The present invention relates to security in computer systems and, more particularly, to the physical security of peripheral devices attached to computer systems.
Computer systems and peripheral devices used therewith have become very small, compact and easy to move. Whilst this has many advantages it has also created some problems. One problem associated with compact and lightweight computer equipment is that it is more easily stolen.
Certain computer system configurations lend themselves well to the provision of a locking system to prevent unauthorised removal of certain system components. For instance, various ways are known of locking portable computers to their associated docking stationsxe2x80x94see for instance WO93/1540 and EP 0681244.
Also known is the automatic engagement and disengagement of devices, such as storage subsystems, that are removably mountable in a device bay of a computer system. Examples of these kinds of device ejection systems can be found in WO98/21640 and WO97/37293.
However, peripheral devices that are attached to a system unit by flying leads represent a particularly vulnerable part of a computer system and one that is not addressed by the presently available range of security measures. Such devices can include not only low value system components such as keyboards and mice, but also higher value peripheral devices such as external storage drives, smart card readers, printers, display devices and even digital cameras and telephones.
Recent developments in xe2x80x98plug and playxe2x80x99 type bus systems, in which devices can be dynamically connected and disconnected without the bus system having to be restarted, has meant that it can be expected that a wider variety of pluggable and unpluggable devices will become available and that such devices will become more mobile within the computing environment as a whole. Such developments only increase the need for security measures to be provided to prevent unauthorised removal of such devices.
This problem is at least partially addressed by cable lock systems, such as those described in U.S. Pat. No. 4,669,281 and U.S. Pat. No. 5,277,599, that are operable using a key.
One of the main advantages of using key operated locks is that they can be unlocked even if there is no power on. However, anyone wishing to remove a peripheral device must be physically in possession of one of the keys. It is not possible to provide for software control of the lock to enable desirable functionality such as remote locking and unlocking, password controlled access, or proper data or time synchronisation between the peripheral device and the computer system.
Such features are particularly desirable for organisations that own and manage very many PCs, and therefore that need to manage access to hardware more easily. If hardware changes are desired in many machines at the same time, the system manager can access systems without having to locate keys and can unlock machines over a computer network, using appropriate hardware management software tools like ones included in the HP Toptools package, available from Hewlett-Packard Company.
This invention is directed to overcoming the drawbacks of the prior art, in particular by providing a more manageable security system for protecting cable-connected peripheral devices.
In brief, this is acheived by a computer system having a removable peripheral device that is connectable to the computer system via a flying lead and a plug and socket combination, characterised by a lock member that is movable under the control of software running on the computer system to release or secure the plug to the socket.
In a preferred embodiment, resilient biasing means bias the lock member into a lock position in which the plug cannot be removed from the socket and an actuator is provided that is responsive to an electrical signal to urge the lock member to a unlock position in which the plug can be removed from the socket. Suitably, the actuator can comprise a length of shape memory wire arranged to move the lock member.
In one implementation, the peripheral device is connected to the computer system via a Universal Serial Bus and the plug is a USB standard plug.
Viewed from other aspects, the invention provides a computer unit for use in the above described system, the unit comprising a socket for receiving a plug, the socket having a movable lock member and means to enable software to move the lock member from a locked state to an unlocked state and a computer program for use in such a system and stored on a computer readable media, the program comprising code portions for causing a computer to generate a signal to lock or unlock a peripheral device attached to the system by a flying lead and a plug and socket combination.