Method and apparatus for controlled access to a computer system

US 4,951,249 A
Filed: 03/23/1989
Issued: 08/21/1990
Est. Priority Date: 10/24/1986
Status: Expired due to Fees

First Claim

Patent Images

1. A security device for a computer system having a keyboard entry device and a floppy disc drive, comprising:

(a) means for transferring control of said computer system to a security system interposed between an operating system and all peripheral devices and application programs and data stored in said computer system;

(b) means under control of said security system for changing the computer system'"'"'s keyboard address to an address in the security system;

(c) means under control of said security system for changing the computer system'"'"'s floppy disc drive address to an address in the security system;

(d) means at said address in said security system for said floppy disc drive for blocking any input to the computer system from said floppy disc drive which would place the operation of the computer system outside the control of said security system;

(e) means at said address in said security system for blocking any keyboard input to the computer system which would place the operation of the computer system outside the control of said security system;

(f) identifying means for identifying all operators of said computer system;

(g) means for validating the operator'"'"'s identification;

(h) means responsive to validation by said validation means for restoring the address for said keyboard to said computer system'"'"'s keyboard address;

(i) means responsive to validation by said validation means for restoring the address for said floppy disc drive to said computer system'"'"'s floppy disc drive address; and

(j) means for allowing said validated operator access to only one or more of said programs and data and operating system for which said validated operator has been pre-authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer security system protects the computer software from unauthorized access and the computer hardware from unauthorized intrusion. At the start up of the computer system, the computer'"'"'s keyboard and diskette drive are disabled. The user is required to identify himself through the use of a non-keyboard device such as a magnetic card reader. As a means of further validation, the user enters a PIN via the keyboard which has now been restored to function. A valid user will be allowed access to those programs for which he has been preauthorized. Attempts to gain access to the operating system or to programs for which the user is not authorized will be filtered by the security system to prevent unauthorized access to certain programs or to preclude efforts to thwart the security system. An alarm circuit provides security to the computer hardware.

135 Citations

27 Claims

1. A security device for a computer system having a keyboard entry device and a floppy disc drive, comprising:
- (a) means for transferring control of said computer system to a security system interposed between an operating system and all peripheral devices and application programs and data stored in said computer system;
  
  (b) means under control of said security system for changing the computer system'"'"'s keyboard address to an address in the security system;
  
  (c) means under control of said security system for changing the computer system'"'"'s floppy disc drive address to an address in the security system;
  
  (d) means at said address in said security system for said floppy disc drive for blocking any input to the computer system from said floppy disc drive which would place the operation of the computer system outside the control of said security system;
  
  (e) means at said address in said security system for blocking any keyboard input to the computer system which would place the operation of the computer system outside the control of said security system;
  
  (f) identifying means for identifying all operators of said computer system;
  
  (g) means for validating the operator'"'"'s identification;
  
  (h) means responsive to validation by said validation means for restoring the address for said keyboard to said computer system'"'"'s keyboard address;
  
  (i) means responsive to validation by said validation means for restoring the address for said floppy disc drive to said computer system'"'"'s floppy disc drive address; and
  
  (j) means for allowing said validated operator access to only one or more of said programs and data and operating system for which said validated operator has been pre-authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The security device according to claim 1, wherein said system includes a display, and wherein said means for allowing includes means for displaying on said display a menu of programs and functions which the user is authorized to use.
  - 3. The security device according to claim 1, wherein said means for transferring includes a read only memory (ROM) read by said operating system and which contains instructions transferring control of the computer system to the security program.
  - 4. The security device according to claim 3, further comprising:
    - means under control of said security system for changing the computer system'"'"'s address for DOS function call routines to an address in the security system; and
      
      means at said address in said security system for said DOS function call routines for blocking execution of DOS commands unless said validated operator is pre-authorized for said operating system.
  - 5. The security device according to claim 3, further comprising:
    - means under control of said security system for changing the computer system'"'"'s address for the critical error routine to an address in the security system; and
      
      means at said address in said security system for said critical errors for blocking access to the operating system.
  - 6. The security device of claim 1, further comprising a non-keyboard data entry device, and wherein said means for identifying all operators of said computer system comprises means for identifying all operators of said computer system via said non-keyboard device.
  - 7. The security device according to claim 6, wherein said non-keyboard data entry device is a magnetic card reader.

8. A method for securing a computer system having a keyboard entry device and a floppy disc drive, comprising the steps of:
- (a) transferring control of said computer system to a security system interposed between an operating system and all peripheral devices and application programs and data stored in said computer system, said security system performing the following steps;
  
  (b) changing the computer system'"'"'s keyboard address to an address in the security system;
  
  (c) providing at said security system address a routine for blocking any keyboard input which would place the operation of the computer outside the control of said security system;
  
  (d) changing the computer systems address for said floppy disc drive to an address in the security system;
  
  (e) providing at said security system address for said floppy disc drive a routine for blocking any input from said floppy disc drive which would place the computer outside the control of said security system; and
  
  (f) requiring all operators to identify themselves;
  
  (g) validating the operator'"'"'s identification;
  
  (h) in response to validation, restoring the address for said keyboard to said computer system'"'"'s keyboard address;
  
  (i) in response to validation, restoring the address for said floppy disc drive to said computer system'"'"'s address for said floppy disc drive; and
  
  (j) allowing a valid user access only to one or more of said programs and data and operating system for which the user has been pre-authorized.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein said system includes a display, and wherein said step (j) includes displaying on said display a menu of programs and functions for which the user is pre-authorized.
  - 10. The method according to claim 9, further comprising the following steps prior to step (a):
    - initiating operation of said computer system via the operating system'"'"'s startup routine; and
      
      reading a read only memory (ROM) containing instructions for the operating system to transfer control to said security system.
  - 11. The method according to claim 10, and further comprising:
    - changing the computer system'"'"'s address for the critical error routine to an address in the security system; and
      
      providing at said security system address for said critical errors a routine for blocking access to said operating system.
  - 12. The method according to claim 10, and further comprising:
    - changing the computer system'"'"'s address for DOS function call routines to an address in the security system; and
      
      providing at said security system address for said DOS function call routines a routine for blocking access to said operating system unless said valid user is pre-authorized for said operating system.
  - 13. The method of claim 8, wherein said computer system further comprises a non-keyboard entry device, and wherein said step (f) comprises requiring all operators to identify themselves via said non-keyboard device.
  - 14. The method according to claim 13, wherein said non-keyboard data entry device reads a magnetically encoded card in step (f).

15. A security device for a computer system having a keyboard entry device, comprising:
- (a) means for transferring control of said computer system to a security system interposed between an operating system and all peripheral devices and application programs and data stored in said computer system;
  
  (b) means under control of said security system for changing the computer system'"'"'s keyboard address to an address in the security system;
  
  (c) means at said address in said security system for blocking any keyboard input to the computer system which would place the operation of the computer system outside the control of said security system;
  
  (d) identifying means for identifying all operators of said computer system;
  
  (e) means for validating the operator'"'"'s identification;
  
  (f) means responsive to validation by said validation means for restoring the address for said keyboard to said computer system'"'"'s keyboard address;
  
  (g) means for allowing said validated operator access to only one or more of said programs and data and operating system for which said validated operator has been pre-authorized;
  
  (h) means under control of said security system for changing the computer system'"'"'s address for the critical error routine to an address in the security system; and
  
  (i) means at said address in said security system for said critical errors for blocking access to the operating system.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The security device according to claim 15, wherein said system includes a display, and wherein said means for allowing includes means for displaying on said display a menu of programs and functions which the user is authorized to use.
  - 17. The security device according to claim 15, wherein said means for transferring includes a read only memory (ROM) read by said operating system and which contains instructions transferring control of the computer system to the security program.
  - 18. The security device according to claim 17, further comprising:
    - means under control of said security system for changing the computer system'"'"'s address for DOS function call routines to an address in the security system; and
      
      means at said address in said security system for said DOS function call routines for blocking execution of DOS commands unless said validated operator is pre-authorized for said operating system.
  - 19. The security device of claim 15, further comprising a non-keyboard data entry device, and wherein said means for identifying all operators of said computer system comprises means for identifying all operators of said computer system via said non-keyboard device.
  - 20. The security device according to claim 19, wherein said non-keyboard data entry device is a magnetic card reader.

21. A method for securing a computer system having a keyboard entry device, comprising the steps of:
- (a) transferring control of said computer system to a security system interposed between an operating system and all peripheral devices and application progress and data stored in said computer system, said security system performing the following steps;
  
  (b) changing the computer system'"'"'s keyboard address to an address in the security system;
  
  (c) providing at said security system address a routine for blocking any keyboard input which would place the operation of the computer outside the control of said security system;
  
  (d) requiring all operators to identify themselves;
  
  (e) validating the operator'"'"'s identification;
  
  (f) in response to validation, restoring the address for said keyboard to said computer system'"'"'s keyboard address;
  
  (g) allowing a valid user access only to one or more of said programs and data and operating system for which the user has been pre-authorized;
  
  (h) changing the computer system'"'"'s address for the critical error routine to an address in the security system; and
  
  (i) providing at said security system address for said critical errors a routine for blocking access to said operating system.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The method according to claim 21, wherein said computer system includes a floppy disc drive, and wherein said security system further performs steps of:
    - changing the computer systems address for said floppy disc drive to an address in the security system;
      
      providing at said security system address for said floppy disc drive a routine for blocking any input from said floppy disc drive which would place the computer outside the control of said security system; and
      
      in response to validation, restoring the address for said floppy disc drive to said computer system'"'"'s address for said floppy disc drive.
  - 23. The method according to claim 21, wherein said system includes a display, and wherein said step (g) includes displaying on said display a menu of programs and functions for which the user is pre-authorized.
  - 24. The method according to claim 21, further comprising the following steps prior to step (a):
    - initiating operation of said computer system via the operating system'"'"'s startup routine; and
      
      reading a read only memory (ROM) containing instructions for the operating system to transfer control to said security system.
  - 25. The method according to claim 21, and further comprising:
    - changing the computer system'"'"'s address for DOS function call routines to an address in the security system; and
      
      providing at said security system address for said DOS function call routines a routine for blocking access to said operating system unless said valid user is pre-authorized for said operating system.
  - 26. The method of claim 21, wherein said computer system further comprises a non-keyboard entry device, wherein said step (d) comprises requiring all operators to identify themselves via said non-keyboard device.
  - 27. The method according to claim 26, wherein said non-keyboard data entry device reads a magnetically encoded card in step (d).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harcom Security Systems Corporation
Original Assignee
Harcom Security Systems Corporation
Inventors
Roberts, Peter H., McClung, Charles R.
Primary Examiner(s)
CLARK, DAVID

Application Number

US07/328,735
Time in Patent Office

516 Days
Field of Search

364/200 MS File, 364/900 MS File, 340/825.3, 340/825.31, 340/825.34, 380/3, 380/4, 380/23, 380/25, 380/52
US Class Current

726/35
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/86   Secure or tamper-resistant ...

G06F 21/88   Detecting or preventing the...

G06F 3/08   from or to individual recor...

G08B 29/046   prevention of tampering wit...

Method and apparatus for controlled access to a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

135 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for controlled access to a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links