GB2246457A - Controlling access to stored data - Google Patents

Controlling access to stored data Download PDF

Info

Publication number
GB2246457A
GB2246457A GB9016364A GB9016364A GB2246457A GB 2246457 A GB2246457 A GB 2246457A GB 9016364 A GB9016364 A GB 9016364A GB 9016364 A GB9016364 A GB 9016364A GB 2246457 A GB2246457 A GB 2246457A
Authority
GB
United Kingdom
Prior art keywords
name
verification signal
password
personal record
circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9016364A
Other versions
GB9016364D0 (en
Inventor
James Martin Sheeran
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BLUETRON Ltd
Original Assignee
BLUETRON Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BLUETRON Ltd filed Critical BLUETRON Ltd
Priority to GB9016364A priority Critical patent/GB2246457A/en
Priority to BE9000785A priority patent/BE1002244A6/en
Publication of GB9016364D0 publication Critical patent/GB9016364D0/en
Publication of GB2246457A publication Critical patent/GB2246457A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A security circuit 2 for controlling access to data stored in a read/write memory circuit 7 and a fixed disk 8 of a computerised device 1 includes a comparator 20 which carries out various comparison operations regarding user names, passwords and permitted access times. A counter register 23 is used to limit the number of attempts the user may make at accessing stored data and a disabling circuit 24 is operative to disable a printer controller 10, a video controller 12 and a keyboard encoder 4. A memory blocking circuit 22 is arranged to control access of a microprocessor control unit 5 to stored data according to a security level for each user. Thus, users may have partial access to stored data and versatility is achieved. <IMAGE>

Description

"Control of access to data stored in a storage medium" The present invention relates to the control of access to data stored in a storage medium in a computerised device.
The control of access to data in a storage medium is particularly important where scientific test data, confidential document text or other data which should not be made available to únauthorised people is stored. Security circuits have been devised to control access to such data and these circuits are generally operational either to prevent a person utilising any processing circuits or to allow a person access to all of the facilities. They thus allow little versatility in use of the circuits and further, if an unauthorised person succeeds in by-passing the security circuit, he or she has unrestricted access to all data.
The present invention is directed towards providing an improved security circuit and method to overcome these problems.
According to the invention, there is provided a security circuit for controlling access to data stored in a storage medium in a data storage and processing apparatus comprising an input device, an input device encoder, a control circuit, a real time clock, an output device controller, and an output device, in which said storage medium comprises a permanent memory device and a read/write memory circuit, the security circuit comprising:: a memory interface for directing storage in the permanent memory device of a personal record for each user authorised to access stored data, the personal record including a name, a password, a security level indication, and a time limit after which the respective user is allowed access to stored data; a comparator for verifying a name received at the input device by comparing the received name with the stored name in the personal record and for directing delivery of a name verification signal to the output device and to the permanent memory device; a disabling circuit for disabling the input device encoder and the output device controller if the name verification signal is negative;; means at the comparator for comparing time of the real time clock with the time limit in the respective personal record and for directing delivery of a time verification signal to the output device and to the permanent storage device for storage in the personal record if the name verification signal is positive; means at the memory interface circuit for re-setting the time limit to a value which is a pre-determined amount later than the current value, and for subsequently directing disabling of the input device encoder and of the output device controller if the time verification signal is negative; means at the comparator for verifying a password received at the input device by comparing the received password with the stored password of the respective personal record and for delivering a password verification signal to the output device and to the permanent storage device for storage in the respective personal record if the time verification signal is positive; means at the disabling circuit for disabling the input device encoder and the output device controller if the password verification signal is negative; a memory blocking circuit for retrieving the security level indication from the respective personal record and delivering a memory blocking signal to the control unit to facilitate setting of storage areas in the permanent memory device and in the read/write memory circuit from which the control unit may not read data if the password verification signal is positive.
According to another aspect, the invention provides a method of controlling access to data stored in a storage medium in a data storage and processing apparatus comprising an input device, an input device encoder, a control circuit, a real time clock, an output device controller, and an output device, in which said storage medium comprises a permanent memory device and a read/write memory device, the method comprising the steps of:: directing storage in the permanent memory device of a personal record for each user authorised to access stored data, the personal record including a name, a password, a security level indication, and a time limit after which the respective user is allowed access to stored data; verifying a name received at the input device by comparing the received name with the stored name in the personal record and directing delivery of a name verification signal to the output device and to the permanent memory device for storage in the personal record; disabling the input device encoder and the output device controller if the name verification signal is negative; comparing time of the real time clock with the time limit in the respective personal record and directing delivery of a time verification signal to the output device and to the permanent storage device for storage in the personal record if the name verification signal is positive; re-setting the time limit to a value which is a predetermined amount later than the current value, and subsequently directing disabling of the input device encoder and of the output device controller if the time verification signal is negative; verifying a password received at the input device by comparing the received password with the stored password of the respective personal record and delivering a password verification signal to the output device and to the permanent storage device for storage in the respective personal record if the time verification signal is positive; disabling the input device encoder and the output device controller if the password verification signal is negative; retrieving the security level indication from the respective personal record and delivering a memory blocking signal to the control unit to facilitate setting of storage areas in the permanent memory device and in the read/write memory circuit from which the control unit may not read data if the password verification signal is positive.
In one embodiment, the method comprises the further steps of initially setting a counter register to zero, incrementing the counter register after comparing the password or name, and repeating said comparison and incrementing operations a preset number of times according to the counter register.
The invention will be more clearly understood from the following description of some preferred embodiments thereof, given by way of example only with reference to the accompanying drawings in which: Fig. 1 is a schematic representation of a computerised device incorporating a security circuit of the invention; and Figs. 2 and 3 are flow diagrams illustrating operation of the security circuit.
Referring to the drawings, and initially to Fig. 1, there is illustrated a computerised device 1 incorporating a security circuit 2 of the invention. The security circuit 2 is indicated by interrupted lines. The computerised device 1 comprises a keyboard 3 connected to a keyboard encoder 4 which provides a 7-bit representation for each key of the keyboard 3. The computerised device 1 also includes a microprocessor control unit 5 and a real-time clock 6 having a battery backup. A storage medium for the computerised device 1 comprises a read/write memory circuit 7 and a fixed disk 8.
For output of processed data and of data stored in the read/write memory circuit 7 and the fixed disk 8, the device 1 includes a character generator 9 connected to a printer controller 10 for a printer 11 and to a video controller 12 for a visual display unit (VDU) 13.
The security circuit 2 comprises a comparator 20 having an input connected to the keyboard encoder 4, the clock 6 and to various other portions of the computerised device 1 via a memory interface 21. The memory interface 21 is connected to a memory blocking circuit 22 and the security circuit 2 also includes a counter register 23 and a disabling circuit 24.
The disabling circuit 24 is connected to the video controller 12 and the printer controller 10.
The computerised device 1 is arranged to carry out processing of data received at the keyboard 3 and stored in the fixed disk 8 and in the read/write memory circuit 7.
Referring to Figs. 2 and 3, in step 30, the memory interface 21 of the security circuit 2 initially directs storage in the fixed disk 8 of a personal record for each user authorised to access the stored data. Typically, the memory interface 21 is operated by a supervisor and the personal record includes a name for each authorised user, a password, a security level and a time limit. There are five security levels in this case numbered 1 through 5, with the lower numbers allowing access to a lesser amount of data than the higher numbers. The time limit is a time before which a user is not allowed access to stored data. For example, if the time limit is 15.00 a user may not access stored data before 15.00 each day. The personal record is stored in the fixed disk 8 and is thus not lost when the computerised device 1 is switched off.
When a user wishes to access stored data, in step 31 he or she keys in a name at the keyboard 3. The comparator 22 retrieves the received name from the keyboard encoder 4 and compares this with all of the stored names in the fixed disk 8. This is indicated in greater detail in Fig. 3. Initially, the counter register 23 is set to zero in step 31(a) and the user name is received at the keyboard 3 in step 31(b). In step 31(c) the comparator 20 compares the received user name with the stored names in the fixed disk 8 and in step 31(d) delivers a positive name verification signal to the VDU 13 and/or the printer 11 if the name is located. If the name has not been found in the fixed disk 8, the counter register 23 is incremented by 1 in step 31(e).In step 31(f) a check is made as to the value of the counter register and if the value is less than 3, the user is prompted to input a user name again and the procedure is repeated until three names have been inputted. If after repetition of the procedure three times, a name has not been located in the hard disk 8, in step 31(g) the comparator 20 delivers a negative name verification signal to either the printer 11 and/or the VDU 13.
In step 33, the comparator 20 directs recording of the time and the fact that the verification has been negative in the hard disk 8. In step 34 the disabling circuit 24 disables the keyboard encoder 4 and in step 35 the VDU and printer controllers 10 and 12 are disabled. In step 36 the disabling circuit 24 monitors real time after disabling of the VDU and printer controllers 10 and 12 and the keyboard encoder 4 and after 30 minutes has elapsed it enables the VDU and printer controllers in step 37 and enables the keyboard encoder in step 38. When this has been done, the procedure may start again.
On the other hand, if the comparator 20 locates the user name on the fixed disk 8, a positive verification signal is outputted at the printer 11 and/or the VDU 13 and in step 39 the comparator 20 compares real time with the recorded user time limit for the personal record associated with the located name. If real time is earlier than the time limit a negative time verification signal is output at the printer 11 and/or the VDU 14 and in step 40 the memory interface 21 directs resetting of the time limit to the current value plus 30 minutes and the procedure of steps 34 through step 38 is repeated.
The event is stored in the hard disk 8 in step 33. If real time is later than the time limit, a positive time verification signal is delivered and in step 41 a user password is received at the keyboard 3 and is compared with the stored password of the personal record in a similar manner to the procedure for verifying a received user name illustrated in Fig. 3. The only difference being that the comparator 20 only checks in the single personal record and not in all of the personal records as it does when a name is received. If the password is not verified the fact is recorded in step 33 and the procedure of steps 40 and 34 through 38 is repeated. Further, a negative password verification signal is output at the printer 11 and/or the VDU 13.
In step 43, the memory interface 21 retrieves the security level stored in the personal record and in step 44 the memory blocking circuit blocks access to the read/write memory circuit 7 and to the fixed disk 8 according to the security level by transmitting an appropriate signal to the control unit 5. For example, if the security level is "5", a user is allowed access to all of the data stored on the fixed disk 8, however, if the security level is 2 then only a pre-set portion of the fixed disk 8 may be accessed. The memory blocking circuit 22 carries out this function by instructing the control unit 5 to block the relevant addresses on the memory.
It will thus be appreciated that a user is allowed access to stored data according to the criterion of a name, a password and a time limit. Further, access of certain address locations is blocked according to a security level. It is envisaged that it will be extremely difficult for a person to circumvent the security circuit 2 as the keyboard encoder is disabled and it is impossible to direct instructions of the keyboard 3 into the microprocessor control unit 5. Further, because the VDU and printer controllers are disabled, the user does not receive any output. By re-setting the personal record time limit to 30 minutes later than the current value, the user is in the same position more than half an hour later when the VDU and printer controllers and the keyboard encoder have been enabled again. Because of operation of the memory blocking circuit 22, the supervisor is given versatility in deciding on access of users to stored data and thus the one computerised device may be used by several different people, each having their own personal restrictions as to access to stored data. At any stage, the supervisor may obtain a printout at the printer 11 of all security events over a time period, which information is retrieved from the hard disk 8.
The invention is not limited to the embodiments hereinbefore described but may be varied in construction and detail.

Claims (6)

1. A security circuit for controlling access to data stored in a storage medium in a data storage and processing apparatus comprising an input device, an input device encoder, a control circuit, a real time clock, an output device controller, and an output device, in which said storage medium comprises a permanent memory device and a read/write memory circuit, the security circuit comprising:: a memory interface for directing storage in the permanent memory device of a personal record for each user authorised to access stored data, the personal record including a name, a password, a security level indication, and a time limit after which the respective user is allowed access to stored data; a comparator for verifying a name received at the input device by comparing the received name with the stored name in the personal record and for directing delivery of a name verification signal to the output device and to the permanent memory device; a disabling circuit for disabling the input device encoder and the output device controller if the name verification signal is negative; means at the comparator for comparing time of the real time clock with the time limit in the respective personal record and for directing delivery of a time verification signal to the output device and to the permanent storage device for storage in the personal record if the name verification signal is positive; means at the memory interface circuit for re-setting the time limit to a value which is a pre-determined .amount later than the current value, and for subsequently directing disabling of the input device encoder and of the output device controller if the time verification signal is negative; means at the comparator for verifying a password received at the input device by comparing the received password with the stored password of the respective personal record and for delivering a password verification signal to the output device and to the permanent storage device for storage in the respective personal record if the time verification signal is positive; means at the disabling circuit for disabling the input device encoder and the output device controller if the password verification signal is negative;; a memory blocking circuit for retrieving the security level indication from the respective personal record and delivering a memory blocking signal to the control unit to facilitate setting of storage areas in the permanent memory device and in the read/write memory circuit from which the control unit may not read data if the password verification signal is positive.
2. A security circuit as claimed in claim 1, further comprising a counter register and in which the comparator comprises means for initially setting the counter register to zero, for incrementing the counter register after comparing the password or name, and for repeating said comparison and incrementing operations a pre-set number of times according to the counter register.
3. A method of controlling access to- data stored in a storage medium in a data storage and processing apparatus comprising an input device, an input device encoder, a control circuit, a real time clock, an output device controller, and an output device, in which said storage medium comprises a permanent memory device and a read/write memory device, the method comprising the steps of:: directing storage in the permanent memory device of a personal record for each user authorised to access stored data, the personal record including a name, a password, a security level indication, and a time limit after which the respective user is allowed access to stored data; verifying a name received at the input device by comparing the received name with the stored name in the personal record and directing delivery of a name verification signal to the output device and to the permanent memory device for storage in the personal record; disabling the input device encoder and the output device controller if the name verification signal is negative;; comparing time of the real time clock with the time limit in the respective personal record and directing delivery of a time verification signal to the output device and to the permanent storage device for storage in the personal record if the name verification signal is positive; re-setting the time limit to a value which is a predetermined amount later than the current value, and subsequently directing disabling of the input device encoder and of the output device controller if the time verification signal is negative; verifying a password received at the input device by comparing the received password with the stored password of the respective personal record and delivering a password verification signal to the output device and to the permanent storage device for storage in the respective personal record if the time verification signal is positive; disabling the input device encoder and the output device controller if the password verification signal is negative; retrieving the security level indication from the respective personal record and delivering a memory blocking signal to the control unit to facilitate setting of storage areas in the permanent memory device and in the read/write memory circuit from which the control unit may not read data if the password verification signal is positive.
4. A method as claimed in claim 3, comprising the further steps of initially setting a counter register to zero, incrementing the counter register after comparing the password or name, and repeating said comparison and incrementing operations a pre-set number of times according to the counter register.
5. A security circuit substantially as hereinbefore described with reference to, and as illustrated in the accompanying drawings.
6. A method substantially as hereinbefore described with reference to, and as illustrated in the accompanying drawings.
GB9016364A 1990-07-25 1990-07-25 Controlling access to stored data Withdrawn GB2246457A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9016364A GB2246457A (en) 1990-07-25 1990-07-25 Controlling access to stored data
BE9000785A BE1002244A6 (en) 1990-07-25 1990-08-14 CONTROL OF ACCESS TO DATA STORED IN A STORAGE MEDIUM.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9016364A GB2246457A (en) 1990-07-25 1990-07-25 Controlling access to stored data

Publications (2)

Publication Number Publication Date
GB9016364D0 GB9016364D0 (en) 1990-09-12
GB2246457A true GB2246457A (en) 1992-01-29

Family

ID=10679660

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9016364A Withdrawn GB2246457A (en) 1990-07-25 1990-07-25 Controlling access to stored data

Country Status (2)

Country Link
BE (1) BE1002244A6 (en)
GB (1) GB2246457A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0587375A2 (en) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Security unit for data processor systems
US7069404B1 (en) * 1999-01-11 2006-06-27 Stmicroelectronics Sa Microprocessor with protection circuits to secure the access to its registers

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2692703B1 (en) * 1992-06-22 1995-03-31 Pierre Minaberry Device for controlling a self-service device.

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0192243A2 (en) * 1985-02-21 1986-08-27 Secure Computing Technology Corporation Method of protecting system files and data processing unit for implementing said method
EP0262025A2 (en) * 1986-09-16 1988-03-30 Fujitsu Limited System for permitting access to data field area in IC card for multiple services

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0192243A2 (en) * 1985-02-21 1986-08-27 Secure Computing Technology Corporation Method of protecting system files and data processing unit for implementing said method
EP0262025A2 (en) * 1986-09-16 1988-03-30 Fujitsu Limited System for permitting access to data field area in IC card for multiple services

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0587375A2 (en) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Security unit for data processor systems
EP0587375A3 (en) * 1992-09-04 1994-11-17 Algorithmic Res Ltd Security unit for data processor systems.
US5406624A (en) * 1992-09-04 1995-04-11 Algorithmic Research Ltd. Data processor systems
US7069404B1 (en) * 1999-01-11 2006-06-27 Stmicroelectronics Sa Microprocessor with protection circuits to secure the access to its registers

Also Published As

Publication number Publication date
GB9016364D0 (en) 1990-09-12
BE1002244A6 (en) 1990-10-30

Similar Documents

Publication Publication Date Title
US6130621A (en) Method and apparatus for inhibiting unauthorized access to or utilization of a protected device
US3931504A (en) Electronic data processing security system and method
KR100292547B1 (en) Personal Identification Device and Access Control System
US5841868A (en) Trusted computer system
US7873995B2 (en) Method and apparatus for generating and reinforcing user passwords
US4856062A (en) Computing and indicating device
US5091939A (en) Method and apparatus for password protection of a computer
US5643086A (en) Electronic casino gaming apparatus with improved play capacity, authentication and security
US5610981A (en) Preboot protection for a data security system with anti-intrusion capability
KR100268693B1 (en) Information processor having security check function
JPH05173891A (en) File distributing method
EP0481770A2 (en) Data storage medium access verification system
EP0436365A2 (en) Method and system for securing terminals
US20100268961A1 (en) Method and Arrangement for User Validation
JPH06507277A (en) Personal authentication method and device
WO2001015440A8 (en) One time use digital camera
GB2246457A (en) Controlling access to stored data
CN108551451A (en) A kind of multiple-authentication method and system of protection application system permission
DE10348729B4 (en) Setup and procedures for backing up protected data
JPH05231056A (en) Electronic key incorporating individual identifying function
CN100419615C (en) Data protection via reversible data damage
EP0893752A1 (en) Method for identifying users
JP3433142B2 (en) Electronic medical record device
JPH06309214A (en) Data base system
RU2106686C1 (en) Method for protection of access to memory unit against unwanted users and device which implements said method

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)