1. Field of the Invention
This invention relates to personal computer systems and, more particularly, to a personal computer having security features enabling control over access to data retained in the computer.
2. Description of the Related Art
The rapid development and adaptation of new technology in the computer industry has enabled personal computers and peripherals to become ever more powerful and sophisticated. However, the torrid pace of technological innovation has rendered many otherwise operable personal computers obsolete due to outdated system software. Particularly, if the system resident code (or firmware) is outdated, an IBM compatible computer may not be able to support features available with the latest peripherals.
Developed since the earliest generation of personal computers, the firmware residing in read only memory (ROM) provides an operational interface between a user""s application program/operating system and the device to relieve the user of the concern about specific characteristics of hardware devices. This insulation layer of code eventually evolved into a Basic Input/Output System (BIOS) code which allowed new devices to be added to the system while isolating the application program from the peculiarities of the hardware. Since the BIOS is an integral part of the system and controls the movement of data in and out of the system processor, it resides on the system ROM. As new models of the personal computer family are introduced, the BIOS had to be updated and expanded to include new hardware and I/O devices.
Since the technology is rapidly changing and new I/O devices are being added to the personal computer systems, modification to the BIOS and other system software is desirable to keep existing personal computers up to date to support the latest peripherals while maintaining compatibility with existing peripherals. The availability of flash ROMs has made possible the ability to update the contents of the ROM without ever physically removing the ROM. However, since the BIOS is an integral part of the operating system, a corrupt BIOS could lead to devastating results and in many cases to complete failure and non-operation of the system.
The user""s awareness of accidental or intentional misuse or otherwise unauthorized modifications to the computer""s system software has been made more acute following the publicity on the adverse consequences of computer security breaches. Thus, security conscious users are requesting that security and integrity features be incorporated into their personal computers to protect the flash ROM and to prevent unintentional or malicious erasure of the flash ROM contents.
In previous systems, a switch was used to control the updating of the flash ROM. However, the switch method was burdensome and inflexible. A password approach is desirable due to lower cost of eliminating a switch, increased flexibility because passwords can be easily changed, and enhanced user convenience while still providing the necessary level of security. But at the same time, the password approach must be sufficiently secure so that the password cannot be obtained during the process. Thus, a security device is needed that can verify a password provided by the user instead of requiring the user to throw a switch to update the flash ROM and to perform such verification in a secure manner.
A computer according to the present invention provides security by having the system ROM provide a password at power-on to a security device which controls access to the secured features. Once a password has been downloaded to the security device, a Protect Resources command is issued to the security device which controls access to the protected resources such as the flash ROM. To access the secured resource, the user provides the correct password to the security device. The security device can only verify and not divulge the password, so security of the system is enhanced.
These and other features of the present invention will be understood upon reading of the following description along with the drawings.