A data processing system generally has as the main resources a processor and a memory. On the one hand, the memory can store the command instructions to be processed by the processor, and on the other hand, the processor can write processing results back into the memory. Usually, the memory altogether available, i.e. addressable by the processor, is subdivided into at least two individual areas. In the first area, which is referred to in the following as the operating system memory area, there is entered during the manufacture of the data processing system a so-called operating system coding, with which, in particular, the hardware components of the system are managed. In the second area, which is referred to in the following as the user memory area, programs and data created by users of the data processing system themselves can be stored.
From the viewpoint of the processor of a data processing system, there is in fact no distinction drawn between these two memory areas. In particular, it is immaterial whether, as is the case with mobile data processing systems, such as, for example, processor chip cards, the entire address area of the microprocessor is physically divided into an unalterable memory (for example ROM) for the operating system and a non-volatile application memory (for example EEPROM). Utilizing the entire address area, if required, the processor accesses any memory element, irrespective of whether it is in the operating system memory area or in the user memory area. However, this has the consequence that, by means of an individual program code, i.e. user command instructions which have been stored by a user in a user memory area reserved for him of the mobile data processing system, both the operating system memory area and user memory areas assigned to other users, and the user programs or user data installed there, can be accessed unhindered in a reading and/or altering manner intentionally or coincidentally.
In EP 05 61 509 A1 there is represented a networked computer system with a multiplicity of user terminals and input and output interfaces. The computer system is operated by an operating system, such as for example a UNIX operating system instruction set. In the computer system, operating system commands intended for users for input and output interfaces can generally be inhibited. Monitored by the operating system, they can be called up or activated by a user of the computer system by an additional operating system command if the said user has an access authorization stored in a memory.
In DE 41 15 152 A1, a data-protecting microprocessor circuit for portable data media is disclosed. This circuit contains an additional protective circuit, decoupled from the actual microprocessor circuit, which ensures that an unknown program can access only those memory areas which are authorized for access. In this case, in a first embodiment, the additional protective circuit contains a first comparator with auxiliary register and a second comparator with auxiliary register. The user-dependent limit values for accesses to memory areas are stored either in hard-wired logic or in safe memories and are loaded into the auxiliary registers by the actual microprocessor circuit. These limit values are compared by the comparators with the address register and the program counter of the actual microprocessor circuit. The output values of the comparators are logically combined by an AND gate and passed to the control circuit of the actual microprocessor circuit. In a second hardware variant, the additional protective circuit contains an own back-up processor with frequency clock dividing circuit and own memory arrangement. In the latter, the user-dependent limit values for accesses to memory areas are stored and are compared by the back-up processor with the address register and the program counter of the actual microprocessor circuit.