WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Computer system including a transparent and secure file transform mechanism    
United States Patent5584023   
Link to this pagehttp://www.wikipatents.com/5584023.html
Inventor(s)Hsu; Mike S. C. (1518 Ambergrove Dr., San Jose, CA 95131)
AbstractA computer system including a file transform mechanism, such as encryption, compression, encoding, translation and conversion, a file storage subsystem for storing a file composed of one or more blocks of data, a data storage subsystem for storing blocks of data in first and second logical data areas and a processor for executing instructions implementing a computer operating system in the first logical data area and an application program in the second logical data area. The processor is coupled to the file storage subsystem and the data storage subsystem for transferring a predetermined block of data between the file storage subsystem and the data storage subsystem. The processor includes (1) a transform mechanism, defined within the operating system, for transforming the predetermined block of data in the first logical data area separately from any other block of data; (2) a request mechanism, defined by the application program, for selecting the predetermined block of data to be operated on; and (3) an interface that controls the transfer of the predetermined block of data between the file storage subsystem and the data storage subsystem and between the first and second logical data areas. The interface can determine whether the predetermined block of data is transformed. The interface controls the transfer of the predetermined block of data from the file storage subsystem to the data storage subsystem and between the first and second logical data areas, transforming the data as required.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5584023
Computer system including a transparent and secure file transform mechanism - US Patent 5584023 Drawing
Computer system including a transparent and secure file transform mechanism
Inventor     Hsu; Mike S. C. (1518 Ambergrove Dr., San Jose, CA 95131)
Owner/Assignee    
Patent assignment
All assignments
Publication Date     December 10, 1996
Application Number     08/175,192
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     December 27, 1993
US Classification     707/204 710/68 711/164 712/209 713/165 717/136 718/100
Int'l Classification     H04L 009/32 G06F 009/44 G06F 012/14 H03M 007/30
Examiner     Gossage; Glenn
Assistant Examiner    
Attorney/Law Firm     Fliesler, Dubb, Meyer & Lovejoy
Address
Parent Case    
Priority Data    
USPTO Field of Search     395/425 395/600 395/650 395/725 395/700 395/404 395/405 395/406 395/412 395/413 395/419 395/438 395/439 395/490 395/888 395/479 395/491 380/4 380/3 380/23 380/25
Patent Tags     computer including transparent secure file transform mechanism
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5463772
Thompson
707/101
Oct,1995
[0 after 0 votes]		5175852
Johnson

Dec,1992
[0 after 0 votes]
5113442
Moir
713/167
May,1992
[0 after 0 votes]		5052040
Preston
713/165
Sep,1991
[0 after 0 votes]
5007082
Cummins

Apr,1991
[0 after 0 votes]		4780905
Cruts
380/44
Oct,1988
[0 after 0 votes]
4588991
Atalla
713/165
May,1986
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


I claim:

1. A computer system including a file transform mechanism, said system comprising:

a) a file storage subsystem that provides for the storage of a file composed of one or more blocks of data;

b) a memory providing for the storage of blocks of data in first and second logical data areas within said memory;

c) a processor, including programming, providing for the execution of instructions implementing a computer operating system in said first logical data area and an application program in said second logical data area, said processor being coupled to said file storage subsystem and said memory to permit the transfer of a predetermined block of data between said file storage subsystem and said memory, said processor including

i) a transform function, defined by the execution of instructions of said computer operating system, for translating said predetermined block of data between first and second data representations in said first logical data area separately from another block of data;

ii) a request function, defined by the execution of instructions of said application program, for selecting said predetermined block of data to be operated on by the execution of instructions of said application program in said second logical data area; and

iii) an interface function, defined by the execution of instructions of said computer operating system and coupled to said transform function and said request function, that controls the transfer of said predetermined block of data between said file storage subsystem and said memory and between said first and second logical data areas of said memory, said interface function determining whether said predetermined block of data is in said first or second data representations and wherein said interface function, responsive to said request function, controls the transfer of said predetermined block of data from said file storage subsystem to said memory and from said first logical data area to said second logical data area selectively through said transform function.

2. The computer system of claim 1 wherein said file storage subsystem further stores authentication data with respect to said file, said authentication data relating said first and second transform representations of said data blocks of said file.

3. The computer system of claim 2 wherein said authentication data is accessible by said interface function and used in determining whether said predetermined block of data is in said first or second data representation.

4. The computer system of claim 1, 2, or 3 wherein execution of said transform function provides for the performance of at least one transform from a set of transforms including encryption, compression, encoding, translation and conversion.

5. A computer system including a file encryption mechanism, said system comprising:

a) a file store providing for the storage of a file including one or more blocks of data;

b) a memory store providing for the storage of blocks of data in first and second logical data areas; and

c) a processor coupled to said memory store and said file store for executing instructions implementing a computer operating system as stored in said first logical data area and an application program as stored in said second logical data area, said processor providing for the controlled transfer of a predetermined block of data between said file store and said data store means, said processor including:

i) an encryption routine, defined by the execution of instructions of said computer operating system, for encrypting and decrypting said predetermined block of data in said first logical data area separately from another block of data;

ii) a request routine, defined by the execution of instructions of said application program, for selecting said predetermined block of data to be operated on by the execution of instructions of said application program in said second logical data area; and

iii) a system interface routine, defined by the execution of instructions of said computer operating system and responsive to said request routine, that controls the transfer of said predetermined block of data between said file store and said data store and between said first and second logical data areas of said data store, said system interface routine determining whether said predetermined block of data is encrypted as stored by said file store, said system interface routine selectively directing the transfer of said predetermined block of data between said first and second logical data areas through said encryption routine.

6. The computer system of claim 5 wherein said file store further stores file attribute data defining predetermined attributes of a corresponding file stored by said file store, said file attribute data including a file encryption attribute.

7. The computer system of claim 6 wherein said file attribute data is accessible by said system interface routine and wherein said file encryption attribute is used to determine whether said predetermined block of data is encrypted.

8. A mechanism providing for transparent key based file protection in a computer system including a processor, main memory and a mass storage device, wherein the processor executes an operating system stored within the main memory, wherein execution of the operating system establishes kernel and application data spaces within the computer system, and wherein the operating system includes a system call interface supporting a plurality of operating system calls and a memory access routine executable by the processor providing for the transfer of a block of data between the kernel and application data spaces within the main memory and between the main memory and a mass storage device that provides for the storage of a file including one or more blocks of data, said mechanism comprising:

a) a key dependant data transformation routine provided in said kernel data space, executable by the processor and coupleable to the memory access routine, for selectively transforming a predetermined block of data of a predetermined file between first and second data representations based on a transformation key that is arbitrarily related to the data of said predetermined block of data; and

b) an interface routine interposed between the system call interface and the memory access routine within said kernel data space, said interface routine being coupled to the memory access routine to control the transfer of said predetermined block of data between the kernel and application data spaces, said interface routine determining whether said predetermined block of data is in said first or second data representation when stored in said predetermined file, said interface routine selectively providing for the transfer of said predetermined block of data between through said key dependant data transformation routine whereby said predetermined block of data is transformed between said first and second data representations transparently with respect to an application executable in said application data space.

9. The mechanism of claim 8 wherein the memory access routine includes a plurality of memory access subroutines that provide for reading said predetermined block of data from said predetermined file, writing said predetermined block of data to said predetermined file, and establishing file characterization attributes associated with said predetermined file, wherein said interface routine includes a plurality of transformation control subroutines that are associated respectively with said plurality of memory access subroutines, and wherein each of said transformation control subroutines may determine whether said predetermined block of data is in said first or second data representation by examination of said file characterization attributes associated with said predetermined file.

10. The mechanism of claim 9 wherein the file characterization attributes associated with said predetermined file includes predetermined key validation data, wherein a predetermined password is associated with a predetermined application program executable in said application data space, said interface routine including a data representation transformation table established with respect to said predetermined application program for use by said key dependant data transformation routine, wherein the contents of said data representation transformation table is data dependant on said predetermined password.

11. The mechanism of claim 10 wherein the operating system provides for application programs to be executed within processes and wherein the operating system includes a fork routine for instantiating a predetermined child process related to a predetermined parent process within which said predetermined application program is executed, said interface routine including a fork subroutine that is associated with said fork routine, and wherein said fork subroutine associates said data representation transformation table with said predetermined child process, whereby said predetermined child process transparently inherits said predetermined password in connection with the instantiation of said predetermined child process.

12. The mechanism of claim 8, 9, 10, or 11 wherein said key dependant data transformation routine performs at least one transform from a set of transforms including encryption, compression, encoding, translation and conversion.

13. A key-based transparent file encryption system for use in a computer system employing a processor for executing programs, a file system providing for the storage of program and data files, a memory coupled to the processor and providing for the storage of programs and data, and an operating system including a program interface for receiving a plurality of system call types and a plurality of system call subroutines that implement the file oriented system calls, said key-based transparent file encryption system comprising:

a) an encryption routine implementing a key based encryption algorithm that, upon execution by the processor, provides for the encryption and decryption of a predetermined file dependant on the value of a predetermined encryption key; and

b) an interface module including a plurality of system call subroutine wrappers interposed between the execution control path between the program interface and the plurality of system call subroutines, said interface module providing for the transfer of said predetermined file selectively subject to the function of said encryption routine, said interface module determining from predetermined attribute data provided with said predetermined file whether said predetermined file will be in an encrypted state as stored by the file system, said interface routine further operating to authenticate a predetermined password against the attribute data provided with said predetermined file where said predetermined password is associated with a predetermined application program that provides a data transfer system call to the program interface with respect to said predetermined file, said interface module selecting said encryption routine to encrypt or decrypt said predetermined file as transferred between said predetermined application program and the file system where said predetermined password is authenticated and where said predetermined file is in an encrypted state as stored by the file system.

14. The key-based transparent file encryption system of claim 13 wherein the encryption and decryption of said predetermined file by said encryption routine is dependant on said predetermined password as an encryption key.

15. The key-based transparent file encryption system of claim 14 wherein said predetermined application executes within a predetermined process of a plurality of processes executed by the processor under the control of the operating system, wherein said predetermined process and a forked process related as a child to said predetermined process is associated with a predetermined data structure established in said interface module in connection with the authentication of said predetermined password, and wherein said predetermined data structure includes an encryption table generated by said interface module based on said encryption key, said interface module providing for the inheritance of an association with said predetermined data structure by said forked process, whereby selective transformations of file data between encrypted and decrypted states are transparent to said predetermined application and any application executed in said forked process.

16. The key-based transparent file encryption system of claim 13, 14 or 15 wherein respective instances of said predetermined attribute data are attached to the files as stored by the file system that have been encrypted by said interface module, and wherein said predetermined attribute data includes an encrypted copy of a predetermined data string that is used in authenticating said predetermined password and predetermined flag data defining the encryption state of the attached file .
 Description Submit all comments and votes
 


Appendix I found on pages 43 through 76 of the specification as originally filed is now filed microfiche appendix consisting of one microfiche with 36 frames.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention is generally related to computer based file service extension systems and, in particular, to an extension system for at least multi-tasking computer systems where a secure, block oriented file service mechanism is employed transparently within the function of the operating system.

2. Description of the Related Art

As communal access to and use of computer systems increases, there is an increased demand for control over access rights to and transformation of computer data on an individualized basis. Computer systems are continuing to evolve toward and in the nature of multi-user systems, both directly and indirectly through a heterogeneous architecture of single-user, single-user multi-tasking and multi-user inter-networked systems possessing a remote file sharing capability. Thus, there is increased access capability to computer data maintained in a common logical file system. Furthermore, the file state and transformation requirements of varying data formats increases with the potentially greater number of users and application programs that may access the computer data files.

Conventional operating system based file access and protection mechanisms typically depend on file attribute and access list controls. These mechanisms are, however, inadequate to provide a sufficient level and transparency of security and control. In brief, attribute based controls are typically used to define read, write and execute permissions exercisable by the user, or file owner, a user group, or other, meaning all. Access list controls rely on the existence and maintenance of a predefined list of users that have been granted access rights to a file. Unfortunately, at least the system administrator, or super user, and the access list administrator are not preclusively bound by these permission restrictions. Therefore, access to the data content of a file is not secure against the super user or others who may inappropriately have or gain super user status. An error in the use or function of an application program that modifies the file attributes or control list also results in a security failure.

Conventional file protection mechanisms, incorporated within broader functioning application programs, generally provide for the encryption of the entire data file. These dedicated protection mechanisms are completely independent of file attribute and access list controls. There are, however, a number of drawbacks to the use of such application based protection mechanisms. Each such application program must entirely implement a proprietary protection methodology, such as encryption to ensure the security of the data files specifically associated with the program. Consequently, there is a nearly universal data incompatibility between such programs thereby precluding use or even simple access to common data by different applications.

Use of a dedicated encryption program otherwise independent of any suite of broad function application programs, i.e., an encryption utility program, solves the data file incompatibility problem. However, such encryption programs must generally be executed separately from and prior to the execution of other application programs. Execution also typically results in the restoration of a complete unencrypted data file within the logical file system. Aside from the practical difficulties of dealing with encrypted and decrypted versions of the same data file presumably closely co-resident within the logical file system, the unencrypted data file is no more secure than potentially obtained by conventional reliance on the file attribute and access control mechanisms previously described. Typically, the management of file attribute and access controls is sufficiently tedious, particularly when considered in combination with the separate need to execute and manage the encryption/decryption steps separate from the execution of other application programs, that these additional controls are not implemented. Consequently, the decrypted data file obtained by use of an encryption utility program represents a potentially greater security exposure.

Automatic or transparent file security systems have been proposed, such as the one disclosed in U.S. Pat. No. 5,007,082, issued to Cummins, on Apr. 9, 1991. There, an encryption mechanism is implemented through the addition of a hardware specific software based control routine at the basic input/output (I/O) system (BIOS) level of an operating system. This routine provides for the simple selective re-vectoring of the lowest level file transfer BIOS functions, specifically the floppy diskette access operations, through a file encryption routine. The entire file is automatically encrypted or decrypted when written or read from the diskette. In addition, a global "decryption flag," is stored uniquely in the computer memory and not with the diskette files. This flag is utilized to specify whether a specific diskette is to be treated as an encrypted or ordinary data file store quite independent of the specific files stored on the diskette. Where data is to be transferred to or from an encrypted diskette store, the data is encrypted within the memory of the computer system at the lowest level of the operating system and then only for the duration of the actual data transfer. Cummins specifically teaches that all in-memory data buffers need to store the data file in an unencrypted state in order to ensure operational compatibility with all potentially executing application programs.

A number of obvious vulnerabilities to the secure function of the Cummins mechanism exist. The revectoring approach is vulnerable to simple restoration of the original vectors, thereby bypassing the encryption control routine. Unencrypted diskette data files can then be freely prepared.

The use of a global flag signifying continuing use of the encryption control routine also provides a single, simple point for disabling the function of the encryption routine. Reliance on this flag is not specific to any specific user or file but rather to an entire computer system. Once modified, the security of the entire system is breached irrespective of any specific user or file.

Further, the maintenance of all data buffers within the computer system in an unencrypted state, except briefly in performing a physical data transfer, results in the computer memory image being inherently insecure.

Finally, the Cummins system is described solely with respect to diskette based data file protection. The data protection mechanism provides protection for data files only if removed from a computer system on transportable media. The disclosed mechanism is therefore clearly not applicable to freely internetworked systems, but rather only for physically separate, and physically secured single user systems.

Conventionally, file state and transformation requirements for data files are preserved as an integral part of the data files. As such, the relevant state defining information is largely usable only by the application that created the data file. Other applications must be specifically compatible with another application's file format or provide, typically through execution of a separate program, a conversion between file formats. All of the disadvantages discussed above, related to encryption and multiple instances of a given file, attach here as well.

SUMMARY OF THE INVENTION

Accordingly, a general purpose of the present invention is therefore to provide a file extension system, such as a secure file encryption system, transparently within an environment of multi-user and inter-networked computer operating systems.

This is achieved in the present invention by a computer system including a file extension mechanism, a file storage subsystem for storing a file composed of one or more blocks of data, a data storage subsystem for storing blocks of data in first and second logical data areas and a processor for executing instructions implementing a computer operating system in the first logical data area and an application program in the second logical data area. The processor is coupled to the file storage subsystem and the data storage subsystem for transferring a predetermined block of data between the file storage subsystem and the data storage subsystem. The processor includes (1) a file extension mechanism, defined within the operating system, for transforming the predetermined block of data in the first logical data area separately from any other block of data; (2) a request mechanism defined by the application program, for selecting the predetermined block of data to be operated on; and (3) an interface that controls the transfer of the predetermined block of data between the file storage subsystem and the data storage subsystem and between the first and second logical data areas. The interface can determine whether the predetermined block of data is transformed. The interface controls the transfer of the predetermined block of data from the file storage subsystem to the data storage subsystem and between the first and second logical data areas, transforming the data as required.

Thus, an advantage of the present invention is that a file extension mechanism, providing a secure file encryption mechanism, for example, is established within the function of a computer operating system.

Another advantage of the present invention is that the function of the file extension mechanism can be securely and transparently embedded in the operating system and specifically at the highest control level while maintaining full compatibility with conventional multi-tasking and/or multi-user operating system process inheritance mechanisms.

A further advantage of the present invention is that the file extension mechanism, in implementing the encryption algorithm is fast, provides an inherently substantial degree of file security, is easily maintained by authorized users for their encrypted files, imposes little additional processing overhead for accessing both encrypted and unencrypted files, and may be flexibly tailored to selectively permit additional ordinary users access to the encrypted files of another.

Yet another advantage of the present invention is that the file extension mechanism operates in implementing transformation operations on block level portions of a file, thereby inherently limiting the existence of untransformed portions of a file within the computer system to the minimum portion of the file required by a user application.

Still another advantage of the present invention is that, while block portions of a transformed file may be temporarily maintained in an operating system buffer pool for operating system and hardware efficiency reasons, such blocks are preserved there in a transformed state, thereby globally precluding a security exposure due to snooping of a memory image for untransformed blocks.

A still further advantage of the present invention is that file system maintenance where both transformed and untransformed files exist is essentially unaltered. A transparent method of identifying transformed files fully consistent with existing conventional multi-tasking and multi-user file privilege attribute mechanisms is used.

Yet still another advantage of the present invention is that the transformation operation is generally consistent with conventional file security and operating system implementation paradigms, thereby being generally portable to a wide variety of multi-tasking and multi-user computer operating systems.

A yet still further advantage of the present invention is that the file extension mechanisms implementing encryption, provides a secure cost-effective file protection mechanism that is specifically independent of any particular computer system hardware.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other advantages and features of the present invention will become better understood upon consideration of the following detailed description of the invention when considered in connection with the accompanying drawings, in which like reference numerals designate like parts throughout the figures thereof, and wherein:

FIG. 1 is a representative drawing of a computer system according to the present invention;

FIG. 2 is a schematic diagram of the logical data space and control structures utilized in a preferred implementation of the present invention;

FIG. 3 is a schematic diagram representing the interception of select system calls in accordance with a preferred embodiment of the present invention;

FIG. 4a is a representative depiction of the generation of an encryption control table entry;

FIG. 4b is a representative depiction of the relation between a user procedure control table, kernel process control table and encryption control table in accordance with a preferred embodiment of the present invention;

FIG. 4c is a representative depiction of the encryption process in accordance with a preferred embodiment of the present invention;

FIG. 4d is a representative depiction of the decryption process in accordance with a preferred embodiment of the present invention;

FIG. 5a is a schematic diagram illustrating the control flow in support of a modified read operation in accordance with a preferred embodiment of the present invention; and

FIG. 5b is a schematic diagram illustrating the control flow in support of a modified chmod operation in accordance with a preferred embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention provides for a system of file transformations particularly suited for use in advanced computer operating systems. While the preferred embodiment of the present invention, and the following description thereof, are specific in detail to an encryption transform performed using the Unix.RTM. (trademark owner not known) operating system, persons of average or ordinary skill in the art will readily appreciate the ready extension of the principles of the present invention to other transforms, including code set conversion, compression, and translation, as well as encryption, and to other operating systems, including Windows-3.1 and Windows-NT by Microsoft, Inc., Redmond, Wash., System 7 by Apple Computer, Inc., Cupertino, Calif. VMS by Digital Equipment Corporation, San Jose, Calif. OS/2 by International Business Machines, Inc., Armonk, N.Y., and the many specific variants of the Unix Operating System such as provided by the Santa Cruz Operation, Inc. Santa Cruz, Calif. (SCO Unix), International Business Machines, Inc. Armonk, N.Y. (AIX), and Novell, Inc. Provo, Utah (UnixWare).

Accordingly, the detailed description of the preferred embodiments provided here is not to be taken as limiting the applicability of the present invention to any specific transform, operating system or computer system architecture, but rather the present invention is intended to be applicable to all transform and operating systems, as executed on corresponding computer systems, within the scope of the appended claims.

The Unix operating system is widely known and understood in terms of the operating principles and related control structures of the operating system. An excellent treatment of these concepts is provided in "The Design of Unix Operating System," by Maurice J. Bach, Prentice-Hall, Inc., 1986, and is expressly incorporated herein by reference. A significant design feature of the Unix operating systems is the ability to extend the operating system to accommodate selected sets of new and existing peripheral devices through the addition of corresponding kernel resident device drivers. A standard device driver interface generally as supported by the Unix operating system is described in "Device Driver Writer's Guide," available from the Santa Cruz Operation, Inc., 400 Encinal Street, Santa Cruz, Calif. 95061, and is also expressly incorporated herein by reference.

Referring now to FIG. 1, there is shown a computer system 10 suitable for implementation of the present invention through the execution of an operating system and application programs. In the preferred embodiments of the present invention, the operating system is an implementation of the Unix operating system. A central processing unit ("CPU") 12 executes the operating system and any number of application programs. The CPU 12 is connected via a bus 14 to a main memory unit 16, a disk controller unit 18, and other peripheral devices generally indicated by the reference numeral 20.

The main memory 16 provides an addressable memory space to the CPU 12 for the storage of application programs and data and of the operating system and related data. As generally depicted in FIG. 1, the main memory 16 is logically managed as a combination of user space and kernel space. When the CPU 12 is executing program code in user space, the process within which such execution is occurring then exists in user mode. Where the process is executing in kernel space, then execution is in kernel mode.

Within the kernel space, a buffer pool, or buffer cache, is maintained by the operating system. This buffer pool represents a temporary buffer cache for data transferred via the disk controller 18 from a secondary memory such as a disk drive 22.

Referring now to FIG. 2, a schematic diagram of the logical user and kernel mode spaces is shown. The application program 26 executes in user mode. Operating system calls 30 are issued by the application program to gain access to operating system resources. These calls are directed through a system call interface substantially existing within the kernel data space, though presenting an application program interface (API) accessible from user space. Typically this interface is implemented through a system call trap mechanism 32 that permits the user mode system call to initiate a mode switch to a kernel mode of operation within the same processes context. This mode switch may be delayed subject to the operation of the process scheduler of the operating system. When the mode switch completes, the process, now in kernel mode, is processed through the trap handler routine 32 that may be part of the system call interface. As a consequence, a call is placed against a system entry, or sysent, table 34. The structure of the system entry table is provided in Table I.

TABLE I ______________________________________ Structure of the System-Entry Table From <sys/systm.h> ______________________________________ extern struct sysent { char sy.sub.-- narg; /* total number of arguments */ char sy.sub.-- setjmp; /* 1 if systrap( ) should not setjmp( ) */ int (*sy.sub.-- call) ( ) ; /* handler */ } syset [ ]; extern int nsysent; /* number of valid entries in sysent */ ______________________________________

The sysent table 34 functions as a dispatch table with each entry in the table corresponding to a different function supported by the operating system. Of particular relevance to the encryption transform embodiment of the present invention, the sysent table 34 includes entries for the open, create, read, write, chmod, fork, statf, seek, exit and ioctl system call procedures generally represented as procedures 36. As is evident from each entry in the sysent table, the system call address of each of the system call procedures is maintained in a respective entry ((*sy.sub.-- call)()) within the sysent table 34.

The Unix operating system utilizes a file oriented paradigm in providing operating system services. Consequently, the open, create, read, write, seek, stat and close system call procedures permit logical operation relative to a wide variety of logical data entities, including directories, files, and pipes, for example, that are treated as files referenceable via directories. In turn, directories are maintained on disk as standard files containing specifically structured data. This directory file data includes a pointer to a disk based structure of disk inode entries. Each inode entry stores specifically relevant information describing, among other things, the protection mode, owner, user group and size of a particular data file. A summary of an inode entry, as stored on disk, is provided in Table II.

TABLE II ______________________________________ Structure of a Disk Inode From <sys/ino.h> ______________________________________ struct dinode ushort di.sub.-- mode; /* protection mode, file type */ short di.sub.-- nlink; /* number links to file */ ushort di.sub.-- uid; /* owner's user id */ ushort di.sub.-- gid; /* owner's group id */ off.sub.-- t di.sub.-- size; /* number bytes in file */ . . . }; ______________________________________

The open and create system call procedures cause the creation of "in-core" inodes in an inode table for each file opened or created. The in-core inode of a file contains much of information held in the disk inode structure. The statf system call procedure can be used to return a structure containing the disk inode mode information.

The chmod system call procedure is provided specifically to change the protection mode of disk files. The inode structure maintains a binary coded entry (di.sub.-- mode) defining the file type and protection mode of the disk file. The three least significant octal digits of the mode specify the existent read, write, and execute permissions of the file for the file owner (0x00), the owner's group (00x0), and other (000x), where x represents any octal digit. Another octal digit of the mode entry (x000) is utilized to store additional permissions related information. The remaining bits of the mode are used to define the file type or are reserved. The chmod system call procedure takes, as an argument, a binary representation of the file protection mode (xxxx) and appropriately modifies the mode value stored by the disk inode corresponding to the referenced file.

In accordance with the present invention, a transformed file is identified by the presence of an enode data structure appended to a corresponding regular file. As will be discussed in greater detail below, this trailing enode structure includes data defining the transform applied to the file.

A specific pre-existing file mode may also be used to indicate the transformed state of a corresponding regular file. In an alternate embodiment of the present invention the selected mode is octal xx0x, where x is any octal digit. This represents an otherwise unlikely file mode since the group permission is defined as without conventional read, write or execute access to the file. Any other mode bit or bit pattern could be used where the same can be seen to have no other significant use. Any logically permitted mode bit or pattern can be used to define, for example, the encryption state of the corresponding regular file consistent with the present invention. Consequently, incompatibilities that might arise either from a redefinition of the mode bits with existing programs that rely on the existing exclusive definition of the mode bits is avoided. Further, as a logically permitted mode, the existing chmod utility program will readily accept and apply the mode value to the corresponding file inode.

The seek system call procedure is provided to position the file access pointer within, typically, a file. Subsequent read and write file accesses are performed relative to this pointer. The create and open system call procedures initialize the file access pointer to zero.

The fork system call procedure is utilized to create a new process within the control of the operating system. This child process is a logical copy of the parent process. All processes are managed by the operating system through the use of a process table within the kernel space of the operating system. A summary of a process table entry, stored as an element of a process table linked list, is provided in Table III.

TABLE III ______________________________________ Structure of the Process Table From <sys/proc.h> ______________________________________ typedef struct proc { char p.sub.-- stat; /* status of process */ . . . ushort p.sub.-- uid; /* real user id */ ushort p.sub.-- suid; /* saved uid from exec */ int p.sub.-- sid; /* POSIX session id num */ short p.sub.-- pgrp; /* proc grp leader name */ short p.sub.-- pid; /* unique process id*/ short p.sub.-- ppid; /* process id of parent*/ ushort p.sub.-- sgid; /* saved gid from exec */ sigset.sub.-- t p.sub.-- sig; /* signals pe