| 摘要 |
A "personalized" computer with a unique digital signature which will not boot up or recognize any data storage or communication peripheral devices without a matching "personalized" smart card containing a complementary encrypted digital signature. A modified BIOS (Basic Input Output System) replaces the standard BIOS of a motherboard and allows a security engine microprocessor to take over preboot control of the computer from the motherboard CPU (Central Procesisng Unit), configures and operates the encryption-based security system, and enables or disables selected data storage devices and other user selectable peripherals upon start up and shut down of the computer. The enabling or disabling of peripheral devices involves the use of special enabling/disabling circuits. A modified DDL (Device Driver Layer), loaded in the hard drive of the computer as part of the resident O/S (Operating System) of the computer, and memory buffer circuits allows a real time encryption system to be in place for any communication or data storage device. A data encryption engine in the security engine microprocessor allows encryption and decryption of all data stored in data storage devices. Upon power up, reset or interrupt of the computer, the microprocessor looks for, and if present, reads from the smart card in the smart card reader which is logically connected to the security engine microprocessor. This invention can also be used to allow identification and authentication of the computer and its user in networks.
|
