1. Field of the Invention
This invention relates to preventing a loss of data through the surreptitious use of lost computing system, and, more particularly, to a method for verifying that a computing system is still under the control of a person authorized to use it before allowing access to certain data and functions.
2. Summary of the Background Information
As personal computers become lighter in weight and smaller in size, increasing numbers of computer users rely on a desktop computer for use in the office and a portable computer for use in other locations, such as at home or while traveling. In many instances, the portable computer, as well as the desktop computer, is used to generate or otherwise use sensitive data protected by cryptographic methods, with a number of techniques of encryption and decryption having been developed to provide secure communications between computing systems. Of particular significance is the development of asymmetrical encryption algorithms, in which the key used to decrypt a message cannot be reasonably determined from the key used to encrypt the message, and the development of public key cryptography, in which a first computing system stores a public key, which is made available to a second computing system sending a message to the first computing system, and a private key, which is held within the first computing system itself. A message encrypted with the public key is decrypted with the private key, and a message encrypted with the private key is decrypted with the public key.
For example, a message to be sent in a secure form is encrypted by the second system using the public key of the first system, is transmitted in encrypted form to the first system, and is decrypted within the first system using the private key of the first system. While the private key decrypts a message encrypted by the public key, due to asymmetry of the algorithm, the private key cannot be deduced from the public key.
Alternately, these cryptographic algorithms can be used to verify the identity of a computing system sending a message, with the message being encrypted, for example, by the second system using its own private key. The message is then decrypted within the first system using the public key of the second system. This method forms a part of the process normally known as providing a digital signature.
Both software and hardware solutions for protecting sensitive data are becoming increasingly effective in both desktop and portable systems. For example, both desktop and laptop systems including security chips are now available. A security chip includes a cryptographic processor and secure storage for storing a number of cryptographic keys and key pairs. In a system having a security chip, at least the private keys are stored securely, in a memory that can be accessed only by the cryptographic processor. Cryptographic processes using these keys are carried out only within the cryptographic processor. Passwords may also be stored in such secure storage.
Nevertheless, the main advantage of the portable computer, its light weight and small size, becomes it major liability in terms of data security, as it can be easily stolen or otherwise lost. Furthermore, a person who comes into possession of a stolen computer can begin a leisurely process of learning the secrets it holds and the secrets it can access. For example, a number of methods can be used to locate passwords stored within a computer. Thus, what is needed is a method to prevent at least certain types of operation of a computer which has become lost or stolen.
U.S. Pat. Nos. 5,691,928 and 5,935,244 describe methods of securing the use of portable computers by allowing them to be fully functional only when they are connected to a detachable device. In U.S. Pat. No. 5,691,928, the detachable device is a security module removably coupled to the main chassis of the portable computer and containing circuitry for enabling decryption of encrypted data stored within the portable computer and for coupling the source of electrical power to the data processing and volatile storage circuitry only with the security module coupled to the main chassis of the portable computer. In U.S. Pat. No. 5,935,244, the detachable device is an input/output (I/O) device that functions as a conventional computer interface when docked to the portable computer. Problems with these methods arise from the fact that the rightful user of the portable computer often has a need to use the full features of his system in a remote location. If he carries a removable device, such as the security module along with the computer, there is a risk that the removable device may become lost or stolen with the computer. If he leaves the removable device behind in his office, he will not be able to use important features of his portable computer while he is gone. Thus, what is needed is a means for periodically verifying that the rightful user is in possession of the portable computer before certain features can be enabled, with such verification being possible whether the portable computer is in its home office or in a remote location, and with such verification not depending on a removable module that can be stolen with the portable computer.
U.S. Pat. No. 5,574,786 describes a personal computing system storing a privileged access password, a tamper detection switch for detecting opening of a normally closed enclosure, and a movement monitoring switch. When the movement monitoring switch detects movement of the system while the switch is enabled, and when the tamper detection switch detects opening of the enclosure, power-up of the system is prevented until the privileged access password (or a power-on password) is successfully entered into the system by a user. For a portable system, which by nature is often carried around, the mechanics using a power-on password after the system is moved place a burden on the legitimate system user. Therefore, what I needed is a method for determining if the portable system is being operated by this user, regardless of whether it has been moved.
U.S. Pat. No. 6,125,446 describes a method and system for enabling and disabling automatic encryption engines or algorithms using a Global Positioning System for verification of the country or locale of system operation, in order to assure compliance with federal encryption and export status. While this method provides for such compliance, what is needed is a method for verifying that the legitimate system user is in possession of a portable computing system.
U.S. Pat. No. 5,889,866 describes a method and apparatus for controlling access to a detachably connectable computer device using encryption. The method and apparatus include a connector for coupling the device to a computer, an input device, such as a keyboard, for receiving a password from a user, encrypting logic within the detachably connectable device for encrypting the password, and, also within the detachably connectable device, comparing logic for comparing the received password with a key. The key is determined by encrypting a user-assigned password and storing it as the key. Further included is circuitry for determining whether the received password corresponds to the key, and circuitry for sending an enable signal to configuration logic of the detachably connector computer device, upon a determination that the received password corresponds to the key. In the absence of such a determination, critical functions of the device, such as functions allowing access to data, remain disabled. This method prevents the use of the detachably connectable device by someone not knowing the password.
U.S. Pat. No. 5,552,776 describes a security system, using microprocessor control, non-volatile memory, and a real-time clock for controlling access to computing devices, such as data storage devices, microprocessors, and peripheral boards, which may be fixed to, or removable from, a computing system.
Thus, while the methods of U.S. Pat. Nos. 5,889,866 and 5,552,776 prevent the surreptitious use of a device that must be connected to a computing system to operate, what is needed is a method for protecting a separate computing system, which can otherwise function independently from a particular computing system, from such use.