1. Field of the Invention
This invention relates to security systems for computing devices, and more particularly to security systems which utilize microprocessor control, non-volatile memory and a real-time clock to selectively control access to, and record usage of, fixed and/or removable computing devices such as data storage devices, CPUs, memory units, base units, microprocessors, peripheral boards, power supplies, and/or input/output controllers.
2. Description of Related Art
Presently-existing computer systems generally provide no means for electronically controlling access to computing devices. Furthermore, these systems do not provide any indication or history of power-on, data access, execution, or data modification operations. Accordingly, access control has been implemented by controlling physical access to the computing device itself, or by physically controlling access to the power switch of a computing device.
Another method of providing physical access control involves the use of data storage devices having removable memory units. In the early history of computing devices, magnetic disk drives having removable magnetic platters were commonly used as data storage mechanisms. This configuration of equipment permitted the use of a number of sets of platters with one drive unit, resulting in substantial economies since much of the cost of such a disk drive unit was in the motor drive unit, read/write head structure, and control electronics. This system provided a measure of physical security, in that the platters could be removed and stored in a secure location.
Many present-day disk drives are manufactured as sealed units, with nonremovable magnetic platters. The use of sealed disk drive units permits the drives to be fabricated in an efficient, cost-effective manner. However, a disadvantage of sealed disk drives has been that they are normally not designed to be easily removed from a computer system. Such removability is desirable for a number of reasons, including ready replacement of defective drives and transportation of data from one computer system to another. However, probably the most important reason for such removability is for purposes of security, to permit removal of drives containing sensitive data. In some cases, data may be so sensitive that a removed drive must be stored in a vault when not in use.
With the advent of small format disk drives (e.g., commonly available 51/4" and 31/2" form factor drives, as well as 21/2" and 1.8" drives), removable disk drives have been introduced. Some of these products include a "docking base" coupled to a computer system and having a power supply and computer interface, with the disk drive itself being removable from the docking base. In other products, the disk drive, power supply, and computer interface form a removable unit, although the computer system may have a "docking interface" for making electrical connections to the removable unit. Oftentimes, computing devices are arranged to form a network. These devices are relatively easy to access. After the computer device is powered up, the data stored in these devices are generally not secured.
U.S. Pat. No. 4,591,975, issued to Wade, et al. on May 27, 1986, and entitled "Data Processing System Having Dual Processors," discloses removable disk drives which incorporate security features into the drive design to protect the stored data from unauthorized access or modifications. The disclosure of Wade, et al. is incorporated herein by reference. The unit described in Wade has a lockable hardware write-protection feature in addition to a locking switch mechanism for controlling the write-protection feature.
Removable data storage systems incorporating these features allow users to lock each module into a base unit, to lock a module in powered-down mode, or to lock a module into read-only or write-protect mode. Further, a module can be shipped or given to a colleague or security officer, key-locked in full access, write-protect, or no-access modes. Thus, security may be provided at the physical level, and/or at an electronic level.
It is possible to design a security system which controls access to computing devices, such as data storage devices, CPUs, memory units, microprocessors, peripheral boards, power supplies, and/or input/output controllers. In this manner, versatility and flexibility of the security system is enhanced. Building upon the security feature advantages taught previously by Wade, et al. and addressing the continuing disadvantage of present security systems for computing devices, several novel enhancements and further improvements in computing system security are taught herein.