GB2367386A - Security system for a hard disk - Google Patents

Security system for a hard disk Download PDF

Info

Publication number
GB2367386A
GB2367386A GB0011339A GB0011339A GB2367386A GB 2367386 A GB2367386 A GB 2367386A GB 0011339 A GB0011339 A GB 0011339A GB 0011339 A GB0011339 A GB 0011339A GB 2367386 A GB2367386 A GB 2367386A
Authority
GB
United Kingdom
Prior art keywords
logical block
hard disk
security system
bios
block address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0011339A
Other versions
GB0011339D0 (en
Inventor
Michael Augustin Flanagan
Gary Anthony Holden
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TIME COMPUTERS Ltd
Original Assignee
TIME COMPUTERS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TIME COMPUTERS Ltd filed Critical TIME COMPUTERS Ltd
Priority to GB0011339A priority Critical patent/GB2367386A/en
Publication of GB0011339D0 publication Critical patent/GB0011339D0/en
Publication of GB2367386A publication Critical patent/GB2367386A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A security system for a computer hard disk comprises a software or firmware write protect of the logical block address (LBA<SB>o</SB>) and the logical block address to which the first entry in the partition table directs BIOS during the boot cycle. The purpose of this invention is to prevent a purchaser from configuring or overwriting the operating system provided on a hard disk.

Description

SECURITY SYSTEM FOR A HARD DISK
This invention relates to a security system for a hard disk of a personal computer (PC).
Protection of the hard disk is required where it is desirable or necessary to prevent access to some or all of the area of the disk for writing of data or loading of software. Protecting a hard disk in this way can prevent a purchaser of a low cost or discounted PC from removing the hard disk and using it in another computer or computer system by ensuring that the operating system provided thereon cannot be configured or overwritten.
The present invention seeks to provide a security system for a hard disk which can operate in this way.
Thus and in accordance with the present invention therefore there is provided a security system for a hard disk of a computer system, said hard disk having loaded thereon a binary input/output system (BIOS) and said hard disk being divided into multiple logical block addresses uniquely identified respectively as LBAo to LBAn'one of said logical block addresses containing a master boot record which contains instructions relating to a boot cycle of the system in the form of entries in a partition table which direct said BIOS to other logical block addresses during said boot cycle of said system where necessary data or software is stored and wherein said security system comprises protection means which acts to prevent writing of data or software to said one logical block address and a logical black
address to which a first entry in said partition directs said BIOS during said boost cycle.
With this arrangement it is possible to prevent a hard disk of a computer system being removed and used in other systems as it will not be possible to modify the operating system provided or to overwrite the operating system provided since it is not possible to access the logical block addresses in which are provided instructions which control the boot cycle of the system.
Referring now to the drawings, the single figure of which shows a diagrammatic representation of a hard (fixed) disk 10 of a computer system for example a personal computer system (PC).
The hard disk 10 comprises multiple discrete uniquely identified sectors or areas 11 in which data, instructions or software routines or programs can be stored. Each of the sectors or areas 11 form a logical block address, conventionally 512 bytes, and each of these logical block addresses are identified sequentially as LBAo to LBA.
Conventionally, when used in a computer system, a hard disk 10 has installed thereon a binary input/output system (BIOS) which controls the interaction between the various hardware components of a computer system. Thus for example, the BIOS controls the boot cycle which occurs when a computer system is first turned on.
Further, it is usual for information relating to the boot cycle to be
stored in a single logical block address uniquely identified as LBAo in the form of a partition table (shown schematically as 12) which contains a number of entries. Each entry in the partition table 12 directs the BIOS to another logical block address 11 to refer to data instructions or software routines or programs contained therein, to carry out instructions or to load software.
Therefore, in a conventional computer system, the system is supplied to a purchaser with an operating system installed. In such a system, when the system undergoes the boot cycle, the BIOS will look through logical block address LBAo and will refer to the directions set out therein. Thus when the BIOS refers to logical block address LBAo the first partition table entry contained therein will usually direct the BIOS to one or more other logical block addresses where operating system software is stored in order that the operating system is loaded. Thus in a conventional system of this type, the operating system is actually loaded when the machine undergoes the boot cycle by use of the partition table entries in logical block address LBAo under the control of the BIOS.
If in the conventional system a new operating system is installed, the installation process will actually change, insofar as this is necessary, the partition table entries in logical block address LBAo to ensure correct loading of the new operating system in the boot cycle.
It will be appreciated that this can lead to problems because there is
no restriction in conventional computer systems on the hard disk, being removed from one system and replaced in another. In these circumstances, if the user does not wish to use the manufacturers installed operating system, then it is a simple matter of loading another operating system onto the hard disk to overwrite the existing operating system.
It has been proposed that it may be desirable to manufacture and supply computer systems which are intended for use in accessing the world wide web with operating systems installed by the manufacturer and which are configured to allow a user access only to the manufacturers preferred Internet service provider (ISP) and it is proposed that such systems will be manufactured and sold at a low price.
However the problem with this proposal is that, with conventional computer systems, it will be possible for a purchaser to buy a low cost PC and remove the expensive hard disk 10 and install this into another system.
A different operating system could be installed, which wasn't configured in accordance with the original manufacturers intended configuration and which allows access to any preferred ISP. The system would then operate satisfactorily with the new operating system in place.
The present invention provides a solution to this problem.
Thus in the present invention, the manufacturer will install the operating system onto the hard disk 10 of the computer system. The operating system will be configured to allow access only to the
manufacturers preferred ISP and may be otherwise configured to the manufacturers particular specifications. When the operating system is loaded the partition table entries and BIOS are configured to ensure that, during the boot cycle, the operating system will be loaded properly.
However, in the present invention, the logical block address LBAo which contains the partition table and the logical block addresses to which the BIOS is directed by the first entry in the partition table, which are used during the boot cycle, are write protected using any suitable hardware, software or firmware. By doing this, access can be prevented to the partition table stored in logical block address LBAo and the logical block address to which the BIOS is directed by the first entry in the partition table and this means that modification of the entries contained in the partition table, such as would be necessary to ensure that any new operating system loaded onto the hard disc could load and operate properly, is prevented.
Furthermore, this would mean that during the boot cycle, the manufacturers preferred operating system, if present, is the only operating system which can be loaded. If the manufacturers complete specially configured operating system is not present then the boot cycle will not operate properly and the machine will not be operational.
It will be seen that with this arrangement, it is possible to make sure that the hard disk, cannot be transferred from low price computer systems to other computer systems since a new operating system cannot be loaded
onto the hard disk in order that the system will operate correctly.
Of course, if the hard disc is transferred to another machine then it will operate if the original manufacturers complete, specially configured, operating system is used and this is acceptable since manufacturers can recoup the discounted prices offered on the systems and parts of systems by appropriate deals with the preferred Internet Service Provider.
Further security can also be obtained by making access to the hard disk 10 subject to entry of a password which would prevent the write protection which is used on the hard disc from being breached by unauthorised persons.
It is of course to be understood that the invention is not intended to be restricted to the details of the above embodiment which are described by way of example only.

Claims (4)

1. A security system for a hard disk of a computer system, said hard disk having loaded thereon a binary input/output system (BIOS) and said hard disk being divided into multiple logical block addresses uniquely identified respectively as LBAo to LBAN, one of said logical block addresses containing a master boot record which contains instructions relating to a boot cycle of the system in the form of entries in a partition table which direct said BIOS to other logical block addresses during said boot cycle of said system where necessary data or software is stored and wherein said security system comprises protection means which acts to prevent writing of data or software to said one logical block address and a logical block address to which a first entry in said partition table directs said BIOS during said boot cycle.
2. A security system according to Claim 1, wherein the protection means comprises software or firmware which acts to write protect logical block address LBA..
3. A security system according to Claim 1 or Claim 2, wherein access to said hard disk of said computer for writing is subject to entry of a password.
4. A security system substantially as hereinbefore described with reference to the accompanying drawings.
GB0011339A 2000-05-11 2000-05-11 Security system for a hard disk Withdrawn GB2367386A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0011339A GB2367386A (en) 2000-05-11 2000-05-11 Security system for a hard disk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0011339A GB2367386A (en) 2000-05-11 2000-05-11 Security system for a hard disk

Publications (2)

Publication Number Publication Date
GB0011339D0 GB0011339D0 (en) 2000-06-28
GB2367386A true GB2367386A (en) 2002-04-03

Family

ID=9891372

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0011339A Withdrawn GB2367386A (en) 2000-05-11 2000-05-11 Security system for a hard disk

Country Status (1)

Country Link
GB (1) GB2367386A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2299380A1 (en) * 2005-09-09 2011-03-23 Fujitsu Technology Solutions Intellectual Property GmbH Computer with at least one connection for a removable storage medium and method of starting and operating of a computer with a removable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0331925A (en) * 1989-06-28 1991-02-12 Mitsubishi Electric Corp Method for protecting disk
WO1993009495A1 (en) * 1991-11-05 1993-05-13 Australian Tech Support Pty. Ltd. Computer memory protection
GB2303721A (en) * 1995-07-28 1997-02-26 Samsung Electronics Co Ltd Safeguarding hard drive data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0331925A (en) * 1989-06-28 1991-02-12 Mitsubishi Electric Corp Method for protecting disk
WO1993009495A1 (en) * 1991-11-05 1993-05-13 Australian Tech Support Pty. Ltd. Computer memory protection
GB2303721A (en) * 1995-07-28 1997-02-26 Samsung Electronics Co Ltd Safeguarding hard drive data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2299380A1 (en) * 2005-09-09 2011-03-23 Fujitsu Technology Solutions Intellectual Property GmbH Computer with at least one connection for a removable storage medium and method of starting and operating of a computer with a removable storage medium

Also Published As

Publication number Publication date
GB0011339D0 (en) 2000-06-28

Similar Documents

Publication Publication Date Title
US4757533A (en) Security system for microcomputers
JP3507594B2 (en) Computer
US6535977B1 (en) Replacing a unique identifier in a cloned computer system using program module that runs only once during the next boot sequence
US5742758A (en) Password protecting ROM based utilities in an adapter ROM
JP2001521654A (en) Digital information self-decoding system and method
EP0689697A1 (en) System for software registration
KR20030012809A (en) Software installation method, firmware updating method, and recording and reading device and recording medium therefore
WO1999010809A1 (en) Software publisher configurable software security mechanism
US7363507B2 (en) Device and method of preventing pirated copies of computer programs
US20040193913A1 (en) Controlled access to software applications and/or data
CA2292041A1 (en) Software program protection mechanism
KR20080018196A (en) Data structure for identifying hardware and software licenses to distribute with a complying device
GB2340630A (en) Protected storage device for computer system
JPH07191776A (en) Personal computer system for realization of secrecy protection
US20080140946A1 (en) Apparatus, system, and method for protecting hard disk data in multiple operating system environments
US20020197528A1 (en) Method for extending an application, to be installed using an installation program, by a function, and a computer software product
JP2001504611A (en) Method for securing and controlling access to information from a computer platform having a microcomputer
CN100514305C (en) System and method for implementing safety control of operation system
US20020129270A1 (en) Electronic device for providing software protection
US20090271875A1 (en) Upgrade Module, Application Program, Server, and Upgrade Module Distribution System
US6898555B2 (en) Method for indicating the integrity of use-information of a computer program
GB2367386A (en) Security system for a hard disk
US7882353B2 (en) Method for protecting data in a hard disk
WO2003034212A1 (en) Software loading
JP3302593B2 (en) Software copyright protection device

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)