Power controlled computer security system and method

US 6,032,256 A
Filed: 01/09/1995
Issued: 02/29/2000
Est. Priority Date: 01/09/1995
Status: Expired due to Term

First Claim

Patent Images

1. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for disabling at least one of the one of more data transfer ports, the method comprising the steps of:

inputting, at any time during an ON state of the computer, a sequence to the processor via the input device, the input sequence including only control characters;

generating a first signal, via the processor, in response to the input sequence; and

disabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal;

wherein the memory has a hotkey sequence stored therein, and the processor comprises a system interrupt handler, andwherein the step of generating a first signal comprises the steps of;

determining if the input sequence matches the hotkey sequence stored in the memory;

generating an interrupt signal, via the processor in response to the determining step; and

generating, via the system interrupt handler, a device signal to disable said at least one of the one or more data transfer ports in response to the interrupt signal,wherein the input sequence is capable of being inputted via the input device during a boot operation of the computer and during a post-boot, normal operation of the computer, so as to result in either case in the disabling of the one or more data transfer ports without having to reboot the computer.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An I/O port locking computer security system is implemented in the power management module of the hardware-software interface program (BIOS). A hotkey sequence of keystrokes activates the portlock feature and a system management interrupt signal (SMI) is generated. A SMI handler routine receives the interrupt signal and generates a signal to a hardware device handler. The device handler receives the signal and then disables various data transfer I/O ports on the computer (e.g., serial, parallel, fax, modem, floppy drives, and infrared communication ports). I/O ports in the disabled state cannot be accessed. Thus, data in the computer cannot be transmitted, copied, or "beamed" via infrared, to an unauthorized system or medium. I/O ports in the disabled state are enabled after receiving a password and a SMI interrupt signal is generated. A SMI handler receives the interrupt signal and generates a signal to a hardware device handler. The device handler receives the signal and then enables various I/O ports on the computer. Enablement or disablement of the portlock feature, the hotkey keystroke sequence, and the password are maintained in CMOS computer memory. Such elements can be altered in the computer BIOS setup program.

35 Citations

View as Search Results

16 Claims

1. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for disabling at least one of the one of more data transfer ports, the method comprising the steps of:
- inputting, at any time during an ON state of the computer, a sequence to the processor via the input device, the input sequence including only control characters;
  
  generating a first signal, via the processor, in response to the input sequence; and
  
  disabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal;
  
  wherein the memory has a hotkey sequence stored therein, and the processor comprises a system interrupt handler, andwherein the step of generating a first signal comprises the steps of;
  
  determining if the input sequence matches the hotkey sequence stored in the memory;
  
  generating an interrupt signal, via the processor in response to the determining step; and
  
  generating, via the system interrupt handler, a device signal to disable said at least one of the one or more data transfer ports in response to the interrupt signal,wherein the input sequence is capable of being inputted via the input device during a boot operation of the computer and during a post-boot, normal operation of the computer, so as to result in either case in the disabling of the one or more data transfer ports without having to reboot the computer.
- View Dependent Claims (2, 3, 4, 10)
- - 2. The method of claim 1 wherein an infrared communication data transfer port is disabled in response to the first signal.
  - 3. The method of claim 1 wherein selected data transfer ports are disabled in response to the first signal.
  - 4. The method of claim 1, further comprising the steps of:
    - inputting a password to the processor via the input device;
      
      generating a second signal via the processor in response to the input password; and
      
      enabling the one or more data transfer ports in response to the second signal.
  - 10. A computer system having a portlock program comprising the steps of claim 1 implemented in a basic input output system (BIOS) portion of the memory.

5. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for enabling at least one of the one or more data transfer ports, the method comprising the steps of:
- inputting, at any time during an ON state of the computer, a password to the processor via the input device;
  
  comparing the input password to a password stored in a writable portion of the memory;
  
  generating a first signal via the processor when the input password matches the stored password; and
  
  enabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal.
- View Dependent Claims (6, 7, 8, 11, 16)
- - 6. The method of claim 5 wherein the processor comprises a system interrupt handler, andthe step of generating a first signal comprises the steps of:
    - generating an interrupt signal, via the processor, in response to the matching of the stored password and the input password; and
      
      generating, via the system interrupt handler, a device signal to enable said at least one of the one or more data transfer ports in response to the interrupt signal.
  - 7. The method of claim 5 wherein an infrared communication data transport is enabled in response to the first signal.
  - 8. The method of claim 5 wherein only a subset of the data transfer ports are enabled in response to the first signal.
  - 11. A computer system having a portlock program comprising the steps of claim 5 implemented in a basic input output (BIOS) portion of memory.
  - 16. The method of claim 5, further comprising a step ofcounting a number of unsuccessful comparisons made in the comparing step before a successful comparison has been made;
    - andproviding, via a display to a user that has been provided access to the computer via the successful comparison, the number of unsuccessful comparisons.

9. In a computer comprising a processor, a system interrupt handler, an input device, a memory storing a hotkey sequence, a password, and including a BIOS portion, and one or more data transfer ports, a method implemented in BIOS for enabling or disabling at least one of the one or more data transfer ports, the method comprising the steps of:
- for disabling, inputting a first sequence to the processor via the input device at any time during an ON state of the computer, the first sequence corresponding to a keyboard-entered sequence of only control characters;
  
  determining if the first sequence matches the hotkey sequence stored in the memory;
  
  generating a first interrupt signal, via the processor, to disable at least one of the one or more data transfer ports in response to the first sequence determining step;
  
  generating, via the system interrupt handler, a device signal to power OFF the one or more data transfer ports in response to the first interrupt signal; and
  
  for enabling, inputting a second sequence to the processor via the input device the second sequence corresponding to a keyboard-entered sequence of at least one of alphabetic characters and numeric characters, but not control characters;
  
  determining if the second sequence matches the password stored in the memory;
  
  generating a second interrupt signal via the processor to enable at least one of the one or more data transfer ports in response to the second sequence determining step;
  
  generating, via the system interrupt handler, a device signal to power ON said at least one of the one or more data transfer ports in response to the second interrupt signal; and
  
  powering ON said at least one of the one or more data transfer ports in response to the device signal.

12. A computer system with securable data transfer ports, the system comprising:
- a processor for executing programmed instructions;
  
  a memory, coupled to the processor, for storing a hotkey, a password, and program instructions for execution by the processor and having a BIOS portion;
  
  an input device, coupled to the processor, for accepting input from a user at any time during an ON state of the computer system;
  
  one or more data transfer ports, coupled to the processor; and
  
  a portlock program, stored in the BIOS and executable on the processor, for generating a first signal to disable at least one of the one or more data transfer ports in response to the hotkey being received via the input device, and for generating a second signal to enable at least one of the one or more data transfer ports in response to the password being received via the input device.
- View Dependent Claims (13, 14, 15)
- - 13. The computer system of claim 12, wherein at least one of the one or more data transfer ports are infrared communication ports.
  - 14. The computer system of claim 12 wherein only a subset of the data transfer ports are disabled in response to the hotkey being received and where the subset of the data transfer ports are enabled in response to the password being received.
  - 15. The computer system of claim 12, wherein the portlock program is located in a power management portion of the BIOS portion of the memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinglite Holdings Inc.
Original Assignee
Peter Andrew Bernard
Inventors
Bernard, Peter Andrew
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Iqbal, Nadeem

Application Number

US08/370,173
Time in Patent Office

1,877 Days
Field of Search

395/575, 380/4, 380/25, 380/52, 380/23, 380/49, 371/19, 371/68.3, 371/11.3, 364/222.5, 364/275.5, 364/286.4, 364/286.5, 364/285, 713/200, 713/201, 713/202, 714/3, 714/5, 714/37, 340/825.34
US Class Current

726/34
CPC Class Codes

G06F 21/31 User authentication

G06F 21/82 Protecting input, output or...

Power controlled computer security system and method

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Power controlled computer security system and method

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links