Power controlled computer security system and method
First Claim
1. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for disabling at least one of the one of more data transfer ports, the method comprising the steps of:
- inputting, at any time during an ON state of the computer, a sequence to the processor via the input device, the input sequence including only control characters;
generating a first signal, via the processor, in response to the input sequence; and
disabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal;
wherein the memory has a hotkey sequence stored therein, and the processor comprises a system interrupt handler, andwherein the step of generating a first signal comprises the steps of;
determining if the input sequence matches the hotkey sequence stored in the memory;
generating an interrupt signal, via the processor in response to the determining step; and
generating, via the system interrupt handler, a device signal to disable said at least one of the one or more data transfer ports in response to the interrupt signal,wherein the input sequence is capable of being inputted via the input device during a boot operation of the computer and during a post-boot, normal operation of the computer, so as to result in either case in the disabling of the one or more data transfer ports without having to reboot the computer.
6 Assignments
0 Petitions
Accused Products
Abstract
An I/O port locking computer security system is implemented in the power management module of the hardware-software interface program (BIOS). A hotkey sequence of keystrokes activates the portlock feature and a system management interrupt signal (SMI) is generated. A SMI handler routine receives the interrupt signal and generates a signal to a hardware device handler. The device handler receives the signal and then disables various data transfer I/O ports on the computer (e.g., serial, parallel, fax, modem, floppy drives, and infrared communication ports). I/O ports in the disabled state cannot be accessed. Thus, data in the computer cannot be transmitted, copied, or "beamed" via infrared, to an unauthorized system or medium. I/O ports in the disabled state are enabled after receiving a password and a SMI interrupt signal is generated. A SMI handler receives the interrupt signal and generates a signal to a hardware device handler. The device handler receives the signal and then enables various I/O ports on the computer. Enablement or disablement of the portlock feature, the hotkey keystroke sequence, and the password are maintained in CMOS computer memory. Such elements can be altered in the computer BIOS setup program.
35 Citations
16 Claims
-
1. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for disabling at least one of the one of more data transfer ports, the method comprising the steps of:
-
inputting, at any time during an ON state of the computer, a sequence to the processor via the input device, the input sequence including only control characters; generating a first signal, via the processor, in response to the input sequence; and disabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal; wherein the memory has a hotkey sequence stored therein, and the processor comprises a system interrupt handler, and wherein the step of generating a first signal comprises the steps of; determining if the input sequence matches the hotkey sequence stored in the memory; generating an interrupt signal, via the processor in response to the determining step; and generating, via the system interrupt handler, a device signal to disable said at least one of the one or more data transfer ports in response to the interrupt signal, wherein the input sequence is capable of being inputted via the input device during a boot operation of the computer and during a post-boot, normal operation of the computer, so as to result in either case in the disabling of the one or more data transfer ports without having to reboot the computer. - View Dependent Claims (2, 3, 4, 10)
-
-
5. In a computer comprising a processor, a memory having a BIOS portion, an input device, and one or more data transfer ports, a method implemented in BIOS for enabling at least one of the one or more data transfer ports, the method comprising the steps of:
-
inputting, at any time during an ON state of the computer, a password to the processor via the input device; comparing the input password to a password stored in a writable portion of the memory; generating a first signal via the processor when the input password matches the stored password; and enabling, via the processor, said at least one of the one or more data transfer ports in response to the first signal. - View Dependent Claims (6, 7, 8, 11, 16)
-
-
9. In a computer comprising a processor, a system interrupt handler, an input device, a memory storing a hotkey sequence, a password, and including a BIOS portion, and one or more data transfer ports, a method implemented in BIOS for enabling or disabling at least one of the one or more data transfer ports, the method comprising the steps of:
-
for disabling, inputting a first sequence to the processor via the input device at any time during an ON state of the computer, the first sequence corresponding to a keyboard-entered sequence of only control characters; determining if the first sequence matches the hotkey sequence stored in the memory; generating a first interrupt signal, via the processor, to disable at least one of the one or more data transfer ports in response to the first sequence determining step; generating, via the system interrupt handler, a device signal to power OFF the one or more data transfer ports in response to the first interrupt signal; and for enabling, inputting a second sequence to the processor via the input device the second sequence corresponding to a keyboard-entered sequence of at least one of alphabetic characters and numeric characters, but not control characters; determining if the second sequence matches the password stored in the memory; generating a second interrupt signal via the processor to enable at least one of the one or more data transfer ports in response to the second sequence determining step; generating, via the system interrupt handler, a device signal to power ON said at least one of the one or more data transfer ports in response to the second interrupt signal; and powering ON said at least one of the one or more data transfer ports in response to the device signal.
-
-
12. A computer system with securable data transfer ports, the system comprising:
-
a processor for executing programmed instructions; a memory, coupled to the processor, for storing a hotkey, a password, and program instructions for execution by the processor and having a BIOS portion; an input device, coupled to the processor, for accepting input from a user at any time during an ON state of the computer system; one or more data transfer ports, coupled to the processor; and a portlock program, stored in the BIOS and executable on the processor, for generating a first signal to disable at least one of the one or more data transfer ports in response to the hotkey being received via the input device, and for generating a second signal to enable at least one of the one or more data transfer ports in response to the password being received via the input device. - View Dependent Claims (13, 14, 15)
-
Specification