Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Security Audit Trail Provision for Personal Computers

IP.com Disclosure Number: IPCOM000112917D
Original Publication Date: 1994-Jun-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 4 page(s) / 145K

Publishing Venue

IBM

Related People

Dayan, RA: AUTHOR [+2]

Abstract

Described is a hardware implementation to provide a set of security audit trail functions for personal computer (PC) accessing. The implementation informs users of past password utilization by providing time and date audit information. The user is able to deduce the occurrence of any unauthorized system usage.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 38% of the total text.

Security Audit Trail Provision for Personal Computers

      Described is a hardware implementation to provide a set of
security audit trail functions for personal computer (PC) accessing.
The implementation informs users of past password utilization by
providing time and date audit information.  The user is able to
deduce the occurrence of any unauthorized system usage.

      The security audit trail provision for PCs provides elemental,
but significant, audit trail or usage reports to the user, system
management and network management to convey the following
information:

o   Informs the user of when the last read of a password occurred.
    This enables the user to determine if the password had been used,
    or attempted to be used, by another user.

o   Informs the user of when the last update of the password
    occurred.  This enables the user to determine if the password had
    been changed by another user.

o   Informs the user of when the last unattended start mode initial
    program load occurred.  This enables the user to determine if the

    system has been loaded at an unrecorded and/or by an unauthorized
    or planned time.

      Typically, sets of security functions are implemented to enable
an operating system to meet government certification requirements.
Typically, Power-On Password (POP) and Privileged Access Password
(PAP) elements are used.  They are unlike passwords that are provided
by an operating system for individual user sessions and they do not
include time and date audit information to indicate the last system
access.

      The concept described herein provides an audit information
extension for POP, PAP and unattended start mode (USM) operations.
From this audit information, the users is able to deduce when an
unauthorized attempt to use the system, or unauthorized actions, with
the password has or has not occurred.  A password which has been
compromised may also be detected.  The audit concept consists of
access controls that are implemented as hardware system features.
Date and time of use of POP, PAP and USM of accessing provide a
complete audit trail of system usage.

      Each time the POP, PAP or USM is used, the system records the
date and time of the use.  The system's screen displays the following
information:

o   The date and time the POP was last used, if the POP prompt is to
    be issued.

o   The date and time the PAP was last used, if the PAP prompt is
    going to be issued.

o   The data and time the system was last used in an USM, if the
    system is going to be used in USM.

      In addition to displaying the usage date and time to the user,
the system provides this information to application programs, or
operating system software.  This function is called Return Access
Controls Audit Trail Information (RACATI).  This information is
stored in two unique fields for each of the three access controls for
a total of six...