WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Method and structure for securing access to a computer system    
United States Patent5475839   
Link to this pagehttp://www.wikipatents.com/5475839.html
Inventor(s)Watson; Bruce W. (Norcross, GA); Lee; R. Jeff (Lawrenceville, GA)
AbstractTests are performed prior to or during the boot operation to determine whether files are corrupted. This may indicate the presence of a virus. If a potential error is detected, boot is halted, allowing the user to boot from uncorrupted files. In another embodiment, an uniquely formatted floppy diskette is used as an access diskette serves as a hardware key to gain access. In another embodiment, a host controls information stored locally. In another embodiment, security from unauthorized access is provided once a valid user has legitimately accessed a computer. In response to a predefined hot key or a predetermined period of time during which the user has not provided input, portions of the computer are disabled. Upon entry of access information by the valid user, the disabled features are enabled. In another embodiment, access to the computer is made more difficult in response to invalid access attempts. In one embodiment, once a threshold number of invalid access attempts is reached, the computer is locked up, requiring reboot, thereby increasing the difficulty of a would be intruder to gain access to the computer. In one embodiment, once the threshold value is reached, it is reset to a lower value.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5475839
Method and structure for securing access to a computer system - US Patent 5475839 Drawing
Method and structure for securing access to a computer system
Inventor     Watson; Bruce W. (Norcross, GA); Lee; R. Jeff (Lawrenceville, GA)
Owner/Assignee     National Semiconductor Corporation (Santa Clara, CA)
Patent assignment
All assignments
Publication Date     December 12, 1995
Application Number     08/341,302
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     November 16, 1994
US Classification    
Int'l Classification    
Examiner     Black; Thomas G.
Assistant Examiner     Wang; Peter Y.
Attorney/Law Firm     Caserza; Steven F. Flehr Hohbach Test Albritton & Herbert
Address
Parent Case     CROSS REFERENCE TO RELATED APPLICATIONS This application is a Continuation of U.S. application Ser. No. 08/198,530, now abandoned, filed Feb. 18, 1994, which is a divisional of U.S. Ser. No. 08/070,504, now abandoned, filed Jun. 2, 1993, which in turn is a continuation of U.S. Ser. No. 07/500,755, now abandoned, filed Mar. 28, 1990.
Priority Data    
USPTO Field of Search    
Patent Tags     securing access computer
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5206905
Lee
705/55
Apr,1993
[0 after 0 votes]		5144659
Jones
713/165
Sep,1992
[0 after 0 votes]
5113499
Ankney
340/5.74
May,1992
[0 after 0 votes]		5022077
Bealkowski
711/163
Jun,1991
[0 after 0 votes]
5018096
Aoyama
711/164
May,1991
[0 after 0 votes]		4951249
McClung
726/35
Aug,1990
[0 after 0 votes]
4937864
Caseiras
714/38
Jun,1990
[0 after 0 votes]		4879645
Tamada
235/380
Nov,1989
[0 after 0 votes]
4866769
Karp
705/56
Sep,1989
[0 after 0 votes]		4816654
Anderl
235/380
Mar,1989
[0 after 0 votes]
4786900
Karasawa
340/5.32
Nov,1988
[0 after 0 votes]		4785361
Brotby
360/60
Nov,1988
[0 after 0 votes]
4734856
Davis
706/62
Mar,1988
[0 after 0 votes]		4677284
Genest
235/487
Jun,1987
[0 after 0 votes]
4609777
Cargile
713/184
Sep,1986
[0 after 0 votes]		3890601
Pietrolewicz
711/164
Jun,1975
[0 after 0 votes]
5121345
Lentz
713/188
Dec,1969
[0 after 0 votes]		5191611
Lang
705/53
Dec,1969
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A method for controlling access to computer system during a boot operation comprising the steps of:

receiving user authorization information from a prospective user;

determining if said user authorization information is valid;

if said user authorization information is valid, allowing said prospective user to have access to said computer system by booting said computer system; and

if said user authorization information is invalid, increasing the difficulty of gaining access to said computer system by reducing threshold number to a lower threshold number following a number of invalid user authorization attempts which equals or exceeds said threshold number.

2. A method as in claim 1 wherein said step of determining if said user authorization is valid further comprising the step of remote polling by a remote host computer.

3. A method as in claim 1 which further comprises the step of allowing the user to disable said computer during usage, requiring receipt of user information for further access to said computer.

4. A method as in claim 6 wherein said user authorization information is a password which differs from a password used to gain access to said computer system prior to said inactivation.

5. A method as in claim 1 wherein upon said prospective user gaining access to said computer, information pertaining to the number of unsuccessful attempts to access said computer are displayed to the user.

6. A method as in claim 1 wherein said computer system is automatically inactivated after a predetermined period of inactivity.

7. A method as in claim 6 wherein during said period of inactivation, said computer continues processing activity.

8. A method as in claim 6 wherein during said period of inactivation input/output functions resulting from said computer processing are disabled.
 Description Submit all comments and votes
 


TECHNICAL FIELD

This invention pertains to electronic computers, and more specifically to security systems for use with electronic systems. The teachings of this invention are particularly useful for providing security in computer networks having more than one computer, for example a computer network including a plurality of PCs and a larger computer, such as a mainframe, serving as a host.

BACKGROUND

The overall computer security strategy of a computer network is only as strong as its weakest link, and unsecured PCs connected to mainframes represent an extremely weak link. For instance, authorized PC users can legitimately download large amounts of mainframe information. This data, which had been protected by the mainframe's access control facilities, is then easily accessed by anyone who can turn on the PC. Unauthorized users can copy sensitive data, modify data that will be uploaded to the mainframe, or destroy valuable information. Even worse, some users utilize "macro key generators" to automate host logons. Thus anyone who can access the PC can access the mainframe.

Most professionals keep sensitive, confidential, or critical documents (such as personnel files, financial information, marketing and sales information, and confidential memos) securely locked up in file cabinets. Yet many of these same professionals have not put access controls onto their PCs that contain equally valuable and sensitive information. A major reason is that prior art PC security products tend to be obtrusive, complicating implementation and daily use, and often degrade system performance. Such controls are quickly discarded as being impractical.

A major accounting firm recently reported that over 50% of American managers have suffered computer-related losses including data destruction, confidentiality breaches, and misuse of information. Unauthorized employee access was cited as the leading cause. After all, unprotected PC files can be accessed by even novice PC users. Disgruntled employees, cleaning crews, etc. can copy, modify, or destroy sensitive, valuable, and often irreplaceable data.

As PCs have proliferated through business, so has the importance of the information they manage, and the risk of information misuse and loss. As more company-critical applications and data are used on PCs, the issues of security go beyond the personal inconvenience of having data lost, destroyed, or stolen. The loss of any data, including word processing documents, spreadsheets, databases, etc., can be traumatic, and the mishap is not to be taken lightly. In company critical applications, the loss of even several hours could mean the loss of thousands of dollars, due to lost business opportunities, a lost order, or customer goodwill, in addition to problems created by the inability to process important monthly or payroll type applications.

Large companies with MIS departments are very security conscious, with formal security procedures, plus software and data safeguards. The data on the PC can be just as critical to the individual or company, as the data contained on a mainframe. The fact that it is stored on a PC doesn't make the data less valuable of the need for security any less.

What is the value of your PC data? As the PC has become much more than an expensive calculator, many people and businesses view the PC and PC based data to be critical to the functioning of their business. When you take into consideration the hours, days, or weeks spent in creating and modifying PC based data in most cases the value of the data stored on the PC is many times greater than the value of the hardware. Although the risks of misuse of data and of PC virus attack are small, they are growing. It is good business practice to protect your data, if the cost is reasonable, if it is not difficult, or time consuming. This is no different than protecting old style "files" in locked fire proof cabinets. The technology is different, but the issues are the same.

By restricting access via passwords, this vulnerability is reduced. Many approaches to this problem have been implemented in software. Unfortunately, this type of implementation can often be defeated by simply inserting a DOS boot disk into drive A. To be effective, the solution to this problem requires a hardware component which restricts any access to the machine without a valid password. Because such hardware solutions intercept control before the disk operating system starts, this form of protection cannot be defeated by booting from a floppy disk. Unfortunately, such prior art hardware based protection schemes requires specialized hardware which will serve as the hardware access key, as well as often times requiring specialized hardware within the computer itself to interrogate the hardware key.

Conventional access control packages for small computers utilize passwords only. Any person gaining knowledge of the password can access the system. Alternative access control mechanisms provided by other packages require special hardware and/or special key devices. Other implementations create diskettes that are not unique from system to system, or from creation to creation.

The conventional approach to security functions is to integrate them into the application which uses them. This increases the size of the application. Furthermore, no standard mechanism exists for a group of applications to alter the security configuration of the system. Many access control systems provide an unlimited number of illegal attempts.

Although password access control exists on a host system, which is administered by the host, no mechanism currently exists for a host system to remotely control access to a personal computer.

There are a number of other prior art approaches to PC security. They span the gamut from biometric thumb scan access, to special sealed Tempest shielded PCs to prevent electronic snooping, to DES encryption of all files with specific access passwords on a file or directory level. While such severe measures are certainly warranted in the use and handling of highly sensitive or classified data, this level of security is not generally required or needed in the business environment.

Another threat to the data and programs stored on a PC is attack from a computer virus. These small programs can attach themselves to a normal program or data file, which may be inadvertently copied from system to system. Once a virus program has been copied to a PC, it can cause serious damage to program and data files that reside on the system. Without some form of protection, the PC user may not realize that the system has been infected until after damage has been done.

There are a number of prior art approaches to virus protection. They include never using a disk from anyone, never downloading data from a bulletin board service (BBS) or via a modem, not connecting to a network, checking each program or file with a virus finder, only running new programs on a floppy or on a quarantine machine until determined safe, having a special program slow down the processing of the PC while it watches every activity to determine if is normal or a virus. While these measures can add additional levels of protection, practicality in a business environment must be considered.

Some prior art approaches to virus protection check hard disk system ares and files after the disk operating system has booted. Any damage caused by corrupted system files and data may already be done. If a virus has already attached itself to one of the operating system files, once this file has been loaded (during boot), the virus is in control.

Other approaches to virus protection require booting the system from a known floppy disk and checking the hard disk before allowing the use of files stored on the hard disk.

As other approaches to virus protection are resident on disk, they themselves can be corrupted.

Even if you have protected your system from unauthorized access and viruses, once your PC is turned on and validly accessed, it is again vulnerable. Most people turn their PCs on in the morning and leave them on all day. Lunch, an out of the office appointment, long meetings, or Just going down the hall are all opportunities for unauthorized access to data. A quick erase or a quick copy to a diskette may leave no signs of activity. However, it is impractical to exit your program, save your data, and turn your PC off every time you leave your desk for a few moments.

A PC screen can also inadvertently expose sensitive data such as payroll, financial, or personnel records to anyone. Information left on the screen while at lunch or a meeting, or obtainable through just a few keystrokes, is all that may be required to steal or destroy a file. In today's aggressive business environment, a company's competitive edge is relative to its customer files and information, or proprietary information such as product development, marketing and sales plans, and product price and costs lists.

Accordingly, it remains highly desirable to provide the ability to detect the presence of viruses in a manner which will allow the operation of the computer to be halted, for example by failing to complete the boot operation, on a regular basis. Furthermore, computer security remains of vital importance.

SUMMARY OF THE INVENTION

In accordance with the teachings of this invention, various techniques are employed in order to provide security to a computer system. Certain embodiments are particularly well suited to network environments, and in particular to network environments including one or more PCs. In one embodiment of this invention, tests are performed prior to or during the boot operation in order to determine whether selected programs and/or data files have been corrupted. This may indicate the presence of a virus. In one embodiment, files which will be used during the boot operation are checked for modification prior to allowing those files to be used for system boot. If a potential error is detected, system boot is halted, allowing the user to boot the system from a known, uncorrupted set of files, for example as contained on a floppy diskette. In an alternative embodiment of this invention, additional program and/or data files (which are not used during the boot operation) are checked for corruption either prior to the boot operation or immediately following the boot operation.

In another embodiment of this invention, a unique access diskette is used as a hardware key to allow a user to demonstrate his authorization to gain access to the computer. The unique hardware key is provided by uniquely formatting a standard floppy diskette in such a manner that it contains information indicating the user's authorization to access the system. In one embodiment, this unique formatting is such that the information contained on the access diskette cannot be easily read using the standard diskette reading technique which is used for reading normal data contained on a normal data diskette, or using the typical software diskette "tool kits" available in the prior art. In accordance with one embodiment of this invention such an access diskette is used in conjunction with user supplied information, such as user I.D., password, and the like, in order to provide two levels of security for the system. If desired, a first level of security can be implemented for users requiring low level access, and a second level of security (including an access diskette) is implemented for users requiring higher level of access, such as system administrators, supervisors, and the like. In accordance with this invention, information contained on the access diskette is provided in a pseudo random fashion, for example, either using a pseudo random number generator or by generating access diskette information in response to information stored in all or parts of the system memory, mass storage device, or the like at the time an access diskette is created. Since information contained in memory, disks, etc., change relatively rapidly, this technique provides pseudo random information for use in creating an access diskette. This information is also stored within the computer for comparison purposes when a prospective user seeks to access the system utilizing a diskette key. In one embodiment of this invention, information stored on the diskette key is also provided by a identification number contained within the computer itself or a portion of the computer hardware dedicated to performing security functions. In this embodiment, the information contained on a diskette key also includes information which, in essence, pertains to the "serial number" of a given computer, thereby preventing this access diskette from being used in another computer for creation of an access diskette for use with that other computer.

In another embodiment of this invention, a method and structure is taught which allows a supervisor or security officer to control security information stored locally in individual PCs remotely, for example via a host computer on the network to which the PC is connected. In this manner, a supervisor or security officer can easily control and update security information pertaining not only to access to the host system, but information which contains user access to an individual stand-alone PC.

In another embodiment of this invention, security from unauthorized access is provided once a valid user has legitimately accessed a computer. In this embodiment, in response to the user pressing a predefined hot key or a predetermined period of time during which the user has not provided input to the computer, selected portions of the computer are disabled, thereby preventing unauthorized access. For example, in response to an elapsed period of time during which the user has not made data or command entry to the computer (for example when the valid user has left the room without logging off) the screen, keyboard, printer, data transmission means, or the like, or various combinations, are disabled, thereby preventing an intruder from observing confidential information during the time the valid user has left the computer. Once disabled, execution of programs currently running or queued to run continues, thereby maintaining computer productivity. Upon entry of appropriate access information by the valid user, the disabled features of the computer are once again enabled allowing full access by the valid user. If desired, this user authorization information to reenable disabled features may comprise a password, a user I.D., a hardware key, such as an access diskette, or the like, or various combinations thereof.

In another embodiment of this invention, access to the computer is made more difficult in response to invalid access attempts. For example, with an increasing number of invalid access attempts, audible and/or visual signals are emanated from the computer with increasing duration, increasing intensity varying pitch, or the like, in order to alert others in the general vicinity that inappropriate activity is occurring on the computer. In one embodiment, once a threshold number of invalid access attempts is reached, the computer is locked up, requiring reboot, thereby increasing the difficulty of a would be intruder to gain access to the computer. In one embodiment, once the threshold value is reached, it is reset to a lower value, thereby requiring the system to be rebooted more frequently in response to a lower number of invalid logon attempts.

These and other features of the present invention will be described by way of the following examples taken in conjunction with the figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting one embodiment of security hardware constructed in accordance with the teachings of this invention;

FIG. 2 is a flow chart depicting a typical PC system boot process which has been modified to include a virus/corrupted file checker in accordance with the teachings of this invention;

FIG. 3 is a flow chart depicting in greater detail one embodiment of a virus/corrupted file checker as shown in FIG. 2;

FIG. 4 is a flow chart depicting one embodiment of an algorithm in accordance with the teachings of this invention which allows security information contained in a local computer to be modified from a remote host computer; and

FIG. 5 is a flow chart depicting one embodiment of an algorithm of this invention which provides for intelligent log on to a computer system.

DETAILED DESCRIPTION

While certain specific embodiments described herein refer to providing security to PC systems, and PC systems connected in a network, perhaps with a host computer such as a mainframe, it is to be understood that the teachings of this invention are equally applicable to a wide range of computer applications, including computer networks which do not utilize PCs.

Furthermore, a number of specific embodiments are described below. It will be appreciated by those of ordinary skill in the art in light of the teachings of this invention that various combinations of these embodiments may be used in any particular system, or may be provided in a system for selection by a user, thereby providing a large number of permutations of combinations of the various features of this invention.

I. Firmware Virus Checker

FIG. 1 depicts one embodiment of a security hardware subsystem of this invention which implements an 8KB aged ROM window. This embodiment allows a 16KB EPROM (which contains the virus checker algorithm and, if desired, other various security related firmware) and a 2KB EEPROM (a non-volatile memory device which is used to store security configuration data) to be accessed by the computer from within a single 8KB window. This embodiment minimizes the requirements for system memory space, while also providing an indirect (hidden) access mechanism for the EEPROM device (i.e. protecting secure data).

The following description refers to a computer system including a mass storage device, such as a hard disk as found in a typical PC. It is to be understood that the teachings of this invention apply equally well to systems including one or more hard disks, virtual disks, or hard disks partitioned as more than one disk. Furthermore, the teachings of this invention apply equally well to systems utilizing other types of storage media.

This invention is particularly well suited for use with desktop or laptop computers which are perhaps more susceptible to viruses than large systems which incorporate sophisticated security schemes. In accordance with the teachings of this invention, a firmware resident program is provided which accesses the file structure of the hard disk before the disk operating system is loaded, in order to verify the integrity of the data and program files on that disk which will be used during the disk operating system boot loading process. In one embodiment of this invention, the system areas checked in a typical IBM compatible PC is shown in Table 1.

TABLE 1 ______________________________________ System CMOS SRAM Disk Boot Areas (Hard Disk Master Boot Track and the DOS Boot Sector) DOS BIO hidden system file (IO SYS or IBMBIO.COM) DOS OS hidden system file (MSDOS.SYS or IBMDOS.SYS) DOS command processor file (COMMAND.COM) AUTOEXEC.BAT CONFIG.SYS ______________________________________

In an alternative embodiment, the method of this invention verifies the integrity of all or a selected set of program and data files in addition to those programs and data files which are used during the disk operating system boot loading process. Since the program of this invention is contained within the computer itself, it eliminates the need to boot from a floppy disk in order to pre-check the hard disk. Furthermore, in one embodiment, the virus checking software is resident in firmware, such as a ROM, and thus occupies no disk space and eliminates the possibility of the virus checking software of this invention itself being corrupted by viruses.

The program of this invention is accessed by the system mother board during adapter board initialization (ROM scan) prior to loading the disk operating system. By residing in the system as firmware, this program is automatically executed upon power up, requiring no operator intervention during its execution. Although in one embodiment the virus checking firmware is executed using the security hardware subsystem shown in FIG. 1, any suitable boot ROM hardware architecture could be utilized in accordance with the teachings of this invention. The program of this invention implements algorithms necessary to read selected data and program files from the system hard disk, without requiring the services of the disk operating system.

Prior to running the virus checking program of this invention for the first time, the critical system data and program files (such as are required for system boot), as well as any other files previously specified by the user, are scanned and a proprietary signature (e.g. a CRC signature) is created for each file. These signatures are stored in non-volatile memory for later use during virus checking prior to system boot. As additional files are created or added to the hard disk and designated by the user as files which are to be virus checked prior to subsequent boot operations, additional signatures are created for each, and stored in the non-volatile memory for use during virus checking prior to subsequent system boots.

In one embodiment of this invention, a 32 bit CRC algorithm is used which in fact comprises a combination of two different 16 bit CRC algorithms. In this manner, the likelihood of a virus modifying a file and avoiding detection is significantly reduced as compared to the embodiment where a single CRC algorithm is used. Thus, for example, while a sophisticated virus may intentionally or by chance modify a file in such a way that the CRC for the file remains the same, such a virus will most likely not provide unchanged CRC signatures for more than one CRC algorithm.

FIG. 2 is a flow chart depicting a typical PC system boot process which has been modified to include the virus checking algorithm of this invention. As shown in FIG. 2, upon power up, BIOS motherboard diagnostics are performed, in a well known manner. Following this, the BIOS system RAM test is performed and the BIOS hardware initialization step performed. Then the BIOS ROM scan takes place. All of these steps are well known in the prior art and can be performed in any desired fashion. Of interest, at any desired point during BIOS ROM scan, the firmware virus/corrupted file checking algorithm of this invention is performed, and if any potential problems are detected, a warning is given to the user and system boot is halted in order to allow the user to take appropriate action. Such appropriate action in the event of the detection of a potential problem might be booting the system from a floppy diskette which is known to be free of viruses. As shown in FIG. 2, following successful completion of the firmware virus check in accordance with the teachings of this invention, BIOS ROM scan continues following which the system is booted from the hard disk in the normal manner.

Referring to FIG. 3, a more detailed explanation of the operation of one embodiment of the firmware virus/corrupted file checker of this invention is described.

1. The table of previously created CRC signature is retrieved from non-volatile memory. The system CMOS area is scanned and a CRC is

2. calculated. The new CRC is compared with the old CRC and differences are posted for example, to a data log, the screen, or a printer. Any errors at this point abort further testing.

3. Since DOS has not been booted, DOS has not yet created tables of information regarding, for example, file pointers describing locations of system files on the hard disk. Thus, the virus/corrupted file checker of this invention reads the disk boot areas from disk into a buffer. Disk structure information is extracted from the boot information and from various system BIOS services, and a disk information table is built in the computers RAM in order to allow the virus/corrupted file checker of this invention to access, for example, system files contained on the disk.

4. A CRC is calculated for the disk boot information currently in the buffer. The new CRC is compared with the old CRC and differences are posted. Any errors detected at this point aborts further testing.

5. The root directory of the disk is scanned and a look-up-table is built which contains starting file allocation table (FAT) offsets and sizes for the remaining system files to be checked.

6. The BIO system file is read into a contiguous buffer and a CRC is calculated. The new CRC is compared with the old CRC and differences are posted.

7. The DOS system file is read into a contiguous buffer and a CRC is calculated. The new CRC is compared with the old CRC and differences are posted.

8. The COMMAND system file is read into a contiguous buffer and a CRC is calculated. The new CRC is compared with the old CRC and differences are posted.

9. The AUTOEXEC file is read into a contiguous buffer and a CRC is calculated. The new CRC is compared with the old CRC and differences are posted.

10. The CONFIG file is read into a contiguous buffer and a CRC is calculated. The new CRC is compared with the old CRC and differences are posted.

11. If any errors are detected, system boot is halted in order to allow the user the opportunity to boot from a recovery diskette or alternate DOS diskette, if desired.

Once the algorithm of this invention has been executed, control is returned to the system BIOS to allow continuation to the normal DOS boot process, as shown in FIG. 2.

When the program of this invention is executed prior to disk operating system boot, each of the system data areas and files are scanned, and signatures calculated. These new signatures are then compared with the values stored in non-volatile memory. Any differences are reported as an integrity failure with specific data or program files. If a failure is detected, the user is given the option to boot from a recovery diskette, thereby allowing the system to be booted from a disk containing a disk operating system known to be uninfected by a virus. Thus, the computer becomes usable and the user is able to investigate the potential problems on the hard disk, and allows the replacement of potentially infected or corrupted program and data files. By restoring corrupted files prior to their use during boot or subsequent execution of applications software, possible system disaster can be averted by preventing the spread of a virus throughout the system.

This teachings of this invention are suitable for use in any type of device which loads critical operating system information from hard or soft disk media, where potential contamination by a virus could have dangerous impact, for example: process control, power plants, launch control, lottery, communications center, data routing systems, electronic funds transfer, and the like.

In one embodiment, specific program or data files which have been previously specified by a user are automatically checked after the system has booted. If any of the selected files have been modified, indicating a potential problem, including the presence of a virus, the user will be notified of the change.

II. Access Diskette

In accordance with the teachings of this invention, a diskette is uniquely formatted using a method which is non-standard for the resident disk operating system. This diskette is then capable of being read and verified by resident security software so that it may be used as a hardware key to access the system. Of importance, in accordance with teachings of this invention, a diskette key is provided which utilizes standard floppy disks, rather than special hardware or key devices as known in the prior art. However, the standard floppy disk which is formatted according to the teachings of this invention in order to serve as an access key cannot be read or copied by standard operating systems utilities or after-market disk utility programs.

In one embodiment of this invention, the algorithm used to create access diskettes is based on two randomly generated signatures (numeric values) such that all access diskettes (with the exception of a backup access diskette, if desired) are unique in two ways:

1. Each access diskette is uniquely formatted; and

2. Each access diskette contains different "key" information.

In one embodiment, the signature values which are used to create access diskettes are generated such that they are unique for a given PC, and unique from one creation time to another. If desired, a mechanism is also provided to manually supply the signature values during access diskette creation.

The access diskette is read and verified by resident software (or firmware) which requires a valid access diskette before access to the system is allowed. The access diskette may be used as a "stand-alone" key to the system or may be used in conjunction with a password to "double-lock" the system.

In accordance with one embodiment of this invention, a password is used in conjunction with the access diskette in order to control access to the computer. In an alternative embodiment of this invention, certain passwords (e.g. a User password) are sufficient to obtain access the computer without the use of the hardware access diskette. The access diskette must be used, however, to obtain a higher level of access, for example that level which is available when utilizing a Supervisor password.

An access diskette of one embodiment of this invention comprises three parts:

(1) Identification information indicating this is an access diskette. This identification information is stored in a portion of the diskette which will be referred to as the identification sector or identification track.

(2) An access signature, which is preferably unique for a given system. The access signature is stored in a portion of the access diskette called the key sector or key track.

(3) The remainder of the diskette.

The identification information indicating this is an access diskette need not be used for the purpose of controlling access to a specific PC and thus can be the same for each system. In one embodiment, a copyright notice is conveniently used for this purpose.

The access signature is comprised of two portions, a value specifying the location on the access diskette where the signature is located, and a signature which is uniquely assigned to a given access diskette.

In one embodiment, the location on the access diskette where the access signature is located is defined by a 32-bit key value which is mapped as shown in Table 2. Naturally, it will be readily appreciated in light of the teachings of this invention that any desired number of bits can be used to specify the location of the access signature on the access diskette, and a number of arrangements for bit mapping of this information is possible within the spirit of this in