WO1990012357A2 - Computer security system - Google Patents
Computer security system Download PDFInfo
- Publication number
- WO1990012357A2 WO1990012357A2 PCT/GB1990/000478 GB9000478W WO9012357A2 WO 1990012357 A2 WO1990012357 A2 WO 1990012357A2 GB 9000478 W GB9000478 W GB 9000478W WO 9012357 A2 WO9012357 A2 WO 9012357A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- card reader
- card
- communications port
- switching means
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/08—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers from or to individual record carriers, e.g. punched card, memory card, integrated circuit [IC] card or smart card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
Definitions
- This invention relates to a means of restricting access to computer files.
- At present one of the usual methods of restricting access involves entering a code via the keyboard.
- the computer must contain a program which recognises the code, an expert can gain entry to the data files by calling up and then modifying the program. It is also possible to provide a mechanical lock system, but this is not a practical means of controlling a variety of levels of authorised access to given types of data or peripherals.
- a security system for a computer having at least one communications port for connection to peripheral devices; the system having a card reader; switching means operable to connect the card reader to the communications port in response to a command including protected routines which generate said command to cause the switching means to connect the card reader to the communications port; and means for comparing data from a card read by the card reader with memorised authorisation data to enable or disable further operation of the protected routine.
- the switching means operates to connect the card reader and a peripheral device alternatively to a single communications port.
- the switching means is comprised in an adapter package which includes a plug for connection into a communications port socket, a socket for receiving a peripheral device plug, and a cable connection to a stand-alone card reader.
- said computer is an IBM personal computer (or compatible) having a hard disk drive, and the usual serial communication port.
- the card reader is preferably a swipe reader, having two of the three standard outputs i.e. CLOCK negative logic and DATA negative logic. These two outputs connect to two inputs in the computer via the switching means.
- the inputs in the computer (which usually connect with two data set inputs) may thus be controlled by the switch means, which in turn is controlled by the software system.
- the software system may be made up of various files e.g. a system file, an installation file and a utility file. These allow access to the computer when the card is used at various levels of security.
- the software system controls the switch means by setting output levels and monitoring input signals by polling the input signals and processing the changes as the card is swiped. It is possible to use interrupts instead of polling.
- the above system may be used with the usual communication port uses e.g. to modem, mouse or serial printer.
- Fig. 1 is a perspective view of a computer system
- Fig. 2 is a block diagram of the compyter system illustrating a card reader and adapter used in the system of the invention
- Fig. 3 is a block diagram of the circuitry of the adapter.
- the preferred embodiment makes use of an IBM PC (or compatible computer) 10 having a communications port socket 12 and a floppy disk drive 102, and a card reader 14.
- the card reader 14 is permanently wired by cable 19 to an adapter 16 which has a plug 18 for engagement in the communications port socket 12 and also has a similar socket 20 into which any desired peripheral device (not shown) may be connected.
- the card reader 14 is a standard swipe reader meeting ISO 3554 track two standard; it requires 0 volt and 5 volt electrical supplies and its outputs are:-
- DATA negative logic The way that data is retrieved in all systems employing such readers is that data is formed by the data signal being present or not during a 'clock' signal transition from high to low. Each transition is one bit and 5 bits equal one digit pjus parity, the lower 4 bits equal a binary coded decimal number.
- the 'card present 1 signal signals the start and end of the card information.
- the system described here uses only CLOCK and DATA signals.
- a circuit board 28 inserted between the computer's main system board 104 and the floppy disc drive 102, to intercept the disc control signals and prevent access to the disc drive until a specified control sequence is received on the disc drive interface from the controlling software.
- This control sequence is arranged to be sent only once the user has been authenticated on the system.
- a single GAL chip is used on the circuit board to intercept the control signals and to decode the enable sequence.
- the GAL chip may include a security fuse to ensure that its contents cannot be read out. Once the enable or disable signal is received, the GAL does not respond to any further commands. This stops experimentation by potential hackers.
- the IBM PC or compatible serial communication port 12 (termed COM 1 to COM 4) has 3 outputs and 5 inputs which are used to connect to data set equipment.
- the adapter 16 has an electronic switch 22 which is employed to disconnect two data set inputs and connect the two card signals.
- RTS Request To Send
- TX Transmit
- the 5 volt power requirement for the card reader 14 and the electronic switch 22 is derived from the output signal Data Terminal Ready (DTR) via a voltage regulator 26.
- the input signals for the card reader, CTS and CD could be any input except Receive (RX) .
- RX Receive
- SECURITY.SYS software driver program SECURITY.SYS to activate the switch by setting the defined output levels and to monitor input signals by polling the input signals and processing the changes as the card is swiped. It is possible to use interrupts instead of polling.
- the card itself may contain a total of 40 digits.
- the first digit and the last two digits are start sentinel, end sentinel and check digit respectively, leaving 37 digits which the software driver passes to a CARD CHECK program.
- the digits are used to identify a particular user. Data is held on the computer to define the following items for each user:-
- CARD NUMBER Any time the CARD CHECK program is called, it will not allow the user to continue unless this number on the card matches an entry in a preprogrammed table of numbers. As the CARD CHECK program is called at •power up', only specified cards can enable the system to operate.
- PUN Requirement This defines whether or not a PUN is required for this user. Using the card and a MACHINE KEY NUMBER (pre ⁇ programmed) , an algorithm produces a four digit PERSONAL USER NUMBER. The CARD CHECK program can ask the user to input this PUN and a comparison is made before returning to the application. This feature may also be a KEY to unLOCK programs/files which have this key applied when LOCKED.
- the software module is installed in the computer memory at 'power up' through the CONFIG.SYS file and communicates with the card reader on 'power up' and on request by an application.
- the software may comprise a number of files, for example a system file; an installation file and various utility files. These may be made up and operate as follows:
- SECURITY.SYS This is a system file (DRIVER) which is loaded from the CONFIG.SYS file at 'power up' . This software accepts a request via a DDRIVER
- DOS interrupt and returns card data to the calling program when the request has been executed.
- Valid requests are:- 1. Return card data from the last card input.
- CARD . COM A program which, when used in a batch file, will return an ERROR LEVEL number equal to that defined as the BATCH NUMBER on the last card input.
- CARD2.COM As defined in CARD.COM but returns the PRIVILEGE LEVEL NUMBER as the ERROR LEVEL.
- INCARD.COM A program which requires the input of a new card before returning an ERROR LEVEL as defined in CARD.COM.
- PUNCARD.COM As defined in CARD.COM but requires the input and validation of a PERSONAL USER NUMBER before returning.
- LOCK.COM This program will alter fILes with the extension .EXE or .COM making them usable in an environment without a 'PC
- the invention thus allows a conventional computer to be modified in a simple manner to provide a system with a high degree of security which may operate in a versatile manner.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002050573A CA2050573A1 (en) | 1989-04-01 | 1990-03-30 | Computer security system |
AU54172/90A AU648023B2 (en) | 1989-04-01 | 1990-03-30 | Computer security system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB8907412.4 | 1989-04-01 | ||
GB8907412A GB8907412D0 (en) | 1989-04-01 | 1989-04-01 | Means of restricting access to computer files |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1990012357A2 true WO1990012357A2 (en) | 1990-10-18 |
WO1990012357A3 WO1990012357A3 (en) | 1990-11-15 |
Family
ID=10654345
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1990/000478 WO1990012357A2 (en) | 1989-04-01 | 1990-03-30 | Computer security system |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP0466763A1 (en) |
JP (1) | JPH04504322A (en) |
AU (1) | AU648023B2 (en) |
CA (1) | CA2050573A1 (en) |
GB (1) | GB8907412D0 (en) |
WO (1) | WO1990012357A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0692166A1 (en) * | 1992-10-29 | 1996-01-17 | Intelligent Security Systems, Inc. | Security access and monitoring system for personal computer |
FR2723224A1 (en) * | 1994-07-28 | 1996-02-02 | Sgs Thomson Microelectronics Sa | MEMORY OR CHIP CARD READER SYSTEM |
WO2005069105A1 (en) * | 2004-01-06 | 2005-07-28 | Thomson Licensing | Secure porting of information from one device to another |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1988003287A1 (en) * | 1986-10-24 | 1988-05-05 | Harcom Security Systems Corporation | Computer security system |
JPS63148360A (en) * | 1986-12-12 | 1988-06-21 | Canon Inc | Protecting device |
US4799153A (en) * | 1984-12-14 | 1989-01-17 | Telenet Communications Corporation | Method and apparatus for enhancing security of communications in a packet-switched data communications system |
EP0314530A1 (en) * | 1987-10-30 | 1989-05-03 | MICROPHAR, Sàrl dite: | A key-type soft ware usage control device with memory |
-
1989
- 1989-04-01 GB GB8907412A patent/GB8907412D0/en active Pending
-
1990
- 1990-03-30 CA CA002050573A patent/CA2050573A1/en not_active Abandoned
- 1990-03-30 WO PCT/GB1990/000478 patent/WO1990012357A2/en not_active Application Discontinuation
- 1990-03-30 AU AU54172/90A patent/AU648023B2/en not_active Ceased
- 1990-03-30 EP EP19900905598 patent/EP0466763A1/en not_active Withdrawn
- 1990-03-30 JP JP50580990A patent/JPH04504322A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4799153A (en) * | 1984-12-14 | 1989-01-17 | Telenet Communications Corporation | Method and apparatus for enhancing security of communications in a packet-switched data communications system |
WO1988003287A1 (en) * | 1986-10-24 | 1988-05-05 | Harcom Security Systems Corporation | Computer security system |
JPS63148360A (en) * | 1986-12-12 | 1988-06-21 | Canon Inc | Protecting device |
EP0314530A1 (en) * | 1987-10-30 | 1989-05-03 | MICROPHAR, Sàrl dite: | A key-type soft ware usage control device with memory |
Non-Patent Citations (2)
Title |
---|
IBM Technical Disclosure Bulletin, Vol. 22, No. 4, September 1979, (New York, US), D.W. COOPER et al.: "Removal of Contention for Card Deck Resource", pages 1334-1335 * |
PATENT ABSTRACTS OF JAPAN, Vol. 12, No. 411 (P-779)(3258), 31 October 1988; & JP-A-63148360 (Canon Inc.) 21 June 1988 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0692166A1 (en) * | 1992-10-29 | 1996-01-17 | Intelligent Security Systems, Inc. | Security access and monitoring system for personal computer |
EP0692166A4 (en) * | 1992-10-29 | 1996-03-27 | Intelligent Security Syst | Security access and monitoring system for personal computer |
FR2723224A1 (en) * | 1994-07-28 | 1996-02-02 | Sgs Thomson Microelectronics Sa | MEMORY OR CHIP CARD READER SYSTEM |
EP0698851A1 (en) * | 1994-07-28 | 1996-02-28 | STMicroelectronics S.A. | Memory card or chip card reader system |
US6125405A (en) * | 1994-07-28 | 2000-09-26 | Sgs-Thomson Microelectronics S.A. | Memory card or chip card reader system |
WO2005069105A1 (en) * | 2004-01-06 | 2005-07-28 | Thomson Licensing | Secure porting of information from one device to another |
US8010805B2 (en) | 2004-01-06 | 2011-08-30 | Thomson Licensing | Secure porting of information from one device to another |
Also Published As
Publication number | Publication date |
---|---|
EP0466763A1 (en) | 1992-01-22 |
AU5417290A (en) | 1990-11-05 |
JPH04504322A (en) | 1992-07-30 |
WO1990012357A3 (en) | 1990-11-15 |
CA2050573A1 (en) | 1990-10-02 |
GB8907412D0 (en) | 1989-05-17 |
AU648023B2 (en) | 1994-04-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5297200A (en) | Computer security system | |
CN100480991C (en) | Pre-boot authentication system | |
US6389542B1 (en) | Multi-level secure computer with token-based access control | |
US6351817B1 (en) | Multi-level secure computer with token-based access control | |
US7797729B2 (en) | Pre-boot authentication system | |
US5836010A (en) | Personal computer using chip-in card to prevent unauthorized use | |
US20020147924A1 (en) | Multi-level secure computer with token-based access control | |
US5854891A (en) | Smart card reader having multiple data enabling storage compartments | |
US6189099B1 (en) | Notebook security system (NBS) | |
US5841868A (en) | Trusted computer system | |
US6038320A (en) | Computer security key | |
USRE41092E1 (en) | Data security method and device for computer modules | |
US6957338B1 (en) | Individual authentication system performing authentication in multiple steps | |
EP0596276A2 (en) | Secure memory card | |
US6098171A (en) | Personal computer ROM scan startup protection | |
US20060168653A1 (en) | Personal network security token | |
WO1998007092A9 (en) | Smart card reader having multiple data enabling storage compartments | |
US20070006290A1 (en) | USB-compliant personal key | |
WO1994010773A1 (en) | Security access and monitoring system for personal computer | |
US6839776B2 (en) | Authenticating peripherals based on a predetermined code | |
KR20000068989A (en) | A method of making secure and controlling access to information from a computer platform having a microcomputer | |
AU648023B2 (en) | Computer security system | |
US20030028812A1 (en) | Computer security during power-on self test | |
KR20030049387A (en) | Extended smart card system and the controlling method | |
WO1995024698A1 (en) | A secure memory card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA FI JP KR NO US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FR GB IT LU NL SE |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AU CA FI JP KR NO US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH DE DK ES FR GB IT LU NL SE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1990905598 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2050573 Country of ref document: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 1990905598 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1990905598 Country of ref document: EP |
|
ENP | Entry into the national phase in: |
Ref country code: CA Ref document number: 2050573 Kind code of ref document: A Format of ref document f/p: F |