This invention relates generally to removable peripheral devices for microcomputers, and more specifically to removable device security removable peripheral devices for personal computers.
Personal computer systems in general and IBM personal computers in particular have attained widespread use for providing computer power to many segments of today's modern society. Personal computer systems can usually be defined as a desk top, floor standing, or portable microcomputers that consist of a system unit having a single system processor and associated volatile and non-volatile memory, a display monitor, a keyboard, one or more diskette drives, a fixed disk storage, and an optional printer. One of the distinguishing characteristics of these systems is the use of a motherboard, or system planar, to electrically connect these components together. These systems are designed primarily to give independent computing capability to a single user and are inexpensively priced for purchase by individuals or small businesses. Examples of such personal computer systems are IBM's PERSONAL COMPUTER XT and AT and IBM's PERSONAL SYSTEM/2 Models 25, 30, 35, 40, 50, 55, 56, 57, 60, 65, 70, 80, 90, and 95.
These systems can be classified into two general families. The first family, usually referred to as Family I Models, use a bus architecture exemplified by the IBM PERSONAL COMPUTER AT (AT is a trademark of the IBM corporation) and other "IBM compatible" machines. The second family, referred to as Family II Models, use IBM's MICRO CHANNEL bus architecture exemplified by IBM's PERSONAL SYSTEM/2 Models 50 through 95. Certain Family I and most Family II models typically use the high speed INTEL 80386, and 80486 microprocessors.
Such personal computers are characterized as having an "open" architecture. That is, the systems are designed and constructed in such a way that additional peripheral devices, such as removable media direct access storage devices (or DASD) that may be selected and added to the systems, or an existing device that may be changed for a device of a different type. The floppy disk drives mentioned above are one example of a removable media DASD.
Family II machines may have DASD using 3.5 inch diskettes to store 720 kilobytes or 1.44 megabytes or 2.88 megabytes of data. It is known and contemplated that other removable media DASD may be provided and may be used in or with personal computers of the general types described.
One such information storage device is the so-called personal computer card (or simply, pc card) made in accordance with the standard established by the Personal Computer Memory Card International Association (PCMCIA). All pc cards have the footprint of a credit card. These pc cards may be classified under two general categories: memory cards and input/output (I/O) cards. Memory cards were the first generation of cards specified by Release 1.0 of the PCMCIA standard. These cards are file-formatted and are used in substantially the same way as memory diskettes. I/O cards are specified in Release 2.0 of the standard. These types of cards include modems, local area networks (LANs), image cards, hard disk drives, faxes, and docking stations. There are three physical sizes for these cards. All three types are 54.0 mm in length, and 54.0 mm in width. Type I are 3.3 mm in thickness; Type II are 5.0 mm; and Type III, 10.5 mm. The PCMCIA standard is becoming widely used for connecting peripheral devices to portable and notebook personal computers and may be used for other types of pcs.
Protection from unauthorized users may be required in cases where confidential or classified information is handled by automated information systems, such as personal computer systems. The need for security becomes acute in systems using small removable information storage devices, such as pc cards, because of their value. There are two sources of value in these storage devices: (1) the intrinsic value of the device itself (DASD can represent up to one-third the value of the hardware cost of the system); and (2) the data contained in the device may itself be more valuable than the device. Previously, small removable memory devices (e.g., diskettes and CD ROMs) typically used physical means of security such a write-prevent tabs or switches and locks. Moreover, access to a computer system may require the use of a password. However, in the cases of small removable storage devices these security measures may be inadequate because of the attractiveness for theft of these devices. A thief of a small removable device could have read the information in the medium in a system not requiring a password and could also re-use the storage device itself. Additionally, in prior systems a password string was transferred to the host computer to enable password protection in a blind "set password function." Consider a device that does not have password protection enabled. It may have never been enabled, or the operator may have disabled it via the proper input of the required password(s). A malicious user or a virus software program could create and enable a new password without the permission of a legitimate operator, the drive becomes password protected and unusable, even to a legitimate user. This can be a problem where the user did not intend the system to be password protected. Thus, a need exists for better security measures.