Securing trusted personal computer system against unauthorized movement

US 5,574,786 A
Filed: 02/06/1995
Issued: 11/12/1996
Est. Priority Date: 02/06/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:

a normally closed enclosure;

an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;

a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;

a movement detection switch;

means for selectively enabling and disabling the movement detection switch;

said movement detection switch mounted within said enclosure and operatively connected with said erasable memory element for detecting unauthorized movement of the computer system;

means including the movement detection switch for preventing a successful power-up of the computer system in response to any switching of said movement detection switch while it is enabled; and

a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password, and between enabled and disabled state of the movement detection switch.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal computer system is described, having security features enabling control over access to data retained in such a system. The system has a normally closed enclosure, at least one erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of any stored privileged access password. In addition, switch means are provided for monitoring unauthorized movement of the system together with means for rendering the movement monitoring switch enabled or disabled. When the movement monitoring switch detects movement of the system while the switch is enabled and when the tamper detection switch detects opening of the enclosure, power-up of the system is prevented until the privileged access password (or a power-on password) is successfully entered into the system by a user.

156 Citations

22 Claims

1. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;
  
  a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;
  
  a movement detection switch;
  
  means for selectively enabling and disabling the movement detection switch;
  
  said movement detection switch mounted within said enclosure and operatively connected with said erasable memory element for detecting unauthorized movement of the computer system;
  
  means including the movement detection switch for preventing a successful power-up of the computer system in response to any switching of said movement detection switch while it is enabled; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password, and between enabled and disabled state of the movement detection switch.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The personal computer system of claim 1 wherein the system processor, during power-up after the switching of the movement detection switch, reactivates the system upon the successful entry of the privileged access password by a user of the system.
  - 3. The personal computer system of claim 1, wherein the erasable memory element receives and stores a power-on password and wherein said system processor, during power-up after the switching of the movement detection switch, activates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 4. The personal computer system of claim 3, wherein said system processor, subsequent to an unsuccessful attempt to enter the power-on password, activates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 5. The personal computer system of claim 4, wherein the system processor continues normal program execution incident to the successful entry of either password in the erasable memory element.
  - 6. The personal computer system of claim 1, wherein the system processor provides an indication to the system user of switching of the movement detection switch for maintaining an audit trail for the system owner.
  - 7. The personal computer system of claim 1, wherein the movement detection switch comprises two pairs of mercury reed switches mounted in a horizontal plane within the enclosure, each mercury reed switch of a pair being disposed on a common axis, the axis of each pair being disposed at an angle of 90°
    - from that of the other pair, the electrical output leads of each pair being disposed in opposite directions so that tilting of the pairs of mercury reed switches will cause the switching of at least one mercury reed switch.

8. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  an erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a power-on password and a privileged access password when in the active state;
  
  a manually operable option switch mounted within said enclosure, said option switch being operatively connected with said erasable memory element and manually settable by a user of the personal computer system for setting said erasable memory element to the active and inactive states;
  
  a tamper detection switch mounted within said enclosure and operatively connected with said erasable memory element for detecting opening of said enclosure;
  
  a movement detection switch mounted within said enclosure and operatively connected with said erasable memory element for detecting unauthorized movement of the computer system;
  
  program controlled means for selectively enabling and disabling the movement detection switch;
  
  means for preventing a successful power-up of the computer system in response to switching of either the tamper detection switch or said movement detection switch while it is enabled; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between the active and inactive states of said memory element, between entry and non-entry of the passwords, and between the enabled and disabled state of the movement detection switch.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The personal computer system of claim 8, wherein said system processor, during power-up after the switching of the movement detection switch, reactivates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 10. The personal computer system of claim 9, wherein said system processor, subsequent to an unsuccessful attempt to enter the power-on password, reactivates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 11. The personal computer system of claim 10, wherein the system processor continues normal program execution incident to the successful entry of one of the passwords by a user of the system.
  - 12. The personal computer system of claim 8, wherein the system processor provides an indication to the system user of switching of the movement detection switch for maintaining an audit trail for the system owner.
  - 13. The personal computer system of claim 8, wherein the movement detection switch comprises two pairs of mercury reed switches mounted in a horizontal plane within the enclosure, each mercury reed switch of a pair being disposed on a common axis, the axis of each pair being disposed at an angle of 90°
    - from that of the other pair, the electrical output leads of each pair being disposed in opposite directions so that tilting of the pairs of mercury reed switches will cause the switching of at least one mercury reed switch.

14. A personal computer system for receiving and retaining data and capable of securing data retained within the system against unauthorized access, the system comprising:
- a normally closed enclosure;
  
  a movement detection switch;
  
  program controlled means for selectively rendering the movement detection switch enabled and disabled;
  
  a first erasable memory element mounted within said enclosure for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state;
  
  an option switch mounted within said enclosure and operatively connected with said first erasable memory element for setting said first erasable memory element to the active and inactive states;
  
  a second erasable memory element mounted within said enclosure for receiving and storing a power-on password and data indicative of the enabled state of the movement detection switch, the state of said first erasable memory element, and of correct installation of any stored power-on password and privileged access password;
  
  a tamper detection switch mounted within said enclosure and operatively connected with said second erasable memory element for detecting unauthorized opening of said enclosure;
  
  said movement detection switch mounted within said enclosure and operatively connected with said second erasable memory element for detecting unauthorized movement of the computer system;
  
  means effective with the privileged access password installed for preventing a successful power-up of the computer system in response to switching of the tamper detection switch and in response to switching of the movement detection switch while it is enabled; and
  
  a system processor mounted within said enclosure and operatively connected with said erasable memory elements for controlling access to at least certain levels of data stored within the system by distinguishing between the enabled and disabled state of the movement detection switch and between entry and non-entry of any valid stored privileged access password and any valid stored power-on password in the first and second erasable memory elements.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The personal computer system of claim 14, wherein said system processor, during power-up after switching of the movement detection switch, reactivates the system upon the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 16. The personal computer system of claim 15, wherein said system processor, subsequent to an unsuccessful attempt to enter the power-on password, reactivates the system upon the successful entry of the privileged access password by an authorized user of the system to permit access to all levels of data stored within the system.
  - 17. The personal computer system of claim 16, wherein the system processor continues normal program execution incident to the successful entry of one of the passwords by a user of the system.
  - 18. The personal computer system of claim 15, wherein the system processor provides an indication to the system user of switching of the enabled movement detection switch for maintaining an audit trail for the system owner.
  - 19. The personal computer system of claim 14, wherein the movement detection switch comprises two pairs of mercury reed switches mounted in a horizontal plane within the enclosure, each mercury reed switch of a pair being disposed on a common axis, the axis of each pair being disposed at an angle of 90°
    - from that of the other pair, the electrical output leads of each pair being disposed in opposite directions so that tilting of the pairs of mercury reed switches will cause the switching of at least one mercury reed switch.

20. A method of operating a personal computer system having an enclosure, a system processor mounted within the enclosure, a selectively activatable erasable memory element mounted within the enclosure, a manually operable option switch mounted within the enclosure manually settable by a user of the personal computer system for setting the memory element to active and inactive states, a tamper detection switch mounted within the enclosure for detecting opening of the enclosure, a movement detection switch mounted within the enclosure for detecting movement of the computer system from a normal operating position, and a utility program invocable by the user for rendering the movement detection switch enabled, the method comprising the steps of:
- manually setting the option switch and selectively setting the memory element into the active state;
  
  storing a privileged access password in the active memory element;
  
  invoking the utility program to enable the movement detection switch;
  
  controlling access to at least certain levels of data stored within the system by distinguishing between entry and non-entry of the password and between an enabled and disabled state of the movement detection switch; and
  
  inhibiting a power-up of the system in response to any switching of the tamper switch and in response to switching of the enabled movement detection switch.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, further comprising the steps of:
    - storing a power-on password in the memory element; and
      
      during power-up after switching of the movement detection switch, reactivating the system in response to the successful entry of the power-on password by a user of the system to permit access to certain levels of data stored within the system.
  - 22. The method of claim 21, further comprising the step of:
    - subsequent to an unsuccessful attempt to enter the power-on password, reactivating the system in response to the successful entry of the privileged access password by a user of the system to permit access to all levels of data stored within the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Dayan, Richard A., Newman, Palmer E.
Primary Examiner(s)
Cain, David C.

Application Number

US08/383,828
Time in Patent Office

645 Days
Field of Search

380/3, 380/4, 380/52, 380/55, 380/23, 380/25
US Class Current

726/36
CPC Class Codes

G06F 21/86 Secure or tamper-resistant ...

G06F 21/88 Detecting or preventing the...

Securing trusted personal computer system against unauthorized movement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Securing trusted personal computer system against unauthorized movement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links