1. Field of Invention
This invention is related to computer systems and in particular maintaining integrity and security of computer networks and data stored on a computer.
2. Description of Related Art
Computers connected to more than one network provide a way for hackers to gain access to other networks connected to the computer and to the data stored in the computer. The hacker generally enters through a lower security network and gains access to a higher security network. A hacker can also gain access to a computer through the Internet. This can allow the hacker to erase or copy stored data.
In U.S. Pat. No. 5,778,174 (Cain) a system is disclosed for providing a secured access to a server connected to a private computer network protected by a router acting as a firewall. The system isolates a public and private network from one another. In U.S. Pat. No. 5,623,601 (Vu) an apparatus and method for providing a secure firewall between a private and public network is discussed. The method produces a transparent firewall with application level security and data screening capability. In U.S. Pat. No. 5,550,984 (Gelb) a security system is disclosed in which two mother boards with network adapters are used to communicate with separate networks. The two mother boards communicate with each other through a transfer adapter and network interface adapter.
In U.S. Pat. No. 5,542,044 (Pope) a computer security device is disclosed having a main and auxiliary storage device. A method for isolating the main and auxiliary storage is described, and the main storage area can be partitioned between a safe storage area and a working area. In U.S. Pat. No. 5,483,649 (Kuznetsov et al) a computer security system is provided by controlling access to the hard disk controller only through a path using the computers operating system, a modular device driver and the basic input/output system. In U.S. Pat. No. 4,685,056 (Barnsdale et al.) a computer security system is discussed in which a buss is monitored for unauthorized commands or data. Upon detection of unauthorized commands or data, DC power can be disrupted to selected computing devices which are wanted to be protected.
It is usually not practical to isolate all important data resources stored on hard disks in a computer system from outside influences all the time. However, it is practical to make available only those data resources that are needed when connecting to external networks and phone lines, and including connecting only to those networks and Internet providers that are required during a particular computing session. In the process of making some data resources available, the data resources not made available needs to be protected in such away that the active data and networks can not gain access in any way.
The objective of this invention is to keep data on hard disks and computer network connections not accessible when not being used. In this invention a computer is operated in two or more modes. Data stored in the computer in one mode is not accessible when the computer is operated in another mode. Similarly a computer network connected in one mode is not accessible in another mode. To accomplish this a computing system is connected to an isolation unit which controls selection of the hard disk drives in the system and controls the connection to external communication lines such as networks and phone lines. The isolation unit contains a control unit in which different computing modes are programmed. Each computing mode selects one or more disk drives by connecting power to the selected drives, and connecting the selected drives to the disk drive interface through the associated buss interface unit (BIU). The BIU associated with the unselected disk drives disconnects the disk drives from the disk drive interface to prevent the unselected disk drives from loading and interfering with signals on the disk drive interface. The connection of external communication lines, including networks and telephone lines, is also controlled by the various modes programmed into the isolation unit. Only those data resources (hard disks, networks and telephone lines) needed for a particular computing mode are powered on and connected to the computing system.
The isolation unit detects when the computer system is powered on or off. When the computer is powered on a computing mode cannot be changed in the isolation unit. The power to the computer must first be turned off and then a new computing mode can be selected. This prevents residual data in main memory, for instance, from being carried over to the new computing mode and the attendant data. Each computing mode powers on at least one hard disk drive and may be connected to one or more external communication lines.