This invention relates to apparatus for separating two or more distinct groups of data within a processor based system and more particularly relates to a processor based system possessing a plurality of system areas, each system area includes conventional memory and/or input/output (I/O) device(s) or any combination thereof. Each of these system areas has access rights and restrictions relating to the flow of data among the system areas. Each system area may have a given priority and means for preventing data from being transferred from a higher priority to a lower priority system area.
It is completely clear that the use of processor based systems in present society is extremely wide-spread. The processor or computer is used as an everyday business tool in a wide variety of applications. In fact, as is well known, complete textbooks as well as many U.S. patents describe computer systems which are employed in business, banks, medicine and other industries for a host of different applications and to enable a wide dissemination of data necessary to implement and assist such operations. The widespread use of computers or processors in regard to various applications has developed a need to assure that certain types of data in general be secured and hence, certain types of business data, as will be explained, should not be made available to users of the processing system who do not have the authority to gain access to such data.
In order to fully comprehend the ramifications of selective data access, a typical example will be given in order to fully explain the nature of the problem. A typical business enterprise may include salesmen who are conventionally responsible for the sale of products, an engineering staff which is responsible for the design and development of future products and a higher management level staff which is responsible for the entire operations of a corporation in regard to future product development as well as the financial data. The business organizations typically employ a processing system which stores data concerning all levels of activities. Hence, the salesmen, engineers as well as high level management all have access to the processor in order to enable them to perform their everyday work tasks.
In any event, it is apparent that salesmen, for example, should not have access to certain data which is only available to the top executives. In a similar manner, the salesman should not have access to a middle class of data which is only available, for example, to the engineering staff. Alternatively, the top management should have access to all data, whether it be engineering or sales data. The engineers could have access to their own level of data as well as to the lower priority data available to the salesman. In this manner, the salesman should only have access to data which is of low priority.
The above concept appears completely reasonable but in order to implement such a system, one must be able to control the storage of data in proper memories and to prevent higher priority data from being inadvertently directed into lower priority memory or I/O locations. The solution of the problem will thereby enable one to maintain two or more distinct groups of data separate from each other within a processor based system.
It is therefore an object of the present invention to provide apparatus for maintaining data integrity according to priority or other appropriate access rights and restrictions in a processor based computer system.