The present invention relates to digital computer systems, and more particularly relates to password-type security measures to restrict user access to a system.
A computer usually contains valuable, confidential or otherwise restricted information in its memory and/or external storage devices, so it is accordingly desirable to control access to this information to prevent unauthorized use. Such controlled access to computer data may be realized either by providing physical (hardware) means for preventing the use of the computer itself or I/O devices on a computer system, or by provuding software means for restricting access, such as a routine that confirms a user's knowledge of a password before granting that user access to information contained in the computer system.
It is also necessary to restrict user input to a computer from a keyboard when the computer is functioning as a "network server", coordinating communication between multiple computers, terminals and/or other devices by a local area network (LAN). When functioning as a network server, a computer is dedicated to the execution of network software, in order to provide efficient, uninterrupted service to numerous network devices. If the keyboard of a network server is not disabled when the network operator is not present, an unrestricted user could potentially gain access to normally restricted files, or cause network communication to be disrupted.
One commonly-used method for restricting user interaction with a computer is to provide a "passwork lock" function, executed in the CPU itself or executed in the keyboard controller. Typically, when a keyboard controller is in "password lock mode", no communication between the keyboard and the CPU of the computer is allowed unless a password is first entered to remove the controller from "password lock mode". One type of computer having this password lock function is the IBM PS/2 desktop models. If such a function is implemented in a peripheral device controller of a computer, however, it may prevent proper execution of software which requires communication with the locked-out external devices. For example, operating system software may require information about which devices are present in a computer system in order to determine the current system configuraton. In copending application Ser. No. 307,404, filed Feb. 7, 1989, now U.S. Pat. No. 4,942,606, issued 7/17/90, assigned to Compaq Computer Corporation, an improved keyboard password method is disclosed which permits certain types of commands and data to be transferred between CPU and controller, even in lock-out mode.
A password function is commonly included in the power-on or boot-up routines executed by the CPU when the power switch is turned on. This is to prevent an unauthorized user from being able to defeat the password by rebooting, as well as to prevent access to unattended systems. To this end, a password is stored in a location which is non-volatile, i.e., survives when power is off, and also not accessible to an unauthorized user when power is on so the password cannot be copied then used later. Preferably, the code for this power-on password function is stored in ROM, rather than on the hard disk, so unauthorized access cannot be achieved by forcing a boot from a floppy disk, or by reading the code from the hard disk while the system is operating. For these reasons, power-on password functions have been implemented, as on the IBM PS/2 type of desktop business computers, using non-volatile RAM to store the password, and bootup ROM space to store the code to perform the password routine. A particular device commonly used for this non-volatile RAM is a CMOS RAM with a built-in lithium battery, constructed as part of a clock/calendar chip, commercialy available as part number MC146818 from Motorola Semiconductor Products Corporation. This device uses a crystal oscillator and counter circuitry to maintain real time so the operating system of the computer can read registers in the CMOS RAM upon boot-up to enter the time and date. The CMOS RAM part of the chip has extra registers, not needed for the clock/calendar functions, used for holding system configuration data which is also accessed at boot-up so the operating system can define the particular system as it exists. In these additional registers, prior systems have also stored the password data for a power-on password function. When the computer is turned on, machine-language code in the startup ROM part of memory is executed, requiring the user to input the password, and the user's input is compared to the password stored in the CMOS RAM. If the passwords match, the remaining startup code is executed, and the system becomes operational. If the passwords do not match, however, startup execution is halted and the system is left inoperable, thus preventing unauthorized use of the system.
It is a principle object of this invention to provide an improved implementation of a power-on password mechanism for a desk-top or personal computer, or the like. It is another object of this invention to reliably prevent unauthorized access to a computer, and at the same time ensure that an authorized user (one who knows the password) will, after inputting the password, be granted access to the fully operational computer. It is a further object of the present invention to provide means for restricting access to the area of the CMOS memory that holds the power-on password, even after the computer has been made fully operational, so that the password cannot be revealed to or changed by an unauthorized user (one who does not know the password).