Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-10-27
2002-02-26
Wright, Norman M. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C380S202000, C380S241000
Reexamination Certificate
active
06351817
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to computer security, and more particularly, to a multilevel computer security system and a method for controlling user access which allows a computer to be used in a multilevel security environment, but prevents access of data at a particular security level by a computer user authorized to access the computer at a lower level.
DESCRIPTION OF THE RELEVANT ART
Prior art, multilevel computer systems include the separation of the elements that store or process data at each security level through user controlled means such as a mechanical switch or by physical removal of secure storage components such as the hard drives. The security of such computer systems is dependent on the user and not the user's assigned access privileges. It also leaves the data created, stored, or accessed by one user accessible to another unauthorized user. In addition, a switching mechanism that does not disable the operation of the storage and processing components that are not at the security level selected creates the potential for data transfer between security levels through a covert transmission channel. Such channels can only be disabled through the removal of power from components at security levels that are not in use thereby disabling the channel at the source.
SUMMARY OF THE INVENTION
A general object of the invention is a computer security system and a method for controlling computer access which allows use of a common computer and operating system for different security levels, but makes it impossible for an authorized user at one security level to access data at a security level for which he is not authorized.
According to the present invention, as embodied and broadly described herein, a multilevel computer security system is provided, comprising a core computer, a first security subsystem, a second security subsystem, a smart-card reader, a first electronically-activated switch for controlling the connection of power from the computer-power supply to either of the two security subsystems, and a first sensor switch for identifying and selecting the security level of the security subsystem to which power is to be connected. The core computer has, at a minimum, a central processor unit (CPU), random access memory (RAM), and a power supply. Any additional read-only memory devices such as a compact disk (CD) drive are included within the computer as are any data interfaces to a display system and keyboard. The central processor unit is coupled to and controls the operation of all of the devices and data interfaces within the core computer and the security subsystems that are used for data processing, data communications, and data storage. Each security subsystem is defined by at least a memory device, an activation indicator, and electronic communications devices that can include a modem, an encryptor, and a network interface card (NIC) that are all connected in parallel with respect to the power terminals for each device and the indicator.
The first security subsystem has a first memory device for storing data at a first security level, which, by definition, is a level with unrestricted access. The first security subsystem may further have a first modem which, when activated, is operating with the computer as the only means of telecommunications at a first security level. The first security subsystem may further have a first network-interface card, which, when activated, is operating with the computer as the only interface to an external network at the first security level. Any other computer memory devices such as a floppy disk drive that are used to read or write data at the first security level must also be included within the first security subsystem. When all of the first security subsystem devices are activated the power connection illuminates the activation indicator.
The second security subsystem has a removable-memory device which is the only means for storing data at a second security level. The second security subsystem may further have a second modem and encryptor which, when activated, is operating with the computer as the only means for encrypting telecommunications at a second security level. The second security subsystem may further have a second network-interface card, which, when activated, is operating with the computer as the only interface to an external network at the second security level. When all of the second security subsystem devices are activated, the power connection illuminate, the activation indicator.
The smart-card reader and its software determine if a compatible smart card is in the card reader at computer startup. If no smart card were present, then the computer operating system loads from the first security subsystem memory device which operates at the first security level. If a compatible smart card were in the card reader, then the smart-card reader prevents the loading of the computer operating system and begins processing the stored program in the smart card. The smart card has identification information stored within its memory. The smart-card information includes information on the smart card owner and the smart-card owner's allowed security access privileges. The smart-card reader interacts with the smart card and the identification information, and the computer user through the stored program in smart-card memory. The smart-card program grants or denies access to a restricted security subsystem such as the second security subsystem in accordance with the acceptance of the identification information entered into the reader by the computer user. In response to granting access to the second security subsystem, the smart-card reader generates an activation signal.
The first electronically-activated switch has a first contact connected to the first security subsystem, a second contact connected to the second security subsystem, and a common contact that is connected to the computer-power supply. The switch is activated through an electronic signal applied to an activation contact. If there were no activation signal, then the first electronically-activated switch is in a normally closed position in which the common contact is connected to the first contact. When an activation signal is received at the activation contact, then the first electronically-activated switch connects the common contact with the second contact position.
The first sensor switch is a mechanically-activated cam switch. This switch is closed by the correct insertion of the removable memory for the second security subsystem into the computer memory receptacle. The removable memory for the second security subsystem has a mechanical cam that is physically located and configured to contact and close the first sensor switch.
The first electronically-activated switch normally is set at the first contact position which is the normally closed position. In the first contact position, the computer operates only with the first security subsystem since it is connected to the computer-power supply through the common contact. The first security subsystem stores unrestricted data at a first security level and is accessible by default without using the smart card when the computer is started. The first security subsystem also can be accessed via the smart card by selecting the first security subsystem via the smart-card program. If a user selected the first security subsystem, then the smart-card program terminates and no activation signal is transmitted to the first electronically activated switch. This maintains the power connection to the first security subsystem and the operating system on the first memory device begins loading after termination of the smart card program.
When an owner of a smart card is granted access to the second security subsystem, then the first activation signal is outputted from the smart card. The first activation signal is connected to the activation contact of the first electronically-activated switch if the removable memory for the second security subsystem is correctly inserted in the memory receptacle. I
Chartered David Newman
Wright Norman M.
LandOfFree
Multi-level secure computer with token-based access control does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Multi-level secure computer with token-based access control, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Multi-level secure computer with token-based access control will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2954966