Method of making secure and controlling access to information from a computer platform having a microcomputer
First Claim
1. A method of securing and monitoring access to information from a computer platform, the method comprising:
- producing at least one non-rewritable recording medium on which information and operating software are recorded;
authorizing users by defining user access rights to the information stored on the recording medium;
issuing a portable medium to each authorized user, the portable medium having information regarding the defined access rights recorded thereon;
inserting the recording medium and the portable medium into readers fitted to the computer platform;
configuring the computer platform of the authorized user into a secure workstation by executing security functions based upon parameters recorded on the recording medium, the portable medium, and the computer platform;
loading the operating software from the recording medium to the computer platform after security functions are executed;
enabling the information stored on the recording medium to be accessed according to the defined access rights; and
enabling secure communications between the computer platform and a connected network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of securing and monitoring access to information from a computer platform. At least one non-rewritable recording medium with information and operating software is produced. Users are authorized by defining user access rights to the information stored on the reading medium. A portable medium having information regarding the defined access rights recorded thereon is issued to each authorized user. The recording medium and the portable medium are inserted into readers fitted to the computer platform. The computer platform is configured into a secure workstation by executing security functions based upon parameters recorded on the recording medium, the portable medium, and the computer platform. After security functions are executed, operating software from the recording medium is loaded to the computer platform. The method enables the information stored on the recording medium to be accessed according to the defined access rights. The method also enables secure communications between the computer platform and a connected network.
-
Citations
17 Claims
-
1. A method of securing and monitoring access to information from a computer platform, the method comprising:
-
producing at least one non-rewritable recording medium on which information and operating software are recorded;
authorizing users by defining user access rights to the information stored on the recording medium;
issuing a portable medium to each authorized user, the portable medium having information regarding the defined access rights recorded thereon;
inserting the recording medium and the portable medium into readers fitted to the computer platform;
configuring the computer platform of the authorized user into a secure workstation by executing security functions based upon parameters recorded on the recording medium, the portable medium, and the computer platform;
loading the operating software from the recording medium to the computer platform after security functions are executed;
enabling the information stored on the recording medium to be accessed according to the defined access rights; and
enabling secure communications between the computer platform and a connected network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
defining information to be protected;
defining an operating system for the protected information;
defining a set of check parameters to enable the operating software loaded from the recording medium to the computer platform to operate; and
defining a set of security parameters for making use of the recording medium secure and enabling the information stored on the recording medium to be used.
-
-
3. The method according to claim 2, wherein the security parameters for making use of the recording medium secure include an identity parameter specific to the recording medium and an authentication parameter for authenticating contents of the recording medium.
-
4. The method according to claim 2, wherein defining security parameters for making use of the recording include defining a security level required to access the information on the recording medium, and defining a parameter specific to the information.
-
5. The method according to claim 2, further comprising the steps of encrypting at least part of the information on the recording medium, and storing on the recording medium a security table containing decrypting algorithms in encrypted form.
-
6. The method according to claim 5, further comprising the step of recording on the portable medium keys for decrypting the information stored on the recording medium.
-
7. The method according to claim 1, further comprising the step of recording on the portable medium of each user parameters including a security level required to use the information on the recording medium and identity of the information, the security level and identity parameters corresponding to those recorded on the recording medium.
-
8. The method according to claim 1, wherein the step of configuring a computer platform into a secure workstation further comprises the steps of:
-
integrating in the platform a hardware security device and associated checking software;
recording on the hardware security device the identity parameter specific to the recording medium, and the identity parameter of the information of the recording medium; and
causing the checking software to identify the identity parameter specific to the recording medium by comparing corresponding parameters recorded on the recording medium and the hardware security device, the identity parameter of the information on the recording medium by comparing the corresponding parameters recorded on the recording medium and the hardware security device, and the level required to use the information by comparing the corresponding parameters on the recording medium and on the portable medium.
-
-
9. The method according to claim 1, further comprising the step of, prior to loading the operating software from the recording medium, verifying from boot software loaded from the recording medium that the security conditions which have been satisfied by the recording medium when monitored by the computer platform are also satisfied by the platform when monitored by the recording medium.
-
10. The method according to claim 1, further comprising the steps of making the operating system stored on the recording medium independent from an operating system of the computer platform, and loading configuration software from the recording medium to provide the parameters required for executing the operating system stored on the recording medium.
-
11. The method according to claim 1, further comprising the step of, after the operating system has been loaded from the recording medium, causing the system to execute security functions relating both to the recording medium and to the computer platform to reinforce the security.
-
12. The method according to claim 1, wherein the information recorded on the recording medium includes data.
-
13. The method according to claim 1, wherein the information recorded on the recording medium includes applications.
-
14. The method according to claim 1, wherein the portable medium issued to each user is a smart card.
-
15. The method according to claim 3, wherein the authentication parameter for authenticating contents of the recording medium includes encrypted signatures.
-
16. The method according to claim 2, further comprising the steps of encoding at least part of the information on the recording medium, and storing on the recording medium a security table containing decoding algorithms in encrypted form.
-
17. The method according to claim 5, further comprising the step of recording on the portable medium keys for decoding the information stored on the recording medium.
Specification