Communications: electrical – Selective – Intelligence comparison for controlling
Reexamination Certificate
1997-02-20
2001-07-31
Holloway, III, Edwin C. (Department: 2635)
Communications: electrical
Selective
Intelligence comparison for controlling
C713S152000
Reexamination Certificate
active
06268789
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to methods and systems for securing information during communication.
BACKGROUND OF THE INVENTION
Method for securing information are known in art. Conventional methods are based on encryption wherein secured data is processed according to a predetermined encryption method or key to provide an encrypted file. Decoding the encrypted file, back to the original information requires processing the encrypted file backwards according to the encryption method or key.
Computers which are connected to WAN or LAN communication networks are vulnerable to hostile intrusion by unauthorized persons or data viruses which attempt to access classified files, download them and “crack” their encryption.
The problem is significantly enhanced for portable computers. Which are also liable to be stolen along with the information contained therein.
Another major problem relates to securing access to data and devices when in communication over a network. Unauthorized network users may attempt to penetrate the secured system or try to send damaging software, such as software viruses. Prior art software systems such as fire-walls and the like, do not provide a full proof solution against such unauthorized attempts.
Another major problem relates to securing an organization's networks and computers against virus programs. A number of products currently provide on-line scanning of incoming communication to identify damaging software such as viruses (such as WebShield of Finjan Software Ltd. of Netania, Israel, PCFireWall and WebScan of McCafee Inc. of Santa Clara Calif.). It will be appreciated that scanning all incoming data and data changes during communication consumes a great deal of resources and is generally not performed at a full scale in real time.
U.S. Pat. No. 5,434,562 to David C. Reardon describes a manually user operable switch for securing a device such as a hard disk from unauthorized access from a network.
In computer systems, it is common to implement an audit log, to record security related activities in the system. In this case, the recorded log itself needs to be secured against future alteration, which will deceive the auditor to trust a forged record.
It will be appreciated that an effective security log needs to be written on a media which cannot be altered. A common method is to print the log on hard copy. While hard copy is difficult to alter, it is also more difficult to duplicate, process and communicate in a computerized environment.
Another method is to write the log on a Write Once Read Many media (such as Pinnacle RCD-1000, Pinnacle Micro Corporation). It will be appreciated that in practice Write Once Read Many data storage solutions are inferior to common read-write technologies (such as magnetic hard disks) in both performance and reliability. Furthermore, the installation of a Write Once device for the sole purpose of recording a log involves significant costs.
SUMMARY OF THE PRESENT INVENTION
It is an object of the present invention to provide a novel device for securing access to and from a computer station, which overcomes the disadvantages of the prior art.
It is a further object of the present invention to provide a novel method for securing information contained in a computerized storage unit.
There is thus provided in accordance with the present invention a device for protecting secured areas in a computer system. The computer system includes a storage unit. The storage unit includes a first storage area and a second storage area.
The device of the invention includes a first communication interface for connecting to a first network, a second communication interface for connecting to the computer system, a first input-output (I/O) interface for connecting to the storage unit, a second input-output (I/O) is interface for connecting to the computer system, a managing controller connected between the first network and the computer system via the first and second communication interfaces, the managing controller also being connected between the storage unit and the computer system via the first and second I/O interfaces.
The managing controller provides the computer system with a selection between at least two modes. In a first mode, the managing controller connects the computer system to the first storage area and to the first network and in a second mode, the managing controller connects the computer system to the second storage area.
The managing controller detects any reset signal followed by a command to operate according to a selected mode, which may be provided either by a user, operating the computer system or by a software application.
According to one aspect of the present invention, the device may further include a third communication interface for connecting to a second network and a fourth communication interface for connecting to the computer system. According to this aspect the device is connected between the second network and the computer system via the third and fourth communication interfaces. The device may enable or disable access to and from the second network, to the computer system, according to a selected mode of operation.
According to another aspect of the invention, the device provides an indication of the current mode of operation as well as indication relating to various situations such as alert, halt and the like. Respectively, the device may include a display unit, an audio generating unit, a vibration generating unit and the like. Alternatively, the device may utilize the multi-media capabilities of the computer station to produce these indications.
The device may further include a first reset input-output interface, connected to the managing controller, for connecting to an operating system source unit and a second reset input-output interface, connected to the managing controller for connecting to the computer system. The managing controller is operative to enable or deny the computer system access to the operating system source unit.
The operating system source unit is selected from the group consisting of a magnetic media drive, an optical media drive, an electro-optical media drive, a communication link and a non-volatile memory. It will be noted that non-volatile memory is selected from the group consisting of ROM, FLASH, EPROM, EEPROM, battery supported RAM and the like.
In accordance with a further aspect of the invention, there is provided a method for operating a communication controlling device. The device is connected between at least one storage unit, at least one peripheral device and a computer station. The device is operable to provide a first predetermined mode of operation and at least an additional different mode of operation.
The method includes the steps of:
detecting a boot signal received from the computer station;
executing a menu procedure;
receiving an instruction from a user to operate according to a selected mode of operation;
enabling access of the computer station to selected areas of the at least one storage unit according to the selected mode of operation; and
disabling access of the computer station to non-selected areas of the at least one storage unit according to the selected mode of operation;
enabling access of the computer station to selected areas of the at least one peripheral device, according to the selected mode of operation; and
disabling access of the computer station to non-selected areas of the at least one peripheral device, according to the selected mode of operation.
The method of the invention may also include the steps of:
receiving an instruction from a user to operate according to another selected mode of operation;
providing a restart command to the computer station;
detecting a boot signal received from the computer station;
enabling access of the computer station to selected areas of the at least one storage unit according to the other selected mode of operation; and
disabling access of the computer station to non-selected areas of the at least one storage unit according to the other selected mode of operation;
enabling a
Diamant Erez
Prescher Amir
Eitan Pearl Latzer & Cohen-Zedek
Holloway III Edwin C.
Voltaire Advanced Data Security Ltd.
LandOfFree
Information security method and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Information security method and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Information security method and apparatus will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2525200