Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-03-06
2001-11-13
Heckler, Thomas M. (Department: 2787)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06317836
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to a data and access protection system for computers, and more particularly to a system having the capability to control the boot-up operation of a computer in accordance with a hardware key.
2. Description of the Related Art
Computer security has been an important issue ever since the use of computers became widespread. There is obviously a strong need to protect sensitive and confidential information residing on computers, regardless of whether such information is personal or business-related. This issue has become even more acute with the proliferation of portable personal computers or what are commonly known as laptops.
The source of the problem is apparent. Due to the portability and convenience of a laptop, more and more people are carrying their computers with them wherever they go. What that means is that information which used to be accessible from a more secure location, such as a home or an office, has now become more accessible to other parties, who may have an interest in gaining unauthorized access to such information.
Furthermore, the growing popularity of laptops has spawned and accelerated another problem, namely, computer theft. With desktop computers, the primary concern is the adequate protection of information residing on such computers. Theft of desktop computers, of course, does occur. However, in order to steal a desktop computer, the perpetrator very often, if not almost always, has to first break into a home or an office. This prospect alone unquestionably has deterred a lot of would-be perpetrators who were merely interested in stealing a desktop computer.
With laptops, however, there is a more realistic concern with the theft of the computers themselves. Due to the ease of transportation, stealing a laptop is as simple as walking away with a piece of luggage which, in almost all cases, is no bigger than a briefcase. In most instances, it would be safe to assume that people steal laptops for the sake of stealing them per se and not for any information which they may contain.
In any event, the ability to disable a computer and deny any access thereto when it is in the possession of an unauthorized user is important. Many attempts to realize this ability have been implemented in software. These attempts mostly rely on the use of passwords to deny access to any unauthorized user. In addition, a number of methods or technologies have been used to fortify some password schemes including, for example, the use of encryption technology to produce a software-generated key as a password. Unfortunately, software implementation relying on password access suffers from a variety of inherent weaknesses. One of the obvious weaknesses is that any person gaining knowledge of the password can access the computer.
With respect to current electronic commerce being commonly conducted over the Internet, a customer is generally required to open an account by supplying certain personal information including an account password. This scheme does not prevent a person from illegally using another person's account if the password is somehow discovered.
Moreover, this type of access control utilizing a password can often be circumvented by inserting an external boot disk, which may be in the form of a floppy disk or a CD-ROM, into the external drive of the computer to initiate the boot-up operation thereby bypassing the password protection and allowing access to the hard drive. Alternatively, many software designers have successfully created computer programs which are specifically designed to defeat password protected systems.
Furthermore, a lot of password protection schemes can be defeated by brute force. This is because a password protection scheme generally allows a user to select and modify his or her own password. In order to allow for such flexibility, a CMOS memory is usually used. However, a CMOS memory is susceptible to simple tampering. A CMOS memory is powered by an internal battery and serves to store any password information supplied by the user. If the internal battery is disconnected, the contents of the CMOS memory, including the password information stored by the user, will be erased thereby effectively gaining access to the protected computer.
Hence, to effectively control access to a computer, a hardware component is desirable without the use of a password. The use of a hardware component to control access has a number of advantages. When a hardware component is used, the access control may be achieved before the operating system is loaded and initiated thereby preventing access to the hard drive.
Furthermore, the use of a hardware component eliminates the need to memorize a password. With the proliferation of various online and computer services, it is not uncommon for an individual to have a number of different accounts with various service providers. Thus, if different passwords are to be used for different accounts, the possibility of forgetting and confusing passwords is quite real.
While it is possible for an individual to try to use the same password for all his or her accounts, this approach can only provide short-term relief. For security purposes, most passwords have a predefined expiration date, and consequently, users are often required to modify their passwords periodically. Since different passwords on different accounts are likely to expire on different dates, an individual will eventually have to deal with the situation of having the need to memorize a number of different passwords.
Prior art hardware based protection schemes, nonetheless, continue to have a few shortcomings. In general, these hardware based protection schemes require a hardware component which is complex and specialized. While these complex and specialized hardware component are warranted in the protection of highly sensitive and confidential information, such level of security is neither required nor desired by the majority of computer owners.
Moreover, these schemes generally involve implementation of complex circuitry and other devices within the hardware component. The use of such circuitry and devices has a couple of disadvantages. First, they are generally delicate and susceptible to physical abuse; second, they are often sizable and bulky thus requiring their integration into the computer. Therefore, due to the size and the lack of sturdiness of such circuitry, the hardware component is generally not suited for carrying on a person.
Furthermore, as a result of the use of such complex and specialized circuitry, the cost of implementing a hardware based protection scheme is relatively high.
SUMMARY OF THE INVENTION
It is accordingly an object of the present invention to provide a data and access protection system for a computer, having a scheme for controlling the boot-up operation of a computer in accordance with a hardware key.
It is another object of the present invention to provide a data and access protection system for a computer without the use of a password.
The present invention provides for a data and access protection system for a computer via the use of a hardware key, comprising a non-volatile memory for storing a first access code, a hardware key having a second access code, means for determining whether the hardware key is connected to the computer and whether the first access code matches the second access code, and means for disabling the computer when the hardware key is not connected to the computer or when the first access code does not match the second access code.
In another aspect of the present invention, the hardware key, in conjunction with an electronic circuit with storage capacity, is used to generate a more complicated second access code to provide further security for the system.
When the computer is initially powered on, the software routines stored in the basic input/output system (BIOS) read-only memory (ROM) are executed. Prior to transferring control to the operating system, the routines check to determine whether a hardware key is prope
Goren Ofer A.
Ruival Juan C.
Flanagan John K.
Flanagan John R.
Flanagan & Flanagan
Heckler Thomas M.
TV Objects Limited LLC
LandOfFree
Data and access protection system for computers does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data and access protection system for computers, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data and access protection system for computers will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2618039