1. Field of the Invention
The present invention is related to system level computer operation, and more specifically, to security measures to protect computer systems.
2. Description of the Related Art
As the computer industry has evolved, computers have become smaller and more portable. Reductions in size, power and other considerations, as well as diminution of chip size and migration of multi-chip functionality to a single chip have resulted in computers that are light weight, easy to use, and easy to transport. Given the highly mobile nature of portable computers and their usage, the trend toward more portable computer systems is likely to accelerate.
While the increased portability of small computer systems has generated tremendous advantages for the computer industry as well as for computer users, the risk of lost or stolen computer systems presents a continuing problem. Often without malicious intent, computer users inadvertently pick up a computer system belonging to another person or company. Moreover, even within the computer industry, employees often take small computers home in the evening or on weekends to work. Inevitably, problems arise as to the proper custody or ownership of a particular computer system.
Such problems do not only exist between separate entities. Even within a company, each department may be allotted a particular group of computer systems, and computer systems from other departments may inadvertently be carried into the area. Confusion may arise as to which computers belong to which area.
In addition to loss or theft of the physical computer system, intellectual property issues can also become implicated. Proprietary information loaded onto a computer system can be difficult to remove completely since various traces of deleted information often remain on a hard disk. When computer systems are indistinguishable, it may be difficult to insure that such information has been properly deleted from a computer system. Computer systems that have previously stored highly sensitive information may inadvertently fall into the hands of those not cleared for the information, perhaps jeopardizing confidentiality.
Physically marking a computer system, for example by engraving or otherwise marking the exterior of the computer case, has significant disadvantages. With respect to the innocent switching of computer systems, permanently marking the exterior of a computer case can make computer systems very difficult to reallocate. Because the needs for computers within a company can evolve over time, companies must be free to reallocate computers among various departments as needs arise. Therefore, permanently marking computer systems may be disadvantageous. With respect to the malicious theft of computer systems, permanently marking the exterior of a computer case does not prevent a thief from merely covering the exterior marking, or from replacing the computer case with another computer case and attempting to resell the computer. Therefore, the difficulties inherent in computer system identification are not solved by marking the case or cover.
Briefly, the present invention provides a new and improved identification technique for computer system. The present invention allows a computer administrator or other trusted person to place a xe2x80x9cownership tagxe2x80x9d in a special area of memory that cannot be altered without the use of a special administrator password. The ownership tag indicates the person or entity who presently has the right of custody of the computer system. When a user powers on the computer system, the ownership tag is presented to the user. For example, the ownership tag is preferably presented during the installation and execution of the Power on Self Test (POST) portion of the Basic Input Output System or BIOS.
With the present invention, the POST processes can be interrupted. The POST process are interrupted by a user pressing a suitable key during the normal POST routine. Interruption of the POST process allows the computer to enter an administrator set up mode. In the administrator set up mode, a system administrator may enter the administrator password and alter the contents of the protected memory, changing the ownership tag. Additionally, the system administrator can if desired alter the ownership tag remotely over a network.
According to the present invention, the administrator may enter a special administrator password in order to alter the ownership tag. If desired, the computer system may be set so that a person must physically remove the memory device containing the ownership tag, place the ownership tag memory in an external device that is not part of the computer system, and apply external voltages and currents not available within the computer system to the memory in order to change the ownership tag.