Security system and method for computers

摘要

A computer security device ( 35 ) comprising a processor ( 37 ) that is independent of the host CPU ( 13 ) for controlling access between the host CPU ( 13 ) and the storage device ( 21 ). A program memory ( 41 ) that is independent of the computer memory and the storage device ( 21 ) unalterably stores and provides computer programs for operating the processor ( 37 ) in a manner so as to control access to the storage device ( 21 ). The security device ( 35 ) is connected only in line with the data access channel ( 33 ) between the host CPU ( 13 ) and the storage device ( 21 ), and off the main data and control bus ( 15 ) of the host CPU ( 13 ). All data access by the host CPU ( 13 ) to the data storage device ( 21 ) is blocked before initialization of the security device ( 35 ) and is intercepted immediately after the initialization under the control of the processor ( 37 ). The processor ( 37 ) effects independent control of the host CPU ( 13 ) and configuration of the computer ( 11 ) to prevent unauthorized access to the storage device ( 21 ) during the interception phase. All users of the computer ( 11 ) are authenticated with a prescribed profile of access to the storage device ( 21 ) and data access to the storage device remains blocked until a user of the computer ( 11 ) is correctly authenticated.