When many different people share a computer system, access to the computer system or to parts of the computer system has to be controlled. Access control is currently known so that only authorized users can make use of the computer system and its associated user application(s). Access control prevents usage of the computer system by non-authorized persons. In this way, access control protects a computer system or parts of a computer system from misuse.
The most common access control techniques are based on a password driven access to the computer system. There exist different levels of password access or password protection of computer systems. Typically, a password access is either user related or device oriented. The user related access makes use of a user identifier (“userID”) that is unequivocally associated to each authorized user of the computer system. Before making use of the computer system, each user has to pass an authentication or login procedure thereby confirming his or her identity. Typically, the user has to enter a valid combination of user identifier and password. Only when the user has successfully passed the login procedure, access to the computer system is granted. Typically, such user related authentication procedures are purely software implemented and are commonly used by the most common multi-user operating systems such as e.g. UNIX™ (licensed by X/Open Company Limited), LINUX™ (of Linus Torvalds), or Windows™ (of Microsoft Corporation) operating system.
Device oriented authentication procedures protect hardware or hardware components of the computer system from unauthorized modification. For example, BIOS-password protection or hard disc drive (HDD) password protection are common techniques to prevent unauthorized persons from modifying the hardware configuration of a computer system.
Even though there are advanced encryption mechanisms for storing user identifications and associated passwords on the computer system, a misuse by unauthorized users is still possible. Any unauthorized person that takes possession of a valid combination of user identification and corresponding password gets access to the computer system.
Access protection of mobile computer systems is important when the computer system is stolen. It is important to protect the data from the thief. Also, a stolen computer system becomes worthless to a thief, when the thief has no access to user identification and password or has no means to circumvent the inherent access controlling mechanism. Within the framework of personal computer systems, an unauthorized user can in principal seize control of the computer system, i.e. circumvent the protection mechanism by simply installing another operating system or different time interval setting program on a stolen computer system.
The above described access protection techniques as they are known from the prior art are not appropriate in an industrial environment where many users share one mobile computer system. For example, in the field of portable diagnosis computer systems for automotive engines and other industrial applications, password driven access to the diagnosis system is inconvenient because the diagnosis system is shared by many different users. It would be burdensome for each user to have to authenticate himself or herself multiple times each day.
Accordingly, an object of the present invention is to control access to a computer system to deter theft and other unauthorized use, without requiring conventional password protection.