HK1125199B - Method and system for accessing and protecting information in a computer system with first level verification - Google Patents
Method and system for accessing and protecting information in a computer system with first level verification Download PDFInfo
- Publication number
- HK1125199B HK1125199B HK09102768.7A HK09102768A HK1125199B HK 1125199 B HK1125199 B HK 1125199B HK 09102768 A HK09102768 A HK 09102768A HK 1125199 B HK1125199 B HK 1125199B
- Authority
- HK
- Hong Kong
- Prior art keywords
- computer system
- computer
- token
- designated area
- outside
- Prior art date
Links
Description
Technical Field
The present invention relates to computer system security, and more particularly, to a method and system for improving access protection of a computer system.
Background
Information theft and illegal transmission are challenging issues, with large amounts of information to be protected, and also considering the need for efficient information sharing.
One type of information theft involves theft or illegal transfer of a computer system outside a designated area (e.g., a campus or workplace). Because these computer systems may contain private, confidential, and/or confidential information, access protection to the computer is needed to prevent information from being stolen or illegally transferred.
The current technology does not adequately address this serious problem. In fact, many computer systems lack protection against theft or illegal transfers, except for the only operating system password protection.
Therefore, there is a need for a computer system protection method, system, or computer program product for protecting a computer system from information theft or illegal transmission.
Disclosure of Invention
The present invention relates to a method, system and computer program for computer system protection.
Embodiments of the present invention protect information on stolen and/or illegally transferred computer systems from unauthorized access.
Embodiments of the present invention include methods, systems, and computer programs that detect when a computer system transitions outside a specified region.
Embodiments of the present invention include methods, systems, and computer programs for triggering secondary authentication when a computer system migrates outside a designated area.
Embodiments of the present invention include methods, systems, and computer programs for locking out the functionality of a computer system when the computer system moves outside a designated area.
Embodiments of the invention include preventing access to one or more of the operating system, the hard drive, and the external drive of the computer system.
Embodiments of the present invention include methods, systems, and computer programs that allow limited access to the functionality of a computer system based on where the computer system is located. These functions may include one or more of printing files, network access, and accessing external drives.
Embodiments of the present invention include methods, systems, and computer programs that allow variable levels of access protection based on where a computer system is located.
Embodiments of the present invention may be implemented using Radio Frequency (RF) communications, Infrared (IF) communications, and/or GPS communications.
The functionality of embodiments of the present invention work when the computer system moves outside of a designated area, regardless of the power mode of the computer system.
According to an aspect of the present invention, there is provided a method of access protection of information within a computer system with a level of authentication, comprising:
detecting when the computer system transitions outside a specified area; and
when the computer system moves outside a designated area, sending a token to the computer system;
wherein the token triggers a secondary authentication when the computer system subsequently boots outside the designated area and causes a functional lock-down of the computer system when the secondary authentication fails.
Preferably, the step of sending the token comprises communicating with a Radio Frequency (RF) communication component integrated within the computer system.
Preferably, the RF communications component is integrated into a LAN on board (LOM) network adapter, which is integrated onto the motherboard of the computer system.
Preferably, the step of sending the token comprises communicating with an RF communication means regardless of a power mode of the computer at the time of communication.
Preferably, the communication means comprises a Global Positioning System (GPS) receiver.
Preferably, the detecting step comprises comparing the global positioning coordinates of the computer system with a global positioning coordinate range of the designated area.
Preferably, the step of sending a token comprises sending a token to the computer system when the computer system is located within the specified area.
Preferably, the token sent within the designated area is activated when the computer system moves outside the designated area.
Preferably, the RF communication means comprises a radio receiver.
Preferably, the detecting step is performed by a central monitoring system.
Preferably, the detecting step comprises detecting code associated with the computer system.
Preferably, the step of sending a token comprises sending a token to the computer system when the computer system is outside the specified area.
Preferably, the step of sending the token comprises downloading the token to the computer system within a specified area and activating the token outside the specified area when the computer system is outside the specified area.
Preferably, the method further comprises:
recording a plurality of answers in a database corresponding to a plurality of secret questions, wherein the answers are selected by a legitimate user of the computer system and associated with the user.
Recording a plurality of user passwords selected by the legitimate user in the database, wherein each of the user passwords is associated with a corresponding set of secret questions and a corresponding answer.
Preferably, the method further comprises:
generating the token based on one or more current passwords associated with the legitimate user and a time at which the computer system exited a specified area;
wherein the token comprises a secret question of the plurality of secret questions, an answer to the corresponding secret question of the plurality of answers, and a password associated with the secret question and the answer.
Preferably, the method further comprises, after the computer system is started,
(a) prompting a user to enter a current password associated with the legitimate user and receiving user input;
(b) verifying whether the user input is consistent with the current password;
(c) if the password verification is successful in step (b), prompting the user to enter the secret question contained in the token and receiving user input;
(d) verifying the user's input to the secret question using the corresponding answer contained in the token;
(e) if the password verification is successful in step (d), prompting the user to enter a password associated with the secret question and answer, and receiving user input;
(f) verifying that the user input is consistent with the associated password;
(g) if the password verification is successful in step (f), allowing the user to access the functions of the computer system.
Preferably, the secondary verification comprises steps (c) to) (f).
Preferably, the method further comprises:
(h) locking the functionality of the computer system if any of the verification steps fail a predetermined number of times in succession.
Preferably, the secondary authentication is bypassed by accessing the computer system to an associated network system within the designated area.
Preferably, the functionality to lock the computer system includes preventing access to one or more of an operating system, a hard drive, and an external drive associated with the computer system.
Preferably, the token triggers restricted access to some functions of the computer system when the computer system moves outside a specified area, regardless of the result of the secondary verification.
Preferably, the some functions include one or more of: print files, network access, and access to external drives.
Preferably, a primary verification is performed both inside and outside the specified area.
According to an aspect of the present invention there is provided a system for protecting access to information within a computer system having a primary level of authentication, comprising:
a central monitoring system for detecting when the computer system transitions outside a designated area;
a database for storing authentication information associated with a legitimate user of the computer system;
a Radio Frequency (RF) communication system for sending a token to the computer system when the computer system transitions outside a designated area;
wherein the token includes authentication information from the database for triggering a secondary authentication when the computer system subsequently boots outside the designated area.
Preferably, the system further comprises:
an RF transceiver integrated in an on-motherboard LAN (LOM) network adapter integrated on a motherboard of the computer system.
Preferably, the system further comprises:
a Global Positioning System (GPS) receiver integrated within the computer system, wherein the GPS receiver is used to generate location coordinates for the computer system and download the token when the computer system is outside a designated area.
Preferably, the database contains a plurality of answers corresponding to a plurality of secret questions, the answers being selected by a legitimate user of the computer system and associated with the user.
Preferably, the database further comprises a plurality of user passwords selected by the legitimate users, wherein each of the user passwords is associated with a corresponding set of secret questions and a corresponding answer.
Preferably, the central monitoring system includes:
a detector for generating a detection signal when the computer system is transferred outside a designated area;
a controller coupled to the detector and receiving a detection signal from the detector.
Preferably, the controller is further configured to communicate with the database to obtain authentication information associated with the computer system.
Preferably, the controller is further configured to control the RF communication system to communicate with the computer system.
Various advantages, aspects and novel features of the invention, as well as the structure and operation of the embodiments illustrated therein, are described in detail below with reference to the accompanying drawings.
Drawings
FIG. 1 is a schematic diagram of an example scenario of operation of a computer access protection system;
FIG. 2 is a schematic diagram of an exemplary central monitoring system;
FIG. 3 is a schematic diagram of an exemplary computer system configured with the functionality of the system shown in FIG. 1;
FIG. 4 is a schematic diagram of an exemplary computer system configured with the functionality of the system shown in FIG. 1;
FIG. 5 is a schematic diagram of an exemplary computer system configured with a GPS computer access protection system;
FIG. 6 is a schematic diagram of an exemplary database that may be used with the system shown in FIG. 1;
FIG. 7 is a flow diagram of a method of access protecting information in a computer system;
FIG. 8 is a flow diagram of an additional or secondary authentication process triggered by an information access protection system in a computer system;
FIG. 9 is a schematic diagram of an exemplary computer for implementing the present invention.
The present invention will be described in detail below with reference to embodiments with reference to the attached drawings. Generally, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears.
Detailed Description
In one aspect, stealing information includes stealing or illegally transferring information for a computer system outside a specified area. Because these computer systems may contain personal, confidential, and/or confidential information, access protection to the computer is needed to prevent information from being stolen or illegally transferred.
The present invention relates to a method, system and computer program for computer system protection.
Embodiments of the present invention protect a computer system from unauthorized access to information on the computer system that is stolen or illegally transferred.
Embodiments of the present invention include methods, systems, and computer programs that detect when a computer system transitions outside a specified region.
Embodiments of the present invention include methods, systems, and computer programs for triggering secondary authentication when a computer system migrates outside a designated area.
Embodiments of the present invention include methods, systems, and computer programs for locking out the functionality of a computer system when the computer system moves outside a designated area.
Embodiments of the invention include preventing access to one or more of the operating system, the hard drive, and the external drive of the computer system.
Embodiments of the present invention include methods, systems, and computer programs that allow limited access to the functionality of a computer system based on where the computer system is located. These functions may include one or more of printing files, network access, and accessing external drives.
Embodiments of the present invention include methods, systems, and computer programs that allow variable levels of access protection based on where a computer system is located.
Embodiments of the present invention may be implemented using Radio Frequency (RF) communications, Infrared (IF) communications, and/or GPS communications.
The functionality of embodiments of the present invention work when the computer system moves outside of a designated area, regardless of the power mode of the computer system.
Hereinafter, specific embodiments of the present invention will be described.
Computer system protection
FIG. 1 is a schematic diagram of an example scenario 100 of the operation of a computer access protection system. The computer system 102 and the computer access protection system 104 are shown in the exemplary scenario 100 within a designated area 116. Designated area 116 may be any defined area including, for example, a school, office building, multi-building campus, residence, hospital, police station, fire station, central office, power plant, or research facility.
Computer system 102 may be any commercially available and/or well known computer capable of performing the functions described herein. In one embodiment, the computer system 102 is a laptop computer. The computer system 102 has a level of authentication that needs to be performed both inside and outside the designated area 116. Such primary verification includes, for example, performing operating system verification functions.
The computer access protection system 104 is a communication and control system for controlling access to the computer system 102 based on the location of the computer system 102. In the exemplary scenario 100 shown in FIG. 1, the computer access protection system 104 is within a designated area 116. The invention is not limited to this embodiment. One skilled in the art can appreciate based on the teachings herein that the computer protection system 104 may be located fully or partially within or outside the designated area 116.
In the exemplary scenario 100, the computer access protection system 104 includes a central monitoring system 110, a database 106, and a Radio Frequency (RF) communication system 108. In other embodiments, one or more subsystems of the computer access protection system 104 may be integrated together to form other subsystems.
The central monitoring system 110 is used to detect when the computer system 102 is transferred outside of the designated area. In one embodiment, as shown in FIG. 2, the central monitoring system 110 includes a controller 202 and a detector 204.
The controller 202 controls the operation of one or more subsystems of the computer access protection system 104. In one embodiment, the controller 202 is in communication with the detector 204 to configure the detector 204 to detect the computer system and/or to receive detection signals from the detector 204. The controller 202 is also in communication with the database 106 of the computer access protection system 104 and the RF communication system 108.
In one embodiment, the computer system 102 registers with the computer access protection system 104 to generate authentication information associated with a legitimate user of the computer system 102 and stores the authentication information in the database 106. Additionally, the registration may associate a detection code with the computer system 102.
The central monitoring system 110, through the controller 202, can access the database 106 to obtain a detection code associated with the computer system 102 and use the detection code to configure the detector 204 to detect the computer system 102. In one embodiment, the detector 204 is configured such that when the computer system 102 moves outside of the designated area 116, a detection signal is generated and sent to the controller 202. For example, the detector 204 may be placed at the exit 114 of the designated area 116 in order to detect when the computer system 102 exits the designated area 116. Other techniques known to those skilled in the art may also be used to detect when the computer system 102 moves out of the designated area 116 based on the teachings herein.
In one embodiment, the controller 202 communicates with the database 106 to generate and/or retrieve authentication information associated with the computer system 102 based on a detection signal received from the detector 204 indicating that the computer system 102 is transitioning outside of the designated area 116. The controller 202 then communicates with the RF communication system 108 to wirelessly transmit the token 112 to the computer system 102. Token 112 includes authentication information associated with a legitimate user of computer system 102 for triggering secondary authentication when computer system 102 is subsequently started outside of designated area 116.
In another embodiment, the central monitoring system 110 sends the token 112 to the computer system 102 when the computer system 102 is within the designated area 116 and activates the token when the computer system 102 moves outside the designated area.
The database 106 of the computer access protection system 104 may be any storage system capable of performing the database functions described herein. Database 106 may be located near or remote from central monitoring system 110 and/or RF communication system 108. In one embodiment, database 106 stores authentication information associated with legitimate users of computer systems (e.g., computer system 102) registered on computer access protection system 104. Other embodiments of the database 106 are described in fig. 6.
The RF communication system 108 of the computer access protection system 104 may be any RF communication system capable of performing the wireless communication functions described herein. For example, in an embodiment in which bi-directional communication is with computer system 102, RF communication system 108 may be a wireless transceiver. Alternatively, in embodiments in which one-way communication is with computer system 102, RF communication system 108 may be a wireless transmitter. In another embodiment (not shown in fig. 1), RF communication system 108 may be replaced by an Infrared (IR) communication system and/or a RF/IR dual-mode communication system. Those skilled in the art with access to the teachings herein will appreciate that the RF communication system may be placed within or outside of a designated area so long as it is capable of reliably communicating with the computer system 102.
As mentioned above, computer system 102 may be any commercially available and/or well known computer capable of performing the functions described herein, including a laptop computer. In the embodiment 300 shown in FIG. 3, the computer system 102 includes an RF communication component 302 for communicating with the RF communication system 108 of the computer access protection system 104. For example, the RF communication component 302 may include a wireless RF transceiver or a wireless RF receiver. In another embodiment (not shown in fig. 3), the RF communication component 302 may be replaced with an Infrared (IR) communication component and/or a RF/IR dual mode communication component.
The RF communication component 302 is distinct from a Wireless Local Area Network (WLAN) component 304 that is also disposed in the computer system 102. The RF communication component 302 may be integrated into existing hardware of the computer system 102 or may be a stand-alone component. In the embodiment 400 shown in FIG. 4, the RF communication component 302 is integrated into an on-board LAN (LOM) network adapter 404 of the computer system 102. The LOM network adapter 404 is typically integrated on the motherboard 402 of the computer system 102.
Regardless of the power mode of the computer system 102 at the time of the transition out of the designated area 116, access protection of the computer system 102 will be activated when the computer system 102 transitions outside of the designated area 116. For example, at the point when the computer system 102 transitions outside the designated area 116, the computer system 102 may be in a power on, power off, standby, or sleep mode. Thus, regardless of the power mode of the computer system 102, the RF communication component 302 will need to communicate with the computer access protection system 104, and therefore, power is needed at that time.
One advantage of embodiment 400 includes that no additional power supply circuitry is required for providing continuous power to the RF communication component 302. This is because the RF communication component 302 is integrated into the LOM network adapter 404, taking advantage of the fact that the LOM network adapter 404 generally receives power from the battery of the computer system 102 at all times. Typically, this is to activate the Wake On LAN (Wake On LAN) function of the LOM network adapter 404 to remotely Wake the computer system 102.
FIG. 5 illustrates another embodiment 500 of the computer system 102, which may be used in a GPS computer access protection system.
According to the present embodiment, computer access protection is not limited to security protection of the computer system 102 based on its location relative to a specified area, but extends to activating additional or secondary authentication based on global positioning information of the computer system 102. For example, when computer system 102 moves inside and/or outside of one or more specified regions, the computer access protection system can trigger additional or secondary authentication using a token similar to token 112 shown in FIG. 1. These designated areas may be defined by one or more global positioning coordinate ranges.
To enable GPS computer access protection, the computer system 102 may include a GPS receiver 502. The GPS receiver 502 receives signals from a plurality of satellite systems 504 and generates global positioning coordinates for the computer system 102. When the computer system 102 is started, the generated global positioning coordinates will be compared with the coordinates of one or more designated areas contained in the token, thereby activating the corresponding level of protection. As may be recognized by those of ordinary skill in the pertinent art based on the teachings herein, one or more levels of computer access protection (with different access and/or blocking functionality) may be employed depending on which of the one or more designated areas the computer system 102 is located.
In another embodiment, when the computer system 102 is started, the computer system 102 compares the generated global positioning coordinates to one or more designated areas to determine whether to download a token, which can activate additional computer protection.
Fig. 6 is a schematic diagram of an embodiment 600 of the database 106 of the system shown in fig. 1. As described above, when the computer system 102 registers with the computer access protection system 104, authentication information associated with a legitimate user of the computer system 102 will be generated and stored in the database 106. In one embodiment, a legitimate user "A" of the computer system 102 enters one or more answers 606 corresponding to one or more secret questions 604 during the enrollment process. User "a" also associates one or more passwords 608 with each set of secret questions/answers to generate the verification table 602. It is noted that the privacy question 604 shown in embodiment 600 is merely exemplary. Other types and/or content of questions may also be used.
The validation table 602 is then used to generate tokens when the computer system 102 moves outside of the designated area 116. In one embodiment, the token includes a secret question from the validation table 602, a corresponding answer, and an associated password. The selection of authentication information from the authentication table 602 may be random or, alternatively, may be based on the current known password of the computer system 102 and/or the time at which the computer system 102 exited from the designated area. For example, if the current known password of the computer system 102 is the same as or similar to the associated password in the table 602, the secret question/answer corresponding to the associated password will not be included in the token.
FIG. 7 is a schematic diagram of a method flow 700 for access protecting information in a computer system. The computer system has a primary authentication that is performed at the time of computer system startup. Flow 700 begins at step 702, which includes detecting when the computer system transitions outside a specified area. In one embodiment, step 702 includes detecting when the computer system leaves the exit of the designated area. For example, step 702 includes detecting when the computer system is transferred out of a school, office building, multi-building campus, residence, hospital, police station, fire station, central office, power plant, or research facility. Step 702 may be performed by a central monitoring system.
Step 704 includes sending the token to the computer system when the computer system transitions outside the designated area. In one embodiment, step 704 is performed using one-way communication to the computer system. Alternatively, step 704 may be performed using two-way communication between the computer access protection system and the computer system.
Communicating with the computer system includes communicating with an RF communication component integrated in the computer system. In one embodiment, the RF communication component is integrated into a LAN on board (LOM) network adapter, which is integrated onto the motherboard of the computer system. In this way, communication with the RF communication component is possible regardless of the power mode (power on, power off, standby or sleep) of the computer system. The RF communication component may include a wireless transceiver, a wireless receiver, and/or a Global Positioning System (GPS) receiver.
Step 706 includes triggering additional or secondary verification when the computer system is subsequently booted outside the designated area. In one embodiment, additional or secondary authentication is triggered by the activation of a token communicated with the computer system in step 704.
At step 708, additional or secondary authentication is performed by a user of the computer system.
If the additional or secondary authentication passes, step 710 includes allowing the user to access the functionality of the computer system. This may include, for example, loading an operating system installed on the computer system.
On the other hand, if the user fails to perform additional or secondary authentication, step 712 includes preventing access to the computer system. This may include, for example, preventing access to the operating system, hard disk, and external drives associated with the computer system. Under some access prevention mechanisms, access prevention cannot be circumvented by transferring the hard disk of a computer system to another system.
Unlocking these functions may require bringing the computer system back into a designated area, accessing (docking) the computer system to the computer access protection system 104, and/or other reset steps performed by Information Technology (IT) personnel.
In another embodiment, the token triggers restricted access to some functions regardless of the additional or secondary verification results. When the computer system moves outside the designated area, additional or secondary authentication performed by the user, whether passed or not, will prevent, for example, printing of files, network access, or access to external drive functions. This prevents any possible distribution of information contained in the computer system when the computer system moves outside the specified area.
FIG. 8 is a diagram illustrating a flow 800 of an additional or secondary authentication process activated by the method of FIG. 7 after a computer system is booted. Additional or secondary authentication is triggered by activation of a token sent to the computer system.
Process 800 begins at step 802, which includes prompting a user to enter a current password associated with a legitimate user of a computer system and receiving input from the user.
Step 804 includes verifying that the user's input is consistent with the current password.
If the verification in step 804 fails, process 800 returns to step 802 to allow the user to make a second attempt to enter the current password.
If the verification in step 804 is passed, process 800 proceeds to step 806, which includes prompting the user to enter an answer corresponding to the secret question contained in the token, and receiving the user's input.
Step 808 includes verifying the answer to the secret question entered by the user using the corresponding answer also contained in the token.
If the verification at step 808 fails, process 800 returns to step 806, allowing the user to make a second attempt to enter an answer to the secret question.
If the authentication in step 808 is passed, process 800 proceeds to step 810 which includes prompting the user to enter a password associated with the secret question and corresponding answer, and receiving the user's input.
Step 812 includes verifying that the user's input and associated password are consistent.
If the authentication in step 812 fails, process 800 returns to step 810 to allow the user to make a second attempt to enter the associated password.
If the verification in step 812 is passed, process 800 proceeds to step 814 which includes allowing the user to access the functionality of the computer system.
In process 800, if the authentication in any of steps 804, 808, and/or 812 fails a certain number of times (e.g., three times) in succession, the additional or secondary authentication process fails and a functional lockout will occur. A reboot of the computer system will cause the process 800 to begin rebooting at step 802.
Exemplary computer for implementing the invention
In one embodiment of the invention, the systems and components of the invention described herein can be implemented using known computers, such as the computer 902 shown in FIG. 9.
The computer system 902 may be any commercially available and/or art-known computer capable of performing the functions described herein, such as a computer commercially available from IBM, Apple, Sun, HP, Dell, Compaq, Digital, Cray, etc. The computer 902 may be a laptop computer.
The computer 902 includes one or more processors (also referred to as central processing units, or CPUs), such as a processor 906. The processor 906 is connected to a communication bus 904.
The computer 902 also includes a main memory 908, such as Random Access Memory (RAM). The main memory 908 has stored therein control logic 928A (computer software) and data.
The computer 902 also includes one or more secondary storage devices 910. Secondary storage 910 includes, for example, a hard disk drive 912 and/or a removable storage device or drive 914, as well as other types of storage devices such as memory cards and memory sticks. Removable storage drive 914 represents a floppy disk drive, a magnetic tape drive, a compact disk drive, an optical storage device, a tape backup, etc.
The removable storage drive 914 is associated with a removable storage unit 916. The removable storage unit 916 includes a computer usable or readable storage medium 924A having stored thereon computer software 928B (control logic) and/or data. Removable storage unit 916 represents a floppy disk, magnetic tape, mini disk, DVD, optical disk, or any other computer data storage device. The removable storage drive 914 reads from and/or writes to a removable storage unit 916 in a known manner.
The computer 902 also includes input/output/display devices 922, such as a monitor, keyboard, pointing device (pointing device), etc.
The computer 902 further includes a communication or network interface 918. The network interface 918 enables the computer 902 to communicate with remote devices. For example, network interface 918 allows computer 902 to communicate over a communication network or medium 924B (representing a computer usable or readable medium format), such as a LAN, a WAN, the internet, etc. The network interface 918 may connect to a remote site or network interface through a wired or wireless connection.
The control logic 928C may be transmitted to the computer 902 or from the computer 902 via the communication medium 924B. Specifically, the computer 902 receives and transmits a carrier wave (electromagnetic wave signal) modulated by the control logic 930 through the communication medium 924B.
Any device or article of manufacture that includes a computer usable or readable medium having control logic stored thereon is referred to herein as a computer program product or program storage device. Including, but not limited to, computer 902, primary memory 908, secondary memory 910, removable storage unit 916, and a carrier wave modulated by control logic 930. Such a computer program product having control logic stored thereon, when executed by one or more data processing apparatus, will cause the data processing apparatus to operate as described in the representative embodiments of the present invention.
In addition to the embodiments described above, the present invention may be implemented using software, hardware, and/or operating system tools. Any software, hardware, and/or operating system tools suitable for performing the functions described herein may be used.
Concluding sentence
While the invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Claims (10)
1. A method for access protection of information within a computer system with a primary level of authentication, comprising:
detecting when the computer system transitions outside a specified area; and
when the computer system moves outside a designated area, sending a token to the computer system;
wherein the token triggers secondary verification when the computer system subsequently boots outside the designated area; when the computer system moves outside a specified area, the token triggers restricted access to some functions of the computer system regardless of the result of secondary verification.
2. The method of claim 1, wherein the step of sending the token comprises communicating with a radio frequency communication component integrated within the computer system.
3. The method of claim 2, wherein the RF communication component is integrated into an on-board LAN network adapter that is integrated onto a motherboard of the computer system.
4. The method of claim 2, wherein the step of sending the token comprises communicating with an RF communication component regardless of a power mode of the computer at the time of communication.
5. The method of claim 2, wherein the communication component comprises a global positioning system receiver.
6. The method of claim 1, wherein the detecting step comprises comparing global positioning coordinates of the computer system to a global positioning coordinate range of the designated area.
7. A system for protecting access to information within a computer system having a primary level of authentication, comprising:
a central monitoring system for detecting when the computer system transitions outside a designated area;
a database for storing authentication information associated with a legitimate user of the computer system;
a radio frequency communication system for sending a token to the computer system when the computer system transitions outside a designated area;
wherein the token contains authentication information from the database for triggering a secondary authentication when the computer system subsequently boots outside the designated area; when the computer system moves outside a specified area, the token triggers restricted access to some functions of the computer system regardless of the result of secondary verification.
8. The system of claim 7, further comprising:
a radio frequency transceiver integrated in an on-motherboard LAN network adapter integrated on a motherboard of the computer system.
9. The system of claim 7, further comprising:
a global positioning system receiver integrated within the computer system, wherein the global positioning system receiver is configured to generate location coordinates for the computer system and download the token when the computer system is outside a designated area.
10. The system of claim 7, wherein the database contains a plurality of answers corresponding to a plurality of secret questions, the answers selected by a legitimate user of the computer system and associated with the user.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/808,698 | 2007-06-12 | ||
| US11/808,698 US8578469B2 (en) | 2007-06-12 | 2007-06-12 | Computer system protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1125199A1 HK1125199A1 (en) | 2009-07-31 |
| HK1125199B true HK1125199B (en) | 2012-10-05 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6628198B2 (en) | Security system for preventing a personal computer from being stolen or used by unauthorized people | |
| EP2207122B1 (en) | System and method to provide added security to a platform using locality-based data | |
| EP0888677B1 (en) | An authentication method and system based on periodic challenge/response protocol | |
| US7346778B1 (en) | Security method and apparatus for controlling the data exchange on handheld computers | |
| CN102104597B (en) | Methods and apparatus for restoration of an anti-theft platform | |
| US20100031349A1 (en) | Method and Apparatus for Secure Data Storage System | |
| US20070192652A1 (en) | Restricting devices utilizing a device-to-server heartbeat | |
| US20100293374A1 (en) | Secure Portable Memory Storage Device | |
| WO2014005004A1 (en) | Proximity aware security system for portable electronics with multi-factor user authentication and secure device identity verification | |
| US20020049881A1 (en) | Information processing apparatus, information processing apparatus control method and storage medium | |
| US20160048465A1 (en) | Wireless authentication system and method for universal serial bus storage device | |
| JP2007220075A (en) | Personal authentication device, position information transmission device, personal authentication system, personal authentication method, and personal authentication program | |
| EP2003583B1 (en) | Computer system protection | |
| US6756704B2 (en) | Locking mechanism for locking electronic devices | |
| JP2000155876A (en) | Burglarproof device | |
| HK1125199B (en) | Method and system for accessing and protecting information in a computer system with first level verification | |
| TWI473027B (en) | Computer system, integrated chip, super io module and control method of the computer system | |
| RU2636092C1 (en) | Device of hardware and software complex for generating key information and radio data for radio station | |
| EP1239358B1 (en) | Security system for preventing a personal computer from being stolen or used by unauthorized people | |
| CN107850973B (en) | Unlocking method and device for touch equipment | |
| JP3099800U (en) | Wireless ID lock mechanism | |
| JPH05176374A (en) | Personal computer monitoring system | |
| JPH06332860A (en) | Information processing system provided with security function | |
| EP1480099A2 (en) | Mobile communication unit with a security arrangement | |
| JP2007293774A (en) | Authentication unit and authentication system |