Browse Prior Art Database

Two-Level Data Security System for an IBM Personal Computer

IP.com Disclosure Number: IPCOM000038833D
Original Publication Date: 1987-Mar-01
Included in the Prior Art Database: 2005-Feb-01
Document File: 3 page(s) / 40K

Publishing Venue

IBM

Related People

Oliver, LM: AUTHOR [+2]

Abstract

Two levels of security are supported by a Data Security System (DSS) with each file having its own password at the higher level of security and all data, irrespective of its level, on a disk being encrypted. The data is inaccessible even to a skilled and determined attempt including disassembly of the components of the IBM Personal Computer (PC) and the reinstallation of the hard disk drive in another unprotected PC system unit. The hardware component of DSS is a system-accessible ROM (read- only memory) which is installed on the system board. The software component of the DSS is a device driver and a set of DOS external commands. The DSS provides two levels of security with the lower level protecting the data by encrypting all sectors of the disk using a system password entered by a user at power on.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Two-Level Data Security System for an IBM Personal Computer

Two levels of security are supported by a Data Security System (DSS) with each file having its own password at the higher level of security and all data, irrespective of its level, on a disk being encrypted. The data is inaccessible even to a skilled and determined attempt including disassembly of the components of the IBM Personal Computer (PC) and the reinstallation of the hard disk drive in another unprotected PC system unit. The hardware component of DSS is a system-accessible ROM (read- only memory) which is installed on the system board. The software component of the DSS is a device driver and a set of DOS external commands. The DSS provides two levels of security with the lower level protecting the data by encrypting all sectors of the disk using a system password entered by a user at power on. The encryption scheme used with the lower level is contained within the DSS ROM. The upper level protects each file with an individual password and utilizes a more sophisticated encryption scheme contained in the device driver. External DOS commands are provided to set the security levels of a file, list the security level of existing files, change the system or file passwords, and uninstall the DSS. The DSS is hooked into the Basic Input Output System (BIOS) of the PC during system Power On Self Test (POST) and is hooked into DOS with a device driver. When the PC is powered on, ROM BIOS is invoked which then performs the system POST. During POST, the system interrupt vectors, which give access to machine level functions such as disk access, are installed and then a scan for additional ROM modules takes place, as indicated in the flow chart. When a ROM module is found, it is given control. When the DSS ROM is found after all of the other ROM modules have been found, the DSS gains control of the system. This is shown as DSS initialization in the flow chart. The DSS first checks to see if the installation step has been performed by reading the first sector of the File Allocation Table (FAT) of the disk and checking to see if it is encoded. If installation has not been performed, control is returned to BIOS, and the system performs as if the DSS ROM was not in place. If installation has been performed, the user is prompted to enter a password, and the password is checked by attempting to decode the first sector of the FAT. If the password is incorrect after three tries, the system is halted. If the password is correct, the system Disk I/O vector is replaced with a vector pointing to the DSS Disk I/O routine, and the system vector is reta...