameters of a software routine, on the other hand, can be easily changed by conventional techniques to permit modification of access restrictions. A software implementation of the required function might not permit ACM operating speeds 5 appropriate for timely response to the address signals generated in most computer systems, unless the ACM has a microprocessor which operates markedly faster thanthat of the monitored computer system itself. Storage and retrieval of access info~rnation in appropriate memory units has been emphasized in this specification as these are viewed as a singularly advantageous means for generating access information 10 for purposes of the invention, allowing both timely operation and convenient reconfiguration of an ACM.
,
Claims (10)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A device for controlling access to computer peripherals connected to the input/output channel of a computer system in which a processing unit transmits an address signal to the peripherals along the input/output channel whenever a user selects any one of the peripherals for datatransfer, comprising:
storage means for storing access information associated with each of the peripherals;
address-responsive means for detecting the address signal transmitted along the input/output channel to the peripherals and for retrievingfrom the storage means m response to the detected address signal the access information associated with the selected peripheral; and, interruption means responsive to the retrieved access information for applying a signal to the input/output channel which interferes with use of the selected peripheral if the retrieved access information indicates that access to the selected peripheral is restricted.
storage means for storing access information associated with each of the peripherals;
address-responsive means for detecting the address signal transmitted along the input/output channel to the peripherals and for retrievingfrom the storage means m response to the detected address signal the access information associated with the selected peripheral; and, interruption means responsive to the retrieved access information for applying a signal to the input/output channel which interferes with use of the selected peripheral if the retrieved access information indicates that access to the selected peripheral is restricted.
2. The device of claim 1 in which the storage means comprise:
main storage means having a multiplicity of storage units for storing sets of access information for preselected users of the computer system,each set comprising information regarding access to each peripheral by one of the preselected users; and, secondary storage means having a multiplicity of storage units for storing the access information associated with one of the sets.
main storage means having a multiplicity of storage units for storing sets of access information for preselected users of the computer system,each set comprising information regarding access to each peripheral by one of the preselected users; and, secondary storage means having a multiplicity of storage units for storing the access information associated with one of the sets.
3. The device of claim 2 further comprising:
logon means for applying signals to the input/output channel during start-up of the computer system which require entry into the computer system of a user identification code identifying one of the preselected users;
and, processor means responsive to entry of the user identification code for storing in the storage units of the secondary storage means the set of access information of the main storage means associated with the user identifiedby the identification code.
logon means for applying signals to the input/output channel during start-up of the computer system which require entry into the computer system of a user identification code identifying one of the preselected users;
and, processor means responsive to entry of the user identification code for storing in the storage units of the secondary storage means the set of access information of the main storage means associated with the user identifiedby the identification code.
4. The device of claim 3 in which the address-responsive means comprise decoder means responsive to the address signal for locating the storage units in the secondary storage means where the access information associated with the selected peripheral is stored.
5 . The device of claim 4 comprising:
controllable switching means for selectively coupling the address-responsive means to one of the processor means and the input/output channel for receipt of address signals;
the processor means being adapted during start-up of the computer system to A. actuate the switching means so that the decoder means respond to address signals generated by the processor means, B . apply to the decoder means successively address signals associated with the peripherals, and C. transfer the set of access information associated with the preselected user identified by the user identification code on a peripheral-by-peripheral basis to those storage units of the secondary storage means located by the decoder means.
controllable switching means for selectively coupling the address-responsive means to one of the processor means and the input/output channel for receipt of address signals;
the processor means being adapted during start-up of the computer system to A. actuate the switching means so that the decoder means respond to address signals generated by the processor means, B . apply to the decoder means successively address signals associated with the peripherals, and C. transfer the set of access information associated with the preselected user identified by the user identification code on a peripheral-by-peripheral basis to those storage units of the secondary storage means located by the decoder means.
6. The device of claim 3, 4 or 5 comprising data transfer means for coupling the processor means to the input/output channel, the data transfer means being adapted to make the processor means responsive to a predetermined address signal generated on the input/output channel for transfer of information between the processor means and the input/output channel.
7. The device of claim 3 in which:
the processor means are adapted to receive from the input/output channel a user identification code, a preselected number of address signals identifying particular peripherals and access information associated with each of the particular peripherals;
the processor means are adapted to respond to each of the preselected number of address signals and to the user identification code by locating unique storage units in the main storage means and storing at the unique storage units the user access information associated with the user and each of the peripherals;
the processor means have a mode of operation in which the processor means are adapted to retrieve the stored access information from the unique storage units in response to the user identification code.
the processor means are adapted to receive from the input/output channel a user identification code, a preselected number of address signals identifying particular peripherals and access information associated with each of the particular peripherals;
the processor means are adapted to respond to each of the preselected number of address signals and to the user identification code by locating unique storage units in the main storage means and storing at the unique storage units the user access information associated with the user and each of the peripherals;
the processor means have a mode of operation in which the processor means are adapted to retrieve the stored access information from the unique storage units in response to the user identification code.
8 . The device of claim 1 adapted for use with a computer system in which an address validation signal is transmitted by the processing unit along the input/output channel to the peripherals together with the address signal, the address-responsive means comprising:
decoder means for receiving the address signal from the input/output channel and locating in the storage means the access information associated with the selected peripheral, the decoder means being adapted to cause the storage means to generate an output signal corresponding to the accessinformation;
higgerable latching means for producing from the storage means output signal a latched output signal indicating whether access to the selected peripheral is restricted; and, trigger means for triggering the latching means to produce the latched output signal in response to the address validation signal conducted by the input/output channel.
decoder means for receiving the address signal from the input/output channel and locating in the storage means the access information associated with the selected peripheral, the decoder means being adapted to cause the storage means to generate an output signal corresponding to the accessinformation;
higgerable latching means for producing from the storage means output signal a latched output signal indicating whether access to the selected peripheral is restricted; and, trigger means for triggering the latching means to produce the latched output signal in response to the address validation signal conducted by the input/output channel.
9. A device for controlling access to computer peripherals connected to the input/output channel of a computer system in which a processing unit transmits an address signal to the peripherals along the input/output channel whenever a user selects any one of the peripherals for datatransfer, comprising:
access information generating means which can be actuated to generate access information regarding each peripheral;
address-responsive means for detecting the address signal in the input/output channel and actuating the access information generating means in response to the detected address signal to generate the access information for the selected peripheral; and, interruption means responsive to the generated access information for applying a signal to the input/output channel which interferes with use of the selected peripheral if the generated access information indicates that access to the selected peripheral is restricted
access information generating means which can be actuated to generate access information regarding each peripheral;
address-responsive means for detecting the address signal in the input/output channel and actuating the access information generating means in response to the detected address signal to generate the access information for the selected peripheral; and, interruption means responsive to the generated access information for applying a signal to the input/output channel which interferes with use of the selected peripheral if the generated access information indicates that access to the selected peripheral is restricted
10. The device of claim 9 adapted for use with a computer system in which an address validation signal is transmitted by the processing unit along the input/output channel to the peripherals together with the address signal, inwhich:
the access information generating means comprise storage means having a multiplicity of storage units for storing the access information associated with the peripherals;
the address-responsive means comprise decoder means for receiving the address signal and locating the storage units in the storage meanswhere the access information for the selected peripheral is located, the decodermeans being adapted to cause the storage means to generate an output signal corresponding to the access information;
latching means for producing from the storage means output signal, when triggered, a latched output signal indicating whether access to theselected peripheral is restricted; and, trigger means for triggering the latching means to produce the latched output signal in response to the address validation signal.
the access information generating means comprise storage means having a multiplicity of storage units for storing the access information associated with the peripherals;
the address-responsive means comprise decoder means for receiving the address signal and locating the storage units in the storage meanswhere the access information for the selected peripheral is located, the decodermeans being adapted to cause the storage means to generate an output signal corresponding to the access information;
latching means for producing from the storage means output signal, when triggered, a latched output signal indicating whether access to theselected peripheral is restricted; and, trigger means for triggering the latching means to produce the latched output signal in response to the address validation signal.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8524455 | 1985-03-10 | ||
| GB858524455A GB8524455D0 (en) | 1985-10-03 | 1985-10-03 | Monitoring activity of peripheral devices |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1267234A true CA1267234A (en) | 1990-03-27 |
Family
ID=10586152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000519123A Expired - Fee Related CA1267234A (en) | 1985-10-03 | 1986-09-26 | Device for controlling access to computer peripherals |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US5202997A (en) |
| CA (1) | CA1267234A (en) |
| GB (1) | GB8524455D0 (en) |
Families Citing this family (54)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5265221A (en) * | 1989-03-20 | 1993-11-23 | Tandem Computers | Access restriction facility method and apparatus |
| US5455923A (en) * | 1992-07-30 | 1995-10-03 | Kaplinsky; Cecil H. | Memory system for loading peripherals on power up |
| US5652837A (en) * | 1993-03-22 | 1997-07-29 | Digital Equipment Corporation | Mechanism for screening commands issued over a communications bus for selective execution by a processor |
| US5687379A (en) * | 1993-04-05 | 1997-11-11 | Packard Bell Nec | Method and apparatus for preventing unauthorized access to peripheral devices |
| US5748922A (en) * | 1993-04-05 | 1998-05-05 | Packard Bell Nec | Method and apparatus for reading data from a write only port |
| US5574866A (en) * | 1993-04-05 | 1996-11-12 | Zenith Data Systems Corporation | Method and apparatus for providing a data write signal with a programmable duration |
| US6115819A (en) * | 1994-05-26 | 2000-09-05 | The Commonwealth Of Australia | Secure computer architecture |
| US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
| US5542044A (en) * | 1994-12-12 | 1996-07-30 | Pope; Shawn P. | Security device for a computer, and methods of constructing and utilizing same |
| US6484308B1 (en) * | 1995-01-05 | 2002-11-19 | Dell Products L.P. | System and method for ensuring data integrity on a removable hard drive |
| US6226749B1 (en) * | 1995-07-31 | 2001-05-01 | Hewlett-Packard Company | Method and apparatus for operating resources under control of a security module or other secure processor |
| US5774652A (en) * | 1995-09-29 | 1998-06-30 | Smith; Perry | Restricted access computer system |
| KR970022703A (en) * | 1995-10-18 | 1997-05-30 | 김광호 | Computer system with security function and security method |
| US6009527A (en) * | 1995-11-13 | 1999-12-28 | Intel Corporation | Computer system security |
| KR0174978B1 (en) * | 1995-12-30 | 1999-04-01 | 김광호 | Hardware-implemented digital computer system security device |
| WO1997037305A1 (en) * | 1996-03-29 | 1997-10-09 | Intel Corporation | Computer system security |
| US5969632A (en) * | 1996-11-22 | 1999-10-19 | Diamant; Erez | Information security method and apparatus |
| US6202153B1 (en) | 1996-11-22 | 2001-03-13 | Voltaire Advanced Data Security Ltd. | Security switching device |
| US5905861A (en) * | 1996-12-02 | 1999-05-18 | Lovell; William S. | Data authentication circuit |
| US5982894A (en) * | 1997-02-06 | 1999-11-09 | Authentec, Inc. | System including separable protected components and associated methods |
| US6105132A (en) * | 1997-02-20 | 2000-08-15 | Novell, Inc. | Computer network graded authentication system and method |
| US6477648B1 (en) | 1997-03-23 | 2002-11-05 | Novell, Inc. | Trusted workstation in a networked client/server computing system |
| US5919257A (en) * | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
| US6202066B1 (en) | 1997-11-19 | 2001-03-13 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role/group permission association using object access type |
| US6317836B1 (en) | 1998-03-06 | 2001-11-13 | Tv Objects Limited Llc | Data and access protection system for computers |
| US6839776B2 (en) * | 1998-08-20 | 2005-01-04 | Intel Corporation | Authenticating peripherals based on a predetermined code |
| US6510522B1 (en) * | 1998-11-20 | 2003-01-21 | Compaq Information Technologies Group, L.P. | Apparatus and method for providing access security to a device coupled upon a two-wire bidirectional bus |
| ES2211500T3 (en) * | 1999-01-07 | 2004-07-16 | Remedan Aps | CONTROL DEVICE FOR A COMPUTER, USE OF A CONTROL DEVICE, COMPUTER THAT UNDERSTANDS A CONTROL DEVICE, AND METHOD FOR CONNECTING AND DISCONNECTING UNITS ON A COMPUTER. |
| US6549935B1 (en) * | 1999-05-25 | 2003-04-15 | Silverbrook Research Pty Ltd | Method of distributing documents having common components to a plurality of destinations |
| WO2001088677A2 (en) * | 2000-05-18 | 2001-11-22 | Stefaan De Schrijver | Apparatus and method for secure object access |
| WO2001088859A2 (en) * | 2000-05-18 | 2001-11-22 | Stefaan De Schrijver | Smartchip biometric device |
| WO2001091062A2 (en) * | 2000-05-22 | 2001-11-29 | Stefaan De Schrijver | Electronic cartridge writing instrument |
| GB2363218A (en) * | 2000-06-07 | 2001-12-12 | Ubinetics Ltd | A method of accessing application data for a peripheral device |
| AU2001273584A1 (en) * | 2000-06-16 | 2001-12-24 | Stefaan De Schrijver | Writing pen with piezo sensor |
| US7058814B1 (en) | 2000-09-28 | 2006-06-06 | International Business Machines Corporation | System and method for providing time-limited access to people, objects and services |
| US6982802B2 (en) * | 2001-02-20 | 2006-01-03 | Hewlett-Packard Development Company, L.P. | Systems and methods for collecting printing device usage data |
| US9009084B2 (en) | 2002-10-21 | 2015-04-14 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis and network intrusion protection in an industrial environment |
| US8909926B2 (en) * | 2002-10-21 | 2014-12-09 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
| US20040107345A1 (en) * | 2002-10-21 | 2004-06-03 | Brandt David D. | System and methodology providing automation security protocols and intrusion detection in an industrial controller environment |
| US20040153171A1 (en) * | 2002-10-21 | 2004-08-05 | Brandt David D. | System and methodology providing automation security architecture in an industrial controller environment |
| US8375226B1 (en) * | 2002-11-20 | 2013-02-12 | Raymond Brandl | System and method for selectively isolating a computer from a computer network |
| US20040098621A1 (en) * | 2002-11-20 | 2004-05-20 | Brandl Raymond | System and method for selectively isolating a computer from a computer network |
| US7409563B2 (en) * | 2003-07-22 | 2008-08-05 | Lockheed Martin Corporation | Method and apparatus for preventing un-authorized attachment of computer peripherals |
| DE102004048945B4 (en) * | 2004-10-07 | 2007-10-11 | Nec Electronics (Europe) Gmbh | System monitoring unit |
| US20060085864A1 (en) * | 2004-10-18 | 2006-04-20 | Paul Chang | Electronic security machine start method for notebook computers |
| US20060203815A1 (en) * | 2005-03-10 | 2006-09-14 | Alain Couillard | Compliance verification and OSI layer 2 connection of device using said compliance verification |
| US20070124554A1 (en) * | 2005-10-28 | 2007-05-31 | Honeywell International Inc. | Global memory for a rapidio network |
| US20080077976A1 (en) * | 2006-09-27 | 2008-03-27 | Rockwell Automation Technologies, Inc. | Cryptographic authentication protocol |
| CN101419651A (en) * | 2007-10-23 | 2009-04-29 | 鸿富锦精密工业(深圳)有限公司 | Electronic device and method with peripheral use right management function |
| KR20090095955A (en) * | 2008-03-07 | 2009-09-10 | 삼성전자주식회사 | Multi port semiconductor memory device for providing direct access function in shared structure of non-volatile memory and multi processor system having the same |
| US9344762B2 (en) * | 2012-10-18 | 2016-05-17 | Broadcom Corporation | Integration of untrusted applications and frameworks with a secure operating system environment |
| US9338522B2 (en) * | 2012-10-18 | 2016-05-10 | Broadcom Corporation | Integration of untrusted framework components with a secure operating system environment |
| US9547607B2 (en) | 2013-06-27 | 2017-01-17 | Microsoft Technology Licensing, Llc | Brokering application access for peripheral devices |
| CN112769966B (en) * | 2019-10-21 | 2023-08-25 | 阿里巴巴集团控股有限公司 | Address information distribution method and device and electronic equipment |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3368207A (en) * | 1965-05-12 | 1968-02-06 | Ibm | File protection to i/o storage |
| US3398405A (en) * | 1965-06-07 | 1968-08-20 | Burroughs Corp | Digital computer with memory lock operation |
| US3473159A (en) * | 1966-07-07 | 1969-10-14 | Gen Electric | Data processing system including means for protecting predetermined areas of memory |
| US3508205A (en) * | 1967-01-17 | 1970-04-21 | Computer Usage Co Inc | Communications security system |
| US3585606A (en) * | 1969-09-12 | 1971-06-15 | Ibm | File protect circuit and method |
| US3725872A (en) * | 1971-03-03 | 1973-04-03 | Burroughs Corp | Data processing system having status indicating and storage means |
| US3872444A (en) * | 1973-02-23 | 1975-03-18 | Ibm | Terminal control unit |
| US4000487A (en) * | 1975-03-26 | 1976-12-28 | Honeywell Information Systems, Inc. | Steering code generating apparatus for use in an input/output processing system |
| US4310720A (en) * | 1978-03-31 | 1982-01-12 | Pitney Bowes Inc. | Computer accessing system |
| DE2921878C2 (en) * | 1979-05-30 | 1985-08-29 | Hermann 7742 St Georgen Stockburger | Data transmission device |
| US4264782A (en) * | 1979-06-29 | 1981-04-28 | International Business Machines Corporation | Method and apparatus for transaction and identity verification |
| GB2087606A (en) * | 1980-07-01 | 1982-05-26 | Mastiff Security Syst Ltd | Computer Systems |
| IL64675A0 (en) * | 1981-12-30 | 1982-03-31 | Greenberg Avigdor | Data verification system |
| US4588991A (en) * | 1983-03-07 | 1986-05-13 | Atalla Corporation | File access security method and means |
| CA1231457A (en) * | 1984-09-20 | 1988-01-12 | David Bakhmutsky | Method and apparatus to provide security for computer systems |
| US4672533A (en) * | 1984-12-19 | 1987-06-09 | Noble Richard G | Electronic linkage interface control security system and method |
-
1985
- 1985-10-03 GB GB858524455A patent/GB8524455D0/en active Pending
-
1986
- 1986-09-26 CA CA000519123A patent/CA1267234A/en not_active Expired - Fee Related
-
1990
- 1990-09-06 US US07/578,561 patent/US5202997A/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| US5202997A (en) | 1993-04-13 |
| GB8524455D0 (en) | 1985-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1267234A (en) | Device for controlling access to computer peripherals | |
| US5325430A (en) | Encryption apparatus for computer device | |
| EP0647896B1 (en) | Local area network peripheral lock method and system | |
| KWN | Security Analysis and, Enhancements of Computer | |
| US5949882A (en) | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm | |
| JP4865177B2 (en) | Behavior of trust status on computing platforms | |
| US5748888A (en) | Method and apparatus for providing secure and private keyboard communications in computer systems | |
| US3931504A (en) | Electronic data processing security system and method | |
| US5432939A (en) | Trusted personal computer system with management control over initial program loading | |
| US6292899B1 (en) | Volatile key apparatus for safeguarding confidential data stored in a computer system memory | |
| KR100323604B1 (en) | Method for controlling access to electronically provided services and system for implementing such method | |
| US5623637A (en) | Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys | |
| US8484327B2 (en) | Method and system for generic real time management of devices on computers connected to a network | |
| DE112005003513B4 (en) | Security chip | |
| US20080052539A1 (en) | Inline storage protection and key devices | |
| EP0596276A2 (en) | Secure memory card | |
| EP1752901A2 (en) | Methods and systems that selectively permit changes to a hardware unit's state | |
| US8205095B2 (en) | Method and system for remotely debugging a failed computer machine | |
| WO2001084317A1 (en) | Multi-level secure computer with token-based access control | |
| EP0692166A1 (en) | Security access and monitoring system for personal computer | |
| CA2136919A1 (en) | Local area network encryption decryption system | |
| US5694470A (en) | System for reading encrypted information, and unit for use in such a system | |
| EP0436365B1 (en) | Method and system for securing terminals | |
| US5764761A (en) | Eletronic assembly with integrated circuit devices including lock circuitry | |
| GB2181281A (en) | Device for controlling access to computer peripherals |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKLA | Lapsed |