`Wade et al.
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US005552776A
`[llJ Patent Number:
`[45] Date of Patent:
`
`5,552,776
`Sep. 3, 1996
`
`[54] ENHANCED SECURITY SYSTEM FOR
`COMPUTING DEVICES
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`[75]
`
`Inventors: Jack Wade, La Jolla, Calif.; William
`K. Szaroletta, Des Moines, Iowa;
`Thomas R. Madden, San Diego, Calif.
`
`[73] Assignee: Z-Microsystems, Carlsbad, Calif.
`
`[21] Appl. No.: 265,517
`
`[22] Filed:
`
`Jun. 24, 1994
`
`Related U.S. Application Data
`
`[63] Continuation of Ser. No. 763,915, Sep. 23, 1991, abandoned.
`Int. Cl.6
`[51]
`•••••••••••••••••••••••••••••••••••••••.•••••••••••••.•• G06F 7/04
`[52] U.S. Cl •.................................. 340/825.31; 340/825.3;
`340/310.08
`[58] Field of Search ......................... 340/825.31, 825.34,
`340/825.56, 825.3, 309.15, 309.6, 310.08,
`870.16, 870.17; 379/95, 102; 307/139;
`235/382
`
`6/1988 Denekamp et al ....................... 379/59
`4,750,197
`4/1989 Fasack et al ....................... 340/825.06
`4,823,290
`7/1989 Watanabe et al .................... 340/825.3
`4,849,614
`4,882,564 11/1989 Monroe et al ..................... 340/870.17
`4,899,217
`2/1990 MacFadyen et al. ................... 379/102
`4,942,606
`711990 Kaiser et al ....................... 340/825.31
`4,947,163
`811990 Henderson et al ................ 340/825.31
`5,051,720
`9/1991 Kittirutsunetorn ................ 340/310 CP
`5, 111, 185
`5/1992 Kozaki ............................... 340/825 .31
`5,144,659
`4/1992 Jones .................................. 340/825.31
`Primary Examiner-John K. Peng
`Assistant Examiner-Andrew Hill
`Attorney, Agent, or Finn-Loeb & Loeb
`[57]
`ABSTRACT
`
`A security system for controlling access to computing
`devices. The security system provides selectively program(cid:173)
`mable access, monitored access, access privilege modifica(cid:173)
`tions and recorded access history for a computing device.
`
`35 Claims, 14 Drawing Sheets
`
`'
`
`DISPIAY
`
`i
`
`KEYPAD
`
`237
`
`~,,,,,,,,,,,,,,~
`
`OPTIONAL
`~
`~
`SMART CARD
`~
`~
`DATA PORT 24H
`~
`~''''''"f''''''''
`
`235
`239
`I
`
`SERIAL
`COMMUNICATION
`PORT(S) 243
`
`-
`
`OPTIONS ~ REAL-TIME
`TABLE
`201
`CLOCK 222
`PASSWORD
`203 I++
`TABLE
`AUTHORITIES
`205 !+-+
`TABLE
`ACTION PROGRAM
`207 !+-+
`TABLE
`DEVICE
`CONFIGURATION ~
`TABLE
`208
`HISTORY
`'
`!+-+
`TABLE
`209
`MICROPROCESSOR
`NON-VOLATILE MEMORY 224
`CONTROLLER221
`DOCKING BASE UNIT CONNECTOR ,264 f
`REMOVABLE MODULE DOCKING CONNECTOR '-266
`SENSORS FOR TEMPERATURE & SHOCK 2711
`+
`'
`OPTIONS
`MICROPROCESSOR
`TABLE
`CONTROLLER220
`PASSWORD
`TABLE
`,.__..
`AUTHORITIES
`TABLE
`206
`ACTION PROGRAM
`TABLE
`211
`DEVICE
`CONFIGURATION
`TABLE
`HISTORY
`TABLE
`215
`NON-VOLATILE MEMORY 225
`
`202
`
`204
`
`I++ -
`
`213
`
`DATA STORAGE
`DEVICE 234
`OPTIONAL
`~
`DATA STORAGE
`~
`DEVICE
`236~
`
`~
`~
`~
`
`~,,,,,,,,,,,,,,,
`
`~,,,,,,,,,,,,,,~
`
`252 .......
`
`,,
`ELECTRONIC
`~
`POWER CONTROL
`CIRCUITRY 226
`
`DATA STORAGE
`DEVICE 223
`
`I
`
`I
`
`POWER SUPPLY r
`230 I. l_!OWERFROM
`,,
`
`2 @ 7
`
`HIGH SECURITY
`KEYLOCK
`(SWITCHES POWER)
`245
`
`OUTLET
`DATA STORAGE
`BUS ~O PORT TO
`OTHE COMPUTING
`DEVICES 249
`
`rr
`
`T
`251
`
`TERMINATE BUS
`OR TO ADD'L
`DATA STORAGE
`DEVICES 259
`
`262 DOCKING BASE UNIT
`
`N 260
`
`DATA STORAGE
`DEVICE
`231
`
`BLOCK DIAGRAM OF TYPICAL
`.---H-IGH-SE-CU-RITY---. REMOVABLE STORAGE MODULE
`
`KEYLOCK @
`
`FOR REMOVABLE
`MODULE PHYSICAL
`SECURITY 263
`
`KEY
`265
`
`IPR2017-00430
`UNIFIED EX1013
`
`
`
`U.S. Patent
`
`Sep. 3, 1996
`
`Sheet 1of14
`
`5,552,776
`
`OPTIONS TABLE
`
`4008
`
`AUTHORIZED DEVICE ID
`MODULE(S) I BASE UNIT(S), AND
`OTHER COMPUTING DEVICES
`
`0515
`
`0516
`
`1711
`
`1712
`
`*
`
`461
`
`02
`
`342
`
`02
`
`01
`
`342
`
`342
`
`3017
`
`3017
`
`3017
`
`3017
`
`24
`
`l
`
`12
`
`1
`
`12
`
`2
`
`06
`
`3
`
`001011
`xxxx
`
`010011 001111 111111
`xx xx
`xx xx
`xxxx
`
`1110
`
`0100
`
`1110
`
`0100
`
`110
`
`010
`
`------- ---
`
`4010
`
`4019
`
`4020
`4012
`4022
`
`4023
`
`4025
`4014
`
`4016
`
`AUTHORIZED USERS
`_,,.,--NUMBER CONCURRENT
`AUTHORITATIVE ACCESSES
`
`,,,.-ACTION PROGRAM
`
`SUPER USER
`_..--SUPERUSER TERM OF OFFICE (DDHH)
`
`,,,..--REAUTHORIZATION TIM EDE LAY FOR
`SfiME SUPERUSER (HH)
`
`,,,..--SUPERUSER PRIVILEGE LEVEL (1,2,3,)
`DISPLAY
`ALLOW WHICH TABLES DISPLAYED
`DEFINE CUSTOM DISPLAY
`INPUT LOUTPUT
`LIMIT 1/0 TO WHICH PORTS
`(lXXX)
`SERIAL
`(XlXX)
`SCSI
`ETHERNET (XXlXl
`(XXXl)
`OTHER
`
`ALLOW INPUT FROM WHICH DEVICES
`(lXXX)
`CPU
`(XlXX)
`BASE UNITS
`(XXl X)
`MODULES
`(XXXl)
`OTHER
`ALLOW OUTPUT TO DEVICES
`PRINTER ONLY
`WINDOW ON HOST CPU
`OTHER
`
`(lXX)
`(XlX)
`(XXll
`
`--
`
`4018
`
`SPECIAL
`SET SPECIAL AUDIT TRAILS
`OTHER
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`FIG. l
`
`
`
`U.S. Patent
`
`Sep.3, 1996
`
`Sheet 2of14
`
`5,552,776
`
`AUTHORIZED DEVICE ID
`0515
`0516
`1711
`1712
`
`AUTHORIZED USER ID
`01
`02
`03
`04
`AUTHORIZED SITE ID
`34
`35
`AUTHORIZED PROJECT ID
`1234
`1235
`SPECIAL PASSWORDS ID
`AS DEFINED
`
`PASSWORD TABLE ACCESS AUDIT IDENTIFIER
`
`AUTHORIZED DATE
`AUTHORIZED TIME ·
`LOGiN ATTEMPTS
`TIME OF LOGiN
`NUMBER OF ATTEMPTS
`
`PASSWORD TABLE
`
`PASSWORD
`23942
`98458
`73823
`23498
`
`PASSWORD
`*
`19223
`29874
`73842
`
`29343
`23483
`
`73166
`34283
`
`xxxxx
`
`EXPIRY DATE
`911010
`911111
`911224
`911122
`
`ACTION PROGRAM OPCODE
`01
`01
`01
`01
`
`02
`02
`02
`02
`
`03
`03
`
`04
`04
`
`05
`06
`
`920101
`920101
`920303
`911212
`
`911212
`911212
`
`911212
`911212
`
`YYMMDD
`
`-
`
`FIG. 2
`
`-------
`
`4154
`
`4156
`
`4158
`
`4160
`4164
`4166
`4162
`
`- - -
`
`4150
`
`4152
`
`
`
`U.S. Patent
`
`Sep. 3, 1996
`
`Sheet 3of14
`
`5,552,776
`
`AUTHORIZED DEVICE ID
`MODULE(Sl I BASE UNIT(Sl I AND
`OTHER COMPUTING DEVICES
`AUTHORIZED DEVICE MATE ID MATRIX
`
`AUTHORIZED USER ID(S}
`
`SITE VALIDATOR(S)
`
`AUTHORIZED PROJECT ID(S)
`
`AUTHORITIES TABLE
`
`A)
`B)
`()
`A)
`Bl
`()
`A)
`B)
`()
`
`4238
`TIME STAMP(S)
`~OURS (0-23)
`ALLOW POWER UP
`4240-MINUTES (0-59)
`4242-DOM (1-31)
`4244-MONTH (1-12)
`4246-DOW ({}-6)
`4248--COMMAND (0-59)
`POWER DOWN 4250-HOURS (0-23l
`4252-MINUTES (0-59l
`4254-DOM (1-31)
`4256-MONTH (1-12)
`4258-DOW ({}-6)
`4260--COMMAND (0-59)
`ABSOLUTE LOCK 4262--HOURS (0-23)
`4264-MINUTES (0-59)
`4266-DOM (l-31)
`4 268-MONTH (1-12)
`4270-DOW (0-6)
`4272--COMMAND (0-59)
`
`A)
`Bl
`Al
`B)
`A)
`B)
`
`TOTAL LIFETIME DEVICE USES
`TOTAL AUTHORIZED USES COUNT
`
`ACTUAL AUTHORIZED USES
`
`TOTAL REMAINING USES COUNT
`
`AUDIT ALGORITHM CALLS TO OPCODE
`LOCATION IN ACTION PROGRAM TABLE
`DEVIC~USER AUDIT OPCODE
`DEVIC /SITE AUDIT OPCODE
`DEVICE/PROJECT AUDIT OPCODE
`USER-DEFINED AUDIT OPCODE
`WRITE PROTECT STATUS O=ON, O=OFF)
`SPECIAL
`
`SET COMBINATION COUNT LIMITS
`SET OTHER AUTHORITIES
`
`FIG. 3
`
`0515
`
`0516
`
`1711
`
`1712
`
`1711
`1712
`02
`03
`04
`34
`35
`35
`1234
`1234
`1235
`
`08
`00
`*
`*
`1-5
`30
`17
`00
`*
`*
`1-5
`31
`00
`00
`04
`07
`*
`32
`xxxxx
`05
`25
`03
`25
`02
`00
`
`12
`13
`14
`15
`l
`
`xxxxx
`xxxxx
`
`1711
`
`02
`03
`
`34
`34
`
`0515
`0516
`02
`03
`
`34
`34
`
`1234
`1234
`
`1234
`1234
`
`08
`00
`*
`*
`1-5
`30
`17
`00
`*
`*
`1-5
`31
`00
`00
`04
`07
`*
`32
`xxxxx
`09
`
`04
`
`05
`
`12
`13
`14
`15
`l
`
`08
`00
`*
`*
`l-5
`30
`17
`00
`*
`*
`1-5
`31
`00
`00
`04
`07
`*
`32
`xxxxx
`05
`09
`02
`09
`03
`00
`
`12
`13
`14
`15
`0
`
`0515
`
`02
`
`04
`35
`
`35
`1234
`
`1235
`
`08
`00
`*
`*
`1-5
`30
`17
`00
`*
`·*
`1-5
`31
`00
`00
`04
`07
`*
`32
`xxxxx
`25
`
`25
`
`00
`
`12
`13
`14
`15
`0
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`------
`
`4201
`
`4212
`
`4203
`
`4206
`
`4210
`
`4216
`
`--
`
`4220
`4214
`
`4222
`
`4224
`
`4226
`
`4228
`4230
`
`--- --
`
`
`
`U.S. Patent
`
`Sep. 3, 1996
`
`Sheet 4of14
`
`5,552,776
`
`4401
`
`PCODE
`01
`02
`03
`04
`05
`06
`07
`08
`09
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`38
`39
`40
`41
`42
`43
`44
`
`AFIEL~ 44o3
`CALLOPVA
`CALLUPVA
`CALL SP\/A
`CALL PPVA
`CALL UDPVA
`CALLPTM
`CALLTSM
`
`B FIE~ 44o5
`
`ACTION PROGRAM TABLE
`CONSTRUCT DESCRIPTION_.....-44o7
`DEVICE PASSWORD VALIDATION
`USER PASSWORD VALIDATION
`SITE PASSWORD VALIDATION
`PROJECT PASSWORD VALIDATION
`USER-DEFINED PASSWORD VALIDATION
`PASSWORD TABLE ACCESS ALGORITHM
`TIME-STAMP ACCESS ALGORITHM
`
`CALLDDM
`CALLDUM
`CALL DSM
`CALL DPM
`CALLUDM
`CALLTSM
`CALL PPM
`CALL PTM
`
`DEVICE/DEVICE AUDIT ALGORITHM
`DEVICE/USER AUDIT ALGORITHM
`DEVICE/SITE AUDIT ALGORITHM
`DEVICE PROJECT AUDIT ALGORITHM
`USER-DEFINED AUDIT ALGORITHM
`TIME STAMP AUDIT ALGORITHM
`PHYSICAL POSSESSION AUDIT OPCODE
`PASSWORD TABLE ACCESS AUDIT OPCODE
`
`xxxx
`xxxx
`xxxx
`xxxxxxxx
`X·Y
`xxxxxxxx
`
`1011101
`LOCATION
`xxxxxxxx
`STRING POINTER
`xxxxxxxx
`
`LENGTH/DEVICE
`
`BUFFER POINTER
`
`ALLOW POWER UP
`POWER DOWN
`ABSOLUTE POWER LOCK
`TIME DElAY
`IF
`JUMP
`PUT CUSTOM MESSAGE
`DISPlAY
`SEND MESSAGE
`BEEP
`FLASH
`INPUT
`
`OPCODE 41 READS THE TWO BYTE A FIELD, THE FIRST BYTE OF WHICH SAYS TO
`GET AN INPUT OF LENGTH, THE SECOND BYTE OF WHICH SAYS FROM WHICH DEVICE
`FIG. 4
`
`
`
`U.S. Patent
`
`Sep. 3, 1996
`
`Sheet 5of14
`
`5,552,776
`
`AUTHORIZED DEVICE ID
`MODULE(S), BASE UNIT(S), AND
`OTHER COMPUTING DEVICES
`
`DEVICE DEFINITION
`BASE UNIT
`DISK DRIVE
`STREAMING TAPE
`CD-ROM
`MAGNETO-OPTIC
`
`0
`1
`2
`3
`4
`
`SELECT BUS TYPE
`SCSI
`0
`IPI
`1
`2
`SMD
`ST-506 3
`
`SELECT PREFERRED BUS ADDRESS ID
`(FIRST ROW SHOWS PREFERRED,
`NEXT ROW SHOWS SECOND
`PREFERENCE, AND SO ON)
`CALL ALGORITHM FROM ACTION
`PROGRAM TABLE TO RESOLVE
`CONFLICTING BUS ADDRESS ID REQUESTS
`
`BUFFER WITH RESOLVED BUS ADDRESS ID
`
`CALL ALGORITHM FROM ACTION
`PROGRAM TABLE TO TELL PSEUDO
`SCSI TARGET TO ·Go AWAY"
`
`DEVICE CONFIGURATION TABLE
`
`0515
`
`0516
`
`1711
`
`1712
`
`1
`
`1
`
`0
`
`0
`
`0
`
`0
`
`0
`
`0
`
`0
`3
`
`0
`3
`
`9
`
`9
`
`24
`
`3
`
`25
`
`50
`
`24
`
`0
`
`25
`
`50
`
`24
`
`7
`
`25
`
`50
`
`24
`
`7
`
`25
`
`50
`
`FIG. 5
`
`4715
`
`CALL DIAGNOSTICS ALGORITHMS
`
`4701
`
`--
`
`4703
`
`- - -
`
`4705
`
`-
`
`4707
`
`4709
`
`--
`
`4711
`
`4713
`
`---
`
`
`
`U.S. Patent
`
`Sep.3, 1996
`
`Sheet 6of14
`
`5,552,776
`
`ll
`12
`13
`14
`15
`16
`17
`18
`19
`
`ll
`12
`13
`14
`15
`16
`17
`18
`19
`
`ll
`12
`13
`14
`15
`16
`17
`18
`19
`
`11
`12
`13
`14
`15
`16
`17
`18
`19
`
`xxxxxx xxxxxx xxxxxx xx xx xx
`xxxxxx xxxxxx xxxxxx xxxxxx
`xxxxxx xxxxxx xx xx xx xxxxxx
`xxxxxx xxxxxx xxxxxx xxxxxx
`xxxxxx xxxxxx xxxxxx xx xx xx
`xxxxxx xxxxxx xxxxxx xxxxxx
`. xxxxxx xxxxxx xxxxxx xxxxxx
`xxxxxx xxxxxx xx xx xx xxxxxx
`
`4801 -AUDIT ALGORITHM INPUTS
`
`HISTORY TABLE
`
`FROM ACTION PROGRAM TABLE
`DEVICE/DEVICE AUDIT OPCODE
`DEVICE/USER AUDIT OPCODE
`DEVICE/SITE AUDIT OPCODE
`DEVICE/PROJECT AUDIT OPCODE
`USER-DEFINED AUDIT OPCODE
`TIME STAMP AUDIT OPCODE
`PHYSICAL POSSESSION AUDIT OPCODE
`PASSWORD TABLE AUDIT OPCODE
`DEVICE USE COUNT AUDIT OPCODE
`
`4803 - RESULTING AUDIT DATA
`
`DEVICE/DEVICE AUDIT RESULT
`DEVICE/USER AUDIT RESULT
`DEVICE/SITE AUDIT RESULT
`DEVICE/PROJECT AUDIT RESULT
`TIME STAMP AUDIT RESULT
`PHYSICAL POSSESSION AUDIT RESULT
`PASSWORD TABLE AUDIT RESULT
`DEVICE USE COUNT AUDIT RESULT
`
`4804 -DIAGNOSTICS HISTORY
`
`DEVICE
`POWER SUPPLY
`MICROPROCESSOR
`REAL TIME CLOCK
`NON-VOLATILE MEMORY
`VOLITLE MEMORY
`SHOCK ENVIRONMENT
`TEMPERATURE ENVIRONMENT
`
`4805 - SPECIAL
`
`SET SPECIAL USER ID COUNT LIMITS
`SET OTHER SPECIAL AUTHORITIES
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`xxxxx
`xxxxx
`
`FIG. 6
`
`
`
`1++
`
`OPTIONS
`lOll++
`TABLE
`PASSWORD
`l
`03
`TABLE
`AUTrAi~~TIES 105~
`ACTION PROGRAM
`.....__
`TABLE
`10 7rr->'"
`DEVICE
`CONFIGURATION
`108
`TABLE
`HISTORY
`1 09
`TABLE
`NON-VOLATILE MEMORY 124
`
`REAL-TIME
`CLOCK 122
`
`Ir
`
`135
`
`DISPLAY
`
`f
`
`KEYPAD
`
`137
`
`,,,,,,,,,,,,,,,~
`
`~
`~
`~
`1.. ....................... ~ ........................ ,
`
`OPTIONAL
`~
`SMART CARD
`~
`DATA PORT 14 H
`
`.
`SERIAL
`. - - - - - - - - - - - - - . . i COMMUNICATION
`PORT(S) 143
`
`MICROPROCESSOR
`CONTROLLER
`120
`
`POW
`ER SUPPL~
`30
`
`HIGH SECURITY ®
`
`KEY
`KEYLOCK
`147
`(SWITCHES POWER)
`145
`......__ __ POWER FROM
`OUTLET
`
`1
`
`t
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY 126
`
`I
`
`DATA STORAGE
`BUS 1/0 PORT TO
`r - - -1 OTHER COMPUTING
`DEVICES 149
`
`TERMINATE BUS
`OR TO ADD'L
`DATA STORAGE
`DEVICES 159
`
`r---i
`
`DATA STORAGE
`DEVICE
`131
`
`r---151
`
`.............................. l .................. ...
`, ............................ l ........................ ...
`'':"'''''''''''"'•·.'"\
`OPTIONAL
`OPTIONAL
`~
`~
`~
`~
`~
`DATA STORAGE
`DATA STORAGE
`1.. .......................................... t .... ,
`~
`1.. ................................................ 'f'
`1.. ................................................ 1 .... ,
`~
`DEVICE 15n
`DEVICE
`155~
`I
`
`~
`~
`~
`
`OPTIONAL
`~
`DATA STORAGE
`~
`DEVICE
`153 ~
`
`~
`~
`~
`
`FIG. 7
`
`d •
`7'JJ.
`•
`~
`~
`
`""""' ~ = """"'
`
`00
`
`-?
`"'~ ,_.
`
`\C
`\C
`~
`
`00
`="'
`m.
`-...l
`s, ,_.
`
`.i:..
`
`Ol
`-..
`Ol
`Ol
`N
`
`-.. "" "" ~
`
`
`
`i.-.
`
`REAL-TIME
`CLOCK 222
`
`'
`
`DISPLAY
`
`235
`i 2~9
`
`KEYPAD
`
`237
`
`"''''''''''''''"'
`OPTIONAL
`~
`~
`SMART CARD
`~
`~
`DATA PORT 24H
`~
`\. .................. 'f''''''''
`
`SERIAL
`.
`_ COMMUNICATION
`PORT(S) 243
`
`(;;;\
`\!!!_}
`
`r--.
`
`HIGH SECURITY
`KEYLOCK
`-
`(SWITCHES POWER)
`245
`POWER SUPPLY
`230 I.. ~OWERFROM
`OUTLET
`DATA STORAGE
`BUS ~O PORT TO
`OTHE COMPUTING
`DEVICES 249
`
`252/
`
`'
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY 226
`
`(
`251
`
`TERMINATE BUS
`OR TO ADD'L
`DATA STORAGE
`DEVICES 259
`
`262 DOCKING BASE UNIT
`
`260
`
`, ..
`
`I
`
`DATA STORAGE
`DEVICE
`231
`
`BLOCK DIAGRAM OF TYPICAL
`.--H-IGH-S-EC-UR-ITY___, REMOVABLE STORAGE MODULE
`
`KEVLOCK @
`
`FOR REMOVABLE
`MODULE PHYSICAL
`SECURITY 263
`
`KEY
`265
`
`OPTIONS
`TABLE
`201
`203 .--.
`PASSWORD
`TABLE
`AUTHORITIES
`205 i.-.
`TABLE
`ACTION PROGRAM
`207 !+-to
`TABLE
`DEVICE
`CONFIGURATION
`i.-.
`TABLE
`208
`,
`HISTORY
`!+-to
`209
`TABLE
`MICROPROCESSOR +--
`NON-VOLATILE MEMORY 224
`CONTROLLER221
`DOCKING BASE UNIT CONNECTOR ,.-264 t
`REMOVABLE MODULE DOCKING CONNECTOR '-266
`+
`SENSORS FOR TEMPERATURE & SHOCK 271 :
`•r
`~ .
`OPTIONS
`MICROPROCESSOR r--.
`TABLE
`202
`CONTROLLER220
`PASSWORD
`!+-to
`204
`TABLE
`AUTHORITIES
`!+-+
`TABLE
`206
`ACTION PROGRAM
`TABLE
`211
`DEVICE
`CONFIGURATION
`TABLE
`HISTORY
`TABLE
`215
`NON-VOlATILE MEMORY 225
`
`I DAT
`
`DEVICE 223
`
`u
`
`213
`
`DATA STORAGE
`DEVICE 234
`"'''"'""''''""''""'~
`r
`OPTIONAL ~
`~
`DATA STORAGE
`~
`~
`DEVICE
`~
`236~
`
`~,,,,,,,,,,,,,,,
`
`FIG. 8
`
`I I
`
`d •
`7'JJ.
`•
`~
`~
`"'"""
`
`('D = "'"""
`
`rJ).
`
`-?
`... w
`....
`\Cl
`\Cl
`="'
`
`rJ). =(cid:173)~
`~
`QC
`Q ....,
`....
`
`~
`
`01
`,_.
`01
`01
`N
`,_.
`
`"" "" ~
`
`
`
`901
`
`I++
`
`OPTIONS
`TABLE
`......
`PASSWORD
`TABLE
`903
`......
`AUTHORITIES
`905
`TABLE
`ACTION PROGRAM ~
`TABLE
`907
`DEVICE
`CONFIGURATION ~
`TABLE
`908
`909 ......
`HISTORY
`TABLE
`NON-VOLATILE MEMORY 924
`
`HOST CPU BOARD
`OR OTHER SPECIAL
`BOARD REQUIRING
`l~
`SELECTIVE ACCESS CONTROL
`
`Sun Microsystems Inc.
`SPARCstation series CPU board
`
`REAL-TIME
`CLOCK 922
`'.
`
`DISPLAY
`
`935
`
`i 9?
`
`KEYPAD
`
`937
`
`~ .
`
`MICROPROCESSOR !.-
`CONTROLLER921
`l
`
`-
`POWER SUPPLY
`930
`
`!
`
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY
`
`,,,,,,,,,,,,,,,~
`
`OPTIONAL
`~
`SMART CARD
`~
`DATA PORT 941 ~
`
`~
`~
`~
`
`, ......... , .... , "''f .... "''''""'""'""
`
`~
`
`SERIAL
`~ COMMUNICATION
`-..
`PORT(S) 943
`
`HIGH SECURITY
`KEYLOCK
`(SWITCHES POWER)
`945
`j POVJ~K~OM
`
`@ 7
`
`Cj
`•
`rJ'J.
`•
`"'C
`
`~ ;-= "'""'"
`
`rJ'J.
`~
`~
`~
`~
`~
`="'
`
`rJ'J. =(cid:173)ro
`
`~
`~
`~
`~
`,i:..
`
`Ol
`~ Ol
`Ol
`N
`-....)
`-....)
`="'
`
`~
`
`926
`
`TROL CIRCUITRY
`DEVICES
`
`I titici K i.-1
`""'
`
`~
`
`FIG. 9
`
`
`
`10011++
`
`OPTIONS
`TABLE
`PASSWORD
`TABLE
`l 0031++
`AUTrAi~rlES 10051++
`ACTIO~fe~~G~ 0071++
`DEVICE
`CONFIGURATION
`TABLE
`1008
`HISTORY
`l 009
`TABLE
`NON-VOLATILE MEMORY l 024
`
`MICROPROCESSOR
`CONTROLLER l020
`
`POWER SUPP
`1Lb3o
`
`t
`t
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY1026
`
`I
`
`~ ............................ , ........................ ~ ~ ........................ ~ ........................ ~ ~ .................................................... t~
`~ OPTIONAL 1053~ ~
`OPTIONAL 1055~ ~
`OPTIONAL
`l05n
`~ DATA STORAGE
`~
`~ DATA STORAGE
`~
`~ DATA STORAGE
`~
`~ DEVICE WITH
`~ DEVICE WITH
`~ DEVICE WITH
`~
`~
`~
`~ENCRYPTED DATA
`~ ~ENCRYPTED DATA
`~ ~ENCRYPTED DATA
`~
`!'.. ............ , ... ,, ....................... ,~ '.I.. .............................................. ~ ~ ................................................ ~
`
`Ir
`
`FIG. 10
`
`RED UNENCRYPTED
`DATA
`1071 ~
`
`~
`ENCRYPTION
`UNIT SEPARATES
`RED AND BLACK
`BUS SIGNAL 1069
`•
`
`DATA STORAGE
`DEVICE WITH
`ENCRYPTED DATA
`1031
`
`105 l
`
`REAL-TIME
`CLOCK 1022
`
`DISPLAY
`1035
`1039\
`
`i
`
`KEYPAD
`
`1037
`
`~,,,,,,,,,,,,,,~
`
`OPTIONAL
`~
`~
`~ SMART CARD
`~
`~ ........................ 't" ........................ ...
`DATA PORT 1041 ~
`~
`
`SERIAL
`~ COMMUNICATION
`PORT(S) 1043
`
`HIGH SECURITY @
`
`KEY
`KEYLOCK
`(SWITCHES POWER)
`1047
`1045
`....._ __ POWER FROM
`OUTLET
`
`I DATA STORAGE
`
`., BUS 1/0 PORT TO
`OTHE~ COMPUTING
`DEVICES 104 9
`
`I
`
`ENCRYPTION
`KEY INPUT
`PORT 1073
`
`BLACK ENCRYPTED
`DATATO DATA STORAGE DEVICES
`11,
`11
`TERMINATE BUS
`OR TO ADD'L
`DATA STORAGE
`DEVICES 1059
`
`d •
`rJJ
`•
`~
`~
`
`'"""" ~ =
`
`'""""
`
`rJ'J.
`~
`
`,.~
`
`lo-'
`~
`~ =-.
`
`rJ'J.
`:::'
`ti)
`ti)
`
`"""'
`lo-'
`Q
`~
`lo-'
`.i:..
`
`r.11
`-..
`r.11
`r.11
`N
`-..
`'1
`'1
`~
`
`
`
`~
`
`1101
`
`1103 .....
`
`OPTIONS
`TABLE
`PASSWORD
`TABLE
`AUTHORITIES
`1105 ~
`TABLE
`ACTION PROGRAM
`+...
`1107
`TABLE
`DEVICE
`......
`CONFIGURATION
`1108
`TABLE
`HISTORY
`1109 +...
`TABLE
`NON-VOlATILE MEMORY 1124
`
`i.rll27
`1153
`L
`
`)
`
`THREE DISK RAID-5
`CONFIGURATION
`SHOWN AS AN
`EXAMPLE OF ONE
`IUDI CAACUTATlnU
`
`'.
`.,__
`'
`MICROPROCESSOR
`CONTROLLER 1120
`
`.
`~
`
`POWER SUPPLY
`1130
`
`Lr
`
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY
`
`i.rll28
`
`1126
`vll29
`
`' •
`
`•
`
`-
`-
`
`SERIAL
`COMMUNICATION
`PORT (S) 1143
`
`(;;;\
`HIGH SECURITY
`KEYLOCK
`(SWITCHES POWER)
`~
`1145
`-
`i
`
`POW ER FROM
`0
`UTLET
`DATA STORAGE
`BUS ~O PORT TO
`OTHE COMPUTING
`DEVICES 114 9
`
`vll5l
`
`.
`-
`
`'
`TERMINATE BUS
`OR TO ADDITIONAL
`ARRAY CONTROLLERS
`1159
`
`d •
`rJ1 •
`~
`~
`
`""""" ~ = """""
`
`t:l.l -?
`
`"'w
`~
`\C
`\C
`~
`
`t:l.l =(cid:173)
`
`re>
`~
`~
`~
`
`s,
`
`~
`.I:;.
`
`Ul
`"" Ul
`Ul
`N
`"" ......)
`......)
`~
`
`REAL-TIME
`CLOCK 1122
`
`'
`
`DISPlAY
`1135
`1139,
`
`i
`
`KEYPAD
`
`1137
`
`,,,,,,,,,,,,,,,~
`
`OPTIONAL
`~
`~
`~ SMART CARD
`~
`DATA PORT 114 H
`~
`~''''''~'''''''
`
`'.
`, ~155 r: ~57
`';'\ ~ (l-2
`(4
`r;v
`~~{:~
`~ lY~ LY~
`.
`
`,~~~~~™~R .
`LOGICAl DEVICE
`,
`TO DATA STORAGE
`BUS
`
`-
`-
`-
`
`~
`
`FIG. 11
`
`1158
`
`
`
`~''''''''''''''~
`OPTIONAL
`~
`~
`~
`SMART CARD
`DATA PORT l24H
`
`~,,,,,,,,,,,,,,,
`
`1201
`
`1203
`
`OPTIONS
`TABLE
`PASSWORD
`TABLE
`AUTHORITIES
`1205
`TABLE
`ACTION PROGRAM
`TABLE
`1207
`DEVICE
`CONFIGURATION
`TABLE
`1208
`HISTORY
`1209,
`IABlf
`NON-VOlATILE MEMORY 1224
`
`I I
`
`REAL-TIME
`CLOCK 1222
`
`I DISPlAY
`
`I
`
`I I KEYPAD
`
`I
`
`1235
`1239
`
`IMICROPROCESSOR
`CONTROLLER 1220
`
`1..
`
`POWER SUPPLY
`1230
`
`1237
`
`I ~
`
`~
`
`SERIAL
`COMMUNICATION
`PORT(S) 1243
`
`HIGH SECURITY @
`
`KEY
`1247
`
`KEYLOCK
`I (SWITCHES POWER)
`1245
`.....___ __ POWER FROM
`OUTLET
`
`FOUR DISK RAID-1
`EXAMPLE
`DEPICTING
`DISK MIRRORING
`
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY
`
`1228
`
`1254
`
`DATA STORAGE
`BUS 1/0 PORT TO
`OTHE~ COMPUTING
`DEVICES 1249
`
`1251
`
`~1
`
`TERMINATE BUS
`OR TO ADDITIONAL
`ARRAY CONTROLLERS
`1259
`
`AfmAl~Nl~%~~R 1,.
`LOGICAL DEVICE
`TO DATA STORAGE
`BUS. WRITES SAME
`DATA TO BOTH DRIVES
`~m
`Bl
`
`1258
`
`I
`
`I
`
`FIG. 12
`
`d • rJ).
`
`•
`~
`~
`= """'"
`
`00 -?
`"~ .....
`\C
`\C =-.
`
`00 =(cid:173)
`('D a
`.....
`N
`s,
`..... ...
`
`01
`_,.
`01
`01
`N
`
`_,. "" "" ~
`
`
`
`U.S. Patent
`U.S. Patent
`
`Sep. 3, 1996
`Sep. 3, 1996
`
`Sheet 13 of 14
`Sheet 13 of 14
`
`5,552,776
`5,552,776
`
`-
`
`2dz
`
`I
`
`r
`
`: ........................................
`
`\
`,.---------\--------------"I
`tB I ffiJ c I I) -
`d
`0 0 0
`,-v a 0 0 0
`d
`0 0 0
`,..... -
`i I e :
`
`~-
`,.....
`
`co
`co
`cY':>
`
`I
`
`:
`
`\
`
`-
`
`-......
`
`-
`
`.
`
`B3
`- D
`3 8
`
`- 08
`
`\ - -......
`
`\ - -......
`
`
`
`l+-t
`503
`
`.....
`
`OPTIONS ~
`TABLE
`501
`PASSWORD
`TABLE
`AUTHORITIES
`505
`TABLE
`ACTION PROGRAM
`TABLE
`507
`DEVICE
`CONFIGURATION
`l+-t
`508
`TABLE
`HISTORY
`l+-t
`509
`TABLE
`NON-VOlATILE MEMORY 524
`
`........
`
`.....
`.....
`
`502
`
`OPTIONS
`TABLE
`PASSWORD
`504
`TABLE
`AUTHORITIES
`l+-t
`506
`TABLE
`ACTION PROGRAM ~
`TABLE
`51 l
`DEVICE
`CONFIGURATION
`l+-t
`TABLE
`513
`HISTORY
`515 l+-t
`TABLE
`NON-VOlATILE MEMORY 525
`
`REAL-TIME
`CLOCK 522
`
`'
`
`DISPlAY
`
`535
`5j9
`
`,,,,,,,,,,,,,,,~
`
`OPTIONAL
`~
`~
`SMART CARD
`~
`~
`DATA PORT 54 l ~
`~
`~'''''''I''''''''
`
`537
`
`KEYPAD
`
`l
`
`SERIAL
`COMMUNICATION
`PORT(S) 543
`
`r
`
`r
`
`HIGH SECURITY
`KEYLOCK
`(SWITCHES POWER)
`545
`POWER FROM
`OUTLET
`
`.
`
`@
`
`7
`
`'
`
`..
`'
`MICROPROCESSOR
`..
`CONTROLLER521
`l
`
`~
`
`POWER SUPPLY
`530
`
`ELECTRONIC
`POWER CONTROL
`CIRCUITRY
`
`576
`
`SELECTIVE ACCESS CO
`NTROL CIRCUITRY
`AND COMMUNICATION
`DEVICES
`
`~512
`
`""'POWER INPUT CONNECTOR
`TO BOARD
`
`I ~ 0 0 ~
`v-- COMMERCIAL APPLICATION OF
`
`PRINCIPLES
`VENDING MACHINE ELECTRot
`C CONTROL
`BOARD PROTECTED FROM UN
`AUTHORIZED
`v500 USE BY APPLYING PRINCIPLE~
`TAUGHT
`HEREIN.
`
`REAL-TIME
`CLOCK 523
`
`..
`..
`MICROPROCESSOR
`CONTROLLER520
`
`FIG. 14
`
`~ •
`00
`•
`~
`~
`
`~ = """'"
`
`rr.i.
`~
`"'w
`~
`\C
`\C
`~
`
`rr.i. =-~
`
`~
`
`~
`.i;:..
`
`s,
`
`~
`.i;:..
`
`tll
`-.
`tll
`tll
`N
`-.
`'I
`'I
`Q\.
`
`
`
`5,552,776
`
`1
`ENHANCED SECURITY SYSTEM FOR
`COMPUTING DEVICES
`
`This is a continuation of application Ser. No. 07/763,915
`filed on, Sep. 23, 1991 now abandoned.
`
`BACKGROUND OF THE INVENTION
`
`5
`
`2
`U.S. Pat. No. 4,591,975, issued to Wade, et al. on May 27,
`1986, and entitled "Data Processing System Having Dual
`Processors," discloses removable disk drives which incor(cid:173)
`porate security features into the drive design to protect the
`stored data from unauthorized access or modifications. The
`disclosure of Wade, et al. is incorporated herein by refer-
`ence. The unit described in Wade has a lockable hardware
`write-protection feature in addition to a locking switch
`mechanism for controlling the write-protection feature.
`Removable data storage systems incorporating these fea(cid:173)
`tures allow users to lock each module into a base unit, to
`lock a module in powered-down mode, or to lock a module
`into read-only or write-protect mode. Further, a module can
`be shipped or given to a colleague or security officer,
`key-locked in full access, write-protect, or no-access modes.
`Thus, security may be provided at the physical level, and/or
`at an electronic level.
`It is possible to design a security system which controls
`access to computing devices, such as data storage devices,
`20 CPUs, memory units, microprocessors, peripheral boards,
`power supplies, and/or input/output controllers. In this man(cid:173)
`ner, versatility and flexibility of the security system is
`enhanced. Building upon the security feature advantages
`taught previously by Wade, et al. and addressing the con-
`tinuing disadvantage of present security systems for com(cid:173)
`puting devices, several novel enhancements and further
`improvements in computing system security are taught
`herein.
`
`25
`
`30
`
`SUMMARY OF THE INVENTION
`
`1. Field of the Invention
`This invention relates to security systems for computing 10
`devices, and more particularly to security systems which
`utilize microprocessor control, non-volatile memory and a
`real-time clock to selectively control access to, and record
`usage of, fixed and/or removable computing devices such as
`data storage devices, CPUs, memory units, base units, 15
`microprocessors, peripheral boards, power supplies, and/or
`input/output controllers.
`2. Description of Related Art
`Presently-existing computer systems generally provide no
`means for electronically controlling access to computing
`devices. Furthermore, these systems do not provide any
`indication or history of power-on, data access, execution, or
`data modification operations. Accordingly, access control
`has been implemented by controlling physical access to the
`computing device itself, or by physically controlling access
`to the power switch of a computing device.
`Another method of providing physical access control
`involves the use of data storage devices having removable
`memory units. In the early history of computing devices,
`magnetic disk drives having removable magnetic platters
`were commonly used as data storage mechanisms. This
`configuration of equipment permitted the use of a number of
`sets of platters with one drive unit, resulting in substantial
`economies since much of the cost of such a disk drive unit
`was in the motor drive unit, read/write head structure, and
`control electronics. This system provided a measure of
`physical security, in that the platters could be removed and
`stored in a secure location.
`Many present-day disk drives are manufactured as sealed
`units, with nonremovable magnetic platters. The use of
`sealed disk drive units permits the drives to be fabricated in
`an efficient, cost-effective manner. However, a disadvantage
`of sealed disk drives has been that they are normally not
`designed to be easily removed from a computer system.
`Such removability is desirable for a number of reasons,
`including ready replacement of defective drives and trans(cid:173)
`portation of data from one computer system to another.
`However, probably the most important reason for such
`removability is for purposes of security, to permit removal
`of drives containing sensitive data. In some cases, data may
`be so sensitive that a removed drive must be stored in a vault
`when not in use.
`With the advent of small format disk drives (e.g., com(cid:173)
`monly available 5\4'' and 3W' form factor drives, as well as
`2W' and 1.8" drives), removable disk drives have been
`introduced. Some of these products include a "docking
`base" coupled to a computer system and having a power
`supply and computer interface, with the disk drive itself
`being removable from the docking base. In other products,
`the disk drive, power supply, and computer interface form a
`removable unit, although the computer system may have a
`"docking interface" for making electrical connections to the
`removable unit. Oftentimes, computing devices are arranged
`to form a network. These devices are relatively easy to 65
`access. After the computer device is powered up, the data
`stored in these devices are generally not secured.
`
`45
`
`35
`
`40
`
`The present invention relates to a method and an appa-
`ratus which is utilized in conjunction with a computing
`device to provide system security. The invention utilizes
`microprocessor control, non-volatile memory, and a real(cid:173)
`time clock to selectively control access to, and record usage,
`of fixed and/or removable computing devices such as data
`storage devices, CPUs, memory units, microprocessors,
`peripheral boards, power supplies, and/or input/output con-
`trollers. An optional user input may be provided to selec(cid:173)
`tively program access to one or more computing devices. An
`optional keypad input and display may also be provided. A
`preferred embodiment of the security system employs a
`plurality of tables, including an options table, a password
`table, an authorities table, an action program table, a device
`configuration table, and a history table. The security system
`operates by controlling electronic access to one or more
`computing devices. In addition to providing programmable,
`selective device and/or data access control, the system keeps
`50 user-definable records setting forth the usage history of the
`computing device.
`The principles set forth herein apply to computing
`devices, which may be removable or non-removable, includ(cid:173)
`ing fixed or removable data storage devices, such as disk
`55 drives, tape drives and floppy drives. The term "computing
`devices" as employed herein is also used to refer to CPU,
`memory units, microprocessors, peripheral boards, power
`supplies, and/or input/output controllers. More specifically,
`the invention may be connected in series with the power
`60 supply leads of a microprocessor or electronic circuit board
`or data storage device to provide selective programmable
`access to the microprocessor. The invention is capable of
`controlling access to computing devices requiring higher
`than milliamp-level currents by means of switching relays.
`The options table consists of a list of system parameters
`which may be set by a security officer to meet the require(cid:173)
`ments of specific applications. The system parameters
`
`
`
`5,552,776
`
`3
`include identification of authorized users and authorized
`devices, the maximum number of concurrent users, the
`maximum term of office for individual security officers, a
`reauthorization time delay for security officers (super users),
`privilege level specification for security officers and/or super
`users, the types of data which will be displayed on the
`:module, the types of data which will be accepted from
`external devices, and/or the data which may be transmitted
`over the serial port. Additionally, the system parameters may
`specify the type of information which may be displayed
`from the options table, the password table, the authorities
`table, the action program table, and the history table. The
`system parameters may also specify bit usages, permit
`communication over the serial port only, and/or permit
`communication only with a printer. The system parameters 15
`may specify the external device or devices which will be
`used to update the computing device.
`The password table includes a list of authorized system
`users and projects. This table determines which individuals
`and projects will have access to a given computing device at 20
`a given point in time. Upon requesting power-up of a
`computing device, the password table may be queried to
`determine whether particular individuals or projects should
`be granted access to a given computing device at the time the
`access is attempted. Thus, the password table controls "log- 25
`on" validation at the user level. The information stored in the
`password tables of two respective computing devices is
`compared to determine whether any further data transfer
`between the two devices will be permitted. Alternatively, the
`information stored in the password table of one computing 30
`device may be compared with information entered into the
`computing device by a potential system user, to determine
`whether access will be allowed.
`The authorities table provides a list of actions to be taken
`based upon specific predetermined conditions. This table 35
`may be used to provide access to specific portions of a data
`storage device at a specific point in time. The authorities
`table is employed in conjunction with user-defined authori(cid:173)
`ties algorithms to implement various validation functions.
`These functions include verification of the type of device 40
`which is connected to a data communications port, deter(cid:173)
`mining whether a valid user is logged onto the system, and
`determining whether a correct project number was pre(cid:173)
`sented.
`The action program table implements an interpretive data
`processing function. The table includes information on how
`to accomplish the items set forth in the authorities table. In
`the action program table, the system administrator specifies
`the steps or actions to be taken based upon certain events or
`combinations of events. For example, the action program
`table specifies the authorities algorithms to be executed upon
`the occurrence of a predetermined set of conditions. The
`table stores information which is accessed at the appropriate
`time to provide desired control signals to various computing
`devices within the purview of the security system. In this
`manner, the action program table is preprogrammed as
`desired to meet individual system requirements.
`The device configuration table specifies a unique device
`identification number in non-volatile memory thereby
`enabling a computing device to identify itself when queried
`by other computing devices. The device configuration table
`also sets forth the I/O buses and additional computing
`devices which may be used in conjunction with a given
`computing device.
`The system administrator may input preference data into
`the device configuration table to specify a preferential order
`
`4
`among devices accessing the system I/O bus. These prefer(cid:173)
`ences are set forth by means of bus address ID numbers, and
`are entered into a preferences sub-table, which is part of the
`device configuration table. The preference sub-table lists
`5 device preferences in decreasing order. The preference table
`makes a call to the appropriate opcode in the action program
`table which contains an algorithm to resolve conflicting bus
`address ID requests. Upon completion of the algorithm, the
`device configuration table is updated with the resolved bus
`10 address ID number.
`Additionally, the device configuration table provides a
`means of controlling the servicing of a base unit or module
`upon device failure. This servicing can