United States Patent
`
`[191
`
`Francisco
`
`4,845,715
`[11] Patent Number:
`
`[45] Date of Patent:
`Jul. 4, 1989
`
`1541
`
`[761
`
`[21]
`
`[221
`
`[63]
`
`[51]
`[52]
`
`[58]
`
`[56]
`
`METHOD FOR MAINTAINING DATA
`PROCESSING SYSTEM SECURING
`
`Inventor:
`
`Appl. No.;
`Filed:
`
`Michael H. Francisco, 1276. Stradella
`Rd., Los Angeles, Calif. 90077
`65,169
`
`Jun. 17, 1987
`
`Related US. Application Data
`Continuation of Ser. No. 665,786, Oct. 29, 1984, aban-
`doned.
`
`Int. Cl.‘1 ....................... G06F 07/02; G06F 11/28
`US. Cl. ........................................ 371/53; 371/57;
`364/200, 364/286.4
`Field of Search .................. 364/200, 900; 371/21,
`371/51, 53,57
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`3,458,860 7/1969 Shimabukuro ........................ 371/53
`3,806,882
`4/1974 Clarke ............
`.. 364/200
`
`3,984,637 10/1976 Caudill et al.
`.,
`.. 364/200
`
`4,262,329
`4/1981 Bright et a1.
`364/200
`
`364/900
`1/1982 Check. Jr.
`4,310,720
`364/300
`5/1984 Thomas....
`4,446,519
`
`. 364/200
`7/1984 Uchenick.
`4,458,315
`
`5/1935 Amin ...........
`_
`......371/21
`4,519,077
`
`............ 364/900
`4,558,416 12/1935 Pauweelset 51.
`
`Primary Examiner—Eddie P. Chan
`
`[57]
`
`ABSTRACT
`
`A method of maintaining software program integrity
`and security in data processing systems through genera-
`tion of a stored first selective electronic identification
`indicia that is uniquely characteristic of the total num-
`ber of binary 1’s and binary 0’s of a software program in
`association with a stored plurality of selective third
`electronic indicia that individually identify authorized
`users of such program and generating a second elec-
`tronic identifying indicia in response to a request by a
`prospective user for access to said program and releas-
`ing such requested program only when the first and
`second electronic identifying indicia are identical and
`when the requesting user’s identification indicia corre-
`sponds with one of said third stored electronic indicia.
`
`2 Claims, 1 Drawing Sheet
`
`32
`
`
`ELECTRONIC
`ELECTRONIC
`
`
`IDENTIFICATION
`
`10511101011011
`SELECTED
`
`
`
`IIIICIA
`PROGRAM
`IHDICM
`
`
`
`LIBRARY
`GENERATOR
`
`
`
`an 911091111
`30
`
`
`COMPARATOR
`
`
`
`
`USER
`IOEIITIFICATlOll
`
`AUTHORIZED
`
`
`USER
`
`PROFILE
`
`
`
`
`COMPARATOR
`
`
`YES
`
`
`PROGRAM RE LEASEO
`
`GOOG-1004-Page 1 of 5
`
`GOOG-1004-Page 1 of 5
`
`

`

`US. Patent
`
`Jul. 4, 1989
`
`4,845,715
`
`IO
`
`PROGRAM C,DATA
`
`EIO (PROGRAM)
`
`I2
`
`
`EIO I PROGRAM)
`
`
`
`
`PROGRAM A
`
`
`ELECTRONIC
`IDENTIFICATION
`
`
`
` P ROGRAM 3
`INDICIA
`
`GENERATOR
`
`
`I2
`
`
`AUTHORIZED
`ELECTRONIC
`USER
`AUTHORIZED
`
`USER
`IDENIFICATION
`PROGRAM IDENTIFICATION
`
`
`
`
`IDENTIFICATION
`INDICIA
`INDICIA PROFILES
`
`
`
`LIBRARY
`
`IS
`I8
`
`I4
`
`
`
`FIG.|
`
`32
`
`
`
`
`
`ELECTRONIC
`ELECTRONIC
`
`SELECTED
`IDENTIFICATION
`IDENTIFICATION
`
`
`
`PROGRAM
`INDICIA
`INICIA
`
`
`
`
`LIBRARY
` GENERATOR
`
`
`EID PROGRAM
`30
`
`
`COMPARATOR
`
`
`
`AUTHORIZED
`
`USER
`
`USER
`IDENTIFICATION
`
`PROFILE
`
`
`
`
`42
`
`
`
`COMPARATOR
`
`YES
`
`PROGRAM RELEASED
`
`FIG.2
`
`GOOG-1004-Page 2 of 5
`
`GOOG-1004-Page 2 of 5
`
`

`

`1
`
`4,845,715
`
`2
`
`METHOD FOR MAINTAINING DATA
`PROCESSING SYSTEM SECURING
`
`This is a continuation of application Ser. No. 665,786
`filed Oct. 29, 1984, now abandoned.
`
`BACKGROUND OF THE INVENTION
`
`This invention relates to data processing system secu-
`rity and more particularly to a method for maintaining
`integrity through selectively coded preauthorized soft-
`ware program and user identification and subsequent
`automatic authentication of both a selected program
`and permitted user thereof when system resources are
`to be utilized.
`
`BACKGROUND OF THE INVENTION
`
`The maintenance of data processing system security
`poses ever expanding problems due in part to the con-
`tinual
`increase of masses of proprietary information
`being stored in such systems and the continual increase
`in the number of people who are becoming highly
`knowledgeable as to the nature and modes of operation
`of data processing systems and techniques employed
`therein. One area of growing primary concern is the
`controlling of access to, and the maintaining of integrity
`of, proprietary software program material in large busi-
`ness-type concerns, where unauthorized access to pro-
`gram material and/or loss of program integrity in con-
`junction with available stored data can lead to serious
`breaches of system security as well as to serious errors
`that materially affect the proprietary value of the pro-
`gram and the accuracy of information that results from
`usage thereof.
`SUMMARY OF THE INVENTION
`
`The invention may be briefly described as an im-
`proved method for maintaining the integrity of a data
`processing system through controlled authentication
`and subsequent authorization of both selected programs
`and potential users thereof. In its broader aspects, the
`invention includes the generation and storage of a selec-
`tive electronic identification indicia, based upon the
`nature and content of the program itself, for each soft-
`ware program in the system together with a separately
`stored correlation of such electronic identification indi-
`cia with user identity therewith in association with a
`regeneration of such electronic identification indicia
`each time the program is sought to be used and a check-
`ing of said regenerated electronic identification indicia
`against a stored catalog of such identification indicia
`and against a stored permitted user register therefore.
`Among the advantages of the subject invention is a
`markedly improved system security to ensure only utili-
`zation of authenticated programs, the utilization of such
`programs only by authorized users thereof and the im-
`mediate detection of any modifications or changes in-
`troduced into a software program.
`The primary object of this invention is the provision
`of an improved method of maintaining data processing
`system integrity and security.
`Other objects and advantages of the subject invention
`will become apparent from the following portions of
`this specification and from the appended drawings
`which illustrate, in accordance with the mandate of the
`patent statutes, a presently preferred embodiment of a
`method incorporating the principles of this invention.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a schematic flow chart illustrative of library
`type storage of electronic identification indicia for both
`software programs and authorized user profiles there-
`fore;
`FIG. 2 is a schematic flow chart illustrative of the
`practice of the method steps of this invention.
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`Referring to the drawings. the initial step of the prac-
`tice of this invention is the generation of a selective
`electronic identification indicia for each software pro-
`gram that is to be authorized for use within a particular
`information handling system. Such a program, for ex-
`ample. Program A which may broadly be considered as
`an arbitrarily ordered series of actions or instructions. in
`binary form, capable of being interpreted and executed
`by an information processing system for the purpose of
`manipulating information.
`is introduced into an elec-
`tronic identification indicia generator 10. The generator
`10, which is suitably a section of a general purpose
`digital computer. such as an IBM 370 or the like. or a
`preprogrammed microprocessor, such as a MOTOR-
`OLA 68020 microprocessor. or portion thereof,
`is
`adapted to generate a first electronic identification indi—
`cia 12 (BID-Program A) that uniquely and selectively
`identifies the submitted program. By way of example, in
`a relatively simple approach thereto such generator 10
`could generate a selective and unique electronic identi—
`fication indicia by use of a preprogrammed algorithm in
`accord with which the total number of ones and zeroes
`in the binary coded input Program A could be totalled;
`the total number of “ones” multiplied by an arbitrary
`number, e.g. 22;
`the product of such multiplication
`could then be divided by the number of zeros in the
`binary coded program; and the remainder thereof be
`modified by addition to (or subtraction therefrom) of an
`arbitrary number. i.e. 7. The resulting electronic numer-
`ical indicia would then, in all probability. be selectively
`unique for
`the particular program. The algorithm
`would be periodically varied to enhance system secu-
`my.
`This first electronic identification indicia 12 for a
`particular program, herein termed EID (Program A). is
`stored, together with similarly generated indicia for
`other programs B, C, D..., in an EID library 14. which
`could suitably be a read only memory (ROM) or a ran-
`dom access memory unit (RAM).
`The first electronic identification indicia 12 for the
`program, i.e. EID (Program A), is also entered in an
`authorized user profile library 16, again suitably a ROM
`or RAM,
`in correlative relation with an appropriate
`electronic identification of all authorized users thereof.
`As shown, electronic identifications of all authorized
`users are introduced from a source 18 thereof and en-
`tered into the authorized user library 16 and there cor-
`related with the electronic identification indicia of the
`particular programs authorized for usage by each such
`user. This second memory may be considered as an
`authorized user profile as it includes a correlation of
`authorized user identification with all programs which
`each such user is entitled to use.
`As shown in FIG. 2 in the practice of the herein
`disclosed method, a selected program 30 requested to be
`released for use is introduced into an electronic identifi-
`cation indicia generator 32 and to therein generate a
`
`GOOG-1004-Page 3 of 5
`
`GOOG-1004-Page 3 of 5
`
`

`

`4,845,715
`
`3
`second electronic identification signal 34 (EID-Pro-
`gram S). This second electronic identification indicia 34
`is first introduced into a comparator 36 together with
`the first electronic identification indicia 12, for such
`selected program (BID-Program S),
`the latter being
`retrieved from the library 14. Such comparator 36 may
`suitably comprise an automatic logic unit of a general
`purpose digital computer. If such first and second elec-
`tronic identification indicia 12 and 34 for the selected
`Program S do not match, it is indicative of the fact that
`the requested program differs in some respects from the
`base or true program from which the first electronic
`identification indicia 12 (BID-Program S) was derived
`and such lack of match serves as a signal to management
`or to the system monitor to take appropriate investiga-
`tive and corrective action.
`If, on the other hand, the first and second electronic
`identification indicia 12 and 34 match, the selected pro-
`gram 30 is thus indicated to be authentic and in proper
`condition for use. At this time, the electronic identifica-
`tion of the user making the request for access is intro-
`duced into a second comparator 40. The comparator 40
`may again suitably comprise the automatic logic unit of
`a general purpose digital computer. Also introduced
`into the second comparator 40 is the second electronic
`identification indicia 34 emanating from the generator
`32 and the authorized user profile 42 obtained from the
`profile register 16.
`If the paired inputs to the second comparator do not
`match, the requested program 30 will not be released
`for use and an appropriate signal made to the system
`monitor to initiate appropriate investigative and correc.
`tive action. If, however, the paired signal inputs to the
`second comparator 40 provide a match, the requested
`program 30 may be released for use by the particular
`identified user.
`Having thus described my invention, 1 claim:
`1. A method for maintaining the security and integ-
`rity of the content of proprietary software programs in
`data processing systems and wherein each of said pro-
`grams are individually accessable from a central stored
`source thereof and each contain a predetermined num-
`ber of binary 1's and a predetermined number of binary
`0’s therein, comprising the steps of
`counting the number of binary 1’s contained in each
`of said programs,
`counting the number of binary 0’s contained in each
`of said programs,
`generating a first selective electronic identification
`indicia for each of said programs that is uniquely
`characteristic of said total number of binary 1’s and
`total number of binary 0’s therein by applying a
`
`4
`predetermined algorithm to said counted total
`number of binary 1’s and counted total number of
`binary 0’s contained in each of said programs;
`storing said first selective electronic identification
`indicia in a first memory associated with said cen-
`tral stored program source,
`counting, in response to a request by a prospective
`user for access to a particular stored software pro-
`gram, the total number of binary 1‘s and the total
`number of binary 0’s contained in said particular
`requested stored program,
`generating a second selective electronic identification
`indicia for said particular requested stored program
`by applying said predetermined algorithm to said
`counted total number of binary 1’s and counted
`total number of binary 0‘s contained in said particu-
`lar requested program,
`comparing said first selective electronic identification
`indicia for said particular requested program stored
`in said first memory with said second electronic
`identification indicia generated in response to the
`request for access thereto, and
`accessing said requested program to said requesting
`prospective user only when said first selective elec-
`tronic indentification indicia for the requested pro-
`gram is identical with said second selective elec-
`tronic identification indicia for said requested pro-
`gram.
`2. The method as set forth in claim 1 further including
`the steps of generating at least one third selective elec-
`tronic identification indicia uniquely identifying at least
`one user having authorized access to one or more of
`said stored programs,
`storing said first selective electronic identification
`indicia for each of said programs in operative asso-
`ciation with each of said third selective electronic
`identification indicia identifying authorized users
`thereof in a second memory associated with said
`central stored program source,
`generating, at the time of a prospective user request
`for access to a particular program, a fourth selec—
`tive electronic identification indicia representative
`of the identity of said prospective user requesting
`access to said particular software program, and
`making said particular program available to said re-
`questing user only if said first and second selective
`electronic identification indicia are indentical
`to
`each other and said fourth selective electronic indi-
`cia is identical with one of said third selective elec-
`tronic identification indicia stored in said second
`memory.
`I
`t
`i
`t
`*
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`GOOG-1004-Page 4 of 5
`
`GOOG-1004-Page 4 of 5
`
`

`

`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`CERTIFICATE OF CORRECTION
`4,845,715
`
`:
`
`PATENTNO.
`
`:
`DATED
`INVENTOHS):
`
`July 4, 1989
`Michael H. Francisco
`
`It is certified that error appears in the above-identified patent and that said Letters Patent is hereby
`corrected asshouvn belovv:
`
`Title page and Column 1,
`
`line 3,
`
`In the Title, change "SECURING"
`-- SECURITY --;
`
`to
`
`Column 1,
`
`line 2 change "SECURING"
`
`to -- SECURITY -—;
`
`Column 1,
`
`line 8 delete "BACKGROUND OF THE INVENTION".
`
`Signed and Sealed this
`
`Twenty-ninth Day of May, 1990
`
`Arrest:
`
`HARRY F. MANBECK. JR.
`
`
`
`Arresting Oflicer Commissioner of Patents and TrademarksM
`
`
`
`
`GOOG-1004-Page 5 of 5
`
`GOOG-1004-Page 5 of 5
`
`