Inactivity monitor for trusted personal computer system

US 5,555,373 A
Filed: 02/06/1995
Issued: 09/10/1996
Est. Priority Date: 02/06/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:

a normally closed enclosure;

an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;

a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;

an inactivity monitor in the computer system for determining whether or not a measured time period between successive uses of the system exceeds a specified inactivity period;

means for selectively enabling and disabling the inactivity monitor;

means for inhibiting a successful power-up of the computer system in response to a determination by the inactivity monitor, while enabled, that the measured time period exceeds the specified inactivity period; and

a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password and between the enabled and disabled state of the inactivity monitor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal computer system is described, having security features enabling control over access to data retained in such a system. The system has a normally closed enclosure, at least one erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of any stored privileged access password and between detection and non-detection of opening of the enclosure by the tamper detection switch. In addition, an inactivity monitor is provided for measuring the time period between successive uses of the system and for determining whether or not the measured time period exceeds a specified inactivity period. A utility is provided for rendering the monitor enabled. When the enabled monitor determines that the measured time exceeds the specified time, power-up of the system is prevented until the privileged access password (or a power-on password) is successfully entered into the system by a user.

83 Citations

View as Search Results

19 Claims

1. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;
  
  a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;
  
  an inactivity monitor in the computer system for determining whether or not a measured time period between successive uses of the system exceeds a specified inactivity period;
  
  means for selectively enabling and disabling the inactivity monitor;
  
  means for inhibiting a successful power-up of the computer system in response to a determination by the inactivity monitor, while enabled, that the measured time period exceeds the specified inactivity period; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password and between the enabled and disabled state of the inactivity monitor.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The personal computer system of claim 1 wherein the system processor, during power-up subsequent to the determination that the measured time exceeds the specified inactivity period, reactivates the system upon the successful entry of the privileged access password by a user of the system.
  - 3. The personal computer system of claim 1, wherein the erasable memory element receives and stores a power-on password and wherein said system processor, during power-up subsequent to the determination that the measured time period exceeds the specified inactivity period, activates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 4. The personal computer system of claim 3, wherein said system processor, subsequent to an unsuccessful attempt to enter the power-on password, activates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 5. The personal computer system of claim 4, wherein the system processor continues normal program execution incident to the successful entry of either password.
  - 6. The personal computer system of claim 1, wherein the system processor provides an indication to the system user of the measured time period exceeding the specified inactivity period for maintaining an audit trail for the system owner.

7. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a power-on password and a privileged access password;
  
  a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;
  
  a tamper detection switch mounted within said enclosure and operatively connected with said erasable memory element for detecting opening of said enclosure;
  
  A real time clock;
  
  an inactivity monitor in the computer system for determining whether or not a time period between successive uses of the system measured by the clock exceeds a specified inactivity period;
  
  program controlled means for selectively enabling and disabling the inactivity monitor;
  
  means for preventing a successful power-up of the computer system in response to switching of the tamper detection switch and in response to a determination by the inactivity monitor, while enabled, that the measured time period exceeds the specified inactivity period; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between the active and inactive states of said memory element, between entry and nonentry of the passwords, and between the enabled and disabled state of the inactivity monitor.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The personal computer system of claim 7, wherein said system processor, during power-up subsequent to the determination that the measured time period exceeds the specified inactivity period, reactivates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 9. The personal computer system of claim 8, wherein said system processor, subsequent to at least one unsuccessful attempt to enter the power-on password, reactivates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 10. The personal computer system of claim 9, wherein the system processor continues normal program execution incident to the successful entry of one of the passwords by a user of the system.
  - 11. The personal computer system of claim 7, wherein the system processor provides an indication to the system user of the measured time period exceeding the specified inactivity period for maintaining an audit trail for the system owner.

12. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  an inactivity monitor in the system for measuring the time between successive uses of the system and for determining whether or not the measured time exceeds a specified inactivity period;
  
  program controlled means for selectively rendering the inactivity monitor enabled and disabled;
  
  a first erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;
  
  an option switch mounted within said enclosure and operatively connected with said first erasable memory element for setting said first erasable memory element to the active and inactive states;
  
  a second erasable memory element mounted within said enclosure for receiving and storing a power-on password and data indicative of the enabled state of the inactivity monitor, the state of said first erasable memory element, and of correct installation of any stored power-on password and privileged access password;
  
  a tamper detection switch mounted within said enclosure and operatively connected with said second erasable memory element for detecting unauthorized opening of said enclosure;
  
  means for preventing a successful power-up of the computer system in response to switching of the tamper detection switch and in response to the inactivity monitor while it is enabled, determining that the measured time exceeds the specified inactivity period; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory elements for controlling access to at least certain levels of data stored within the system by distinguishing between the enabled and disabled state of the inactivity monitor, between the active and inactive states of said first memory element, and between entry and non-entry of any valid stored privileged access password and any valid stored power-on password in the first and second erasable memory elements.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The personal computer system of claim 12, wherein said system processor, during power-up subsequent to the determination that the measured time exceeds the specified inactivity period reactivates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 14. The personal computer system of claim 13, wherein said system processor, subsequent to an unsuccessful attempt to enter the power-on password, reactivates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 15. The personal computer system of claim 14, wherein the system processor continues normal program execution incident to the successful entry of one of the passwords by a user of the system.
  - 16. The personal computer system of claim 12, wherein the system processor provides an indication to the system user of the measured time exceeding the specified inactivity period for maintaining an audit trail for the system owner.

17. A method of operating a personal computer system having an enclosure, a system processor mounted within the enclosure, a selectively activatable erasable memory element mounted within the enclosure, a manually operable option switch mounted within the enclosure manually settable by a user of the personal computer system for setting the memory element to active and inactive states, a tamper detection switch mounted within the enclosure for detecting opening of the enclosure, an inactivity monitor for determining whether or not a measured time between successive uses of the system exceeds a specified inactivity period, and a utility program invocable by the user for rendering the inactivity monitor enabled and specifying the inactivity period, the method comprising the steps of:
- manually setting the option switch and selectively setting the memory element into the active state;
  
  storing a privileged access password in the active memory element;
  
  invoking the utility program to enable the inactivity monitor;
  
  controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password and between an enabled and disabled state of the inactivity monitor; and
  
  inhibiting a power-up of the system in response to any switching of the tamper switch and in response to a determination by the enabled inactivity monitor that the measured time exceeds the specified inactivity period while the privileged access password is stored in the memory element.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, further comprising the steps of:
    - storing a power-on password in the memory element; and
      
      during power-up, subsequent to a determination that the measured time exceeds the specified inactivity period, reactivating the system in response to the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 19. The method of claim 18, further comprising the step of:
    - subsequent to an unsuccessful attempt to enter the power-on password, reactivating the system in response to the successful entry of the privileged access password by a user of the system to permit access to all levels of data stored within the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Dayan, Richard A., Newman, Palmer E.
Primary Examiner(s)
Nguyen, Hoa T.

Application Number

US08/383,884
Time in Patent Office

582 Days
Field of Search

395/188.01, 395/186, 395/187.01, 395/182.12, 395/182.2, 395/182.21, 395/182.22
US Class Current

726/34
CPC Class Codes

G06F 11/0757   by exceeding a time limit, ...

G06F 11/34   Recording or statistical ev...

G06F 21/86   Secure or tamper-resistant ...

Inactivity monitor for trusted personal computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Inactivity monitor for trusted personal computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links