Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1999-01-04
2002-10-08
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S185000, C380S277000
Reexamination Certificate
active
06463537
ABSTRACT:
CROSS-REFERENCE TO RELATED APPLICATIONS
Not Applicable
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
Not Applicable
REFERENCE TO A MICROFICHE APPENDIX
Not Applicable
TECHNICAL FIELD OF THE INVENTION
The present invention pertains generally to computer security systems, and more specifically to a microprocessor based system to restrict access to a particular computer and deter its theft and secure stored and transmitted data.
BACKGROUND OF THE INVENTION
As the prevalence and importance of computers grows and their portability increases, so too does the need to protect these systems and the data stored within them from unauthorized access and theft. These lead to not only financial costs through the loss of valuable data, perpetration of fraud and sabotage, and the loss of equipment, but also privacy concerns as sensitive information is accessed without authorization. Unauthorized access becomes even more of an issue as the points of access to a computer increase through the use of networks and the Internet.
A wide variety of methods for preventing theft of computer data and equipment and unauthorized access have been developed. One method for securing computers is to physically secure them with some form of restraint or locking device. Typical among these are bolt-down metal enclosures or cable and lock devices which physically secure a computer to the floor or a desk. These devices are effective only as a deterrent to theft of the hardware and do not protect the data stored inside the computer should they be compromised.
To deter access to sensitive data and theft encryption algorithms have been employed to render the data unintelligible to unauthorized users. While the use of this method can protect the data stored in the computer if a secure enough algorithm is used, it is ineffective at deterring theft of the computer itself as all parts of the computer system are still fully functioning and require only that the encrypted data storage device(s) be replaced.
To address the problem of physical theft of the computer some security systems employ a means by which the data stored in the computer system such as the in the hard drive is physically or logically destroyed if unauthorized access is attempted or the computer is tampered with. Logical destruction of the data also destroys the data for authorized users and does not affect the functioning of the data storage device. Physical destruction of the hard drive renders the data and drive useless for both the unauthorized and authorized user but does not incapacitate the entire system as the drive can simply be replaced.
Another method for securing a computer system, specifically the data stored inside, is the use of identification and authentication systems by which a user provides a claimed identity to the system and establishes the validity of this claim before access is granted. The three main methods by which a user's claimed identity is verified are through the use of: 1.) something the individual knows such as a password or PIN (Personal Identification Number); 2.) something the individual possesses, such as a token—a magnetic stripe card or smart card for example; and/or 3.) something unique to the individual, such as a biometric characteristic—retina pattern or fingerprint for example. This method may be effective to a certain degree to deter theft or sabotage of data but is relatively ineffective as a deterrent to actual theft of the computer. In addition all these identification and authentication systems may be by-passed by such techniques as removing the hard drive from the secured machine and placing it in another unsecured machine thereby gaining access to the data stored inside or microscopically reading data stored in ROM (Read Only Memory).
U.S. Pat. No. 4,951,249 to McClung et al., Mar. 23, 1989, describes a personal computer security system which comprises an expansion card, a magnetic card reader, a tilt detecting means, a tamper detecting means and an alarm. This system protects a personal computer in two ways. The first is the physical protection of the hardware through the use of an alarm system which detects attempts to move the computer or tamper with the computer's housing. The second method involves the disabling of the keyboard and floppy drive to prevent the introduction of an unauthorized operating system, and the passing of control immediately prior to the loading of the operating system to a ROM device on the security system board which contains instructions involving the security procedures. One of the main security measures is the use of a magnetic card reader and magnetic card to identify the user of the computer. This system has several weaknesses. One weakness is that the expansion card may be simply removed from the computer slot or replaced by another. The lack of an intelligent device such as a microprocessor on the security board further adds to this weakness. In addition, the passing of control to the security card ROM may be by-passed at the BIOS or pre-boot level through a modification of the computer's BIOS. Another problem with this system is the inherent weakness of magnetic stripe cards. These cards generally lack any intelligent means to prevent copying or reading of the information stored on them. Finally, although the tamper alarm may be somewhat of a deterrent, if an unauthorized user can gain access to the data stored in the computer through methods such as the removal of the hard drive, the lack of encryption security leaves the data totally unprotected.
U.S. Pat. No. 5,146,499, to B. Geffrotin, Sep. 8, 1992 describes a data processing system comprising a pseudo random number generating means, a start up detecting microcircuit, a security microcircuit, and main BUS blocking circuit, all connected to a microprocessor and a smart card reader logically connected to the CPU of the computer. Upon start up of the computer system, an authentication procedure is executed by the microcircuit board in which identifies and authenticates the user through the verification of a smart card involving the comparison of encrypted keys created by the random number generator. Failure of this verification procedure results in a continuous blocking signal being sent to the main BUS shutting down the start up procedure. This differs from the present invention which uses modified device drivers and a number of enable/disable circuits to selectively enable or disable peripherals in the absence of proper authorization. Active physical attack of the security system described in U.S. Pat. No. 5,146,499 is prevented by locating part of the standard BIOS in the electronic microcircuit. This security system may be circumvented through the removal of the security microcircuit board and the reinstallation of a new BIOS in the EPROM (Electrically Programmable Read Only Memory) memory of the computer system. In addition, information within data storage devices such as the hard drive are not encrypted and therefor can be read by placing these devices in another machine.
U.S. Pat. No. 5,007,082 to M. Cummnins Apr. 9, 1991 describes a computer software encryption apparatus which also operates during the power on stage of the computer start up procedure. This system involves attaching an encryption algorithm to the computer's BIOS and comprises a fixed data storage medium such as a hard drive, a removable data storage medium such as a floppy disk and a buffer area for communicating with both of these data storage devices. Data flowing from the buffer to the removable data storage medium is intercepted and encrypted. Data flowing from the removable data storage medium to the buffer is similarly intercepted and decrypted. As a data security system this invention has many problems. Perhaps most important is the fact that the information on the ‘fixed data storage medium’ such as a hard drive is not encrypted and may be easily accessed by removing the storage device from the ‘secure’ computer and installing it in another computer. Also, the BIOS level software program may be rep
Blakely & Sokoloff, Taylor & Zafman
Codex Technologies, Inc.
Peeso Thomas R.
LandOfFree
Modified computer motherboard security and identification... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Modified computer motherboard security and identification..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Modified computer motherboard security and identification... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2996464