Preboot protection of unauthorized use of programs and data with a card reader interface
First Claim
1. A method for controlling access to a computer having a central processing unit (CPU), the CPU executing a boot program to initialize the computer, the method comprising the steps of:
- following power-up clear or reset of the CPU,interrupting execution of the boot program; and
loading a verification program from a nonvolatile dedicated memory;
upon attempted access by a user,executing the verification program to determine whether the user is authorized to access the computer;
if the user is authorized, completing execution of the boot program and providing access to the computer; and
if the user is not authorized, denying the user access to the computer.
9 Assignments
0 Petitions
Accused Products
Abstract
A secure computer controlling access to internal devices via an integrated card reader. A microprocessor-controlled card reader interface logically connected to the CPU of the computer reads and writes information from and to a card placed in the card reader and performs additional functions in response to commands received from the CPU. The boot ROM of the computer is programmed to start execution from a program logic device which runs a verification program to verify the authenticity of a user. Upon a valid user card being placed in the card reader, one or more questions are read from the card and displayed to the user. The user'"'"'s responses are saved and compared to the correct answers stored on the card, and if the responses match the correct answers, a power control circuit is used by the CPU to turn on power to computer peripherals the user has been authorized to use.
The system additionally provides for a method of initializing and authorizing a user card with a security administrator card. Upon a valid security administrator card being placed in the card reader, a security administrator initializes and authorizes one or more individual user cards by selecting from a list of menu options displayed to the security administrator. The security administrator inputs a list of questions and answers which are then stored on the user card for use during the verification procedure.
The system further provides for the physical and logical destruction of data in response to unauthorized attempts by a user to violate the physical or logical integrity of the computer system. The physical and logical destruction of data may be disabled for maintenance or configuration purposes by the use of a maintenance card.
-
Citations
9 Claims
-
1. A method for controlling access to a computer having a central processing unit (CPU), the CPU executing a boot program to initialize the computer, the method comprising the steps of:
-
following power-up clear or reset of the CPU, interrupting execution of the boot program; and loading a verification program from a nonvolatile dedicated memory; upon attempted access by a user, executing the verification program to determine whether the user is authorized to access the computer; if the user is authorized, completing execution of the boot program and providing access to the computer; and if the user is not authorized, denying the user access to the computer. - View Dependent Claims (2, 4, 5)
-
-
3. A system for controlling access to a computer, the computer comprising a system bus and a central processing unit (CPU), the system comprising:
-
an input device for providing authorization information to the computer which is cross checked with authorization information provided by a user; and an access control device, connected to the system bus, for interfacing the input device and the CPU and for controlling the computer upon initialization, the access control device comprising; a storage device for storing a verification program, the verification program containing CPU code for verifying that the user is authorized to access the computer; and a program code stored in a nonvolatile system boot memory device, for causing the CPU to execute the verification program and acquire control of the system bus and CPU substantially immediately after commencement of initialization of the computer and prior to completion of initialization; wherein the verification program and the program code are fixed and unmodifiable by the CPU.
-
-
6. A method of securing data stored in a computer, the computer having a memory device, system bus, and central processing unit (CPU), the method comprising the steps of:
-
providing a card reader and card reader interface; providing a card programmed with identification information; providing an encryption key stored on the card; providing an encryption engine for encrypting data transferred from the CPU to the memory device and decrypting data transferred from the memory device to the CPU using the same encryption key for decrypting data as for encrypting data; providing a verification program, the verification program querying the user for identification information; providing a nonvolatile system boot program for booting the system; executing the verification program after execution of the non-volatile program, the verification program querying the user for identification information; and if the user is authorized, encrypting the data stored in the memory device and decrypting information retrieved from the memory device using the encryption key stored on the card. - View Dependent Claims (7, 8)
-
-
9. A secure computer providing for the controlled access of internal devices via a card reader and the security of data stored in the computer, the computer comprising:
-
a user input device; a card reader; a screen display; a central processing unit (CPU); a device containing non-volatile CPU program code; a CPU system boot ROM, said CPU system boot ROM including code for instructing the CPU to start executing the CPU program code in the device so that the CPU program code in the device takes over control of the CPU, so that upon a power-up clear or reset of the computer the CPU program code in the device obtains control of the CPU, and said CPU responsive to said CPU program code, to perform an authorization procedure comprising the step of reading a card placed in the card reader by a user; a plurality of peripheral devices; a system data bus; a microprocessor for writing and reading information to and from a card placed in the card reader, the microprocessor and the CPU connected through a dedicated data bus; a power control circuit logically connected between the CPU and each of the plurality of peripheral devices for selectively controlling power to each of the plurality of peripheral devices; and an encryption engine for encrypting data stored in the plurality of peripheral devices and for decrypting data read from the plurality of peripheral devices.
-
Specification