Theft is a serious and expensive problem for the users of notebook, or laptop, computers. It has been estimated that over a quarter of a million notebook computers are stolen each year, and a majority of business firms report losses from notebook computer theft. In addition to the value of the hardware, users may also suffer the loss of data stored on the computers. Conventional methods for protecting computer hardware consist of either physically isolating the computer in a locked room or mechanically securing the computer to a fixed object. However, such devices are cumbersome to use and defeat the mobility of the notebook computer.
There are notebook computer security systems that electronically track a computer and sound an alarm when it is moved a certain distance from the user. However, users will often disarm such security features because they restrict personal movement, and passersby will typically ignore audible alarms and similar warning devices. Another security system is a password program that directs the computer to secretly dial a security company when an improper password is entered. The security company uses the caller ID feature to locate the computer. This system may be defeated by intercepting the outgoing call. Other security devices, such as xe2x80x9csmart cardsxe2x80x9d and dongles, are also available, but these devices are designed for the protection of data and not for the deterrence of theft of computers.
Therefore, what is needed is an easy-to-use and low cost security system to deter the theft of a notebook computer.
Briefly, a security system constructed in accordance with the invention implements a user-validation procedure that requires the user to install the proper hardware xe2x80x9ckeyxe2x80x9d device at boot-up to enable operation of a computer. The system can support multiple users and a single supervisor. Each authorized user is provided with a unique key device which is carried and stored separately from the computer. The key device holds a unique serial number and an encryption key. A validation record stored on the computer""s hard disk contains an unencrypted key device serial number and an encrypted hard disk serial number.
A program that is automatically invoked at computer power-up, or reset, implements the user-validation procedure. The user is prompted to connect the key device to the computer. There is no manual password entry. The procedure permits entry past a first security level only if the key device serial number matches the unencrypted number in the validation record. If the first-level validation is successful, the procedure then uses the encryption key to decrypt the hard drive serial number found in the stored validation a record. The procedure permits entry past the second security level only if the validation record is properly decrypted and the actual hard disk serial number matches the decrypted number. A failure at any step in the user-validation procedure will immediately power. down the computer, thereby rendering it useless to a thief not possessing the required key device.
Because the key device is not required for normal computer operations, after the user-validation procedure has successfully terminated, the user can remove the key device and keep it separate from the computer. Moreover, the small size of the key device makes it easy to transport and keep safe.