WO2002019064A2 - Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique - Google Patents

Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique Download PDF

Info

Publication number
WO2002019064A2
WO2002019064A2 PCT/CA2001/001239 CA0101239W WO0219064A2 WO 2002019064 A2 WO2002019064 A2 WO 2002019064A2 CA 0101239 W CA0101239 W CA 0101239W WO 0219064 A2 WO0219064 A2 WO 0219064A2
Authority
WO
WIPO (PCT)
Prior art keywords
dhw
file
dsp
storage device
cpu
Prior art date
Application number
PCT/CA2001/001239
Other languages
English (en)
Other versions
WO2002019064A3 (fr
Inventor
Conleth Buckley
Original Assignee
Conleth Buckley
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Conleth Buckley filed Critical Conleth Buckley
Priority to CA002420889A priority Critical patent/CA2420889A1/fr
Priority to AU2001287444A priority patent/AU2001287444A1/en
Publication of WO2002019064A2 publication Critical patent/WO2002019064A2/fr
Publication of WO2002019064A3 publication Critical patent/WO2002019064A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • the present invention relates generally to computer systems, and more specifically to a method and system for preventing the unwanted alteration of data and programs stored in a computer system.
  • computer viruses pose a serious threat to the secure storage of computer data.
  • the term computer virus generally relates to any software code which has been designed to enter a computer and perform an undesired function. Once this code has entered a computer, that computer is said to have been "infected" by the virus.
  • Computers are most often infected by viruses as a result of introducing software code which has virus code buried within it.
  • This software is typically introduced via an input device such as a disk drive, or via a communication network such as the Internet. Once the software code containing the virus is executed, the virus is activated.
  • a virus cait Upon being activated, a virus cait perform a wide variety of functions. These functions can consist of relatively harmless functions such as posting an unwanted message on one's monitor or adding additional words to an existing document. These functions, however, can also be very serious and may include occupying all available memory or destroying data and programs stored on the computer or on the hard drive.
  • viruses have been made to try to limit and prevent the damage caused by computer viruses.
  • the most common method of detecting and removing viruses is via anti- virus software packages.
  • These anti-virus programs known as virus scanners, detect viruses by searching for binary signatures (patterns of code) of known viruses. Upon detection of a virus the user is notified and the virus is removed.
  • virus scanning software One limitation of virus scanning software is that the virus protection offered is reactive. That is to say, a virus can only be detected once the binary signature of a particular virus is known and added to the viras-scanning database. Thus, users are not offered any protection against newly created viruses.
  • DHW Downloadable hardware. The design file that describes the hardware attributes.
  • DSP Secure downloadable platform. The hardware where the DHW is loaded.
  • PKS A password key system which consists of one or more of the following methods of limiting access to the DSP and/or the storage device protected by the DSP: a series of reads or writes to a series of locations in the storage device; the timing of these writes; challenge/response where the writes depend on the values read. It also includes using any one or more of the following methods: sharing secret knowledge; probabilistic challenges; multi-level passwords; and a one time pad. A feature of this method is that there are many pieces of secret information required to access a storage device.
  • PASS CODE Is the string that the users send to the application program, e.g. a password
  • PKS is the method that describes the interaction between the apphcation programs and the DSP.
  • ONE TIME PAD A sequence of secret numbers which the anti-virus application program uses to identify itself to the DSP.
  • RANGE A sequence of blocks for which a particular access applies.
  • ACCESS The manner of actions that can occur to the blocks specified in a range; these actions may be one or more of the following: ability to write the block; read the block; translate the read or write from one block to another; to cause an interrupt Control Section: one or more blocks where instructions are passed from the CPU to the DSP.
  • One aspect of the invention is described as a method for preventing unwanted alterations of data and programs stored in a computer system comprising the steps of: obtaining a pass code; implementing a profile to prescribe the treatment of at least one command signal in response to the PKS obtained; monitoring data transferred between a CPU and a storage device for a cornmarid signal and; responding to at least one command signal based on the implemented profile.
  • Another aspect of the invention is defined as a system for preventing unwanted alterations of data and programs stored in a computer system
  • a computer system comprising: A central processing unit (CPU); a secure platform circuit (DSP); a storage device; the DSP being operable to: obtain a pass code; the DSP being operable to: implement a profile to prescribe the treatment of at least one command signal in response to the pass code obtained; monitor data transferred between the CPU and the storage device; respond to the at least one command signal based on the implemented profile.
  • CPU central processing unit
  • DSP secure platform circuit
  • Another aspect of the invention is defined as a secure computer platform for down-loadable hardware (DHW) comprising die steps of: monitoring for the reception of a DHW file; determining whether the DHW file is permitted to be installed in response to receiving the DHW file; installing the DHW file in response to determining tiiat the DHW file is permitted to be installed.
  • DHW down-loadable hardware
  • Another aspect of the invention is defined as a system for providing a secure computer platform for down-loadable hardware comprising: a central processing unit (CPU); a secure platform circuit (DSP); the CPU being operable to: monitor for the reception of a DHW file; determine whether the DHW file is permitted to be installed in response to receiving the DHW file; the DSP being operable to: install the DHW file in response to determining that the DHW file is permitted to be installed.
  • CPU central processing unit
  • DSP secure platform circuit
  • Figure 1 is a block diagram of a computer system as known in the prior art
  • Figure 2 is a block diagram of a system for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention
  • Figure 3 is a flow chart of a method for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention
  • Figure 4 is a flow chart of a method for updating information stored in the protected area of a hard disk in a preferred embodiment of the invention
  • Figure 5 is a flow chart of a method for providing a secure computer platform for downloadable hardware in an embodiment of the invention
  • Figure 6 is a flow chart of a method for providing a secure computer platform for downloadable hardware in a preferred embodiment of the invention. Detailed Description of the Invention
  • the present invention is directed to a method and system for preventing the unwanted alteration of data and programs stored in a computer system which substantially obviates one or more of the problems due to limitations and disadvantages of the related art.
  • FIG. 1 shows a computer system 100 as is well known in the prior art.
  • Figure 1 shows various input 102, output 104, network communication 106 and storage 108 devices physically linked to a central processing unit (CPU) 110.
  • CPU central processing unit
  • a virus similar to any other software application, is merely a list of instructions which can be carried out by the CPU. Thus, if these instructions include deleting data stored on the computer's hard disk (a storage device), that function will be performed. This is because the instructions provided by a virus are indecipherable to the CPU from those provided by legitimate software applications. Thus, if the CPU is unable to detect the existence of a virus there is nothing to prevent its instruction from being effected.
  • FIG. 2 A block diagram of an embodiment of the present system is shown in Figure 2.
  • the system itself 200 includes a central processing unit (CPU) 202, downloadable secure platform (DSP) 204 and a storage device 206.
  • the DSP 204 includes circuitry capable of carrying out the method steps of the present invention.
  • Said circuitry includes flash memory 208 and a field programmable gate array (FPGA) 210.
  • An FPGA is a programmable logic chip which includes numerous arrays of logic block functions and logic gates.
  • the FPGA is programmable to perform a variety of complex functions by modifying the manner in which said gates are interconnected.
  • the flash memory 208 is utilized to store information necessary for programming the FPGA.
  • the flash memory 208 loads the FPGA 210 with the appropriate circuit design for implementing the methodology of die application and including the invention.
  • the storage device 206 included in the system is a hard disk drive.
  • the present invention is not limited to employing a hard disk drive and could include any means for storing data including: PDA (personal digital assistant); cell phones; biological storage; floppy disks, CD ROM's or zip disks to name a few.
  • the present invention is not limited to an FPGA and could also be implemented using an ASIC with some loss of capabilitiesit .
  • the metiiodology initiates at step 300 wherein a pass code is obtained from a variety of possible sources.
  • the pass code could be obtained by prompting an end user for pass code via a software system installed on said end user's computer.
  • the user may command an application program to transmit a PSK to the DSP.
  • the DSP only accepts PSK's, not user passcodes. PSK's can be very complex.
  • a PSK could be obtained remotely from an end user or an additional computer linked to the CPU via a communication network.
  • the DSP can be configured to allow access to some parts of the storage device, therefore, no PSK need be received by the DSP unless a change in profile, or other change is desired.
  • a PSK is a sequence of bits which are sent to the DSP at step 302, by transferring a sequence of bytes (groups of binary data) from the CPU to the storage device.
  • the PSK is used for identifying the various command signals which a CPU may send to the storage device. This list of available command signals which may be sent by the CPU to the storage device is known as a profile.
  • the CPU does not have to be aware that there is a DSP present. The CPU will access the storage device transparently as long as not access is made to a prohibited area.
  • the DSP Upon receiving a pass code the DSP then implements a profile to prescribe the treatment of command signals which can be passed to die storage device based on die PKS forwarded from the CPU 304. This is achieved by enabling the FPGA with a profile implementation associated with the PKS obtained. These various implementations which area associated with the various PKS codes are stored within the flash memory of the DSP or in the storage device.
  • a command signal can include any write or read signals directed to the storage device. Write and read signals being directions to save to or retrieve data from the storage device respectively.
  • the methodology Upon detecting the transfer of a command signal, the methodology continues at step 306 wherein the DSP responds to the command signal transferred based on the profile implemented within the DSP.
  • the DSP responds by allowing the command signal to be passed to the storage device. That is to say, the DSP becomes transparent.
  • the implemented profile does not allow for the desired command to be effected, the DSP can respond in a number of ways. First, the DSP can simply prevent the transfer of the command signal to the storage device. Additionally, the DSP can cause an interrupt to be sent back to the CPU to notify the end user, or other computers attached via a communication network, that the desired command is restricted.
  • the DSP could either deny access to die area, or, translate the address ranges to which the write signal is directed to an unprotected area of the storage device.
  • the DSP could translate the address ranges to which the read signal is directed to an unprotected area of the storage device, or could deny it and cause and interrupt.
  • This methodology can protect against the unwanted alterations of computer data and programs, particularly as the result of computer viruses, in the following ways.
  • the PKS serves the function of selecting a profile which determines die command signals a particular CPU will be allowed to send to its corresponding storage device.
  • the PKS serves the function of selecting a profile which determines die command signals a particular CPU will be allowed to send to its corresponding storage device.
  • one can prevent the unwanted alteration of data stored in a computer system by limited the various command signals which are forwarded to a computer's storage device. For example, by merely identifying a range of protected addresses and restricting write signals to these addresses, one can protect against the unwanted alteration of the data stored therein. This is because, as mentioned previously, a virus program operates by initiating a number of unwanted commands to a computer's storage device. If, therefore, a CPU's ability of initiate these commands are restricted, the command signals within a virus will be similarly restricted.
  • the PKS concept could also be utilized to minimize any damage caused by a virus where multiple persons or computers share a single storage device. This could be achieved by providing numerous users of a particular computer, or various computers on a network, with distinct pass codes, which implies distinct PKS for the DSP. The different pass codes could then be used to restrict the user's or computer's, access to particular commands and areas with respect to the storage device. The access any particular user would have to the storage device would be stored within the user's or computer's particular profile. Each user may have many profiles and many PKS which will be managed by an application program. For example, the range of addresses to which each end user or computer could write to can be limited.
  • Additional levels of protection could also be achieved in the system by varying the means by which a pass code is obtained. For example, each attempt to enter a pass code or PKS could be monitored. Therefore, the number of pass code or PKS attempts could be limited to a prescribed value. Thus, snooping viruses, which attempt to bypass security systems by trying all permutations of a particular code, could be guarded against. As an additional level of security the length of the pass code could be increased or the complexity of the PKS could be increased in the event a snooping virus is detected. This would increase the number of permutations and add an additional level of protection against said snooping viruses. Similarly, snooping viruses could be prevented by requiring the pass code to be entered within a particular time period.
  • a timer into the process of obtaining a pass code or PKS.
  • a clock could be incorporated into the process of obtaining a pass code or PKS. Said clock would serve the purpose of limiting the validity of a pass code or PKS to certain time periods. For example said clock could be used to limit the validity of a pass code or PKS to one particular time period (e.g. Jan 1, 2000) or to a recurring time period (e.g. working hours).
  • a secondary pass code This secondary pass code would provide an end user, or computer on a network, with the abihty to modify the pass code necessary to access their particular profile.
  • the secondary pass code feature woidd be beneficial in that a pass code or PKS could be modified in the event of detecting a failed pass code attempt. Multiple passwords could also be used to enable the system.
  • a challenge response system is yet another alternative.
  • a challenge response system operating between the anti-virus application program and the DSP is one by which the program is challenged to return a value when given a number.
  • the challenge response cycle may be repeated a number of times for security.
  • a "one time" pass code could be utilized. That is to say, a different pass code is required each time the circuitry is accessed.
  • circuitry could also be configured to "learn" the locations of programs to protect This is useful when said system is employed in an operating system which does not know the actual locations of data stored on the computer's storage device. This achieved by writing a start file and an end file marker to the beginning and end of the data which is being protected. Thus the hardware can be made aware of the range of the files to protect.
  • a method for updating the information stored within a protected area of the computer's storage device.
  • the method initiates at step 400 wherein the FPGA is implanted witii a profile (PI) which allows one to read part of the contents of the storage device.
  • the profile is then changed to one that allows writing to a temporary area within the storage device (P2).
  • a new file e.g. a new software application
  • a copy of the existing data to be overwritten is then written to the temporary area as well 406.
  • the FPGA is then implemented with the original profile (PI) to ensure that the data copied to the temporary area is correct 408.
  • the FPGA is implemented with a third profile (P3) which allows one to overwrite files which have been recently copied to the temporary area 410.
  • P3 a third profile
  • the new files are then copied to the protected area previously occupied by the files to be overwritten 412.
  • the FPGA is then programmed with the original profile (PI) to ensure the files have been properly updated 414.
  • the methodology terminates with the FPGA being programmed with P2 such that the old files can be deleted if necessary 416.
  • a methodology fpr providing a secure platform for downloadable hardware is shown in another embodiment of the present invention.
  • a methodology for providing a secure platform for downloadable hardware is shown in another embodiment of the present invention.
  • the methodology presented in Figure 5 initiates at step 500 wherein the CPU monitors various input or network communication devices for the reception of a DHW file. Upon receiving a DHW file, the CPU then determines whether the DHW file is permitted to be installed in the DSP 502. In a preferred embodiment of the invention this step of determining whether the DHW is permitted to be installed occurs by umtizing a series of Keys and encryptions. An example of a Key and encryption algorithm employed in a preferred embodiment of the invention is described below in further detail with respect to Figure 6. The methodology terminates at step 504, wherein the DHW file is installed in the DSP in response to determining that said DHW is permitted to be installed.
  • this methodology ensures that the only DHW files capable of being installed in one's DSP are those which are intended for that particular DSP.
  • this methodology is beneficial in that it provides a secure means for updating the implementation stored in the DSP.
  • the PKS provides a method so that incorrect access to a particular lock within a predetermined number of attempts, or/and time, causes the current PSK to be voided and a new longer identity string and a new longer password assigned. This process is repeated as many times as is desired. This implies that the probability of breaking the lock gets worse with repeated trials and at the same time the probability that die lock could be made un- openable goes down.
  • a flow chart outlining the steps of the key and encryption algorithm utilized in a preferred embodiment of the present invention is shown in Figure 6.
  • the methodology initiates at step 600 wherein a completed DHW file is made into an electronic file (FI).
  • a key (Kl ) is then attached to the electronic file (FI) to create a new electronic file (F2) 602.
  • a key is a secret password which includes a series of characters for restricting an end user's access to an electronic file.
  • the first key (Kl) serves the purposes of ensuring each (F2) is unique based on the DSP it is targeted for. This prevents the wrong, or virus contaminated, DHW form reaching the DSP.
  • a second key (K2) is then utilized to encrypt the electronic file (F2) 604.
  • said file could be encrypted using any number of encryption engines.
  • Each DSP could have a different encryption engine.
  • a third key (K3) is then employed by the DSP to allow the encrypted electronic file F2 to be transferred to a hard-disk protected configuration area (HDCA) via the DSP 606.
  • the HDCA is a temporary storage within the storage device utilized for purpose of storing the DHW file while it is being authorized.
  • This third key (K3) is merely a pass code, utilized by the DSP, allowing the F2 to be written to the HDPA.
  • the encrypted electronic file is then decrypted using the second key (K2) 608. This key would have to be provided to an end user to decrypt the encrypted electronic file (F2).
  • the first key (Kl) is extracted from the file leaving only the original electronic file (FI) 610.
  • the first key (Kl) is the compared to a key stored with the particular DSP circuitry 612. If the key supposed with the electric file (FI) matches that stored within the DSP circuitry, the file (FI) is installed in the DSP 614. This occurs by the DSP retrieving the decrypted filed (FI) from the HDPA and installing said file (FI) into the flash memory 208. As mentioned previously, the flash memory would then program the FPGA with the new implementations as specified in the electronic file (FI).
  • the key referred to in the preferred embodiment is not limited to a single password including a series of characters for enabling a user to access the electronic file.
  • Said Key could also include a series of transactions wherein various nit (as opposed to bytes) are sent to the DSP form the CPU on a periodic basis.
  • the above methodology is used for the purpose of updating DHW for virus protection.
  • said methodology could be easily adapted to provide a secure platform for downloading any DHW.
  • the preferred embodiment of the hardware of the invention is to build the DSP in the disk storage device circuit board or disk storage assembly.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé et un système permettant d'empêcher des modifications non souhaitées de données et de programmes stockés dans un système informatique. Le système décrit dans cette invention utilise un réseau de portes programmable par l'utilisateur afin de commander l'accès à un dispositif de stockage. L'utilisateur peut accéder à différents profils par l'intermédiaire de mots de passe. Les différents profils constituent différents paramètres de commande permettant d'accéder au dispositif de stockage. Le réseau de portes peut être reprogrammé de temps en temps à l'aide de fichiers électroniques téléchargeables. La sécurité est assurée pendant le téléchargement grâce à des clés et à des techniques de chiffrement.
PCT/CA2001/001239 2000-09-01 2001-08-31 Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique WO2002019064A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA002420889A CA2420889A1 (fr) 2000-09-01 2001-08-31 Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique
AU2001287444A AU2001287444A1 (en) 2000-09-01 2001-08-31 Method and system for preventing unwanted alterations of data and programs stored in a computer system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US22985900P 2000-09-01 2000-09-01
US60/229,859 2000-09-01

Publications (2)

Publication Number Publication Date
WO2002019064A2 true WO2002019064A2 (fr) 2002-03-07
WO2002019064A3 WO2002019064A3 (fr) 2003-04-24

Family

ID=22862948

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2001/001239 WO2002019064A2 (fr) 2000-09-01 2001-08-31 Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique

Country Status (3)

Country Link
AU (1) AU2001287444A1 (fr)
CA (1) CA2420889A1 (fr)
WO (1) WO2002019064A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086005A1 (fr) * 2004-03-05 2005-09-15 Secure Systems Limited Systeme et procede de controle d'acces a une partition
WO2015092817A1 (fr) * 2013-12-20 2015-06-25 Cyient Limited Système et procédé de sécurisation d'un système de commande industriel
US9237171B2 (en) 2011-08-17 2016-01-12 Mcafee, Inc. System and method for indirect interface monitoring and plumb-lining
US9483645B2 (en) * 2008-03-05 2016-11-01 Mcafee, Inc. System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
EP0851358A2 (fr) * 1996-12-31 1998-07-01 Sun Microsystems, Inc. Sécurité pour système de traitement de données
WO1999021094A2 (fr) * 1997-10-20 1999-04-29 Quickflex, Inc. Dispositif materiel de securite reconfigurable et procede de fonctionnement
EP0945775A2 (fr) * 1998-03-16 1999-09-29 Fujitsu Limited Appareil de stockage de donneés et méthode de commande de mot de passe
EP0949556A2 (fr) * 1998-04-08 1999-10-13 Fujitsu Limited Méthode de commande d'accès, dispositif et support de stockage
WO1999056428A1 (fr) * 1998-04-27 1999-11-04 Motorola Inc. Appareil et procede de lecture d'un programme dans un processeur

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
EP0851358A2 (fr) * 1996-12-31 1998-07-01 Sun Microsystems, Inc. Sécurité pour système de traitement de données
WO1999021094A2 (fr) * 1997-10-20 1999-04-29 Quickflex, Inc. Dispositif materiel de securite reconfigurable et procede de fonctionnement
EP0945775A2 (fr) * 1998-03-16 1999-09-29 Fujitsu Limited Appareil de stockage de donneés et méthode de commande de mot de passe
EP0949556A2 (fr) * 1998-04-08 1999-10-13 Fujitsu Limited Méthode de commande d'accès, dispositif et support de stockage
WO1999056428A1 (fr) * 1998-04-27 1999-11-04 Motorola Inc. Appareil et procede de lecture d'un programme dans un processeur

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086005A1 (fr) * 2004-03-05 2005-09-15 Secure Systems Limited Systeme et procede de controle d'acces a une partition
US8397026B2 (en) 2004-03-05 2013-03-12 Secure Systems Limited Partition access control system and method for controlling partition access
US9483645B2 (en) * 2008-03-05 2016-11-01 Mcafee, Inc. System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code
US9237171B2 (en) 2011-08-17 2016-01-12 Mcafee, Inc. System and method for indirect interface monitoring and plumb-lining
WO2015092817A1 (fr) * 2013-12-20 2015-06-25 Cyient Limited Système et procédé de sécurisation d'un système de commande industriel
KR20160138374A (ko) * 2013-12-20 2016-12-05 웨스팅하우스 일렉트릭 컴퍼니 엘엘씨 산업 제어 시스템을 보안화하기 위한 시스템 및 방법
CN106462137A (zh) * 2013-12-20 2017-02-22 西屋电气有限责任公司 用于保障工业控制***的***和方法
KR102251600B1 (ko) * 2013-12-20 2021-05-12 웨스팅하우스 일렉트릭 컴퍼니 엘엘씨 산업 제어 시스템을 보안화하기 위한 시스템 및 방법

Also Published As

Publication number Publication date
CA2420889A1 (fr) 2002-03-07
AU2001287444A1 (en) 2002-03-13
WO2002019064A3 (fr) 2003-04-24

Similar Documents

Publication Publication Date Title
US7716743B2 (en) Privacy friendly malware quarantines
EP3779745B1 (fr) Authentification de pointeur code pour commande de flux de matériel
CN1353365A (zh) 在非安全编程环境中安全密码的使用方法
AU2008203454A1 (en) Systems & Methods for Preventing Unauthorized Use of Digital Content
AU2001292910A1 (en) Systems and methods for preventing unauthorized use of digital content
JP2006134307A (ja) アンチウィルスソフトウェアアプリケーションの知識基盤を統合するシステムおよび方法
US10970421B2 (en) Virus immune computer system and method
WO2007084263A2 (fr) Création d'un environnement relativement unique pour des plates-formes informatiques
US7266688B2 (en) Methods for improved security of software applications
US20100211992A1 (en) Data security apparatus
US11132438B2 (en) Virus immune computer system and method
GB2384885A (en) System and method for protection of data stored on a storage medium device
US10592697B1 (en) Virus immune computer system and method
US10614232B2 (en) Storing and using multipurpose secret data
CN111868723A (zh) 病毒免疫计算机***和方法
WO2002019064A2 (fr) Procede et systeme permettant d'empecher des modifications non souhaitees de donnees et de programmes stockes dans un systeme informatique
US20210004472A1 (en) Storing and using multipurpose secret data
Skormin et al. Detecting Malicious Codes by the Presence of Their “Gene of Self-replication”
AU2002219852B2 (en) Systems and methods for preventing unauthorized use of digital content
Piromsopa et al. Defeating buffer-overflow prevention hardware
EP2883185A2 (fr) Appareil et procédé de protection de données stockées
KR102321497B1 (ko) 악성코드 감염 차단 시스템 및 방법
WO2023140826A1 (fr) Dispositif et procédés de protection de systèmes informatiques contre un accès non autorisé
CN115917542A (zh) 数据保护***
da Silveira Serafim et al. Restraining and repairing file system damage through file integrity control

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2420889

Country of ref document: CA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP