United States Paten
`
`[19]
`
`Fisherman et al.
`
`'
`
`[54] PERSONAL COMPUTER HARD DISK
`PROTECTION SYSTEM
`
`[75] Inventors: Igor Fisherman, Philadelphia, Pa.;
`Oleg V. Kouznetsov Budapest
`Hungary; Sergey P. Pavlishin,
`Budapest, Hungary; Alexander N.
`sha?lov, Budapest, Hungary
`
`[73] Assignee: YBM Technologies, Inc., Newton, Pa.
`
`[21] Appl. No.: 336,450
`[22] Filed:
`N0“ 9’ 1994
`
`[51]
`
`Int. Cl.t3 .................................................... .. G06F 13/00
`
`[52] US. Cl. . . . . . . .
`
`. . . . . .. 395/479; 395/186; 395/490;
`
`380/4; 364/DIG. 1
`[58] Field of Search .......................... .. 380/3, 4; 395/427,
`395/186, 479, 490
`
`[56]
`
`_
`References Clted
`Us PATENT DOCUME S
`NT
`
`7/1988 Allen et a1. .
`4,757,533
`4,975,950 12/1990 Lentz ........................................ .. 380/4
`gones - - - ' - -
`- - ' --
`Z
`
`l|ll|l|||l|l||IlllllllIllllllllllllllllllllllllllllllllllllllllllllllllllll
`5,586,301
`Dec. 17, 1996
`
`USOO55863 0 1 A
`Patent Number:
`[11]
`[45] Date of Patent:
`
`4034444A1 5/1992 Germany .
`2222899 3/1990 United Kingdom .......... .. G06F 12/14
`2242295A 9/1991 United Kingdom .
`2248324A 4/1992 United Kmgd°m~
`WO90/l2464 10/1990 WIPO ............................ .. HO4L 9/00
`OTHER PUBLICATIONS
`
`MicroSoft Press MS-DOS Programmer’s Reference-Ver
`sion 6 Chapter 3 pp. 19-21, 31-34.
`Terry Dettmann Revised by Allen L. Wyatt DOS Program
`mer’s Reference-4th Ed. pp. 44-51, 228, 229.
`Primary Examiner—T0d R. Swann
`Assistant Examiner—-Frank J. Asta
`Attorney, Agent, or Firm-Caesar, Rivise, Bernstein, Cohen
`& Pokotiiow, Ltd,
`
`ABSTRACT
`[57]
`The personal computer hard disk protection system is
`designed to protect data stored on computer hard disks while
`permitting multiple user operation. The personal computer
`hard disk protection system prevents unauthorized access to
`the hard-disk controller by software applications, and per
`mits safe servicing of requests which use the BIOS. The
`basis for the personal computer hard disk protection system
`functions is the dynamic transformation of tho ?le system to
`the con?guration of the current user. The system is based on
`
`’
`
`’
`
`ones ' ' ' ' ' ‘ ‘ ' ‘ ' ‘ ‘ ' '
`
`' ‘ ‘ "
`
`a hardware device called the protection-program support
`
`5/1995 Jablon et a1. ...................... .. 395/575
`5,421,006
`FOREIGN PATENT DOCUMENTS
`
`'
`1132:‘
`0458718A2 11/1991 European Pat. on. .
`4208777 3/1992 Germany ...................... .. G06F 12/16
`
`module and a set of protection programs’ most of which is
`stored in the protection-program support module. The pro
`tection program support module is an external board and is
`connected to the computer system bus.
`
`29 Claims, 27 Drawing Sheets
`
`;‘ 65
`
`75
`
`V 72
`
`Q‘ 7 0
`
`FIRST
`
`MEMORY
`
`[\74
`ADDRESS
`DE CODER
`
`P68 PROGRAM
`SECOND
`DISCRlM/NA TOR
`MEMORY
`
`mos/mum
`CONTROLLER
`
`-
`
`7’
`
`—
`
`A
`
`>
`
`‘A5
`
`I 5
`
`pl
`
`1”}
`
`U
`
`(58
`ADDRESS BUS
`r60 U
`DA TA BUS
`V62
`CONTROL BUS
`
`U
`
`327
`>
`m
`> 9'51‘
`com/mum
`>
`
`34\ HARD
`DISK
`
`1
`
`EX 1022
`IPR of Pat. No. 6,892,304
`
`

`
`U.S. Patent
`
`Dec. 17,1996
`
`Sheet 1 of 27
`
`5,586,301
`
`
`
`.SEm.SS.uE-xmSLS2.:mo_Eez_
`
`zxmoommEx
`
`>5NkbmxQQQ
`
`
`
`W3.VQUQQD.
`
`mm.32$4.
`
`Emmsemmém\Q
`
`mm:52<1
`
`20CQmkQQQ
`
`>5:<N~fix:E5
`
`Exmmomm
`
`1?‘:E5
`
`Ex
`
`EVEQQQQ
`
`Emmaemm$3
`
`mo_mmmfizfl
`
`kmQMINQZVI
`
`OM,
`
`~SE§NMSm///ESSE28$3-
`
`QkVI
`
`QM<Q\<S...
`
`ES2<mSm\E2mSmmx
`
`SEQS\_
`
`____
`
`
`
`q2$§SoSE28SE28
`
`Q2$§Su
`
`
`
`ZQCQMESE2m=x\m.Su@mmmm.mSEmm_ENVmwQN_
`
`
`
`SmSE28>S:SEQQQ
`
`E<06QEQ
`
`S<k.oQ&Q20\K<2.~Q.Q<
`
`____
`
`_mun
`
`__
`
`2
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 2 0f 27
`
`5,586,301
`
`AAA /
`
`
`
`_lQ~/v mm D
`
`$1828 m2 ESE?B Qé?m 356% Egg
`
`
`
`
`
`
`?m§=§§m sigma mmL KL GEM
`
`mm wm A
`
`
`
`
`
`l \EQE: @388
`
`/\ /\ /\ /\ /\ /\ /\ /\
`
`
`
`\/ \/ 11M \/
`
`Nm/M
`
`mm M
`
`
`
`‘an, vmd
`
`
`
`om U mam @563 V
`
`mam E E V Q
`
`mam 8&28 V b
`
`3
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 3 of 27
`
`5,586,301
`
`XXXXXXXXX
`
`XXX
`
`
`
`m..U~r.~
`
`
`
`HEEEEEIEIHHHHHH.53.§
`
`EHHEEEIEEEEEEEE
`
`m§Immm8<
`
`V‘
`
`E’
`in.
`
`4
`
`
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 4 of 27
`
`5,586,301
`
`IS
`HDPS
`[NI TIAL [ZED
`?
`
`ENTER uSER NAME /
`/ CURNAME
`
`l
`SEARCH USER_LIST FOR
`NUMBER OF ELEMENT IN
`WHICH USER__FIELD.NAME=
`CURNAME
`
`WAS
`SEARCH
`SUCCESSFUL
`?
`YES
`CURUSERNMB=NUMBER
`0F ELEMENT FOUND
`|
`
`/ ENTER USER PASSWORD]
`
`ENTRYPAS SWORD
`
`HAS PASgg/gRD BEEN
`USER_FIELD.PASSWORD! =0
`
`l S PASSWORD
`CORRECT
`ENTRYPASSWORD=
`USER_FIELD. PASSWORD
`
`(ACCESS DENIED )
`
`5
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 5 of 27
`
`5,586,301
`
`USERNMB —
`?
`@__' YES
`CONVERT deSTARTCLUSER FIELDS OF
`DESCRIPTORS WI TH FILEDEF__FIELD.
`USERNMB KEY__FIELD.USERNMB FROM
`VIRTUAL TO REAL VALUES
`
`KEY__FIELD. USERNMB= CURUSERNMB
`
`44
`/
`
`DELETE FAT AND ROOT
`DIRECTORY OF PREVIOUS USER
`I
`“N531? fégggsm?lpm?
`l
`GENERA TE DISK_SPACE_TABLE,
`CLUSTER TABLE, AND FAT
`
`‘T
`
`LOAD
`
`DISK_SPACE_TABLE
`AND ACCESS__MAP
`INTO RAM 0F PPSM
`FIRST MEMORY
`HIDDENZONE
`
`CONVERT DES TAR TCL UST FIELDS IN OPENED
`DIRECTORY ENTRIES ON DISK AND IN
`FILEDEF_LIST
`
`CORRECT FIELDS bsSECTORS OR
`bsHUCESECTORS IN BOOTSECTOR
`I
`F
`INITIALIZE INTERNAL VARIABLES
`OF PROTECTION PROGRAMS
`I
`REPLACE ADDRESS OF INT13 BIOS HANDLER
`WITH ADDRESS OF KEY PROGRAM
`OF REOUES T HANDLER
`
`@ FIG. 5A
`
`6
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 6 0f 27
`
`5,586,301
`
`CHECK CORRE C TNE SS 0F
`DIRECTORY STRUCTURE OF
`DOS LOGICAL DRIVES
`
`44
`
`I S
`D I RE C TORY
`S TRUC TURE
`C DRRE C T
`9
`
`YES
`
`ENTER SUPERVISOR NAME
`SUPNAME AND
`PASSWORD SUPPASSWORD
`
`SEND OUT
`WARNING
`MESSAGE
`
`SET FIRST ELEMENT
`0F USER__LIST .'
`USER_ FIELD. NAME
`=SUPNAME USER_FIELD
`PASSWORD=SUPPASSWORD
`
`END
`
`USER__FIELD.
`PASSWORD:
`ENTRYPASSWORD
`
`GENERA TE USER_LIST,
`KEY_“LIST,
`AND MAIN__FAT
`
`CREA TE
`SYSTEM_LOG
`
`FIG. 5B
`
`7
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 7 0f 27
`
`5,586,301
`
`(
`
`BEGIN )
`
`REALCLUSTER
`REAL CLUSTER NUMBER
`
`IS
`REALCLUSTER
`CORRECT
`
`YES
`FROM ACCESS__MAP,
`SELECT ACCESS_FIELD ELEMENT
`WITH CONTROLMAP NUMBER
`
`ACCESS_FIELD!=(0,0
`
`RETURN_CODE=
`BAD_PA_RAM
`
`VIRTCLUSTER=CURCNT
`
`CURCNT=CURCNT+1
`
`RETURN_CODE=OK
`
`CNTMAP=CNTMAP+1
`
`END '
`
`FIG. 6
`
`8
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 8 of 27
`
`5,586,301
`
`6)
`
`@
`DISK RE DUES T PARAMETER S
`REQ PARAM
`/
`
`REQUEST
`TO FLOPPY DRIVE
`?
`
`' COMMAND
`TO READ 0R
`MODIFY DA TA
`7
`
`DISK-REQUEST
`HANDLER 0F
`INT13H BIOS
`
`' YES
`REFER TO DISK_SPACE__ TABLE
`TO DETERMINE TYPE OF
`REG I 0N BEING ADDRESSED
`
`RE OUE S T
`T0 500 T2 ONE
`?
`
`REQUEST
`TO FA TZ ONE
`?
`
`RE OUE S T
`TO R00 TZ ONE
`?
`
`END
`
`FIG. 7
`
`9
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`- Sheet 9 of 27
`
`5,586,301
`
`RE Q_PARAM.
`CMD =READ
`?
`
`RE Q_ PARAM.
`CMD =READ
`?
`
`NO
`
`RECORD FAILURE TO
`PROVIDE ACCESS IN
`SYSTEM_LOG
`
`GENERA TE "WRI TE PRO TE C T"
`ERROR CODE
`
`ZERO BUFFER WITH
`ADDESS
`REQ_PARAM.
`BUFADDR
`
`FIG. 7A
`
`10
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 10 of 27
`
`5,586,301
`
`RE Q_ PARAM.CMD =READ
`?
`
`NO
`46
`\ SEARCH FOR MODIFIED
`ELEMENT 11v FAT
`
`”0 a
`
`YES
`DETERMINE CLUSTER NUMBER
`MODCLUST FOR ELEMENT
`FOUND
`I
`DETERMINE VALUE OF
`ACCESS_FIELD CORRESPONDING TO
`MODCLUST NUMBER IN ACCESS_MAP
`
`CHECK CORRECTNESS
`OF NEW VALUE
`OF MODIFIED
`FAT FIELD
`
`DETERMINE VALUE OF CLUSTER_FIELD.
`OWNER CORRESPONDING TO MODCLUST
`NUMBER IN CLUSTER=TABLE
`I
`DETERMINE OWNER-DI RE C TORY
`DESCRIPTOR FILEDEF_FIELD
`CORRESPONDING TO CLUSTER_FIELD.
`OWNER NUMBER IN FILEDEF_LIST
`
`I
`
`CHECK C ORRE C TNE SS OF PROPOSED
`CHANGE IN FAT CHAIN OF DI RE C TORY
`
`IS
`MOD/FICA TION
`CORRECT
`?
`
`FIG’. 7B
`
`11
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 11 of 27
`
`5,586,301
`
`46 /
`
`RE Q_ PARAM . CMD =READ
`
`SEARCH FOR MODIFIED
`DIRECTORY ENTRY
`
`DIRECTORY ENTRY
`
`ATTR_READONLY
`CHANG 1N6
`?
`
`CORRECT
`?
`
`START_ CLUSTER: CHECK CORRECTNESS
`deSTARTCLUSTER
`0/.- CHANGES IN
`NEW_ATTRIB=
`DIRECTORY ENTRY;
`deA TTRIBUTES
`
`CORRECT
`CLUSTER__TABLE
`AND
`MAIN_FAT;
`
`CHANCES
`CORRECT
`?
`
`ENTER NEW DIRECTORY
`ENTRY INTO
`FILE__DEF_ LIST;
`
`PRO TE C TI ON CONTROL
`COMMAND HA NDL ER
`
`END
`
`FIG. 7C
`
`READONLY
`FOR NEW DIRECTORY
`ENTRY
`?
`
`(CONT'D ON F1070)
`
`12
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 12 of 27
`
`5,586,301
`
`(co/vr’p FROM F1676)
`
`46 /
`
`DETERMINE VALUE OF
`CLUSTER__FIELD.
`OWNER CORRESPONDING TO
`deS TAR TCL US TER
`NUMBER IN CLUSTER__TABLE
`
`DETERMINE DESCRIPTOR OF
`OWNER OF MODIFIED DIRECTORY
`ENTRY FROM CLUSTER_FIELD.
`OWNER NUMBER IN FIELD__LIST
`
`COPY NEW VALUE OF DIRECTORY
`ENTRY INTO FIELD
`FILEDEF__FIELD. DIRENTRY
`
`WAS FILE
`ALL OCA TI ON
`CHANGED
`?
`
`CORRECT CLUSTER_TABLE
`- AND MAIN_FAT
`
`(I)
`
`FIG. 7D
`
`13
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 13 of 27
`
`5,586,301
`
`45' /
`
`DETERMINE NUMBER OF
`ADDRESSED CLUSTER VIRTNUMB
`
`PROGRAM FOR CONVERTING VIRTUAL
`CLUSTER NUMBER INTO REAL NUMBER
`AND DETERMINING ACCESS RIGHTS
`
`DETERMINE REAL ADDRESS SECADDR
`
`REQ_PARAM.CMD=READ
`
`ACCESS_FIELD= (I, I)
`
`ACCESS__FIELD= (I, O)
`
`FIG’. 7E
`
`14
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 14 of 27
`
`5,586,301
`
`RETURN_CODE=
`BAD_PARAM
`
`(
`
`BEGIN )
`
`VIRTCLUSTER
`REAL CLUSTER NUMBER
`
`1S
`VIRTCLUSTER
`CORRECT
`?
`YES
`FROM ACCESS_MAP,
`SELECT ACCESS_FIELD ELEMENT
`WITH CONTROLMAP NUMBER
`
`ACCESS_FIELD!=(O, 0
`
`YES
`
`CURCNT=VIRTCLUSTER
`
`YES
`
`REALCLUST=CNTMAP
`
`’ CURCNT=CURCNT+1
`
`RETURN_ CODEIOK
`
`C NTMAP = CNTMAP + 1
`;____
`
`END
`
`FIG. 8
`
`15
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 15 of 27
`
`5,586,301
`
`50
`
`@
`
`ENTER uSER PASSWORD
`USER PSW
`f
`EXECUTE COMMAND
`"IDENTIFY USER"
`
`USER
`ENTERS
`PASSWORD
`
`WAS
`COMMAND
`SUCCESSFULL Y
`EXECUTED
`'2
`
`I
`
`OBTAIN COMMAND CODE
`CMD_CODE FROM USER
`
`I
`
`USER @
`ENTERS
`COMMAND
`
`CMD_CODE=
`END USE OF
`PROGRAM
`
`CMD__ CODE =
`CHANCE
`PASSWORD
`
`OBTAIN NEW PASSWORD
`W W
`N __PS |FROM uSER
`EXECUTE COMMAND
`"CHANCE PASSWORD"
`
`h
`
`USER
`ENTERS
`PASSWORD
`
`O
`
`3
`
`WAS
`COMMAND
`SUCCESSFULL Y
`EXECUTED
`'?
`
`YES
`
`FIG’. 9
`
`A
`ISSUE ERROR MESSAGE
`I
`
`G)
`
`16
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 16 of 27
`
`5,586,301
`
`50
`\
`CMD__CODE=
`CHANCE
`NAME
`
`0 i
`EXECUTE DOS
`FUNCTION 430111
`(SET FILE ATTR/BUTES)
`FOR SPECIFIED FILE
`
`USER
`
`NAME
`
`WAS
`
`SUCCESSFUL L Y
`PERFORFORMED
`
`NEW_ NAME FROM USER
`I
`E XE CU TE COMMAND
`
`"CHANGE NAME " é
`
`CMD_CODE=
`CHANGE
`FILE PROTECTION
`A TTRIBUTE
`
`OBTAIN COMPLETE FILE
`NAME FILE__NAME
`AND NEW ATTRIBUTES
`NEW_ATTRIB FROM USER
`
`USER
`ENTERS
`FILE NAME
`AND ATTRIBUTES
`
`N EW__ ATTRIB
`CON TA INS
`ATTR_READ ONLY
`
`EXECUTE COMMAND
`"PERMIT CHANCE OF FILE
`ATTRIBUTES "
`
`WAS
`COMMAND
`SUCCESSFULL Y
`EXECUTED
`7
`
`YES
`
`FIG. 9A
`
`17
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 17 0f 27
`
`5,586,301
`
`PERFORM PROGRAM
`COMMAND
`"OB TA 1 N STA TUS
`OF CURRENT USE "
`
`CMD_CODE=
`DELETE USER
`
`OBTAIN NAME OF
`USER 70 BE
`DELETED
`USER__NAME
`
`USER
`ENTERS
`NAME
`
`ISSUE MESSAGE
`FOR IMPROPER
`COMMAND CODE
`
`EXECUTE COMMAND
`T0 DELETE
`USER
`
`CMD_CODE=
`REGISTER
`NEW USE
`
`OBTAIN NAME OF
`NEW USER
`USER_NAME
`
`1155/;
`ENTERS
`NAME
`
`EXECUTE COMMAND
`TO RE 6‘! STER
`NEW USER
`
`OBTAIN COMPLETE
`FILE NAME
`FILILNAME
`AND NAME OF
`USER TO WHOM
`_FILE [5 TO BE
`TRANSF ERRED
`
`USER
`ENTERS
`NAMES
`
`EXECUTE COMMAND
`"CHANGE FILE STA TUS "
`
`@
`
`FIG. 9B
`
`18
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 18 of 27
`
`5,586,301
`
`@ /8
`
`CMD.CODE- COMMAND CODE,
`COMMAND PARAME TE RS
`NO
`CMD-CODE:
`CHANGE NAME
`?
`N0
`CMD . CODE:
`CHANGE PASSWORD
`?
`N0
`
`YES
`
`YES
`
`EXECUTE COMMAND
`"CHANGE NAME "
`L5
`
`E XE CU TE COMMAND
`"CHANGE PASSWORD "
`LE
`
`CMD.CODE=
`CHANCE FILE PROTECT/0
`A TTRIBUTE
`
`YES
`
`EXECUTE CDMMAND
`mHA/vgg FILE
`A TTRIBUTE"
`
`' N0
`
`N0 CURUSERNMB=O .9 YES
`
`CMD.CODE=
`"PERM/T ATTRIBUTE CHANG
`
`YES
`
`L__ '
`
`EXECUTE COMMAND
`"PERMIT CHANCE
`OF FILE ATTRIBUTE"
`L“
`
`No
`
`) CMD.CODE=
`CHANGE FILE STATUS
`?
`N0
`CMD.CODE=
`REGISTER NEW USER‘
`?
`
`YES
`
`EXECUTE COMMAND
`"PERMIT CHANCE
`0F FILE STA ms"
`L“,
`
`YES
`
`W3‘
`
`Afg?Mlj‘é‘gR ,,
`l__~
`
`EXECUTE COMMAND
`"DELETE USE "
`l___
`
`N0
`CMD.CODE=
`DELETE USER
`?
`No
`RETURN_ CODE=UNDEF_CODE
`
`YES
`
`@ FIG. 10
`
`19
`
`

`
`US. Patent
`
`Dec. 17, 1996
`
`Sheet 19 of 27
`
`5,586,301
`
`US ER_ NAME- NAME
`OF USER TO BE
`REGISTERED
`
`CHECK TD TAL NUMBER OF
`PREVIOUSL Y REGISTERED
`SYSTEM USERS
`
`CHECK WAS
`SUCCE SSE UL
`?
`
`CHECK IF USER_NAME
`MATCHES NAMES 0F
`PREVIOUSL Y REGISTERED
`USERS
`
`RETURN_CODE=
`N()_SPACE
`
`CHECK WAS
`SUCCESSFUL
`?
`
`ALLOCA TE USER__FIELD
`FOR USER
`
`RETURN_CODE=
`BAD_ PARAM
`
`USER_ FIELD.NAME=
`USER__NAME
`
`RETURN_CODE=OK
`
`END
`
`FIG’. 11
`
`20
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 20 of 27
`
`5,586,301
`
`BEGIN
`
`
`
`
`USER_NAME- NAME
`OF USER TO BE
`DELETED
`
`
`
`
`SEARCH USER_LIST FDR
`USER_FIELD DESCRIPTOR
`
`IN WHICH NAME:
`
`USER_ NAME
`
`
`WAS SUCH
`
`DESCRIPTOR FOUND
`
`?
`
`
`
`
`DESCRIPTOR NOT
`FIRST IN LIST
`7
`
`USER_NMB= DESCRIPTDR
`NUMBER FROM LIST
`
`RETURN_CODE=
`BAD_PARAM
`
`
`
` SEARCH FILEDEF__LIST
`FOR DESCRIPTORS OF
`
`
`PERSONAL FILES 0F USER
`
`USER_NMB: FILE_FIELD.
`
`USERNMB=USER__NMB
`
` WAS(WERE)
`
`
`
`FILE
`(OR FILES)
`FOUND
`7
`
`
`
`
`
`
`
`RETURN_CODE=
`LIST_NOT__EMPTY
`
`
`
`
`USER_ FIELD.NAME=O
`USER__FIELD. PASSWORD=O
`
`RETURN_CODE=OK
`
`EN”
`
`FIG. 12
`
`21
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 21 of 27
`
`5,586,301
`
`BEGIN
`
`FILE_NAME: FULL NAME OF FILE;
`USER_TO: NAME OF USER TO
`WHOM FILE IS TO BE TRANSFERRED,
`
`OR PUBLIC
`
`
`EXTRACT DIRECTORY NAME A
`FROM FILE FILE_NAME:
`DIR_NAME= DIRECTORY NAME;
`FILE_NAME: FILE NAME
`
`
`
`
`SEARCH FILEDEF_LIST FOR DIRECTORY
`DESCRIPTOR FOR DIRECTORY DIR_NAME
`
`WAS
`
`
`
`DESCRI P TOR FOUND
`?
`
`
`
`
`
`
`
`
`
`
`LOG DESCRIPTOR NUMBER IN LIST:
`DIR_REF= NUMBER OF DESCRIPTOR
`IN LIST
`
`
`
`
`
`
`
`
`SEARCH FILEDEF_LIST FOR FILE
`DESCRIPTOR FOR FILE_NAME IN WHICH
`DIRENTRY. deNAME= FILE_NAME. NAME,
`DIRENTRY. deEXTENSION=
`FILE_NAME. EXTENSION,AND
`DIRREF=DIR_REF
`
`
`
`
`
`
`
`
`
`WAS
`
`
`
`DESCRI P TOR FOUND
`?
`
`RETURN__CODE=
`NOT__FOUN D
`
`
`LOG NUMBER OF USER TO WHOM
`FILE_NAME BEL ONGS .'
`
`USER_ FROM=FILE_ FIELD. USERNMB
`
`
`
`FIG. 13 g
`
`
`
`
`
`A USER_TO=USER_F'ROM
`
`22
`
`22
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 22 of 27
`
`5,586,301
`
`USER_TO_PUBLI
`?
`
`YES
`
`
`NEW-STATUS=PUBLIC
`
`
`
`N EW_ STATUS=PRIVATE
`
`CHECK CORREC TNESS 0F
`
`USER__TO
`
`[S USER_TO
`
`USER-T0:
`CURUS?ERNM :
`
`
` CALCULATE VIRTUAL CLUSTER
`
`
`
`NUMBER (VIRTUAL_CLUSTER)
`FROM REAL VALUE GIVEN 1/v
`FILE_FIELD. deSTARTCLUSTER
`
`
`
`
`
`CORRECT E
`
`USER__FRO
`PUBLIC
`7
`
`USER__TO
`CURUS7ERNM
`
`FILE_ FIELD.
`deSTARTCLUSTER:
`
`REAL_ CLUSTER
`
`CAL CULA TE REAL CLUSTER
`
`VALUE (REAL_CLUSTER)
`FROM VALUE IN
`
`FILE_FIELD.
`
`deSTARTCLUSTER
`
`
`
`
`
`
`
`FILE_ FIELD.
`deSTARTCLUSTER:
`REAL_CLUSTER
`
`
`
`FILE_ FIELD. STATUS:
`
`NEW_ STATUS
`
`
`
`
`
`
`
`FILE_ FIELD.USERNMB=
`
`
`(CONT’D 0/v FIG. 733)
`
`1314
`
`23
`
`
`
`23
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 23 of 27
`
`5,586,301
`
`(CONT’O FROM FIG.
`
`73,4)
`
`
`
`USER_TO=
`
`PUBLIC
`
`
`
`
`?
`
`E
`
`E
`
`
`
`SET FILEDEF__FIELD.
`
`
`STATUS: PUBLIC IN ALL
`
`DESCRIPTORS OF DIRECTORY
`CHAIN OF FILES TO
`
`
`35 TRANS/-‘ERRED
`
`
`
`RETURN_CODE=OK
`
`RETURN-C0DE=
`BAD PARAMETER
`
`END
`
`FIG’. 13B
`
`24
`
`24
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 24 of 27
`
`5,586,301
`
`BEGIN
`
`START_CLUSTER:START CLUSTER OF FILE;
`NEW_ATTRIB: VALUE or NEW ATTRIBUTE
`(READONLY/READWRITE)
`
`
`
`
`SEARCH FILEDEF_LIST FOR FILE DESCRIPTOR
`
`(FILEDEF_FIELD) IN WHICH deSTARTC/_US7'ER=
`START_CLUSTER
`
`RETURN_CODE=
`NOT_FOUND
`
`
`
`
`WAS
`
`DESCRIPTOR FOUND
`7 ,
`
`
`
`
`YES
`
`
`
`NEW ATTRIB=
`ATTR__ READONLY
`
`
`
`N0
`
`MODIFRO=1
`
`)/E5
`
`RETURN__CODE=
`WRITE_PROTECT
`
`(FILEDEF__FIELD) IN WHICH DIRREF:
`FILEDEF_FIELD. DIRREF AND deATTRIBUTES
`ATTR_READONLY
`
`SEARCH FILEDEF_LIST FOR FILE DESCRIPTORS
`
`
`CHANCE ATTRIBUTES OF CHAIN OF DIRECTORY
`DESCRIPTORS IN ACCORDANCE WI TH
`NEW*ATTRIB
`
`FILEDEF_FIELD.deATTRIBUTES:
`NEW_ATTRIB
`
`RETURN__CODE=OK
`
`F] 14
`
`MODIFRO=O
`
`END
`
`25
`
`
`
`WERE
`DESCR I P TORS FOUND
`?
`
`25
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 25 of 27
`
`5,586,301
`
`
`
`
`
`
`
`SET NEW PASSWORD OF CURRENT
`USER USER_FIELD .
`PASSWORD=NEW__PSW
`
`
`
`
`
`NEW_PSW: NEW USER PASSWORD
`
`RETURN_CODE=OK
`
`FIG. 15
`
`
`
`SET NEW NAME OF CURRENT
`USER USER__FIELD.
`NAME=NEW__NAME
`
`NEW_NAME: NEW USER NAME
`
`
`
`
`
`
`RETURN_CODE=OK
`
`
`
`FIG. 16
`
`26
`
`
`
`
`
`26
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 26 of 27
`
`5,586,301
`
`
`
`
`
`CURUSERNMB=O
`
`USER__STATUS=
`
`SUPERVISOR
`
`USER_STATUS=O
`
`
`
`
`
`
`
`
`USER_ NAME:
`
`USER_FIELD. NAME
`
`RETURN_CODE=OK
`
`FIG. 17
`
`
`
`USER_PSW: PASSWORD
`OF USER TO BE
`IDENTIFIED
`
`
`
`
`
`CHECK IF USER__PSW
`IDENTI CAL T0 USER_FIELD.
`PASSWORD OF CURRENT USER
`
`
`
`
`
`
`
`
`105/v 71 CAL
`7
`
` ' PASSWORD
`
`RETURN_CODE=OK
`
`RETURN__CODE=
`BAD___ PARAM
`
`
`
`FIG. 18
`
`27
`
`27
`
`

`
`U.S. Patent
`
`Dec. 17, 1996
`
`Sheet 27 of 27
`
`5,586,301
`
`
`
`MODIFYRO=1
`
`
`RETURN__CODE=OK
`
`
`
`
`FIG. 19
`
` ENTER COMMAND TO
`
`SWITCH PPSM TO
`PASSIVE ‘MODE INTO
`PROGRAMMABLE
`CONTROLLER
`
`
`
`CALL REOUES T
`
`
`
`
`
`
`
`ENTER COMMAND TO
`SWITCH PPSM TO
`ACTIVE MODE INTO
`PROGRAMMABLE
`CONTROLLER
`
`RE TURN CONTROL TO PROGRAM
`REOUESTING SERVICING
`
`FIG’. 20
`
`28
`
`28
`
`

`
`1
`PERSONAL COMPUTER HARD DISK
`PROTECTION SYSTEM
`
`5,586,301
`
`2
`
`FIELD OF THE INVENTION
`
`The invention pertains to apparatus for protecting data
`stored on a computer from inadvertent or intentional distor-
`tion.
`In particular,
`this invention concerns a hard disk
`protection system that protects data stored on a personal
`computer system that is accessible to a plurality of users.
`
`10
`
`BACKGROUND OF THE INVENTION
`
`The most general and progressive approach to shared
`information processing using personal computers is to join
`the computers into a local area network (LAN). LAN’s
`facilitate data gathering and allow more eflicient use of
`personal computer memory. However, these networks also
`provide favorable conditions for the rapid spread of pro-
`grams known as computer viruses, and thus increase the risk
`of massive distortion of the information on the personal
`computer hard disks. LAN’s are particularly vulnerable to
`computer viruses which distort information for the purpose
`of causing economic loss to the information owners.
`Because of the enormous losses caused by existing viruses
`and the continual
`introduction of new viruses, personal
`computers have to be equipped with protection subsystems
`which prevent the deliberate distortion of information. How-
`ever, despite the wide variety of available file-protection
`subsystems, computer crime statistics indicate that computer
`viruses are as dangerous as ever and are still capable of
`causing enormous losses to personal computer users. Users
`of personal computers connected in LAN’s have a much
`higher risk than users of isolated computers. Therefore, there
`is still an urgent need to improve the methods and means of
`protecting computer files, especially for LAN-linked com-
`puters.
`
`An analysis of current methods and means of protecting
`V computer files shows that the most reliable protection is
`provided by subsystems which use dedicated hardware to
`support the protection programs. One particularly efliective
`way of protecting computer files is to use specialized
`processors acting as a connecting link between the central
`processor and the file storage device. A typical example of
`a highly reliable protection subsystem is the computer file
`protection subsystem developed and patented by Empirical
`Research System, Inc. (Computer File Protection System:
`International-Publication No. WO 90/13084, C06F 12/14.
`Application submitted Apr. 19, 1989, published Nov. 1,
`1990). This subsystem can be accessed by the operating
`system for modifications only during installation. The hard-
`ware for this subsystem includes programmable external
`memory and a programmable external control device. The
`programmable control device is based on a digital micro-
`processor and is installed as an intermediate link between
`the central processor and the file storage device. The pro-
`grammable control device monitors the control logic signals,
`the address signals, and the data signals formed by the
`central processor. An auxiliary memory stores file-access
`criteria established by the supervisor. The control device
`checks for file access authorization and prevents access
`attempts that do not meet
`the established criteria. The
`control device also reads the signatures of all the protected
`files and compares the signatures of the loaded files with the
`reference signatures. To store the file signatures, the con-
`troller creates a protected memory region that is inaccessible
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`29
`
`to the operating system. In the event of any deviation from
`the established protection criteria, the protection subsystem
`prohibits the use of the computer.
`An obvious disadvantage of the above-described sub-
`system is that any user can view the disk directories. This
`circumstance permits complete viewing of the disk directo-
`ries, and encourages unsanctioned activity by users wishing
`to study and distort the data of other users. Another obvious
`disadvantage of the above-described subsystem is that the
`hardware serving as the intermediate link between the
`central processor and the file storage device must be located
`on a board which connects to the file storage device or on the
`boards of other devices. As a result, this protection sub-
`system requires additional hardware and does not provide
`the most eflicient use of the existing hardware.
`
`OBJECTS OF THE INVENTION
`
`Accordingly, it is the general object of this invention to
`provide apparatus which address the aforementioned needs.
`It is another object of this invention to eliminate the need
`to monitor requests at the operating system level and at the
`modular device driver level of the personal computer.
`It is yet another object of this invention to require less
`complicated hardware.
`
`SUMMARY OF THE INVENTION
`
`invention are
`These and other objects of the instant
`achieved by providing a hard disk protection system for
`protecting data stored on a hard disk of a personal computer
`that is available to a plurality of users. The hard disk has
`logical disk structure including an operating system having
`logical drives. The system comprises protection programs
`that interpret the logical drives as a fixed set of zones on the
`hard disk for a particular user and wherein each of the fixed
`set of zones have respective access rules. The system also
`includes a hardware module responsive to the protection
`programs, that either allows or denies access to the hard disk
`based on the access rules. The hardware module has a first
`memory that is inaccessible to the central processing unit
`and a second memory that
`is accessible to the central
`processing unit.
`
`DESCRIPTION OF THE DRAWINGS
`
`Other objects and many of the attendant advantages of
`this invention will be readily appreciated as the same
`becomes better understood by reference to the following
`detailed description when considered in connection with the
`accompanying drawings wherein the structure and func-
`tional organization of the data protection and sharing system
`are illustrated in the following drawings:
`FIG. 1 is a structural block diagram of the hard disk
`protection system installed in a computer;
`FIG. 2 is a structural block diagram of the protection
`program support module;
`
`FIG. 3 shows the scheme for forming virtual disk space;
`FIG. 4 shows the scheme for converting a virtual cluster
`number into a real cluster number;
`FIGS. 5—5B is a flow chart of the protection initialization
`program;
`
`FIG. 6 is a flow chart of the program which converts a real
`cluster number into a virtual cluster number;
`FIGS. 7—7E is a flow chart of the disk-request handler;
`
`29
`
`

`
`3
`
`4
`
`5,586,301
`
`FIG. 8 flow chart of the program which converts a virtual
`cluster number into a real cluster number;
`FIGS. 9—9B is a flow chart of the protection control
`program;
`
`FIG. 10 is a flow chart of the protection control command
`handler;
`FIG. 11 is a flow chart of the program for processing the
`command to register a new user;
`FIG. 12 is a flow chart of the program for processing the
`command to delete a user;
`
`10
`
`FIGS. 13—13B is a flow chart of the program for process-
`ing the command to change the status of a file;
`FIG. 14 is a flow chart of the program for processing the
`command to change the protection attribute of a file;
`FIG. 15 is a flow chart of the program for processing the
`command to change a user password;
`FIG. 16 is a flow chart of the program for processing the
`command to change a user name;
`FIG. 17 is a flow chart of the program for processing the
`command to obtain the user’s status;
`
`FIG. 18 is a flow chart of the program for processing the
`command to identify the user;
`FIG. 19 is a flow chart of the program for processing the
`command to permit a change in a file attribute; and
`FIG. 20 is a flow chart for a key program.
`
`DESCRIPTION OF THE INVENTION
`
`to the various figures of the
`Referring now in detail
`drawing wherein like reference characters refer to like parts,
`there is shown at 20 in FIG. 1, a personal computer hard disk
`protection system (HDPS) that comprises a hardware mod-
`ule 22, known as the protection-program support module
`(PPSM), and protection software 24. At this juncture, it is
`necessary to point out that the PPSM 22 is subject matter of
`U.S. application Ser. No. 08/269,591 (now U.S. Pat. No.
`5,483,649), assigned to the same assignee as this invention
`and whose disclosure is incorporated by reference herein.
`As shown in FIG. 1, a conventional personal computer
`system basically comprises application software 26, an
`operating system 28 (e.g., DOS or WINDOWS, etc.) and a
`basic input/output system (BIOS) 30. Typically, access to the
`hard disk controller 32 (and, thereby, the hard disk 34 itself)
`from the application program 26 is via the entry point 34 to
`the standard BIOS handler known as INT 13H BIOS, as
`shown by paths 36A—36C. In some cases, access from the
`application program 26 to the hard disk controller 32 is
`direct, as shown by path 36D.
`However, with the HDPS 20 coupled to the personal
`computer system, as will be discussed in detail later, the
`HDPS 20 prevents direct access to the hard-disk controller
`34 by the application program 26 (as indicated by the
`hatched access path line 36D) and ensures security for disk
`access using the BIOS disk—request handler 38. In order to
`verify and ensure the security of disk requests using INT
`l3H BIOS, the HDPS 20 uses a link 40 with the BIOS input.
`This link 40 is established by modifying the interrupt vector
`table to replace the address of the original handler of INT
`13H BIOS with the address of the key program of the
`disk—request handler, which will also be discussed later.
`
`The protection software 24 comprises a set of protection
`programs which create service data 42 for use in the HDPS
`20 processes. These service data 42 of the protection pro-
`grams are a separate information component. The set of
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`30
`
`protection programs includes a protection initialization pro-
`gram 44, a disk—request handler 46, a control-command
`handler 48, a protection control program 50, and a set of key
`programs, which includes the initial key program 52, the
`command-handler key program 54, and the request-handler
`key program 56.
`The set of protection programs is stored on the hard disk
`34 and in the PPSM 22. In particular, the protection control
`program 50 is stored as an ordinary file on the hard disk 34.
`The other protection programs are stored in the PPSM 22.
`The PPSM 22 provides hidden storage of the protection
`programs and establishes a logical relationship between the
`ability to access the hard disk 34 and the execution phase of
`the protection programs. As shown in FIG. 2, the PPSM 22
`comprises an external board connected to the system bus
`(i.e., the address bus 58, data bus 60 and control bus 62) of
`the personal computer, and has two operating modes: active
`and passive. In the active mode, the PPSM 22 hides the
`protection programs from the central processing unit 64
`(CPU) and prevents the CPU 64 from accessing the hard
`disk 34. In the passive mode, the PPSM 22 permits the
`protection programs to be read, and does not affect the
`access to the hard disk 34 by the CPU 64. In order to obtain
`free access to the hard disk 34, the CPU 64 must switch the
`PPSM 22 to the passive mode, and to do this, the CPU 64
`must use one of the key programs. The reason for the use of
`the key programs is that the PPSM 22 determines the type
`of program which is attempting to change the status, and the
`PPSM 22 allows a change in its status only if flags are
`present indicating that the key program is active. After the
`PPSM 22 is switched to the passive mode, the key program
`transfers control to the protection programs stored in the
`PPSM 22.
`
`The PPSM 22 comprises a first memory 66, a second
`memory 68, a programmable controller 70, and a program
`discriminator 72. The first memory 66 stores the protection
`programs and can be made inaccessible to the CPU 64. The
`second memory 68, which is always accessible to the CPU
`64, stores the set of key programs which are used to change
`the status of the PPSM 22. The programmable controller 70
`prevents access to the hard disk 34 and forbids access to the
`first memory 66. The CPU 64 can program the mode of the
`programmable controller 70 only when a signal is present
`indicating that one of the key programs is active. The
`program discriminator 72 determines the type of program
`acting on the programmable controller 70 and establishes a
`logical relationship between the ability to switch the PPSM
`22 mode and the type of program acting on the program-
`mable controller 70. If flags are present indicating that one
`of the key programs is active, the program discriminator 72
`allows the entry of information into the programmable
`controller 70. Otherwise, the program discriminator 72 does
`not permit the entry of information in the programmable
`controller 70. The PPSM 22 also includes an address
`decoder 74 and an AND gate 76. The details of the operation
`of the PPSM 22 are set forth in U.S. application Ser. No.
`08/269,591 (now U.S. Pat. No. 5,483,649).
`The basis for the protection of data stored on the hard disk
`34 is the dynamic conversion of the file system to the
`configuration of the current user. The file system is con-
`verted by masking the clusters occupied by data that are not
`to be accessed by the current user and then representing the
`free disk space as being continuous. It should be noted at this
`juncture that the hard disk 34 comprises standard MS-DOS
`logical disk structure, i.e., the disk space is divided into a
`boot sector, a first copy of a file allocation table (FAT1), a
`second copy of the file allocation table (FAT2) and a root
`
`30
`
`

`
`5
`
`5,586,301
`
`6
`
`directory, with the remainder of the disk space allocated for
`file storage. Conventional logical disk structure is discussed
`in the “DOS Programmer Reference 4th Edition” by Terry
`Dettmann (copyright 1993) and in the “MS-DOS Program-
`mer’s Reference Manual” by Microsoft Corporation (copy-
`right 1993), both of which forms are incorporated by refer-
`ence herein.
`
`During the protection process, each logical drive of the
`MS-DOS operating system 28 is interpreted by the HDPS 20
`as a fixed set of zones of the disk space, with different access
`rules for each zone.
`
`The first zone called the BootZone, occupies the disk
`space from the sector containing the description of the
`logical-drive partition to the loading sector of the disk,
`inclusive. Access to this disk zone is permitted for reading
`only.
`
`The second zone, called the FatZone, occupies the disk
`space from the first sector of the first copy of the logical-
`drive FAT to the first sector of the root directory of the disk.
`Access to this zone is permitted for reading and writing. Any
`writing operation is preceded by verification of the correct-
`ness of the proposed changes, and writing will not be
`permitted if an attempt is made to write incorrect data.
`The third zone, called the RootZone, occupies the disk
`space from the first
`to the last sector of the disk root
`directory, inclusive. The operations of reading and writing
`are permitted for this zone. Before writing operations, the
`proposed changes are analyzed in order to prevent unsanc-
`tioned changes to the directory entries for the protected files
`and directories.
`
`The fourth zone called the ClustZone, occupies the disk
`space from the first sector of the first cluster of the disk to
`the beginning of the next zone, which is described below.
`Access to this zone is permitted for reading and writing.
`Before writing operations, the proposed changes are ana-
`lyzed in order to prevent unsanctioned changes in the
`protected files and directories.
`
`The fifth zone called the HiddenZone, occupies disk space
`at the end of the logical drive and is used to store HDPS data
`structures which are used for the operation of the system. No
`programs are permitted access to this zone for reading or
`writing. The contents of the disk loading sector are changed
`so that the disk space occupied by this zone is excluded from
`the disk space accessible to the operating system.
`The process of file-system