COMPUTER SYSTEM
This invention relates generally to the protection of computer systems from fraudulent use. A typical computer system has a main frame computer coupled to a computer terminal, or some
5. other peripheral device, such as a cheque reader, coupled to the main frame computer through a data bus and an address bus. The peripheral device can be used by someone remote- from the main frame computer for addressing the computer, and
10. feeding input to it, and extracting information from it.
An object of the present invention is to provide some protection of such a system against operation of the terminal or peripheral
15. device by an unauthorised person.
In accordance with one aspect of the present invention, a computer terminal or other peripheral device has a receiver and a detector capable of detecting whether the receiver is
20. receiving a coded signal, and means for controlling the operation of the device in dependence on whether a coded signal is being received.
The coded signal may be provided by a pocket token suitable for hands-free operation, that is to
25. say capable of delivering a coded signal to the receiver, even when in the pocket or the handbag of a user provided the user is adjacent the peripheral device.
The preferred tokens are conveniently
30 the tokens described in British Patent Specification
No. 1414119.and British Patent Specification No. 1414120. Those Patent Specifications describe the use of tokens for controlling access to a secured area, and they are equally applicable to
5. protection of a computer terminal as described above. However, other sorts of coded signal generating tokens can be used. The important thing is that the token should be capable of releasing the latch when in the pocket of the operator so that
10. the operator does not need to use his hands to unlock the terminal before starting to perate it. Operation will be available automatically provided the operator arrives carrying the appropriate token.
15. It can be arranged that the peripheral device has a latch which normally prevents operation but which can be released if the coded signal is being received. Again it can be arranged that if the coded signal is not being received, the power supply
20. to the peripheral device is cut off. Again the detector can be arranged to set the peripheral device if coded signals are being received, so that the peripheral device can respond to an interrogation from the main fra e^ computer by delivering a signal
25. which the main frame computer can interpret as showing that the coded signal is being received.
It may be useful in some circumstances to have a detector of a presence at the peripheral device, for example a photoelectric device, or an
'30. infra-red device, which is arranged to give a signal
OM >v
responsive to the presence of a person at the peripheral device for rendering the peripheral device in-operative unless coded signals are also being received.
In an alternative method of protecting a computer 5. system, the bus between a main frame computer and a peripheral device includes an integrity protection unit which normally passes signals in either direction, but which can be programmed so that certain signals can only be passed at pre-programmed times 10. or perhaps can only be arranged to pass certain signals if they are passing in one direction rather than the other.
The invention may be carried into practice in various ways, and certain embodiments will now 15. be described by way of example with reference to the accompanying drawings in which ;
FIGURE 1 is a diagram of a single computer protection system;
FIGURE 2 is a diagram of a multiple terminal 20. system;
FIGURE 3 is a diagram of a system similar to FIGURE 1, but with a body sensing feature;
FIGURE 4 is a diagram of an arrangement enabling a computer terminal to be interrogated 25. by a main frame computer before the main frame computer.responds to operation of the terminal; and
FIGURE 5 is a diagram of a system for protecting a computer system by means of an integrity protection unit. 30.
In the arrangement in FIGURE 1, a computer terminal 11 is connected by lines 12 to a computer, through lines 13 to a keyboard, through lines 14 to a visual display unit, and through a line 15
5. to an electrical supply. The terminal contains control electronics indicated generally at 16, and connected to the line 15 through a normally open relay contact 17. A pick-up aerial 18 which is shown as pos itionedwithin the terminal,
10. but may be external,is capable of picking up signals generated by a token in the pocket of a user, and those signals are amplified at 19 and fed to a detector 21 powered from the supply at 15 and capable of detecting whether particular
15. signals are being picked up at 18. If so, the detector 21 is arranged to hold the contacts 17 closed, so that the control electronics 16 can be energised from the supply.
This provides a simple arrangement whereby
20. unless a keyboard operator has a token generating the appropriate coded signals, the control electronics 16 are not energised and operation of the keyboard is ineffective.
FIGURE 2 shows a modification of the
25. arrangement of FIGURE 1, suitable for use where there are a number of terminals 11, and where it is desired that a terminal can be operated if the operator is carrying any one of a number of differently coded tokens. In this case, the output
30. from each amplifier 19 is connected to a different
_) RE
OMPI
input of a multiple code detector 22 which is arranged, if it detects that one of the appropriate coded signals is present,to supply through a delay unit 23 a signal to operate a relay 24 controlling the normally-open contact
5. 17. The delay may,for example, be adjustable in one minutes steps to be anything between 1 and 5 minutes . Either of the arrangements of FIGURES 1 and 2 may be used in conjunction with a body sensor, as indicated in FIGURE 3. The body sensor, may for example,
10. be a passibe infra-red detector positioned on the terminal to respond to infra-red' radiation from a body in a position to operate the keyboard. However, it could equally well be a photo-electric beam detector or a pressure mat, or a radar detector. Whichever body
15. sensor is used, it can be arranged that a normally- closed contact 26 is held open as long as a body is being sensed. The contact 26 is connected in parallel with the normally-open contact 17 which is closed when an appropriate signal is picked up at 18. In this case
20. the relay 24 is operated from a timer 23 which is arranged to open the contacts 17 if a body is being sensed but no appropriate signal is being picked up, that is if both contacts 26 and 27 are open, for longer than a short delay time. The delay time will allow the authorised
25. user to leave the terminal temporarily without operating the relay 24. The timer 23 may in addition to,or instead of, operating the switch 17, operate an alarm.
The arrangement of FIGURE 4 has the feature that a main frame computer 31 can interrogate a terminal
30. 32 and will only respond to instructions from the
terminal if the interrogation reveals that a token 33 is present at the terminal. Thus, the terminal has an aerial 18 as already described, and an amplifier 19 and a detector 21. The difference
5. is that the detector 21 is coupled to the control electronics 16 through interrogation lines 34. It is then not necessary to have a latch or means for cutting off the power supply to the terminal because the main frame computer can be programmed so that
10. as soon as there is any attempt to communicate with the computer 31 from the terminal 32, the computer 31 interrogates the terminal before responding to instructions. The interrogation lines 34 are coupled to the electronics 16 so that if a token 33 is
15. present at 18, then the electronics will be set perhaps by the closing of a switch, or by the setting up of an appropriate code, or in some other way to be able to respond to the interrogation from the main frame computer 31, over lines 12.
20. It is possible to address a main computer
31 from a terminal, or other peripheral device by way of Post Office lines 36, as shown in FIGURE 5, provided a modem 37, that is a device capable of modulating and demodulating coded signals .
25. is included between* the address and data buses
38 and 39 from the main computer, and the Post Office line 36. However it may be possible to feed input to, or extract information from, the main computer fraudulently by someone who has, or can get access 30. to a terminal connected to a Post Office line, and
who knows the appropriate codes to be used by peripheral devices in addressing the main computer.
In order to reduce the danger of such fraudulent use of the system, a computer integrity
5. protection unit 41 can be connected in the buses
38 and 39 leading to the modem 37, and the unit 41 is then programmed to allow signals to pass only in accordance with certain conditions. For example, the unit 41 might be programmed so that it will not
10. pass a signal for erasing information from the main computer if that signal is passing in the direction from the Post Office line to the main computer. Normally it is required that information can be erased from the main computer only in response
15. to instructions generated at the main computer, and not received externally.
Alternatively the unit 41 may be programmed so that it will only pass information from a peripheral device for entering information in the
SO . main computer if the information is passed at a certain time, which will be a time when authorised people know that that type of information can be fed to' the main computer. • Anybody fraudulently trying to feed such information to the main computer ,
25. at other times will not be able to pass the unit 41. Such a computer integrity protection unit 41 can be included in series in the data and address buses leading to a peripheral device 42,other than by way of a modem and Post Office line, and the unit 41
30. can be programmed in a similar manner to that already
described .
The portable token referred to at 33 will generally be one that can be carried in the pocket or the handbag of an authorised terminal operator
5. being capable of transmitting coded signals to the receiver 18 without the token being taken out of the pocket or handbag, provided it is close to the terminal.
Such a token could have its own source of
10. power to be capable of transmitting the coded signals continuously throughout the day, or to be capable of being switched on by a radio signal from the computer terminal when the authorised person approaches the terminals, so that power from the
15. battery in the token will not be consumed when the person is not at the computer terminal.