1. Field of the Invention
The invention relates to security systems for data stored in computers.
2. Description of the Prior Art
In response to the need of preventing unauthorized access to confidential or classified data on computer systems, a number of different types of security systems have been developed. For example, some systems require the use of hardware keys to allow access to the hard drive. U.S. Pat. No. 5,012,514 to Renton describes such a system to prevent unauthorized access to the hard drive of a personal computer system which consists of a plug-in expansion board, a device driver program which requests the password for access, and other programs to establish the valid passwords for the security system. U.S. Pat. No. 5,212,729 to Schafer describes a security system which uses a hardware key. Schafer's invention provides data access protection using a security software program, a hardware key, and a user password to permit access to the hard disk or floppy disk used in a computer. The program stores the hardware key code and password on the disk and encrypts the disk partition data. An encryption algorithm operates at all times and prevents unauthorized entry once the computer is turned off.
However, the necessity to use a hardware key such as a plug-in expansion board makes the use of such a security system cumbersome. Therefore, many security systems rely solely on the use of passwords. U.S. Pat. No. 5,375,243 to Parzych et al. describes a hard drive system which prevents data access operations upon power up until the user enters a password. The password is located on the hard disk itself to prevent bypassing the hard drive's security using a new computer environment. A limit on computers which use the kind of password system described in Parzych is that they require that a computer be dedicated solely to secure use, because a user who does not have the password cannot use the computer at all. In situations when a user does both confidential and non-confidential work, the use of such a password system often requires that the user have a different computer for each kind of work. Because of the expense and inconvenience of providing multiple computers in an office environment, it would be desirable in many situations to provide a computer system which includes multiple levels of security in a single computer.
U.S. Pat. No. 5,075,884 to Sherman et al. describes a multi-level secure workstation having network access and multi-window human user interface wherein each workstation has a plurality of secure screen divisions. Security is achieved by providing a display interface coupled to receive data from independent secure processors for each screen division or from a secure source of data. There is a physical restriction on manual input or access to the display interface and isolation of processors from one another. A problem with this system is that it requires the use of multiple processors which makes such a system necessarily expensive.
Therefore, there exists a need for a security system which provides multiple levels of security for a computer having a single central processing unit.