Browse Prior Art Database

Audit Trail Security Provision for Personal Computer Systems

IP.com Disclosure Number: IPCOM000106052D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 4 page(s) / 137K

Publishing Venue

IBM

Related People

Blackledge, JW: AUTHOR [+4]

Abstract

Described is a technique to enhance data security provisions for personal computer (PC) systems by providing audit trail capabilities to existing processor complex circuitry. The enhancement utilizes an audit trail element to achieve defined security and integrity levels of certification.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 49% of the total text.

Audit Trail Security Provision for Personal Computer Systems

      Described is a technique to enhance data security provisions
for personal computer (PC) systems by providing audit trail
capabilities to existing processor complex circuitry.  The
enhancement utilizes an audit trail element to achieve defined
security and integrity levels of certification.

      In prior art, non-volatile counter mechanisms have been built
into processor circuit cards to provide additional levels of security
for PC systems beside the use of locked covers, etc.  The processor
complex card (PCC) circuitry has been available that affords a degree
of security against unauthorized access to system resources.
However, the PCC is field replaceable such that if a tamper evident
system process is somehow overcome without activating the tamper
evident mechanism.  An example would be the replacement of the PCC
with a PCC that bypasses the security algorithms so as to permit
undetected access to system resources.

      The described concept is designed for those systems which
require additional resource protection.  The enhancement is an audit
trail element which will record occurrences of a PCC and provide an
invocation to detect and notify the user of replaced PCCs.  As a
result, the audit trail element will provide the ability for the PC
system to meet governmental agency security requirements as well as
business needs where sensitive data must be secured.

      The audit trail provision is used in conjunction with the PCC.
The split features of the PCC along with the audit trail element
provides the capability of interlocking the security features of the
PCC with the audit trail provision.

      The audit trail element contains a counter which counts the
number of occurrences of system power-on and has operational features
such as:  Non-resettable; non-rewireable; increments by one each time
the system is powered-on; at an overflow the counter wraps around to
the lowest number; and is non-volatile without battery backup.  The
counter can contain enough bits so that occurrence of a wrap around
will be infrequent.  If the counter implements only a few bits, an
intruder could easily power the system on and off a predetermined
number of times so as to put the counter back to its original value.

      Typically, a sixteen bit counter is used since a sixteen bit
counter can handle 65,535 power-on/off cycles without wrapping.  The
counter counts only counts power-on operations from a no power
situation.  The counter will ignore soft reboot operations, such as
the occurrence of three key sequences of Ctrl-Alt-Del.  The contents
of the counter must survive power outages and must be resident and
permanently bonded to the system board.  The counter of the audit
trail element counts the number of occurrences of system power-on and
has the following properties:

o   Has the same number of bits as in the system board power-on
    counte...