Preboot protection of unauthorized use of programs and data with a card reader interface

US 5,515,440 A
Filed: 04/21/1994
Issued: 05/07/1996
Est. Priority Date: 06/04/1992
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access to a computer having a central processing unit (CPU), the CPU executing a boot program to initialize the computer, the method comprising the steps of:

following power-up clear or reset of the CPU,interrupting execution of the boot program; and

loading a verification program from a nonvolatile dedicated memory;

upon attempted access by a user,executing the verification program to determine whether the user is authorized to access the computer;

if the user is authorized, completing execution of the boot program and providing access to the computer; and

if the user is not authorized, denying the user access to the computer.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure computer controlling access to internal devices via an integrated card reader. A microprocessor-controlled card reader interface logically connected to the CPU of the computer reads and writes information from and to a card placed in the card reader and performs additional functions in response to commands received from the CPU. The boot ROM of the computer is programmed to start execution from a program logic device which runs a verification program to verify the authenticity of a user. Upon a valid user card being placed in the card reader, one or more questions are read from the card and displayed to the user. The user'"'"'s responses are saved and compared to the correct answers stored on the card, and if the responses match the correct answers, a power control circuit is used by the CPU to turn on power to computer peripherals the user has been authorized to use.

The system additionally provides for a method of initializing and authorizing a user card with a security administrator card. Upon a valid security administrator card being placed in the card reader, a security administrator initializes and authorizes one or more individual user cards by selecting from a list of menu options displayed to the security administrator. The security administrator inputs a list of questions and answers which are then stored on the user card for use during the verification procedure.

The system further provides for the physical and logical destruction of data in response to unauthorized attempts by a user to violate the physical or logical integrity of the computer system. The physical and logical destruction of data may be disabled for maintenance or configuration purposes by the use of a maintenance card.

Citations

9 Claims

1. A method for controlling access to a computer having a central processing unit (CPU), the CPU executing a boot program to initialize the computer, the method comprising the steps of:
- following power-up clear or reset of the CPU,interrupting execution of the boot program; and
  
  loading a verification program from a nonvolatile dedicated memory;
  
  upon attempted access by a user,executing the verification program to determine whether the user is authorized to access the computer;
  
  if the user is authorized, completing execution of the boot program and providing access to the computer; and
  
  if the user is not authorized, denying the user access to the computer.
- View Dependent Claims (2, 4, 5)
- - 2. The method according to claim 1 wherein the step of executing further comprises the steps of:
    - reading a card programmed with identification information from a card reader; and
      
      comparing responses from the user to the identification information from the card to determine if the user is authorized to access the machine.
  - 4. The system according to claim 2, wherein the system further comprises a data destruction means for destroying sensitive data stored in the computer if unauthorized access is attempted.
  - 5. The system according to claim 4, wherein the data destruction means further comprises logical destruction means and physical destruction means.

3. A system for controlling access to a computer, the computer comprising a system bus and a central processing unit (CPU), the system comprising:
- an input device for providing authorization information to the computer which is cross checked with authorization information provided by a user; and
  
  an access control device, connected to the system bus, for interfacing the input device and the CPU and for controlling the computer upon initialization, the access control device comprising;
  
  a storage device for storing a verification program, the verification program containing CPU code for verifying that the user is authorized to access the computer; and
  
  a program code stored in a nonvolatile system boot memory device, for causing the CPU to execute the verification program and acquire control of the system bus and CPU substantially immediately after commencement of initialization of the computer and prior to completion of initialization;
  
  wherein the verification program and the program code are fixed and unmodifiable by the CPU.

6. A method of securing data stored in a computer, the computer having a memory device, system bus, and central processing unit (CPU), the method comprising the steps of:
- providing a card reader and card reader interface;
  
  providing a card programmed with identification information;
  
  providing an encryption key stored on the card;
  
  providing an encryption engine for encrypting data transferred from the CPU to the memory device and decrypting data transferred from the memory device to the CPU using the same encryption key for decrypting data as for encrypting data;
  
  providing a verification program, the verification program querying the user for identification information;
  
  providing a nonvolatile system boot program for booting the system;
  
  executing the verification program after execution of the non-volatile program, the verification program querying the user for identification information; and
  
  if the user is authorized, encrypting the data stored in the memory device and decrypting information retrieved from the memory device using the encryption key stored on the card.
- View Dependent Claims (7, 8)
- - 7. The method according to claim 6, wherein the step of providing an encryption key includes constructing a different encryption key for each memory device in the computer.
  - 8. The method according to claim 6, wherein the step of providing an encryption key includes constructing a different encryption key for each logical device in the computer.

9. A secure computer providing for the controlled access of internal devices via a card reader and the security of data stored in the computer, the computer comprising:
- a user input device;
  
  a card reader;
  
  a screen display;
  
  a central processing unit (CPU);
  
  a device containing non-volatile CPU program code;
  
  a CPU system boot ROM, said CPU system boot ROM including code for instructing the CPU to start executing the CPU program code in the device so that the CPU program code in the device takes over control of the CPU, so that upon a power-up clear or reset of the computer the CPU program code in the device obtains control of the CPU, and said CPU responsive to said CPU program code, to perform an authorization procedure comprising the step of reading a card placed in the card reader by a user;
  
  a plurality of peripheral devices;
  
  a system data bus;
  
  a microprocessor for writing and reading information to and from a card placed in the card reader, the microprocessor and the CPU connected through a dedicated data bus;
  
  a power control circuit logically connected between the CPU and each of the plurality of peripheral devices for selectively controlling power to each of the plurality of peripheral devices; and
  
  an encryption engine for encrypting data stored in the plurality of peripheral devices and for decrypting data read from the plurality of peripheral devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mark Sarno
Original Assignee
Integrated Technologies of America Incorporated
Inventors
Wood, David E., Mooney, David M., Kimlinger, Joseph A., Glazier, James B.
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US08/199,678
Time in Patent Office

747 Days
Field of Search

307/202.1, 380/23, 380/25, 340/825.34
US Class Current

713/159
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/575   Secure boot

G06F 2221/2117   User registration

G06F 2221/2143   Clearing memory, e.g. to pr...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40145   Biometric identity checks

G07C 9/33   by means of a password

G07F 7/1008   Active credit-cards provide...

Preboot protection of unauthorized use of programs and data with a card reader interface

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Preboot protection of unauthorized use of programs and data with a card reader interface

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links