Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-06-10
2001-01-30
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S165000
Reexamination Certificate
active
06182223
ABSTRACT:
TECHNICAL FIELD
The present invention involves the use of various anti-theft and anti-invasive techniques to prevent intrusion into confidential data stored in portable, desktop and deskside computers. Such computers are highly vulnerable to unauthorized access. This is because they are relatively easy to gain access and also physically remove from the owner's premises. Once removed, data contained therein can be intruded upon at the invader's leisure.
BACKGROUND OF THE INVENTION
The number of computers in business and private applications is growing at an enormous rate and many firms have thousands of computers throughout their organizations. In contrast to the high security traditionally afforded computer equipment in the past, the portable, desktop and deskside are not generally located in high security areas or, as in the past, operated by a few highly trained and highly trusted personnel. Currently, personal computers are often left on desks where anyone with an operating system boot diskette can access any data stored within the computer with the potential for theft and/or tampering of proprietary information. Additionally, the location of such computers in unsecured areas and their relatively small physical size leads to the theft of the equipment itself. When a computer system is stolen so is the valuable information contained within it.
Thus, the data stored in either a portable, desktop or deskside computer is highly vulnerable to unauthorized access merely because these computers are relatively easy to remove from the owner's premises. This data is contained in system memory and nonvolatile secondary storage such as floppy disks, hard disks, tape, magneto-optical writable media, etc. And while information contained in the volatile system memory of AC-powered desktop or deskside computers will very likely be lost as a direct result of physically removing the computer, a portable battery operated computer can hold the contents of memory for several hours. In addition, if the computer is equipped with rapid resume capabilities, system software has the ability to copy the contents of volatile system memory onto nonvolatile secondary storage making the record of the information previously contained in system memory permanent. Thus, once the system unit, along with its internal storage devices and media are removed from the owner's premises, the data intrusion expert has unlimited time and tools available to mine the sensitive information contained within.
The traditional prior art approach to protecting the data contained in a computer system is to wrap the storage device in a steel case and provide lockable doors to prevent the removal of removable media such as floppy disks. The unit is then affixed to something considered to be immovable such as a column, desk or large table. Often the means of affixing the system unit is a steel cable. Obviously, none of these crude measures are effective against a determined and clever thief.
As an example, assume that a computer system is provided with a lockable cover and the covers and locking mechanism are designed so as to make any attempt at unauthorized entry evident. Even if the cover and lock arrangement works and produces clear evidence that the covers have been tampered with, once the computer system is removed from the owner's premises, the evidence is removed as well.
Another security feature often provided is the entry and verification of a password before allowing access to any data contained in the computer. This is only effective as long as the storage devices remain secured within a locked and intact enclosure. Once the physical defenses of the system unit are breached, the thief is free to attach the storage device to another computer which he can use as a tool to access the data contained therein.
SUMMARY OF THE INVENTION
The present invention consists of a computer based security system to prevent unauthorized access to computer-stored information comprising several components. These are comprised of an intrusion detection mechanism, a ROM-based firmware program, an internal auxiliary power source, such as a battery sized to provide several minutes of operation of the computer system and all its internal devices, and a mechanism to reset the central processing unit of the computer and switch to a self contained power supply (i.e. battery power) responsive to the intrusion detection mechanism.
Thus, the present invention is superior to that of the prior art in that all the owner sensitive data is erased before the thief knows that an intrusion has been detected, thus eliminating the possibility of subsequent examination and decryption of the stolen information. A further advantage of the instant invention is that security of the data is not dependent on the physical security of the computer itself. Additionally, it protects data contained in all integrated volatile and nonvolatile storage devices and media, not just some selected device.
The intrusion detection mechanism can take numerous forms. One effective mechanism is a spring-loaded switch within the unit which is held in an electrically open position by the weight of the computer; the movement of which causes a switch to close, triggering an intrusion detection mechanism. Another detects the unauthorized removal of the computer cover triggering an intrusion detection mechanism and yet another mechanism involves a magnetic coupling of the continued proximity of the floor or table upon which the unit rests.
REFERENCES:
patent: 4914572 (1990-04-01), Bitzinger et al.
patent: 4951249 (1990-08-01), McClung et al.
patent: 5361359 (1994-11-01), Tajalli et al.
patent: 5515540 (1996-05-01), Grider et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5566339 (1996-10-01), Perholz et al.
patent: 5919258 (1999-07-01), Kayashima et al.
Beausoliel, Jr. Robert W.
Henkler Richard A.
International Business Machines - Corporation
Kraft Paul
Revak Christopher
LandOfFree
Method and apparatus for preventing unauthorized access to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for preventing unauthorized access to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for preventing unauthorized access to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2436289