Multi-level secure computer with token-based access control
First Claim
1. A multilevel computer security system comprising:
- a core computer including a central processor unit (CPU), random access memory (RAM), and a computer-power supply with the CPU coupled to and controlling the operation of devices and data interfaces, within the multilevel computer security system, for data processing, data communications, and data storage;
a first security subsystem coupled to the core computer via a data bus, having means for storing the data and communicating data at a first security level;
at least one additional-security subsystem coupled to the core computer via the data bus, with each of said additional-security subsystems having means for storing data at a designated and exclusive security level higher than the first security level, each of the additional-security subsystems including power-indicator means for illuminating when the additional-security subsystem is receiving power from said computer-power supply;
access control means that process access requests and identification information from a user and correlate it with the security identification requirements and access privilege information within a security token possessed by the user to output an activation signal representative of the security level that is granted to the user;
security level sensor means that enable the transmission of said activation signal from the access control means to the electronically-activated power switching means only if the additional-security subsystem is determined by said sensor means to be at a security level corresponding to the security level represented by said activation signal;
electronically-activated power switching means, responsive to the electronic activation signals from said access-control means for selecting a security subsystem at said security level granted to said user and connecting power from the computer power-supply to only said selected security subsystem, thereby isolating said powered security subsystem and the data at its designated security level from all other security subsystems.
0 Assignments
0 Petitions
Accused Products
Abstract
A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert his smart-card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart-card. The selection of an authorized level generates an activation signal from the smart-card reader to the electronically activated switch which connects power only to the security subsystem for the security level selected and removes power from all other subsystems. If the required subsystem is not available within the computer the mechanically-activated switch will sense this condition and default to the first security level. Since only one security level is ever active and the switching from one level to another requires the computer RAM to be powered off there can be no possibility of user access to unauthorized data.
133 Citations
26 Claims
-
1. A multilevel computer security system comprising:
-
a core computer including a central processor unit (CPU), random access memory (RAM), and a computer-power supply with the CPU coupled to and controlling the operation of devices and data interfaces, within the multilevel computer security system, for data processing, data communications, and data storage;
a first security subsystem coupled to the core computer via a data bus, having means for storing the data and communicating data at a first security level;
at least one additional-security subsystem coupled to the core computer via the data bus, with each of said additional-security subsystems having means for storing data at a designated and exclusive security level higher than the first security level, each of the additional-security subsystems including power-indicator means for illuminating when the additional-security subsystem is receiving power from said computer-power supply;
access control means that process access requests and identification information from a user and correlate it with the security identification requirements and access privilege information within a security token possessed by the user to output an activation signal representative of the security level that is granted to the user;
security level sensor means that enable the transmission of said activation signal from the access control means to the electronically-activated power switching means only if the additional-security subsystem is determined by said sensor means to be at a security level corresponding to the security level represented by said activation signal;
electronically-activated power switching means, responsive to the electronic activation signals from said access-control means for selecting a security subsystem at said security level granted to said user and connecting power from the computer power-supply to only said selected security subsystem, thereby isolating said powered security subsystem and the data at its designated security level from all other security subsystems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A multilevel computer security system, comprising:
-
a computer having a central processor unit (CPU), a power supply, and random access memory (RAM), with the central processor unit coupled to the random access memory;
a first security subsystem connected to the CPU and RAM via the computer communications bus and having, a first memory device for storing data at a first security level, said first security subsystem allowing an operating system from said first memory device to load for default access to unrestricted data in the first security subsystem;
a first modem connected to the CPU and RAM via the computer communications bus and coupled to the first memory device via a first power circuit;
a first network-interface card connected to the CPU and RAM via the computer communications bus and coupled to the first memory device via said first power circuit;
a second security subsystem connected to the CPU and RAM via the computer communications bus and having a second memory device for storing data at a second security level, said second security subsystem responsive to the activation signal authorizing the second security level, for processing and storing data at the second security level after loading an operating system from said second memory device;
a second modem connected to the CPU and RAM via the computer communications bus and coupled to the second memory device via a second power circuit;
a second network-interface card connected to the CPU and RAM via the computer communications bus and coupled to the second memory device via said second power circuit;
a smart-card reader for reading a smart card having user identification and access privilege information, with the smart-card reader interacting with the smart card and the user identification and access privilege information, said smart-card reader, responsive to interacting with the smart card, determines whether to grant user access to the second security subsystem, said smart-card reader, responsive to determining the grant of access to the second security subsystem, by generating a first activation signal; and
a first electronically-activated switch having a first contact position connected to the first power circuit that powers the first security subsystem, a second contact position connected to the second power circuit that powers the second security subsystem, and a first common position, connected to the computer power supply, for switching between the first contact position and the second contact position, with the first electronically-activated switch normally set at the first contact position for switching the computer power supply to the second power circuit when the first electronically activated switch is switched from the first contact position to the second contact position in response to the first activation signal. - View Dependent Claims (15)
a third security subsystem connected to the CPU and RAM via the computer communications bus and having a third memory device for storing data at a third security level, said third security subsystem responsive to the activation signal authorizing the third security level after loading an operating system with said third memory device;
a third modem connected to the CPU and RAM via the computer communications bus and coupled to the third memory device via a third power circuit;
a third network-interface card connected to the CPU and RAM via the computer communications bus and coupled to the third memory device via said third power circuit;
said smart-card reader for reading the smart card having user identification and access privilege information, with the smart-card reader interacting with the smart card and the user identification and access privilege information, the smart-card reader, responsive to interacting with the smart card, for determining whether to grant user access to the third security subsystem, said smart-card reader, responsive to determining the grant of access to the third security subsystem, by generating a second activation signal;
a second electronically-activated switch having a first contact position connected to the second power circuit that powers the second security subsystem, a second contact position connected to the third power circuit that powers the third security subsystem, a first common position connected to the second contact position of the first electronically activated switch, with the first and second electronically-activated switches normally set at the first contact position, for switching the computer power supply to the third power circuit when both the first and second electronically activated switches are switched from their first contact position to their second contact position in response to the second activation signal.
-
-
16. A method for providing high assurance data access control and secure data processing, data storage, and data communications for data at a first security level and data at a second security level within a common computer having a CPU, RAM, power supply, smart card, smart card reader, a first security subsystem with first memory device and first data communications device connected to a first power circuit and first activation indicator for implementing data storage and data communications for data at a first security level, a second security subsystem with second memory device and second data communications device connected to a second power circuit and second activation indicator for implementing data storage and data communications at a second security level, a first electronically-activated switch, and a first mechanically-activated sensor switch, said method comprising the steps of:
-
utilizing the first security subsystem to process and store the data at said first security level after loading the operating system for the first memory device if no smart-card is present in the smart-card reader;
activating the smart-card reader software which deactivates the loading of the operating system from the first memory device if a valid smart-card is detected in the smart-card reader;
comparing with the smart-card reader, user identification data with the data stored on the smart-card to validate the identity of the user and to initiate the security level access control process from the smart-card program stored in the smart-card;
comparing, with the smart-card program, the user access request for access to data at said second security level with the stored access privileges on the smart-card and either grant or deny access;
generating, with the smart-card reader, an activation signal for the second security subsystem if access is granted, or terminating the smart-card reader and allow the operating system from the first memory device to load for default access to the unrestricted data in the first security subsystem if no access is granted;
transmitting the activation signal for the second security subsystem to the first electronically activated switch via a closed first sensor switch which activates the second security subsystem by connecting the second power circuit to the power supply and simultaneously deactivates the first security subsystem by disconnecting the first power circuit from the power supply;
disabling, if the second memory device is detected by the first sensor switch as not being installed, with said first sensor switch, the transmission of the activation signal to prevent the activation of the second security subsystem and disabling the default activation of the first security subsystem until the smart card is removed from the smart-card reader;
terminating, in response to the second security system being activated and a user terminates a session by terminating all programs and then shuts down the operating system, the power to all components in the computer through the operation of the operating system thus clearing the RAM before another user session can be initiated.
-
-
17. A method for providing high assurance data access control and secure data processing, data storage, and data communications for data at a first security level and data at an nth security level within a common computer having a CPU, RAM;
- power supply, smart card, smart card reader, a first security subsystem comprised of a first memory device and first data communications device connected to a first power circuit and first activation indicator for implementing data storage and data communications for data at a first security level, n−
1 additional security subsystems with each additional security subsystem comprised of a memory device and data communications device connected to a power circuit and activation indicator for implementing data storage and data communications at a designated and exclusive security level higher than the first security level, n−
1 electronically-activated switches, and n−
1 mechanically-activated sensor switches with steps comprised of;utilizing the first security subsystem to process and store the data at the first security level after loading the operating system from the first memory device if there is no smart-card in the smart-card reader;
activating the smart-card reader which deactivates the loading of the operating system from the first memory device if a valid smart-card is detected in the smart-card reader;
comparing with the smart-card reader, user identification data with the data stored on the smart-card to validate the identity of the user and to then initiate the security level access control process from a program stored in the smart-card;
utilizing the smart-card program to compare the user access request for access to data at the nth security level with the stored access privileges on the smart-card and either grant or deny access;
generating, with the smart-card reader, an activation signal for the nth security subsystem if access is granted or terminating the smart-card reader and allow the operating system from the first memory device to load for default access to the unrestricted data in the first security subsystem;
transmitting the activation signal for the nth security subsystem directly to all the electronically-activated switches at levels above the first security level and below level n and to the first electronically-activated switch via a closed (n−
1)th sensor switch which activates the nth security subsystem by connecting the nth power circuit to the power supply and simultaneously deactivates the first security subsystem by disconnecting the first power circuit from the power supply;
wherein, if the nth memory device is detected by the (n−
1)th sensor switch, said (n−
1)th sensor switch will disable the transmission of the activation signal thus preventing the activation of the nth security subsystem and disable the default activation of the first security subsystem until the smart-card is removed from the smart card reader;
wherein, if the nth security system was activated and a user terminates a session by terminating all programs and then shuts down the operating system, the power to all components in the computer will be terminated through the operation of the operating system thus clearing the RAM before another user session can be initiated. - View Dependent Claims (18, 19, 20)
- power supply, smart card, smart card reader, a first security subsystem comprised of a first memory device and first data communications device connected to a first power circuit and first activation indicator for implementing data storage and data communications for data at a first security level, n−
-
21. A modification kit for converting a personal computer that processes data at a single unrestricted security level having as a minimum a CPU, RAM, data bus, power supply, hard disk drive, floppy disk drive, and at least two open drive bay slots into a computer with a multilevel security system, said modification kit comprising:
-
a first drive bay enclosure having a restricted security subsystem for processing data at a single restricted security level with means for the data storage and data communications of data at a restricted security level, said means connected in parallel through a first power circuit with a single power input to an activation indicator mounted on the front panel of the first drive bay enclosure;
a second drive bay enclosure having, a smart card reader for reading a smart card with stored identity information and the access privileges of the card owner that are utilized by a program within the smart-card to output an activation signal representative of the security level that will be granted to the user;
a second power circuit connecting in parallel the power input to the computer hard disk drive, floppy disk drive, connectors for data communications means, and an activation indicator located on the front panel of the second drive bay enclosure;
a relay that has its activation contact connected to the electronic activation signals from the smart-card reader via a mechanically-activated sensor switch in order to switch the computer power connected to the common contact of the relay from the second power circuit connected to the normally closed contact of the relay to the power input of the first power circuit connected to the normally open contact, only if the user is granted access to the security level of data restricted to the security subsystem within the installed first drive bay by the smart-card reader;
a first drive bay for holding the first drive bay enclosure and having, connectors and cables for interfacing the first drive bay to the second drive bay;
mechanically-activated sensor switches positioned in the bay so that each switch is closed by contact with a first drive bay enclosure mechanically configured to close only that switch that is needed to enable the activation signal for the security level of data restricted to said first drive bay enclosure; and
a second drive bay for holding the second drive bay enclosure and having the required connectors for interfacing the second drive bay to the first drive bay and to the computer resources and peripherals required to accept user data into the smart card reader. - View Dependent Claims (22, 23, 24)
-
-
25. A hardware based multilevel computer security method for access control and security level isolation comprising the steps of:
-
creating separate security levels within the computer such that each security level is comprised of hardware based data storage and communications components that are connected together in a common power circuit that will activate all components at a security level when power is applied to the power circuit at said security level and deactivate said components when power is removed from said power circuit;
connecting all hardware based data storage and communications components at each security level to the computer via the computer'"'"'s communication bus;
connecting the power circuit for each security level to the computer power supply via a switching circuit that will connect the computer power supply to only one selected security level power circuit in response to said selected security level'"'"'s unique activation signal connected to said switching circuit such that each security level has a unique activation signal that will activate the data storage and communications components at said security level and deactivate the data storage and communications components at all other security levels;
selecting the security level to be activated by using a token reader within the computer to read and verify the identity and access privilege information of a computer user from said user'"'"'s security token and translating said identity and access privilege information into an allowed security level;
generating said unique activation signal from said token reader that will activate the data storage and communications components at said allowed security level and deactivate the data storage and communications components at all other security levels. - View Dependent Claims (26)
disabling said unique activation signal from said token reader by using a security level sensor means to independently verify that the data storage component at the selected security level has a security level attribute that is unique to said selected security level and if said attribute is not verified, disconnecting said unique activation signal from said switching circuit.
-
Specification