Not Applicable
Not Applicable
Not Applicable
The present invention pertains generally to computer security systems, and more specifically to a microprocessor based system to restrict access to a particular computer and deter its theft and secure stored and transmitted data.
As the prevalence and importance of computers grows and their portability increases, so too does the need to protect these systems and the data stored within them from unauthorized access and theft. These lead to not only financial costs through the loss of valuable data, perpetration of fraud and sabotage, and the loss of equipment, but also privacy concerns as sensitive information is accessed without authorization. Unauthorized access becomes even more of an issue as the points of access to a computer increase through the use of networks and the Internet.
A wide variety of methods for preventing theft of computer data and equipment and unauthorized access have been developed. One method for securing computers is to physically secure them with some form of restraint or locking device. Typical among these are bolt-down metal enclosures or cable and lock devices which physically secure a computer to the floor or a desk. These devices are effective only as a deterrent to theft of the hardware and do not protect the data stored inside the computer should they be compromised.
To deter access to sensitive data and theft encryption algorithms have been employed to render the data unintelligible to unauthorized users. While the use of this method can protect the data stored in the computer if a secure enough algorithm is used, it is ineffective at deterring theft of the computer itself as all parts of the computer system are still fully functioning and require only that the encrypted data storage device(s) be replaced.
To address the problem of physical theft of the computer some security systems employ a means by which the data stored in the computer system such as the in the hard drive is physically or logically destroyed if unauthorized access is attempted or the computer is tampered with. Logical destruction of the data also destroys the data for authorized users and does not affect the functioning of the data storage device. Physical destruction of the hard drive renders the data and drive useless for both the unauthorized and authorized user but does not incapacitate the entire system as the drive can simply be replaced.
Another method for securing a computer system, specifically the data stored inside, is the use of identification and authentication systems by which a user provides a claimed identity to the system and establishes the validity of this claim before access is granted. The three main methods by which a user""s claimed identity is verified are through the use of: 1.) something the individual knows such as a password or PIN (Personal Identification Number); 2.) something the individual possesses, such as a tokenxe2x80x94a magnetic stripe card or smart card for example; and/or 3.) something unique to the individual, such as a biometric characteristicxe2x80x94retina pattern or fingerprint for example. This method may be effective to a certain degree to deter theft or sabotage of data but is relatively ineffective as a deterrent to actual theft of the computer. In addition all these identification and authentication systems may be by-passed by such techniques as removing the hard drive from the secured machine and placing it in another unsecured machine thereby gaining access to the data stored inside or microscopically reading data stored in ROM (Read Only Memory).
U.S. Pat. No. 4,951,249 to McClung et al., Mar. 23, 1989, describes a personal computer security system which comprises an expansion card, a magnetic card reader, a tilt detecting means, a tamper detecting means and an alarm. This system protects a personal computer in two ways. The first is the physical protection of the hardware through the use of an alarm system which detects attempts to move the computer or tamper with the computer""s housing. The second method involves the disabling of the keyboard and floppy drive to prevent the introduction of an unauthorized operating system, and the passing of control immediately prior to the loading of the operating system to a ROM device on the security system board which contains instructions involving the security procedures. One of the main security measures is the use of a magnetic card reader and magnetic card to identify the user of the computer. This system has several weaknesses. One weakness is that the expansion card may be simply removed from the computer slot or replaced by another. The lack of an intelligent device such as a microprocessor on the security board further adds to this weakness. In addition, the passing of control to the security card ROM may be by-passed at the BIOS or pre-boot level through a modification of the computer""s BIOS. Another problem with this system is the inherent weakness of magnetic stripe cards. These cards generally lack any intelligent means to prevent copying or reading of the information stored on them. Finally, although the tamper alarm may be somewhat of a deterrent, if an unauthorized user can gain access to the data stored in the computer through methods such as the removal of the hard drive, the lack of encryption security leaves the data totally unprotected.
U.S. Pat. No. 5,146,499, to B. Geffrotin, Sep. 8, 1992 describes a data processing system comprising a pseudo random number generating means, a start up detecting microcircuit, a security microcircuit, and main BUS blocking circuit, all connected to a microprocessor and a smart card reader logically connected to the CPU of the computer. Upon start up of the computer system, an authentication procedure is executed by the microcircuit board in which identifies and authenticates the user through the verification of a smart card involving the comparison of encrypted keys created by the random number generator. Failure of this verification procedure results in a continuous blocking signal being sent to the main BUS shutting down the start up procedure. This differs from the present invention which uses modified device drivers and a number of enable/disable circuits to selectively enable or disable peripherals in the absence of proper authorization. Active physical attack of the security system described in U.S. Pat. No. 5,146,499 is prevented by locating part of the standard BIOS in the electronic microcircuit. This security system may be circumvented through the removal of the security microcircuit board and the reinstallation of a new BIOS in the EPROM (Electrically Programmable Read Only Memory) memory of the computer system. In addition, information within data storage devices such as the hard drive are not encrypted and therefor can be read by placing these devices in another machine.
U.S. Pat. No. 5,007,082 to M. Cummnins Apr. 9, 1991 describes a computer software encryption apparatus which also operates during the power on stage of the computer start up procedure. This system involves attaching an encryption algorithm to the computer""s BIOS and comprises a fixed data storage medium such as a hard drive, a removable data storage medium such as a floppy disk and a buffer area for communicating with both of these data storage devices. Data flowing from the buffer to the removable data storage medium is intercepted and encrypted. Data flowing from the removable data storage medium to the buffer is similarly intercepted and decrypted. As a data security system this invention has many problems. Perhaps most important is the fact that the information on the xe2x80x98fixed data storage mediumxe2x80x99 such as a hard drive is not encrypted and may be easily accessed by removing the storage device from the xe2x80x98securexe2x80x99 computer and installing it in another computer. Also, the BIOS level software program may be replaced by replacing the modified routines stored in the computer""s ROM (Read Only Memory) with new routines which do not contain the interrupt and encryption functions. Finally, this security system is hardware specific and must be reconfigured for each different type of computer CPU.
U.S. Pat. No. 5,610,981 to Mooney et al., Mar. 11, 1997 describes a computer access controlling device comprising a microprocessor-controlled card reader interface connected to a smart card reader and the CPU of the computer. The card reader interface includes an encryption engine for encrypting data in a data storage device and a boot ROM containing verification code which is executed during the start up procedure. Identification and authentication of the user is achieved through the asking of one or more predetermined questions once a smart card has been inserted in the card reader. The responses to these questions are compared to the answers stored on the smart card and if they match, the CPU is allowed to access all authorized peripherals. Attempts at unauthorized access will result in either freezing of the system BUS, or logical or physical destruction of data in data storage devices. This differs from the present invention in that the Mooney patent will only operate through an ISA (Interrupt Standard Architecture) Bus and therefor is not suitable for computer systems with the PCI (Peripheral Component Interconnect) Bus which is in common use in many systems. This system is also chipset dependent and must be redesigned for every new motherboard microprocessor chipset. Logical and particularly physical destruction of data represents an extreme measure and may permanently destroy valuable data for authorized users. In addition, simple freezing of the system BUS may be overcome by bypassing the card reader interface board and rebooting the computer. Without a modification to the system BIOS this device is also vulnerable during the ROM scan phase of the BIOS start up routine. An expansion card with on-board ROM could be used to introduce some code which could redirect the computer CPU to perform some unauthorized task at the preboot level.
U.S. Pat. No. 5,187,352 to W. Blair et al, Feb. 16, 1993 also describes a microprocessor controlled security system for computers. This security system involves a microprocessor which reads data from a magnetically encoded card and based on component access and time allotment data responsively sends enable or disable signals through a component interface circuit to the computer system component(s). The components that can be enabled/disabled are limited to the video display device, hard disk drive, and external CPUs of slave computers. The use of magnetically encoded cards presents a major weakness in this system as these cards are easily read and copied and therefor are not very secure.
In January 1998, Phoenix Technologies Inc. and RSA jointly and publicly announced a preboot security system which uses a modified BIOS and encryption engine. In this security system a programmable cipher device or xe2x80x98cryptoenginexe2x80x99 is placed in the bootblock partition of flash memory. This flash memory is protected from unauthorized updates by password and a token which contains the key(s) necessary to conduct such as operation. The security system involves the digital signing of adapter cards and ROM extensions for peripheral devices with the peripheral vendor""s private key. During the ROM scan phase of the start up procedure of a computer, the BIOS compares a list of authorized public keys against the digital signatures of peripheral devices encountered during ROM scan. This requires that all approved peripheral devices be digitally signed with the vendor""s private encryption key beforehand. Only approved peripheral devices are allowed to load and operate. This system is a bit awkward in that all authorized peripheral devices must have digital signatures embedded in them by the device vendor or manufacturer. The system is thus restricted to only those vendors or manufacturers who participate in this digital signature process. In addition, as far as can be determined from information concerning this system released to date, the Phoenix/RSA system differs from the present invention in that peripheral devices are not physically disabled making them accessible and vulnerable to a determined unauthorized user.
There is a need in the art for a computer security system which is less vulnerable to bypass and which, at the same time, deters physical theft of the computer itself by rendering it inoperable in the absence of the proper authorization and identification procedures. There is a further need to protect the data stored in peripheral data storage devices and which is communicated through the computer using a modem or other similar device. There is also a need for a computer security system which is not limited to any one computer CPU but can work universally with a variety of CPU""s and does also not require unanimous participation of vendors and manufacturers to one particular standard in order to be effective. There exists a further need for a system which provides a means to identify and authenticate a computer system over a network before allowing it access to the network, in order to protect the security of the network itself and the data stored therein.
The present invention overcomes the limitations of the prior art by providing a means for controlling access to a computer and sensitive data stored on its data storage devices at the pre-boot phase and during operation of the computer. The present invention provides a means for identifying and verifying the identity of authorized users through smart card identification performed at the BIOS level, the real time protection of sensitive data stored in data storage devices and communicated through devices such as a modem with encryption algorithms, restricting access to certain peripheral devices of a computer system through the use of individually configured smart cards and computers. It also acts as a deterrent to theft by providing the means to incapacitate the computer system by disabling peripheral devices in the absence of the proper authorization and identification procedure. This invention acts as a deterrent to theft in a similar manner to car radio systems which have removable face plates. In the case of this computer security system, the knowledge that without the proper smart card the computer will not operate, acts a deterrent to would be thieves. The invention comprises a modified motherboard with a microprocessor based security engine, enabling and disabling circuits, memory buffer circuits, and a modified BIOS, modified DDL, and a smart card reader and smart cards.
Upon power up or interrupt of the computer, the modified BIOS takes control and allows the security engine microprocessor to look for, and if present, read from a smart card in the smart card reader which is logically connected to the security engine microprocessor. If the smart card and the computer have not been previously xe2x80x98personalizedxe2x80x99 a security setup procedure is initiated and a unique hash number (digital signature) placed in the smart card during the initial set up of the security system and a complementary hash number similarly assigned to the security engine memory. The hash number calculations are based on a set of personal information provided by the holder of a particular smart card and thus each computer and smart card is uniquely xe2x80x98personalizedxe2x80x99 for that user. During start up or interrupt of the computer, a software program in the flash memory of the security engine compares the hash numbers in the smart card and the computer. If these two hash numbers are complements, the boot up procedure is allowed to continue and access to the computer allowed up to a predetermined level depending on the level of access configured in the security engine. The level of access allowed is determined by the presence or absence of encrypted keys in the memory of the security engine which are required before any device driver can load and initialize and recognize its respective peripheral communication or data storage device. This enable and disable capability is achieved through the placement of enable/disable circuits between the peripheral device connector and its respective Bus. If the proper smart card is not present in the card reader, no device drivers will be loaded and the computer will not be operable. Provisions are made within this invention to accommodate a hierarchy of users within a computer network and to allow identification and authentication procedures over a network of computers containing the present invention.