The present invention relates to computing devices. More particularly, the present invention provides a method and device for securing a personal computer or set-top box. Merely by way of example, the present invention is applied to a modular computing environment for desk top computers, but it will be recognized that the invention has a much wider range of applicability. It can be applied to other portable or modular computing applications.
Many desktop or personal computers, which are commonly termed PCs, have been around and used for over ten years. The PCs often come with state-of-art microprocessors such as the Intel Pentium(trademark) microprocessor chips. They also include a hard or fixed disk drive including memory in the giga-byte range. Additionally, the PCs often include a random access memory integrated circuit device such as a dynamic random access memory device, which is commonly termed DRAM. The DRAM devices now provide up to millions of memory cells (i.e., mega-bit) on a single slice of silicon. PCs also include a high resolution display such as cathode ray tubes or CRTs. In most cases, the CRTs are at least 15 inches or 17 inches or 19 inches in diameter. High resolution flat panel displays are also used with PCs.
Many external or peripheral devices can be used with the PCs. Among others, these peripheral devices include mass storage devices such as a Zip(trademark) Drive product sold by Iomega Corporation of Utah. Other storage devices include external hard drives, tape drives, and others. Additional devices include communication devices such as a modem, which can be used to link the PC to a wide area network of computers such as the Internet. Furthermore, the PC can include output devices such as a printer and other output means. Moreover, the PC can include special audio output devices such as speakers the like.
PCs also have easy to use keyboards, mouse input devices, and the like. The keyboard is generally configured similar to a typewriter format. The keyboard also has the length and width for easily inputting information by way of keys to the computer. The mouse also has a sufficient size and shape to easily move a cursor on the display from one location to another location.
Other types of computing devices include portable computing devices such as xe2x80x9claptopxe2x80x9d computers and the like. Although somewhat successful, laptop computers have many limitations. These computing devices have expensive display technology. In fact, these devices often have a smaller flat panel display that has poor viewing characteristics. Additionally, these devices also have poor input devices such as smaller keyboards and the like. Furthermore, these devices have limited common platforms to transfer information to and from these devices and other devices such as PCs.
Up to now, there has been little common ground between these platforms including the PCs and laptops in terms of upgrading, ease-of-use, cost, performance, and the like. Many differences between these platforms, probably somewhat intentional, has benefited computer manufacturers at the cost of consumers. A drawback to having two separate computers is that the user must often purchase both the desktop and laptop to have xe2x80x9ctotalxe2x80x9d computing power, where the desktop serves as a xe2x80x9cregularxe2x80x9d computer and the laptop serves as a xe2x80x9cportablexe2x80x9d computer. Purchasing both computers is often costly and runs xe2x80x9cthousandsxe2x80x9d of dollars. The user also wastes a significant amount of time transferring software and data between the two types of computers. For example, the user must often couple the portable computer to a local area network (i.e., LAN), to a serial port with a modem and then manually transfer over files and data between the desktop and the portable computer. Alternatively, the user often must use floppy disks to xe2x80x9czipxe2x80x9d up files and programs that exceed the storage capacity of conventional floppy disks, and transfer the floppy disk data manually.
Another drawback with the current model of separate portable and desktop computer is that the user has to spend money to buy components and peripherals the are duplicated in at least one of these computers. For example, both the desktop and portable computers typically include hard disk drives, floppy drives, CD-ROMs, computer memory, host processors, graphics accelerators, and the like. Because program software and supporting programs generally must be installed upon both hard drives in order for the user to operate programs on the road and in the office, hard disk space is often wasted.
One approach to reduce some of these drawbacks has been the use of a docking station with a portable computer. Here, the user has the portable computer for xe2x80x9con the roadxe2x80x9d use and a docking station that houses the portable computer for office use. The docking station typically includes a separate monitor, keyboard, mouse, and the like and is generally incompatible with other desktop PCs. The docking station is also generally not compatible with portable computers of other vendors. Another drawback to this approach is that the portable computer typically has lower performance and functionality than a conventional desktop PC. For example, the processor of the portable is typically much slower than processors in dedicated desktop computers, because of power consumption and heat dissipation concerns. As an example, it is noted that at the time of drafting of the present application, some top-of-the-line desktops include 400 MHz processors, whereas top-of-the-line notebook computers include 266 MHz processors.
Another drawback to the docking station approach is that the typical cost of portable computers with docking stations can approach the cost of having a separate portable computer and a separate desktop computer. Further, as noted above, because different vendors of portable computers have proprietary docking stations, computer users are held captive by their investments and must rely upon the particular computer vendor for future upgrades, support, and the like.
To date, most personal computers provide data file security through software only. A wide variety of removable storage media are available for a personal computer. These removable media do not provide any access security protection in hardware. Data encryption program often must be used for protection. Such program is cumbersome to handle for the user requiring extra cost and time. Data encryption is more commonly used for communication over an unprotected network or the Internet. Having a large number of frequently used files managed by encryption software is not practical. Without software security program, any file can be read and copied illegally from a hard disk drive on a PC or any removable media.
PC architecture generally allows freedom of data flow between memory and peripheral devices within the allowed memory and I/O address spaces. In conventional PC architecture, a peripheral bus, i.e. PCI bus, is used to control all data transactions among peripheral devices. PCI bus allows any device to be a bus master and perform data transaction with another device. Also when a software program is in control, it can move data between any two devices. There is no hardware or protocol security mechanism on a standard peripheral bus such as PCI Bus to detect or block data transactions. Operating system may have individual files read or write protected. These types of special security feature require significant additional user interaction to control. This is too cumbersome for a typical user to manage. There is no mechanism in current PCs to allow access to the primary hard disk drive and yet prevent copying of its content. The conventional PC is a single machine that does not have a mechanism to perform security ID matching in hardware.
Thus, what is needed are computer systems that provide improved security features to prevent illegal or unauthorized access to information.
According to the present invention, a technique including a method and device for securing a computer module in a computer system is provided. In an exemplary embodiment, the present invention provides a security system for an attached computer module (xe2x80x9cACMxe2x80x9d). In an embodiment, the ACM inserts into a computer module bay (CMB) within a peripheral console to form a functional computer. A security program reads an identification number in a security memory device to determine a security level of the ACM according to one embodiment.
In a specific embodiment, the present invention provides a system for secured information transactions. The system has a console (e.g., computer housing) comprising a peripheral controller housed in the console; and a security memory device (e.g., flash memory device) coupled to the peripheral controller. The system also has an attached computer module (i.e., a removable module with memory and microprocessor) coupled to the console. The attached computer module has a host interface controller housed within the attached computer module to interface to the security memory device through the peripheral controller.
In an alternative embodiment, the present invention provides a security protection method for a computer module. The method includes steps or acts of inserting the computer module into a console. Once the module has been inserted, the method initiates a security program in the module to read a security identification of the console and to read a security identification of the computer module. Based upon a relationship of the console identification and the computer module identification, a predetermined security status is determined from, for example, a look up table or the like. The method then selects the predetermined security status, which can be one of many. The method then operates the computer module based upon the security status.
In a further alternative embodiment, the present invention provides a method for identifying a user for a computer module. The method includes inserting a computer module into a console; and initiating a security program in memory of the computer module. The method prompts a plurality of input fields corresponding to respective input information on a user interface to be provided by a user of the computer module. Next, the method inputs the input information into the user interface of the computer module. The input information includes a user (e.g., owner) name, a user (e.g., owner) password, a business name, a business password, and a location.
Still further, the present invention provides a system for secured information transactions, e.g., data security, electronic commerce, private communications. The system includes a console comprising a peripheral controller housed in the console. A user identification input device (e.g., keyboard, retinal reader, finger print reader, voice recognition unit) is coupled to the peripheral controller. The user identification input device is provided for user identification data of the user. The system has an attached computer module coupled to the console. The attached computer module has a security memory device (e.g., flash memory device) stored with the user identification data.
Numerous benefits are achieved using the present invention over previously existing techniques. The present invention provides mechanical and electrical security systems to prevent theft or unauthorized use of the computer system in a specific embodiment. Additionally, the present invention substantially prevents accidental removal of the ACM from the console. In some embodiments, the present invention prevents illegal or unauthorized use during transit. The present invention is also implemented using conventional technologies that can be provided in the present computer system in an easy and efficient manner. Depending upon the embodiment, one or more of these benefits can be available. These and other advantages or benefits are described throughout the present specification and are described more particularly below.