1. Technical Field
The present invention relates to an approach for blocking computer system ports based on the user of the system. More particularly, the present invention operates to load NVRAM (CMOS) settings that control hardware functionality based on the user of the system.
2. Description of the Related Art
An individual computer systems is often used by multiple users. Each of the users of the system might have different responsibilities and different trust levels in an organization. Computer systems are often networked within an organization and can access the organization's confidential information either through the network or stored on the computer system's nonvolatile storage devices, such as the hard drive. Ports, such as Universal Serial Bus (USB) ports, are often used to connect portable nonvolatile storage devices (e.g., “thumb drives,” “USB drives,” etc.) to computer systems to either copy data from the computer system to the portable device or to write data from the devices to the computer system's hard drive. Data copied to the computer system may include executables, such as programs, that could inadvertently, or deliberately, contain malware, such as viruses, that could not only infect the individual computer system, but could also infect or disrupt other computer systems in the organization through the computer network.
Traditional access control mechanisms, such as operating systems that provide a “profile” for individual users, are often used to limit individual's access to sensitive data or files and may even provide such data on a “need to know” basis. However, these traditional access control mechanisms are challenged in that ports that allow inputs and outputs are controlled using nonvolatile RAM (NVRAM) settings (e.g., CMOS settings) that are established before the operating system has booted. In traditional systems each of the users shares the same CMOS settings. Therefore, these NVRAM settings are usually configured with one or more “open” ports so that users of the system can send and receive data from the computer system. This “open” setting may be necessary and appropriate for a trusted individual of the organization that needs to be able to load files to the system or copy files to a portable device. However, a non-trusted individual, such as a new temporary worker, also receives these “open” settings and, as described above, can compromise the security and integrity of the computer system and organizational networks by using such “open” ports to steal confidential data or to load “malware” on the computer system's hard drive.