[go: up one dir, main page]

GB2248324A - Data security in a computer network - Google Patents

Data security in a computer network Download PDF

Info

Publication number
GB2248324A
GB2248324A GB9020896A GB9020896A GB2248324A GB 2248324 A GB2248324 A GB 2248324A GB 9020896 A GB9020896 A GB 9020896A GB 9020896 A GB9020896 A GB 9020896A GB 2248324 A GB2248324 A GB 2248324A
Authority
GB
United Kingdom
Prior art keywords
memory
data
access
security
microcomputer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9020896A
Other versions
GB9020896D0 (en
GB2248324B (en
Inventor
Joseph Flynn
Shemas Eivers
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
UKEN
Original Assignee
UKEN
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by UKEN filed Critical UKEN
Priority to GB9020896A priority Critical patent/GB2248324B/en
Priority to BE9000966A priority patent/BE1002346A6/en
Publication of GB9020896D0 publication Critical patent/GB9020896D0/en
Publication of GB2248324A publication Critical patent/GB2248324A/en
Application granted granted Critical
Publication of GB2248324B publication Critical patent/GB2248324B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1483Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A microcomputer 1 is disclosed which is adapted for connecting in a computer network where there is shared access to stored data. The microcomputer comprises a security circuit 5 which controls operation of an address buffer 6 according to a table of access conditions retrieved from non-volatile memory in response to an input password, there being one access condition for each block of memory addresses. Passwords have assigned security levels and a respective table of access conditions for each level is held in the non-volatile memory. The relevant memory address block is identified by reading of a memory map that has been created and stored by the security circuit 5 in the non-volatile memory. The microcomputer thus assists in preventing accidental amendment of data, fraud by amendment of financial data, and access to confidential data. <IMAGE>

Description

"Security in a Computer Apparatus" The present invention relates to security in a computer apparatus, and more particularly to security of stored data in a network computer apparatus.
Control of access to stored data to prevent loss of confidentiality of the data, fraud involving financial data, accidental loss or amendment of the data or deliberate falsification of data has been achieved with some success for stand-alone computers. However, where there is shared access to stored data in a computer network, such control has not been achieved without excessively limiting the manner in which users may use the network and introducing time delays in operation. This is particularly true where the network may be accessed by a remote computer. Indeed, in some cases the manner in which access is controlled in these situations in many instances renders a computer network useless.For example, where interlinked by communications links, and each is used to monitor manufacturing or project activities onsite, programs for controlling access to data can require excessively large memory areas, and generate excessive communications traffic and introduce unnecessary restrictions to the extent that the networks fail to perform their most important functions which is to provide up-to-date information when and where it is required.
The present invention is directed towards solving these problems.
According to the invention, there is provided a microcomputer adapted to be connected in a network for shared access to stored data and to allow access to the stored data in a controlled manner to maintain confidentiality of data, avoid fraud and accidental loss or amendment of data, the microcomputer comprising: a control unit having a security circuit; an arithmetic unit; and a memory transfer unit; a memory bus connecting the memory transfer unit to a random access memory, and to a non-volatile memory including a fixed disk and a shared memory device via a network interface; an input/output bus connecting the arithmetic unit to a keyboard encoder, to a video controller and to a printer controller connected respectively to a keyboard, a visual display unit and a printer;; wherein the security circuit comprises means for directing storage in the non-volatile memory of security data comprising a plurality of user passwords, a security level for each password, and a table comprising access conditions for each block of a memory map, there being one table for each security level, and wherein the security circuit comprises means for automatically retrieving relevant security data for storage in the random access memory circuit, for assigning a security level to a received password and for interactively controlling operation of the memory transfer circuit according to the access conditions when requests are received at the keyboard for access to data.
Ideally, there are three possible access conditions, namely, read and write disable, read enable and write disable and read and write enable.
In one embodiment, the security circuit interactively controls operation of the memory transfer circuit by control of memory instructions stored in an address buffer of the memory transfer circuit.
The invention will be more clearly understood when the following description of some preferred embodiments thereof, given by way of example only with reference to the accompanying drawings in which: Fig 1 is a block diagram of a microcomputer of the invention adapted for connecting in a computer network; Fig 2 is a flow diagram illustrating operation of the microcomputer; and Fig 3 is an illustration of portion of a sample security table generated in the microcomputer.
Referring to the drawings, and initially to Fig 1 there is illustrated a microcomputer of the invention indicated generally by the reference numeral 1. The microcomputer 1 is adapted to be connected in a computer network where there is shared access to data stored in a common memory device in the network. The microcomputer 1 comprises a control unit including a program counter 2, an instruction register 3 and a control and decode circuit 4. A security circuit 5 is also connected in the control unit. The control unit is connected to a memory transfer unit including an address buffer 6 and a data buffer 7, both of which are connected to a memory bus 8.
An arithmetic unit comprising an accumulator 9 and an adder 10 is disposed between the control unit and an input/output bus 11. The memory bus 8 is connected to a random access memory circuit 15, to a fixed disk drive 16 and to a network interface 17. The input/output bus 11 receives inputs from the keyboard encoder 18 connected to a keyboard 19 and provides outputs to a video controller 20 for a visual display unit (VDU) 21 and a printer controller 22 for a printer 23.
In operation, the microcomputer 1 is connected via the network interface 17 in a computer network where there is shared access to a common memory device. Such a computer network would be arranged to carry out many different types of data processing operations according to stored data and programs in the shared memory device. Each microcomputer would also have data and programs stored in the fixed disk 16. Referring specifically to Figs 2 and 3, operation of the microcomputer 1 to control access to data is illustrated.
Initially, the security circuit 5 directs storage in nonvolatile memory which may be either the fixed disk 17 or the common memory device accessed via the network interface 17, of a memory map of 16 Kbyte blocks of addresses of stored data.
Further, the security circuit 5 directs storage in nonvolatile memory of a table made up of access conditions for each block of the memory map. Portion of such a table is shown in Fig 3. In this embodiment, there are five tables stored, one for each of five security levels identified by the numerals A, B, C, D and E. Security level A allows most access to data whereas security level E allows least access.
Each table indicates one of three possible access conditions for each block of the memory map.
In Fig 2, the step of creating a memory map is indicated by the numeral 30 and of creating security levels and tables of access conditions by the numeral 31. In step 32, each password which is received from a supervisor who has full access to the data is assigned a security level according to the supervisor's instructions. The security circuit 5 directs storage of the password and of the security level in nonvolatile memory. When a user wishes to have data processing operations carried out on the computer network, a password is received at the keyboard 19 in step 33 and in step 34, the security circuit retrieves the password for storage in the random access memory circuit 15 and determines the relevant security level A, B, C, D or E. The relevant table of access conditions for the security level is retrieved in step 35.
When a request is received for access to data in step 36, the security circuit 5 determines access conditions for data which would be addressed in step 37. For each block of 16 Kbytes of data there is an access condition in the relevant table and the three possible access conditions are as follows: 1. Read, write disable.
2. Read enable and write disable.
3. Read and write enable.
The first access condition applies where a user should not be allowed access to data to either view or amend the data. An example of such a situation is where a user who works in the purchasing department of an organisation is to be prevented from viewing the salary fields of a personnel system. The second access condition is suitable where a user is allowed to view the data such as purchasing prices, material delivery dates, without being allowed to amend the data. In these situations only certain specified users have the authority to amend data. It will be appreciated, for example, that if any unauthorised person amends data such as the purchasing price of an item, subsequent data processing operations carried out using that data would be useless.If the fact that there is a discrepancy is noticed, it would take a long time to find where the discrepancy arose and if it is not noticed the situation is even worse because wrong information is generated by the computer network. The third access condition is where a user such as a supervisor is allowed full access to data to both view it and to amend it, if required. For security level A, the table is made up fully of this access condition so that a supervisor may create new passwords and assign a security level and have full access to all of the data. This access condition may also be used selectively for different memory blocks according to the work which is carried out by each individual user. A portion of a sample table is shown in Fig 3. This table includes mixed access conditions for different memory blocks and is used for security level C.
For the memory address of the data which a user wishes to access, the security circuit 5 determines which block of the memory map the address falls within and retrieves from the table, the relevant access condition. If the access condition is number 1 above, the address buffer of the memory transfer unit is cleared by the security circuit 5 to prevent both write and read instructions being transmitted on the memory bus 8. If the access condition is number 2 above, the security circuit 5 prevents write enable instructions with step 39. If the access condition is number 2 above, the security circuit 5 allows both read and write enable instructions in the address buffer 6.
It will be appreciated that by use of microcomputers of the invention in a computer network, control of access to stored data will be achieved in a relatively simple and inexpensive manner. This is very important for large organisations where many different types of data are stored and it is important to avoid fraud by amendment of financial data, to avoid data errors caused by inadvertent write instructions and to prevent access to confidential data.
These operations are carried out in a sample manner by access to tables at each microcomputer in a network. In general it is preferable that the non-volatile memory used by the security circuit be the hard disk as this avoids the need for accesses to the common memory device in the network. However, where network traffic is not a problem, the common memory device may be used.
The invention is not limited to the embodiments here and before described, but may be varied in construction and detail.

Claims (4)

  1. A microcomputer adapted to be connected in a network for shared access to stored data and to allow access to the stored data in a controlled manner to maintain confidentiality of data, avoid fraud and accidental loss or amendment of data, the microcomputer comprising: a control unit having a security circuit; an arithmetic unit; and a memory transfer unit; a memory bus connecting the memory transfer unit to a random access memory, and to a non-volatile memory including a fixed disk and a shared memory device via a network interface; an input/output bus connecting the arithmetic unit to a keyboard encoder, to a video controller and to a printer controller connected respectively to a keyboard, a visual display unit and a printer;; wherein the security circuit comprises means for directing storage in the non-volatile memory of security data comprising a plurality of user passwords, a security level for each password, and a table comprising access conditions for each block of a memory map, there being one table for each security level, and wherein the security circuit comprises means for automatically retrieving relevant security data for storage in the random access memory circuit, for assigning a security level to a received password and for interactively controlling operation of the memory transfer circuit according to the access conditions when requests are received at the keyboard for access to data.
  2. 2. A microcomputer is claimed in claim 1, wherein there are three possible access conditions, namely, read and write disable, read enable and write disable and read and write enable.
  3. 3. A microcomputer is claimed in claims 1 or 2, wherein the security circuit interactively controls operation of the memory transfer circuit by control of memory instructions stored in an address buffer of the memory transfer circuit.
  4. 4. A microcomputer substantially as hereinbefore described, with reference to and as illustrated in the accompanying drawings.
GB9020896A 1990-09-25 1990-09-25 Security in a computer apparatus Expired - Fee Related GB2248324B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9020896A GB2248324B (en) 1990-09-25 1990-09-25 Security in a computer apparatus
BE9000966A BE1002346A6 (en) 1990-09-25 1990-10-12 SECURITY IN A COMPUTER DEVICE.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9020896A GB2248324B (en) 1990-09-25 1990-09-25 Security in a computer apparatus

Publications (3)

Publication Number Publication Date
GB9020896D0 GB9020896D0 (en) 1990-11-07
GB2248324A true GB2248324A (en) 1992-04-01
GB2248324B GB2248324B (en) 1994-04-06

Family

ID=10682748

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9020896A Expired - Fee Related GB2248324B (en) 1990-09-25 1990-09-25 Security in a computer apparatus

Country Status (2)

Country Link
BE (1) BE1002346A6 (en)
GB (1) GB2248324B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2273585A (en) * 1992-12-21 1994-06-22 Hanover Temporary password access.
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
US5657470A (en) * 1994-11-09 1997-08-12 Ybm Technologies, Inc. Personal computer hard disk protection system
US5819091A (en) * 1994-12-22 1998-10-06 Arendt; James Wendell User level control of degree of client-side processing
GB2366631A (en) * 2000-03-04 2002-03-13 Ericsson Telefon Ab L M A communication node and a method of recovering security data following a power failure
GB2379145A (en) * 2001-04-26 2003-02-26 Kaydara Inc mixed-media broadcast data security system which allows different levels of access, to encoded data, based on user passwords
GB2398658A (en) * 2003-02-18 2004-08-25 Agilent Technologies Inc Implementing a hidden address in a communication module.
GB2404817A (en) * 2003-07-31 2005-02-09 Fujitsu Ltd Managing public and private resources in a computer network
FR2895108A1 (en) * 2005-12-16 2007-06-22 St Microelectronics Sa Sharable memory space access management method for multi-user type contactless integrated circuit, involves assigning same password for protection of blocks, and allocating access rights to each block
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0008355A1 (en) * 1978-08-25 1980-03-05 Siemens Aktiengesellschaft Device for the protection of data stored in computers against unauthorized access
US4734855A (en) * 1983-10-17 1988-03-29 Inria-Institut National De Recherche En Informatique Et En Automatique Apparatus and method for fast and stable data storage
GB2228350A (en) * 1989-01-19 1990-08-22 Strahlen Umweltforsch Gmbh Memory protection against unauthorised access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0008355A1 (en) * 1978-08-25 1980-03-05 Siemens Aktiengesellschaft Device for the protection of data stored in computers against unauthorized access
US4734855A (en) * 1983-10-17 1988-03-29 Inria-Institut National De Recherche En Informatique Et En Automatique Apparatus and method for fast and stable data storage
GB2228350A (en) * 1989-01-19 1990-08-22 Strahlen Umweltforsch Gmbh Memory protection against unauthorised access

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2273585A (en) * 1992-12-21 1994-06-22 Hanover Temporary password access.
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
US5657470A (en) * 1994-11-09 1997-08-12 Ybm Technologies, Inc. Personal computer hard disk protection system
US5819091A (en) * 1994-12-22 1998-10-06 Arendt; James Wendell User level control of degree of client-side processing
GB2366631B (en) * 2000-03-04 2004-10-20 Ericsson Telefon Ab L M Communication node, communication network and method of recovering from a temporary failure of a node
GB2366631A (en) * 2000-03-04 2002-03-13 Ericsson Telefon Ab L M A communication node and a method of recovering security data following a power failure
US7254235B2 (en) * 2001-04-26 2007-08-07 Autodesk, Inc. Receiving mixed-media data
GB2379145A (en) * 2001-04-26 2003-02-26 Kaydara Inc mixed-media broadcast data security system which allows different levels of access, to encoded data, based on user passwords
GB2379145B (en) * 2001-04-26 2005-02-02 Kaydara Inc Mixed-media data encoding
US7461405B2 (en) 2001-04-26 2008-12-02 Autodesk, Inc. Mixed-media data encoding
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
GB2398658A (en) * 2003-02-18 2004-08-25 Agilent Technologies Inc Implementing a hidden address in a communication module.
US7065621B2 (en) 2003-02-18 2006-06-20 Takashi Hidai System and method for implementing a hidden address in a communication module
GB2398658B (en) * 2003-02-18 2007-01-24 Agilent Technologies Inc System and method for implementing a hidden address in a communication module
GB2404817B (en) * 2003-07-31 2006-04-05 Fujitsu Ltd Network node machine and information network system
US7975291B2 (en) 2003-07-31 2011-07-05 Fujitsu Limited Network node machine and information network system
GB2404817A (en) * 2003-07-31 2005-02-09 Fujitsu Ltd Managing public and private resources in a computer network
EP1808770A1 (en) * 2005-12-16 2007-07-18 Stmicroelectronics Sa Process for managing access to a memory by means of passwords
FR2895108A1 (en) * 2005-12-16 2007-06-22 St Microelectronics Sa Sharable memory space access management method for multi-user type contactless integrated circuit, involves assigning same password for protection of blocks, and allocating access rights to each block
US7987372B2 (en) 2005-12-16 2011-07-26 Stmicroelectronics Sa Method for managing the access to a memory, by using passwords

Also Published As

Publication number Publication date
BE1002346A6 (en) 1991-01-03
GB9020896D0 (en) 1990-11-07
GB2248324B (en) 1994-04-06

Similar Documents

Publication Publication Date Title
US4907268A (en) Methods and apparatus for controlling access to information processed a multi-user-accessible digital computer
US6523117B2 (en) System and method of online deciphering data on storage medium
US6954753B1 (en) Transparent electronic safety deposit box
JP2759669B2 (en) Electronic Calendar Security Management Methods
US11151280B2 (en) Simplified deletion of personal private data in cloud backup storage for GDPR compliance
JPH02278458A (en) Electronic document approval system
US20120240194A1 (en) Systems and Methods for Controlling Access to Electronic Data
JPS61195443A (en) Method of protecting system file in data processing system and data processing system
GB2248324A (en) Data security in a computer network
CN100587699C (en) Method and computer readable medium for generating usage rights for items based on access rights
JP7508649B2 (en) Information processing device and information processing program
France Control and use of health information: a doctor's perspective
JPH08202659A (en) Shared information processing system
JPH04251353A (en) Security protection system for information processing system
JPH02266445A (en) Access right control system for document data base control system
US20020138746A1 (en) Method of generating a secure output file
JPS63273151A (en) Access management system
JP2000010928A (en) Information management system
JP6736320B2 (en) Information processing apparatus and information processing program
JP2005018422A (en) Test processing information exchange method
GB2273585A (en) Temporary password access.
Ahituv et al. Protecting statistical databases against retrieval of private information
EP0434876A1 (en) A computer system for unit trust processing functions
IE914474A1 (en) Security of stored data
Virunurm et al. Safeguards for the protection of individual records in computerized data banks

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 19940925