1. Field of the Invention
The present invention relates to computer systems coupled to a network and more particularly, to a computer system which is disabled when it is disconnected from the network.
2. Description of Related Art
Personal computer systems are well known in the art. Personal computer systems have attained widespread use for providing computer power to many segments of today's modern society. Personal computers can typically be defined as a desktop, floor standing, or portable microcomputer that is comprised of a system unit having a single central processing unit (CPU) and associated volatile and non-volatile memory, including random access memory (RAM) and basic input output system read only memory (BIOS ROM), a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM drive, a fixed disk storage drive (also known as a "hard drive"), a so-called "mouse" pointing device, and an optional printer. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together. Examples of such personal computer systems are IBM's PC 300 series and IBM's Aptiva Series.
Theft of personal computers is becoming a major industry problem. As a result, there has been an ever increasing need to provide security for computer systems against the unauthorized removal or theft thereof. Since modern computer systems are generally more compact and more easily transportable, it is even more difficult to secure against the unauthorized removal or theft thereof.
In addition, today, computer networks are employed to provide efficient computing capabilities throughout a large work area. Existing computer networks generally include a number of remotely located computer systems coupled via a data link to a server system or a central processing center. The wide dissemination of such systems at remote locations has made the systems an even more accessible target for computer thieves.
Accordingly, a number of methods have been developed for guarding against the unauthorized removal of computer systems. For example, U.S. Pat. No. 5,406,260 discloses a method and system for detecting the disconnection of electronic equipment from a network using internal current loops, current sensors and optional alarms. The system includes current loops internally coupled to protected pieces of equipment so that each piece of associated equipment has an associated current loop. A low current power signal is provided to each of the current loops. A sensor monitors the current flow through each current loop to detect removal of the equipment from the network. Removal of a piece of hardware breaks the current flow through the associated current loop which in turn may activate an alarm. However, such systems and methods are very complex and too expensive for today's computer systems.
Although theft of the entire system is a major concern for system owners, an even bigger concern is that the data in the system may be accessed by the thief. Since confidential information, personal information and other valuable data are stored in the computer's hard file, there has been an increasing need to protect the data from unauthorized access even if the entire system is stolen.
Accordingly, a number of methods have been designed to prevent unauthorized access to the data stored in a computer system. For example, U.S. Pat. No. 5,388,156, owned by the assignee of the present invention and incorporated herein by reference, discloses a personal computer system having security features enabling control over access to data retained in such a system. The system has a normally closed enclosure and at least one erasable memory element for receiving and storing a privileged access password (PAP). The PAP is designed to provide protection for the system owner by protecting the initial program load (IPL) device boot list, access to a password utility and access to the System Reference Diskette or System Partition. The system further includes at least one tamper detection switch mounted within the enclosure and operatively connected with the memory element for detecting opening of the enclosure.
If the system of the '156 patent is in one mode, and the enclosure or cover is removed, the tamper detection switch will change states and will set a segment of the memory element to a distinctive value (e.g., all "1"s). This setting of a memory segment to a distinctive state invalidates any previously stored power on password (POP) for purposes of booting an operating system from any source other than the system reference diskette or the system partition. Booting an operating system from either of the last mentioned sources requires entry of a valid PAP. Since the PAP is only known to the system owner, the person tampering with the system will not be able to access any data stored in the hard files therein.
If the system is in another mode, and the enclosure cover is removed by an unauthorized user, the tamper detection switch will change states and invalidate the PAP. If this occurs, no one can access the data in the system including the system owner. In this situation the system board must be replaced.
However, the system of the '156 patent has a disadvantage in that if the entire system is stolen, it can be accessed and used so long as the cover is not removed.
It is therefore desirable to provide a computer system that prevents access to data stored therein when the computer system has been disconnected from the network.