Preboot protection for a data security system with anti-intrusion capability
First Claim
1. A method of operating a computer having a central processing unit, the central processing unit executing a boot program to initialize the computer, the method comprising the steps of:
- a) prior to completion of the boot program, acquiring control of the central processing unit;
b) loading a verification program;
c) upon attempted access by a user, verifying that the user is authorized using the verification program; and
d) controlling access to the computer by monitoring system calls.
9 Assignments
0 Petitions
Accused Products
Abstract
A secure computer controlling access to data storage devices via a card reader. A microprocessor-controlled card reader interface logically connected to the card reader and the central processing unit (CPU) of the computer reads and writes information from and to a card placed in the card reader and performs additional functions in response to commands received from the CPU. The card reader interface includes an encryption engine for encrypting data in a data storage device and a boot ROM containing verification program code executed during an initialization procedure. The verification program verifies that a valid user card has been placed in the card reader, reads one or more questions from the user card, asks the questions of the user and verifies the answers against the contents of the card. If authorization is verified, the card reader interface permits the user to access the encrypted data. Otherwise the user is denied access to the data by one or more of the following methods: freezing the system bus, and requiring the user to reset the computer and re-enter the verification program; logically destroying the data in the data storage devices; and physically destroying the data storage devices.
106 Citations
33 Claims
-
1. A method of operating a computer having a central processing unit, the central processing unit executing a boot program to initialize the computer, the method comprising the steps of:
-
a) prior to completion of the boot program, acquiring control of the central processing unit; b) loading a verification program; c) upon attempted access by a user, verifying that the user is authorized using the verification program; and d) controlling access to the computer by monitoring system calls. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for protecting information stored in a computer, comprising the steps of:
-
a) interfacing an information beating card to the computer; b) storing individualized questions and individualized answers which uniquely identify a user on the information bearing card; c) reading identification information and card information from the information bearing card; d) executing a verification routine upon initialization of the computer to determine whether a potential user is authorized to access information stored in the computer, wherein the verification routine comprises asking the potential user the individualized questions and comparing answers received against the individualized answers; and e) if the potential user correctly answers the questions, permitting access to the computer. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An interface for a computer, the computer comprising a central processing unit (CPU), a system bus, and memory, the interface comprising:
-
a program code stored in a nonvolatile system boot memory device, for causing the CPU to execute a verification program rand acquire control of the system bus and CPU substantially immediately after commencement of initialization of the computer and prior to completion of initialization of the computer; an encryption system to encrypt data stored in memory; and a bus monitor circuit for detecting unauthorized accesses of the system bus. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A secure computer, comprising:
-
a central processing unit (CPU); a system bus; memory; and an interface, the interface comprising; a program code stored in a nonvolatile system boot memory device, for causing the CPU to execute a verification program and acquire control of the system bus and CPU substantially immediately after commencement of initialization of the computer and prior to completion of initialization of the computer; an encryption system to encrypt data stored in memory; and a bus monitor circuit for detecting unauthorized accesses of the system bus. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A secure computer, comprising:
-
a central processing unit (CPU); a system bus; memory; and interface means, the interface means comprising; program code stored in a nonvolatile system boot memory device, for causing the CPU to execute a verification program and acquire control of the system bus and CPU substantially immediately after commencement of initialization of the computer and prior to completion of initialization of the computer; encryption means for encrypting data stored in memory; and bus monitor means for detecting unauthorized accesses of the system bus means. - View Dependent Claims (29, 30, 31, 32, 33)
-
Specification