1. Field of the Invention
The present invention generally relates to the area of operating computer systems, and more particularly relates to methods or apparatuses for securely operating shared host computers with portable apparatuses.
2. Description of the Related Art
As the computer evolved from mainframe to minicomputer to PC, it progressed from a device for solving specific problems, to a companion device for storing valued personal data. Users now look to the computer for a private, secure, familiar working environment that can include an Internet browser, email software, text editor, presentation software, and spreadsheet application, along with parameter settings for those applications, such as options to choose a home page, browser favorites, incoming and outgoing email accounts, word-processing style sheets, and presentation and spreadsheet templates. More importantly, a familiar working environment may also include personal files generated from these applications, including valuable files such as resumes, emails, spreadsheets, presentations, and address books.
Although many PC users can now afford to have their own private working environment, computers are typically shared with many other users in schools, libraries, businesses, and homes. On the other hand, a single user may own more than one computer. Computer users often encounter a situation to switch between computers in which they require maintaining consistent settings such as email accounts and network connections among several computers.
U.S. Pub. No. 2003/0110371 published by Yang et al. teaches a method to partially maintain a consistent operating environment by utilizing a USB flash memory device to store the user-specific information from a first computer system. The stored information is temporarily loaded from the USB drive into the same application in a second computer system. This method is trying to transport the personalized computer settings among computer systems with an identical or similar software environment. However, this method neither teaches how to transport a set of familiar applications among computer systems nor teaches how to transport a set of personal files associated with the applications among computer systems. As such, a user may have emails, contacts, and other personal files created by different types of applications scattered over different systems.
A possible approach to maintain a consistent operating environment is to store an operating system along with a list of software applications and personal files in a removable data storage medium, which is then used to operate different computers. This approach can be considered as using a portable apparatus to operate one or more host computers. The portability here not only means the physical mobility of the device but also means the adaptation of the system to operate host computers with different hardware configurations. Accordingly, the host computer needs to be able to boot from the portable apparatus. One implementation is to have the portable apparatus burned in a CD-ROM. The ISO 9660 specification, a bootable CD-ROM format, provides new boot capabilities for personal computers. This specification describes how the BIOS boot procedure can be enhanced to support the CD-ROM using INT 13 calling conventions for enabling the CD-ROM to boot as the “A” drive or “C” drive without device drivers. U.S. Pat. No. 6,122,734 issued to Jeon teaches a bootable CD-ROM disk manufacturing system. However, a portable apparatus implemented in CD-ROMs limits the users' abilities to modify or delete the software applications, to install new applications, or to store personal files on the portable apparatus.
U.S. Pat. No. 6,016,402 issued to Thomas et al. teaches a method to integrate a removable media disk drive into an operating system where the removable media disk drive is first recognized as a fixed disk type then recognized as a floppy disk type. U.S. Pat. No. 5,694,600 issued to Khenson et al. teaches an apparatus for booting a computer using a removable medium disk drive. U.S. Pat. No. 6,385,707 issued to Maffezzoni teaches an apparatus for copying files between drives of a computer system including operating system to create a reliable bootable drive. However, the usage of bootable medium drive in these methods or apparatuses is restricted to provide diagnostic support or backup in the event of a system failure, which only requires to access the file system in the internal hard drive of a problematic computer instead of fully operating a computer system and its peripheral devices.
U.S. Pat. No. 6,170,055 issued to Meyer et al. teaches an approach to create a subset of operating system from a computer in a removable high capacity media disk drive for disaster recovery of the computer. The removable high capacity media includes all necessary operating system components to completely load the operating system and the graphical user interface and to provide a user with access to all computer peripherals. Since the removable high capacity disk includes all of the machine-specific files for a computer system, this rescue disk is only suitable for operating the original computer system or computers with similar hardware configurations.
U.S. Pat. No. 6,601,139 issued to Suzuki teaches an information processing apparatus based on the single medium activated platform architecture operated by a removable data storage medium containing all necessary software and content. A second removable data storage medium with different software and content can also operate the same apparatus. However, the removable data storage media are designed to operate the information processing apparatuses with a specific architecture instead of computers with different hardware configurations.
U.S. Pat. No. 6,718,463 issued to Malik teaches an apparatus and method to boot a data processing system from a removable medium. A first boot identifies the file system of a first data processing system and the file system of the removable medium. The necessary drivers, registry information, and applications needed to operate the hardware of the first data processing system are then copied into the removable medium. The removable medium with the copied hardware information is now ready to boot a second data processing system, which has a similar hardware configuration to the first data processing system. U.S. Pub. No. 2004/0019778 published by Gere also teaches a method and system for implementing a transportable operating system boot environment on a computer system by impressed the hardware and software configuration information onto the stored operating system environment. Both approaches create complete hardware controllable environments for specific computers on a portable apparatus, which may restrict the portability of the apparatus to only a few host computers since the required drivers and their parameter settings may cause confusions when the number of host computers increases. Although Malik teaches a way to clear up the copied information, the overhead of copying information in order to establish a bootable environment increases the processing time for booting up a host computer tremendously.
Traditionally, a close network environment like a corporate intranet installs an antivirus program with the newest update to all the computers within its firewall. Popularity of laptop computers introduces a variation to the network environment. U.S. Pub. No. 2005/0097199 published by Woodard et al. teaches a method and apparatus for maintaining the network security with remote scanning on newly detected network devices. Due to the possibility of frequently switching users with different portable apparatuses on the same shared host computer, the detection of network devices may be cumbersome and the required resources for remote scanning may be intensive.
Another security concern is that a portable apparatus with a malicious operating system may possibly cause an infection of the host computer and other computers in the network. U.S. Pat. No. 5,509,120 issued to Merkin et al. teaches a method and apparatus for detecting computer viruses during power on self test. The detection is based on a cyclic redundancy check (CRC) on the master boot record and the boot record of the selected operating system. The CRC values are generated for the pre-installed systems and the protection is to prevent the virus infection on the boot record, which may load in a malicious program instead of the operating system during booting. However, to pre-record CRC values for variety of portable apparatuses may not be practical and a malicious portable apparatus can happen in the operation system level instead of only the boot record level.
There are many licensing and security issues that need to be addressed from the viewpoint of different parties involved in a connected-state operation environment created by portable apparatuses and host computers. First, preventing a software piracy of data stored in a portable apparatus is important. A device-dependent protection is desirable to prevent duplicating certain information from one portable apparatus to another apparatus. Second, preventing an exposure of sensitive personal information to others when the apparatus is lost or stolen is another important security issue. A user-dependent protection is desirable to prevent viewing certain information stored in the portable apparatus. Third, providing a controllable host operating environment is also important for prevention of sensitive and/or personal information exposure. For example, a key-logging program or another malicious software potentially residing on a host operating environment presents a high security risk for unintentional personal information leak during an operation of a virtual operating environment. Fourth, preventing viruses in a portable apparatus from infecting one or more host computers is also an important security requirement. A secure restoration procedure for the host computer is desirable between users to prevent virus infections from a previous usage of the host computer. The secure restoration procedure for the host computer is also critical for prevention of sensitive and/or personal information exposure to subsequent usage of the host computer. Furthermore, a server-based facility management may be desirable in an enterprise network to maintain and supervise shared host computers used by portable apparatuses.
Therefore, addressing methods and apparatuses to share information securely between a portable apparatus and a plurality of host computers regardless of each host's operating environment is highly beneficial to the field of the invention.