This invention relates generally to a mechanism for locking a computer system and more particularly to a lockout device that inserts into and interlocks with a computer disk-drive to prohibit operation and access to the computer.
A typical computer system has an external input/output port (I/O port). The I/O port is used for transferring data between an external data storage medium (e.g., a floppy disk, CD RAM, CD ROM, optical disk, magnetic tape) and either an internal memory or an internal hard disk of the computer. For example, personal computers such as an IBM PC typically have a floppy disk-drive, a hard disk drive, and internal random access memory (RAM). Data is transferred from the floppy disk to RAM by simply directing the computer to read a file residing on the floppy disk. Data is transferred from the floppy disk to the hard disk (via RAM) with a simple copy command.
The disk-drive, while designed for convenient data transfer, also allows unauthorized access to the computer system. For example, copying data from a computer's hard drive simply requires turning on the computer, inserting a diskette into the floppy disk drive, and copying data from the computer hard disk to the diskette. Alternatively, if an unauthorized user wants to destroy files currently residing in the computer system, he or she simply has to turn on the computer and delete the file. Disk-drive lockout systems have been developed to prevent unauthorized access to a computer's data base. These lockout systems, however, are not completely effective in preventing access to the computer or preventing damage to the internal circuitry of the disk-drive and computer system. In U.S. Pat. No. 4,964,285 to Lakoski et. al., a locking device is used to block the floppy disk slot of a computer disk-drive. The locking device, while preventing insertion of a diskette into a floppy disk drive, does not effectively prohibit operation of the computer system.
For example, most computer systems require a start-up program (boot program) to begin normal operation. The start up program resides either on an external diskette or on an internal hard disk. An internal read only memory (ROM) in the computer directs the system to look first for the start up program on a floppy disk in the external disk-drive. If there is no disk in the external disk-drive, the ROM program directs the system to look for the start up routine on the internal hard disk drive. Therefore, even if the locking system in Lakoski is activated (i.e., the device is locked over the drive slot of the disk-drive) the system can still be operated by simply turning on the computer system. The data on the computer's hard disk could then be viewed and/or destroyed by an unauthorized user. In addition, the data on the computer hard disk could be extracted through an alternative data I/O port such as the computer's printer. The locking device in Lakoski, however, only covers a small portion of the disk-drive slot. Thus, a floppy disk locked in the computer's disk-drive, is still accessible. For example, the disk can be literally torn or jimmied out of the disk-drive allowing the computer to boot from the hard disk. In the alternative the disk could be mangled with a screwdriver destroying the data on the floppy disk. Since the disk-drive slot is not completely covered, potentially damaging foreign matter can also be injected into the disk-drive slot. For example, a young child could pour water into the slot, damaging the internal circuitry of the computer system and the disk-drive.
The effectiveness of a lockout system also depends upon how securely it is mounted on the computer system casing. For example, if the mounting screws of the lockout device are accessible, the lockout device can be disabled simply by unscrewing it from the computer. In addition, holes must be drilled into the metal casing of the computer system to mount the lockout device. Therefore, retrofitting the lockout device on existing computer systems is time consuming and expensive.
Lockout devices are usually permanently mounted on one specific computer system. Therefore, each additional computer must have its own separate locking device. However, some computer systems only need to be secured when certain confidential data is residing in memory. If the locking device were easily portable, it could "follow" the confidential data, and a single lockout device could effectively protect multiple systems.
Accordingly, a need remains for inexpensive portable computer lockout system that prevents both operation of the computer system and access to the internal circuitry of the disk-drive.