This invention relates generally to security mechanisms for thwarting theft or unauthorized access of devices, and particularly to password mechanisms.
Electronic devices of all sorts are targets for thieves because of their typically-high value-to-size ratio. Portable computing devices, such as notebook computers, are particularly vulnerable to theft because they are so small, valuable, and portable. Conventional security measures are based on physical restraints that use anchoring devices and locked enclosures. But these limit portability and convenience of use. If the devices could be made useless to anyone but the owner, and advertised as such, they would lose their value to, and hence not be as much of a target for, thieves. This implies the use of some sort of a password system that cannot be defeated easily. But conventional password mechanisms are inadequate.
Software-based password systems are used in portable computers today to restrict access, but they can be defeated either by reinstalling the operating system software or, in some cases, by even simpler actions, such as exploiting loopholes in the operating systems that support them (e.g. the xe2x80x9cSafe Modexe2x80x9d in Windows 95). Nevertheless, providing a password on power-up of a computer is the simplest way to validate a user. Hardware-based security systems (e.g. those available on some car radios) support password control, but if the password is lost, only major hardware surgery allows the device to be activated again. Providing a cost and effort barrier to defeating the password system is essential, but it should be easier to deal with lost passwords and allow validation of the device by some authority. Public Encrypted Signatures are used to authenticate received information as having been legitimately provided by a user. Coding and encrypting of the password by using an assigned public key can serve as a means of ensuring that one is dealing with a unique registered device. Trusted Certification Authorities exist to provide registered digital signatures and to maintain user registration information. They can be used to register signatures for coding messages. But none of these existing capabilities alone provides an adequate security mechanism for portable devices.
The inventors have recognized that there are several requirements for a security system for portable devices:
The security system should add little or no cost to the device either in parts or in manufacture, and it should not cause any additional expense to the distribution system.
The cost, in effort or money, to defeat the security system should approach or exceed the value of the device.
Access to the device should be individualized to the owner, yet allow ownership to be transferred without great difficulty.
The security system should use existing hardware, software, and security-technologies and preferably be suitable for installation on existing computers.
Any individualized information used in the security system should be able to be archived by some authority that could intervene if legitimate access to the device needed to be reestablished.
The security system should be attractive enough to become a standard and thus become supported economically by both device vendors and third parties.
Accordingly, this invention is directed to solving the problems and disadvantages and meeting the requirements of the art. Generally according to the invention, a device security apparatus comprises the following items. Storage in the device for storing a password. The storage must be secure, in that it prevents a user of the device from accessing (i.e., extracting and/or changing) the stored password while use of the device is disabled. One example of such storage is the BIOS device which stores the BIOS program of a personal computer. Another item is a connector for connecting the device to an external entity such as a local memory device or a remote trusted authority. Examples of such connectors include an input and output port and a network communications port of a personal computer. Another item is a lock in the device that is cooperative with the storage and disables use of the device unless a password is given to the lock which corresponds to the stored password. The lock may illustratively be implemented as a program that also resides in secure memory, e.g., in the BIOS device, along with the password. Another item is an arrangement that cooperates with the storage, the connector, and the lock, and responds to the use of the device having been enabled and the connection having been made to the external entity by enabling the stored password to be changed if the stored password corresponds to a password stored by the connected external entity, and by effecting storage of the changed password by the external entity. This arrangement may also illustratively be implemented as a program, but it need not be stored in secure storage.
The invention may be implemented to satisfy some or all of the requirements set out in the Background section:
1. It adds no cost in parts to the device, with the possible exception of a guaranteed communication capability. (But most intelligent devices such as computers already have a modem). It does add one step in manufacturing: that of selecting the insecure start-up mode, to install other software.
2. Defeating this security system would require that the device be opened and the secure storage (e.g., computer BIOS memory) be physically disconnected and re-written. This is not a simple or a cheap task.
3. Not only is the device ownership individualized, but also it can be transferred or changed in a secure manner.
4. No new technology is required. In fact, it might be possible to add this capability to some existing intelligent devices, such as computers.
5. A trusted authority is used to manage and control security and provides a valued service. Alternatives to the trusted authority can use a local plug-in device like a PC card to act in place of the trusted authority and provide a more local version of the system.
6. Because the invention can be implemented to satisfy all of the above-mentioned requirements, it may be attractive as a standard and/or a widely-deployed commercial capability.