USRE44933E1

Movatterモバイル変換

Info

Publication number: USRE44933E1
Application number: US13/233,917
Authority: US
Inventors: William W. Y. Chu
Original assignee: ACQIS LLC
Current assignee: ACQIS LLC
Priority date: 1998-10-30
Filing date: 2011-09-15
Publication date: 2014-06-03
Anticipated expiration: 2018-10-30
Also published as: USRE43119E1; US6321335B1; USRE41294E1; USRE42814E1; USRE41076E1; USRE41961E1

Abstract

A method and device for securing a removable Attached Computer Module (“ACM”)10. ACM10 inserts into a Computer Module Bay (“CMB”)40 within a peripheral console to form a functional computer such as a desktop computer or portable computer. The present ACM10 includes a locking system, which includes hardware and software600, 700, to prevent accidental removal or theft of the ACM from the peripheral console. While ACM is in transit, further security is necessary against illegal or unauthorized use. If ACM contains confidential data, a high security method is needed to safeguard against theft.

Description

CROSS REFERENCE TO RELATED APPLICATIONS

Notice: More than one reissue application has been filed for the reissue of U.S. Pat. No. 6,321,335. The reissue applications are U.S. application Ser. No. 10/963,825 (a parent reissue application), Ser. No. 11/474,256 (which is a continuation reissue of the parent reissue application), Ser. No. 11/517,601 (which is a continuation reissue of the parent reissue application), Ser. No. 12/577,074 (which is a continuation reissue of the parent reissue application), Ser. No. 12/322,858 (which is a continuation reissue of U.S. application Ser. No. 11/517,601), and Ser. No. 13/233,917 (the subject application, which is a continuation reissue of U.S. application Ser. No. 12/322,858).

This application is a continuation reissue filed Feb. 5, 2009, of U.S. application Ser. No. 12/322,858 now U.S. Pat. No. Re. 42,814, which is a continuation reissue filed Sep. 6, 2006 of U.S. application Ser. No. 11/517,601 now U.S. Pat. No. Re. 41,076, which is a continuation reissue of U.S. application Ser. No. 10/963,825 filed Oct. 12, 2004, now U.S. Pat. No. Re. 41,961 which is a reissue of U.S. Pat. No. 6,321,335, which are incorporated herein by reference.

The following two commonly-owned copending applications, including this one, are being filed concurrently and the other one is hereby incorporated by reference in their entirety for all purposes:

1. U.S. patent application Ser. No. 09/183,816, William W. Y. Chu, entitled, “Modular Computer Security Method and Device”. and

2. U.S. patent application Ser. No. 09/183,493, William W. Y. Chu, entitled, “Password Protected Modular Computer Method and Device”.

BACKGROUND OF THE INVENTION

The present invention relates to computing devices. More particularly, the present invention provides a method and device for securing a personal computer or set-top box using password protection techniques. Merely by way of example, the present invention is applied to a modular computing environment for desk top computers, but it will be recognized that the invention has a much wider range of applicability. It can be applied to a server as well as other portable or modular computing applications.

Many desktop or personal computers, which are commonly termed PCs, have been around and used for over ten years. The PCs often come with state-of-art microprocessors such as the Intel Pentium™ microprocessor chips. They also include a hard or fixed disk drive such as memory in the giga-bit range. Additionally, the PCs often include a random access memory integrated circuit device such as a dynamic random access memory device, which is commonly termed DRAM. The DRAM devices now provide up to millions of memory cells (i.e., mega-bit) on a single slice of silicon. PCs also include a high resolution display such as cathode ray tubes or CRTs. In most cases, the CRTs are at least 15 inches or 17 inches or 20 inches in diameter. High resolution flat panel displays are also used with PCs.

Many external or peripheral devices can be used with the PCs. Among others, these peripheral devices include mass storage devices such as a Zip™ Drive product sold by Iomega Corporation of Utah. Other storage devices include external hard drives, tape drives, and others. Additional devices include communication devices such as a modem, which can be used to link the PC to a wide area network of computers such as the Internet. Furthermore, the PC can include output devices such as a printer and other output means. Moreover, the PC can include special audio output devices such as speakers the like.

PCs also have easy to use keyboards, mouse input devices, and the like. The keyboard is generally configured similar to a typewriter format. The keyboard also has the length and width for easily inputting information by way of keys to the computer. The mouse also has a sufficient size and shape to easily move a curser on the display from one location to another location.

Other types of computing devices include portable computing devices such as “laptop” computers and the like. Although somewhat successful, laptop computers have many limitations. These computing devices have poor display technology. In fact, these devices often have a smaller flat panel display that has poor viewing characteristics. Additionally, these devices also have poor input devices such as smaller keyboards and the like. Furthermore, these devices have limited common platforms to transfer information to and from these devices and other devices such as PCs.

Up to now, there has been little common ground between these platforms including the PCs and laptops in terms of upgrading, ease-of-use, cost, performance, and the like. Many differences between these platforms, probably somewhat intentional, has benefited computer manufacturers at the cost of consumers. A drawback to having two separate computers is that the user must often purchase both the desktop and laptop to have “total” computing power, where the desktop serves as a “regular” computer and the laptop serves as a “portable” computer. Purchasing both computers is often costly and runs “thousands” of dollars. The user also wastes a significant amount of time transferring software and data between the two types of computers. For example, the user must often couple the portable computer to a local area network (i.e., LAN), to a serial port with a modem and then manually transfer over files and data between the desktop and the portable computer. Alternatively, the user often must use floppy disks to “zip” up files and programs that exceed the storage capacity of conventional floppy disks, and transfer the floppy disk data manually.

Another drawback with the current model of separate portable and desktop computer is that the user has to spend money to buy components and peripherals the are duplicated in at least one of these computers. For example, both the desktop and portable computers typically include hard disk drives, floppy drives, CD-ROMs, computer memory, host processors, graphics accelerators, and the like. Because program software and supporting programs generally must be installed upon both hard drives in order for the user to operate programs on the road and in the office, hard disk space is often wasted.

One approach to reduce some of these drawbacks has been the use of a docking station with a portable computer. Here, the user has the portable computer for “on the road” use and a docking station that houses the portable computer for office use. The docking station typically includes a separate monitor, keyboard, mouse, and the like and is generally incompatible with other desktop PCs. The docking station is also generally not compatible with portable computers of other vendors. Another drawback to this approach is that the portable computer typically has lower performance and functionality than a conventional desktop PC. For example, the processor of the portable is typically much slower than processors in dedicated desktop computers, because of power consumption and heat dissipation concerns. As an example, it is noted that at the time of drafting of the present application, some top-of-the-line desktops include 400 MHz processors, whereas top-of-the-line notebook computers include 266 MHz processors.

Another drawback to the docking station approach is that the typical cost of portable computers with docking stations can approach the cost of having a separate portable computer and a separate desktop computer. Further, as noted above, because different vendors of portable computers have proprietary docking stations, computer users are held captive by their investments and must rely upon the particular computer vendor for future upgrades, support, and the like.

Thus what is needed are computer systems that provide reduced user investment in redundant computer components and provide a variable level of performance based upon computer configuration.

SUMMARY OF THE INVENTION

According to the present invention, a technique including a method and device for securing a computer module using a password in a computer system is provided. In an exemplary embodiment, the present invention provides a security system for an attached computer module (“ACM”). In an embodiment, the ACM inserts into a Computer Module Bay (CMB) within a peripheral console to form a functional computer.

In a specific embodiment, the present invention provides a computer module. The computer module has an enclosure that is insertable into a console. The module also has a central processing unit (i.e., integrated circuit chip) in the enclosure. The module has a hard disk drive in the enclosure, where the hard disk drive is coupled to the central processing unit. The module further has a programmable memory device in the enclosure, where the programmable memory device can be configurable to store a password for preventing a possibility of unauthorized use of the hard disk drive and/or other module elements. The stored password can be any suitable key strokes that a user can change from time to time. In a further embodiment, the present invention provides a permanent password or user identification code stored in flash memory, which also can be in the processing unit, or other integrated circuit element. The permanent password or user identification code is designed to provide a permanent “finger print” on the attached computer module.

In a specific embodiment, the present invention provides a variety of methods. In one embodiment, the present invention provides a method for operating a computer system such as a modular computer system and others. The method includes inserting an attached computer module (“ACM”) into a bay of a modular computer system. The ACM has a microprocessor unit (e.g., microcontroller, microprocessor) coupled to a mass memory storage device (e.g., hard disk). The method also includes applying power to the computer system and the ACM to execute a security program, which is stored in the mass memory storage device. The method also includes prompting for a user password from a user on a display (e.g., flat panel, CRT). In a further embodiment, the present method includes a step of reading a permanent password or user identification code stored in flash memory, or other integrated circuit element. The permanent password or user identification code provides a permanent finger print on the attached computer module. The present invention includes a variety of these methods that can be implemented in computer codes, for example, as well as hardware.

Numerous benefits are achieved using the present invention over previously existing techniques. The present invention provides mechanical and electrical security systems to prevent theft or unauthorized use of the computer system in a specific embodiment. Additionally, the present invention substantially prevents accidental removal of the ACM from the console. In some embodiments, the present invention prevents illegal or unauthorized use during transit. The present invention is also implemented using conventional technologies that can be provided in the present computer system in an easy and efficient manner. Depending upon the embodiment, one or more of these benefits can be available. These and other advantages or benefits are described throughout the present specification and are described more particularly below.

These and other embodiments of the present invention, as well as its advantages and features, are described in more detail in conjunction with the text below and attached FIGS.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified diagram of a computer system according to an embodiment of the present invention;

FIG. 2 is a simplified diagram of a computer module according to an embodiment of the present invention;

FIG. 3 is a simplified side-view diagram of a computer module according to an embodiment of the present invention;

FIG. 4 is a simplified layout diagram of a security system for a computer system according to an embodiment of the present invention;

FIG. 5 is a simplified block diagram of a security system for a computer module according to an embodiment of the present invention; and

FIGS. 6 and 7 show simplified flow diagrams of security methods according to embodiments of the present invention.

FIG. 8 is a block diagram of one embodiment of a computer system using the interface of the present invention.

FIG. 9 is a detailed block diagram of one embodiment of the host interface controller of the present invention.

FIG. 10 is a detailed block diagram of one embodiment of the PIC of the present invention.

FIG. 11 is a schematic diagram of the signal lines PCK, PD0 to PD3, and PCN.

FIG. 12 is a partial block diagram of a computer system in which the north and south bridges are integrated with the host and peripheral interface controllers, respectively.

FIG. 13 shows an attached computer module with Integrated CPU/NB/Graphics and Integrated HIC/SB.

FIG. 14 shows an attached computer module with single chip fully integrated: CPU, Cache, Core Logic, Graphics controller and Interface controller.

FIG. 15 is a schematic diagram of another embodiment of the connectors used to couple the HIC and PIC.

FIG. 16 is a diagram of an attached computer module with a “plug & display” port and direct power connection.

DESCRIPTION OF SPECIFIC EMBODIMENTS

I. System Hardware

FIG. 1 is a simplified diagram of a computer system1 according to an embodiment of the present invention. This diagram is merely an illustration and should not limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. The computer system1 includes an attached computer module (i.e., ACM)10, adesktop console20, among other elements. The computer system is modular and has a variety of components that are removable. Some of these components (or modules) can be used in different computers, workstations, computerized television sets, and portable or laptop units.

In the present embodiment,ACM10 includes computer components, as will be described below, including a central processing unit (“CPU”), IDE controller, hard disk drive, computer memory, and the like. The computer module bay (i.e., CMB)40 is an opening or slot in the desktop console. The CMB houses the ACM and provides communication to and from the ACM. The CMB also provides mechanical protection and support toACM10. The CMB has a mechanical alignment mechanism for mating a portion of the ACM to the console. The CMB further has thermal heat dissipation sinks, electrical connection mechanisms, and the like. Some details of the ACM can be found in co-pending patent application Nos. 09/149,882 and 09/149,548 filed Sep. 8, 1998, commonly assigned, and hereby incorporated by reference for all purposes.

In a preferred embodiment, the present system has a security system, which includes a mechanical locking system, an electrical locking system, and others. The mechanical locking system includes at least a key11. The key11 mates withkey hole13 in a lock, which provides amechanical latch15 in a closed position. The mechanical latch, in the closed position, mates and interlocks the ACM to the computer module bay. The mechanical latch, which also has an open position, allows the ACM to be removed from the computer module bay. Further details of the mechanical locking system are shown in the Fig. below.

FIG. 2 is a simplified diagram of acomputer module10 according to an embodiment of the present invention. This diagram is merely an illustration and should not limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. Some of the reference numerals are similar to the previous Fig. for easy reading. Thecomputer module10 includes key11, which is insertable intokeyhole13 of the lock. The lock has at least two position, including a latched or closed position and an unlatched or open position. The latched position secures the ACM to the computer module bay. The unlatched or open position allows the ACM to be inserted into or removed from the computer bay module. As shown, the ACM also has a slot oropening14, which allows the latch to move into and out of the ACM. The ACM also hasopenings17 in the backside for an electrical and/or mechanical connection to the computer module bay, which is connected to the console.

FIG. 3 is a simplified side-view diagram of a computer module according to an embodiment of the present invention. This diagram is merely an illustration and should not limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. Some of the reference numerals are similar to the previous FIG. for easy reading. As shown, the ACM module inserts into the computermodule bay frame19, which is in the console. Aside27 and a bottom19 of ACM slide and fit firmly into the computer module bay frame, which has at least abottom portion19 and backportion26. Abackside23 of the ACM facesbackside26 of the frame. ACM also has a front-side or face25 that houses the lock and exposes thekeyhole13 to a user. The key11 is insertable from the face into the keyhole.

As the ACM inserts into the frame,connector17 couples and inserts intoconnector21.Connector17 electrically and mechanically interface elements of the ACM to the console throughconnector21.Latch14 should be moved away from thebottom side19 of the module bay frame before inserting the ACM into the frame. Once the ACM is inserted fully into the frame, latch15 is placed in a closed or lock position, where it keeps the ACM firmly in place. That is, latch15 biases against abackside portion29 of the ACM enclosure to hold the ACM in place, where theconnector17 firmly engages, electrically and mechanically, withconnector21. To remove the ACM, latch15 is moved away or opened from the back side portion of the ACM enclosure. ACM is manually pulled out of the computer module bay frame, whereconnector17 disengages withconnector21. As shown, the key11 is used to selectively move the latch in the open or locked position to secure the ACM into the frame module.

In most embodiments, the ACM includes an enclosure such as the one described with the following components, which should not be limiting:

- 1) A CPU with cache memory;
- 2) Core logic device or means;
- 3) Main memory;
- 4) A single primary Hard Disk Drive (“HDD”) that has a security program;
- 5) Flash memory with system BIOS and programmable user password;
- 6) Operating System, application software, data files on primary HDD;
- 7) An interface device and connectors to peripheral console;
- 8) A software controllable mechanical lock, lock control means, and other accessories.

The ACM connects to a peripheral console with power supply, a display device, an input device, and other elements. Some details of these elements with the present security system are described in more detail below.

FIG. 4 is a simplified layout diagram of a security system for a computer system according to an embodiment of the present invention. This diagram is merely an illustration and should not limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. The layout diagram illustrates the top-view of themodule10, where the backside components (e.g., Host Interface Controller) are depicted in dashed lines. The layout diagram has a first portion, which includes a central processing unit (“CPU”)module400, and a second portion, which includes ahard drive module420. A common printed circuit board437 houses these modules and the like. Among other features, the ACM includes the centralprocessing unit module400 with a cache memory405, which is coupled to anorth bridge unit421, and ahost interface controller401. The host interface controller includes alock control403. As shown, the CPU module is disposed on a first portion of the attached computer module, and couples toconnectors17. Here, the CPU module is spatially located nearconnector17.

The CPU module can use a suitable microprocessing unit, microcontroller, digital signal processor, and the like. In a specific embodiment, the CPU module uses, for example, a 400 MHz Pentium II microprocessor module from Intel Corporation and like microprocessors from AMD Corporation, Cyrix Corporation (now National Semiconductor Corporation), and others. In other aspects, the microprocessor can be one such as the Compaq Computer Corporation Alpha Chip, Apple Computer Corporation PowerPC G3 processor, and the like. Further, higher speed processors are contemplated in other embodiments as technology increases in the future.

In the CPU module,host interface controller401 is coupled to BIOS/flash memory405. Additionally, the host interface controller is coupled to a clock control logic, a configuration signal, and a peripheral bus. The present invention has a host interface controller that haslock control403 to provide security features to the present ACM. Furthermore, the present invention uses a flash memory that includes codes to provide password protection or other electronic security methods.

The second portion of the attached computer module has thehard drive module420. Among other elements, the hard drive module includesnorth bridge421,graphics accelerator423,graphics memory425, apower controller427, anIDE controller429, and other components. Adjacent to and in parallel alignment with the hard drive module is a personal computer interface (“PCI”)

bus

431,432. Apower regulator435 is disposed near the PCI bus.

In a specific embodiment,north bridge unit421 often couples to a computer memory, to thegraphics accelerator423, to the IDE controller, and to the host interface controller via the PCI bus.Graphics accelerator423 typically couples to agraphics memory423, and other elements.IDE controller429 generally supports and provides timing signals necessary for the IDE bus. In the present embodiment, the IDE controller is embodied as a 643U2 PCI-to IDE chip from CMD Technology, for example. Other types of buses than IDE are contemplated, for example EIDE, SCSI, 1394, and the like in alternative embodiments of the present invention.

The hard drive module ormass storage unit420 typically includes a computer operating system, application software program files, data files, and the like. In a specific embodiment, the computer operating system may be the Windows98 operating system from Microsoft Corporation of Redmond Wash. Other operating systems, such as WindowsNT, MacOS8, Unix, and the like are also contemplated in alternative embodiments of the present invention. Further, some typical application software programs can include Office98 by Microsoft Corporation, Corel Perfect Suite by Cord, and others.Hard disk module420 includes a hard disk drive. The hard disk drive, however, can also be replaced by removable hard disk drives, read/write CD ROMs, flash memory, floppy disk drives, and the like. A small form factor, for example 2.5″, is currently contemplated, however, other form factors, such as PC card, and the like are also contemplated. Mass storage unit240 may also support other interfaces than IDE. Among other features, the computer system includes an ACM with security protection. The ACM connects to the console, which has at least the following elements, which should not be limiting.

- 1) Connection to input devices, e.g. keyboard or mouse;
- 2) Connection to display devices, e.g. Monitor;
- 3) Add-on means, e.g. PCI add-on slots;
- 4) Removable storage media subsystem, e.g. Floppy drive, CDROM drive;
- 5) Communication device, e.g. LAN or modem;
- 6) An interface device and connectors to ACM;
- 7) A computer module bay with a notch in the frame for ACM's lock; and
- 8) Power supply and other accessories.

As noted, the computer module bay is an opening in a peripheral console that receives the ACM. The computer module bay provides mechanical support and protection to ACM. The module bay also includes, among other elements, a variety of thermal components for heat dissipation, a frame that provides connector alignment, and a lock engagement, which secures the ACM to the console. The bay also has a printed circuit board to mount and mate the connector from the ACM to the console. The connector provides an interface between the ACM and other accessories.

FIG. 5 is a simplified block diagram500 of a security system for a computer module according to an embodiment of the present invention. This diagram is merely an illustration and should not limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. The block diagram500 has a variety of features such as those noted above, as well as others. In the present diagram, different reference numerals are used to show the operation of the present system.

The block diagram is an attachedcomputer module500. Themodule500 has a central processing unit, which communicates to anorth bridge541, by way of aCPU bus527. The north bridge couples tomain memory523 viamemory bus529. The main memory can be any suitable high speed memory device or devices such as dynamic random access memory (“DRAM”) integrated circuits and others. The DRAM includes at least 32 Meg. or 64 Meg. and greater of memory, but can also be less depending upon the application. Alternatively, the main memory can be coupled directly with the CPU in some embodiments. The north bridge also couples to agraphics subsystem515 via bus542 543. The graphics subsystem can include a graphics accelerator, graphics memory, and other devices. Graphics subsystem transmits avideo signal 517 to an interface connector, which couples to a display, for example.

The attached computer module also includes a primary hard disk drive that serves as a main memory unit for programs and the like. The hard disk can be any suitable drive that has at least 2 GB and greater. As merely an example, the hard disk is a Marathon 2250 (225 GB, 2 ½ inch drive) product made by Seagate Corporation of Scotts Valley, but can be others. The hard disk communicates to the north bridge by way of a hard disk drive controller and

bus lines

502 and531. The hard disk drive controller couples to the north bridge by way of the host PCI bus, which connectsbus537 to the north bridge. The hard disk includes computer codes that implement a security program according to the present invention. Details of the security program are provided below.

The attached computer module also has aflash memory device505 with a BIOS. Theflash memory device505 also has codes for a user password that can be stored in the device. The flash memory device generally permits the storage of such password without a substantial use of power, even when disconnected. As merely an example, the flash memory device has at least 4 Meg. or greater of memory, or 16 Meg. or greater of memory. Ahost interface controller507 communications communicates to the north bridge viabus535 and host PCI bus. The host interface controller also has alock control509, which couples to a lock. The lock is attached to the module and has a manual override to the lock on the host interface controller in some embodiments.Host interface controller507 communicates to theconsole using bus511, which couples toconnection connector513.

In one aspect of the present invention the security system uses a combination of electrical and mechanical locking mechanisms. Referring toFIG. 5A, for example, the present system provides a lock status mechanism in thehost interface controller509. The lock status of the lock is determined by checking alock status bit549, which is in the host interface controller. The lock status bit is determined by a signal553, which is dependent upon the position of the lock. Here, the position of the lock is closed in theground559 position, where the latch couples to a ground plane in the module and/or system. Alternatively, the signal of the lock is at Vcc, for example, which is open. Alternatively, the signal can be ground in the open position and Vcc in the closed position, depending upon the application. Other signal schemes can also be used depending upon the application.

Once the status is determined, the host interface controller turns the lock via solenoid557 in a lock on or lock off position, which is provided through thecontrol bit551, for example. The control bit is in a register of the host interface controller in the present example. By way of the signal schemes noted and the control bit, it is possible to place the lock in the lock or unlock position in an electronic manner. Once the status of the lock is determined, the host interface controller can either lock or unlock the latch on the module using a variety of prompts, for example.

In a preferred embodiment, the present invention uses a password protection scheme to electronically prevent unauthorized access to the computer module. The present password protection scheme uses a combination of software, which is a portion of the security program, and a user password, which can be stored in theflash memory device505. By way of the flash memory device, the password does not become erased by way of power failure or the lock. The password is substantially fixed in code, which cannot be easily erased. Should the user desire to change the password, it can readily be changed by erasing the code, which is stored in flash memory and a new code (i.e., password) is written into the flash memory. An example of a flash memory device can include a Intel Flash 28F800F3 series flash, which is available in 8 Mbit and 16 Mbit designs. Other types of flash devices can also be used, however. Details of a password protection method are further explained below by way of the FIGS.

In a specific embodiment, the present invention also includes a real-time clock510 in the ACM, but is not limited. The real-time clock can be implemented using a reference oscillator 14.31818MHz508 that couples to a real-time clock circuit. The real-time clock circuit can be in the host interface controller. Anenergy source506 such as a battery can be used to keep the real-time clock circuit running even when the ACM has been removed from the console. The real-time clock can be used by a security program to perform a variety of functions. As merely an example, these functions include: (1) fixed time period in which the ACM can be used, e.g., ACM cannot be used at night; (2) programmed ACM to be used after certain date, e.g., high security procedure during owner's vacation or non use period; (3) other uses similar to a programmable time lock. Further details of the present real-time clock are described in the application listed under Ser. No. 09/183,816 noted above.

In still a further embodiment, the present invention also includes a permanent password or user identification code to identify the computer module. In one embodiment, the permanent password or user code is stored in a flash memory device. Alternatively, the permanent password or user code is stored in the central processing unit. The password or user code can be placed in the device upon manufacture of such device. Alternatively, the password or user code can be placed in the device by a one time programming techniques using, for example, fuses or the like. The present password or user code provides a permanent “finger print” on the device, which is generally hardware. The permanent finger print can be used for identification purposes for allowing the user of the hardware to access the hardware itself, as well as other systems. These other systems include local and wide area networks. Alternatively, the systems can also include one or more servers. The present password and user identification can be quite important for electronic commerce applications and the like. In one or more embodiments, the permanent password or user code can be combined with the password on flash memory for the security program, which is described below in more detail.

II. SECURITY DETECTION PROGRAMS

FIGS. 6 and 7 show simplified flow diagrams600,700 of security methods according to embodiments of the present invention. These diagrams are merely illustrations and should not limit the scope of the claims herein. One of ordinary skill in the an would recognize other variations, modifications, and alternatives. Referring toFIG. 6, which considers an example for when the ACM is inserted into the computer module bay in the console, ACM has already been inserted into the console and is firmly engaged in an electrical and mechanical manner. A computer system is powered up601, which provides selected signals to the microprocessor. The microprocessor oversees the operation of the computer system. The microprocessor searches the memory in, for example, the hard disk drive and execute a security program,step603.

The security program runs through a sequence of steps before allowing a user to operate the present system with the ACM. Among other processes, the security program determines if an “Auto-lock” is ON. If so, the security program goes viabranch606 to step607. Alternatively, the security program goes to step609, which determines that the lock stays OFF and loops to step627, which indicates that the ACM can be removed physically from the console. Instep607, the security program turns a switch or switching means that turns ON a lock, which can be electrical, mechanical, or a combination of electrical and mechanical.

In a specific embodiment, the security program turns OFF the power of the ACM and console. Here, the security program directs the OS to turn the power OFF,step613. In an embodiment where power failure occurs (step611), a key is used to release a latch in the ACM on thelock615, where the ACM can be removed,step627. Fromstep613, the security program determines if the ACM is to be removed,step617. If not, the lock stays ON,step619. Alternatively, the security detection program determines if the password (or other security code) matches with the designated password,step621. If not, the lock stays ON,step623. Alternatively, the security program releases thelock625, which frees the ACM. Next, the ACM can be removed,step627.

In an alternative embodiment, the present invention provides a security system for the ACM, which is outside the console or computer module bay. See,FIG. 7, for example. As shown, the security system is implemented to prevent illegal or unauthorized use (step701) of the ACM, which has not been used in the console. Here, a key turns ON a lock (step703). The lock moves a latch in the ACM to a specific spatial location that physically blocks the passage of the ACM into the computer module bay. Accordingly, the ACM cannot insert (step705) into the computer module bay.

In an alternative aspect, the key can be used to turn the lock OFF,step707. Here, the key moves the latch in a selected spatial location that allows the ACM to be inserted into the computer bay module. In the OFF position, the ACM inserts into the computer module bay,step709. Once the ACM is in the bay, a user can begin operating the ACM through the console. In one embodiment, the computer console including the ACM goes through the sequence of steps in the above FIG., but is not limited.

In a specific embodiment, the present invention implements the sequences above using computer software. In other aspects, computer hardware can also be used and is preferably in some applications. The computer hardware can include a mechanical lock, which is built into the ACM. An example of such mechanical lock is shown above, but can also be others. In other aspects, the lock can be controlled or accessed electronically by way of computer software. Here, the key can be used to as a manual override if the ACM or computer fails.

The lock is used to prevent theft and accidental removal inside CMB. The current invention locates the lock inside the ACM to allow a user to keep a single key as ACM is moved from console to console at different locations. When ACM is in transit, the lock can be engaged using the key so that the latch extends outside ACM's enclosure. The extended latch prevents ACM from being inserted into any CMB. This prevents any illegal use of ACM by someone other than the user.

In one aspect of the invention, the user password is programmable. The password can be programmable by way of the security program. The password can be stored in a flash memory device within the ACM. Accordingly, the user of the ACM and the console would need to have the user password in order to access the ACM. In the present aspect, the combination of a security program and user password can provide the user a wide variety of security functions as follows:

- 1) Auto-lock capability when ACM is inserted into CMB;
- 2) Access privilege of program and data;
- 3) Password matching for ACM removal; and
- 4) Automatic HDD lock out if tempering is detected.

In still a further embodiment, the present invention also includes a method for reading a permanent password or user identification code to identify the computer module. In one embodiment, the permanent password or user code is stored in a flash memory device. Alternatively, the permanent password or user code is stored in the central processing unit. The password or user code can be placed in the device upon manufacture of such device. Alternatively, the password or user code can be placed in the device by a one time programming techniques using, for example, fuses or the like. The present password or user code provides a permanent “finger print” on the device, which is generally hardware. The permanent finger print can be used for identification purposes for allowing the user of the hardware to access the hardware itself, as well as other systems. These other systems include local and wide area networks. Alternatively, the systems can also include one or more servers. The present method allows a third party confirm the user by way of the permanent password or user code. The present password and user identification can be quite important for electronic commerce applications and the like, which verify the user code or password. In one or more embodiments, the permanent password or user code can be combined with the password on flash memory for the security program.

Two PCI or PCI-like buses are interfaced using a non-PCI or non-PCI-like channel. PCI control signals are encoded into control bits, and the control bits, rather than the control signals that they represent, and are transmitted on the interface channel. At the receiving end, the control bits representing control signals are decoded back into PCI control signals prior to being transmitted to the intended PCI bus.

The fact that control bits rather than control signals are transmitted on the interface channel allows using a smaller number of signal channels and a correspondingly small number of conductive lines in the interface channel than would otherwise be possible. This is because the control bits can be more easily multiplexed at one end of the interface channel and recovered at the other end than control signals. This relatively small number of signal channels used in the interface channel allows using low voltage differential signal (“LVDS”) channels for the interface. An LVDS channel is more cable friendly, faster, consumes less power, and generates less noise than a PCI bus channel. Therefore, an LVDS channel is advantageously used for the hereto unused purpose of interfacing PCI or PCI-like buses. The relatively smaller number of signal channels in the interface also allows using connectors having smaller pins counts. As mentioned above an interface having a smaller number of signal channels and, therefore, a smaller number of conductive lines is less bulky and less expensive than one having a larger number of signal channels. Similarly, connectors having a smaller number of pins are also less expensive and less bulky than connectors having a larger number of pins.

In a preferred embodiment, the interface channel has a plurality of serial bit channels numbering fewer than the number of parallel bus lines in each of the PCI buses and operates at a clock speed higher than the clock speed at which any of the bus lines operates. More specifically, the interface channel includes two sets of unidirectional serial bit channels which transmit data in opposite directions such that one set of bit channels transmits serial bits from the HIC to the PIC while the other set transmits serial bits from the PIC to the HIC. For each cycle of the PCI clock, each bit channel of the interface channel transmits a packet of serial bits.

FIG. 8 is a block diagram of one embodiment of acomputer system 800 using the interface of the present invention.Computer system 800 includes an attached computer module (ACM) 805 and aperipheral console 810. TheACM 805 and theperipheral console 810 are interfaced through an exchange interface system (XIS)bus 815. TheXIS bus 815 includespower bus 816,video bus 817 and peripheral bus (XPBus) 818, which is also herein referred to as an interface channel. Thepower bus 816 transmits power betweenACM 805 andperipheral console 810. In a preferredembodiment power bus 816 transmits power at voltage levels of 3.3 volts, 5 volts and 12 volts.Video bus 817 transmits video signals between theACM 805 and theperipheral console 810. In a preferred embodiment, thevideo bus 817 transmits analog Red Green Blue (RGB) video signals for color monitors, digital video signals (such as Video Electronics Standards Association (VESA) Plug and Display's Transition Minimized Differential signaling (TMDS) signals for flat panel displays), and television (TV) and/or super video (S-video) signals. TheXPBus 818 is coupled to host interface controller (HIC) 819 and to peripheral interface controller (PIC) 820, which is also sometimes referred to as a bay interface controller.

In the embodiment shown in FIG. 8,HIC 819 is coupled to anintegrated unit 821 that includes a CPU, a cache and a north bridge. In yet another embodiment, such as that shown in FIG. 12, the HIC and PIC are integrated with the north and south bridges, respectively, such that integrated HIC andnorth bridge unit 1205 includes an HIC and a north bridge, while integrated PIC andsouth bridge unit 1210 includes a PIC and a south bridge. FIG. 13 shows an attached computer module with integrated CPU/NB/Graphics 1315 and Integrated HIC/SB 1320. FIG. 14 shows an attached computer module withsingle chip 1425 fully integrated: CPU, Cache, Core Logic, Graphics controller and Interface controller.

FIG. 9 is a detailed block diagram of one embodiment of the HIC of the present invention. As shown in FIG. 9, HIC 900 comprisesbus controller 910, translator 920, transmitter 930,receiver 940, a PLL 950, an address/data multiplexer (A/D MUX) 960, a read/write controller (RD/WR Cntl) 970, a video serial toparallel converter 980 and a CPU control & general purpose input/output latch/driver (CPU CNTL & GPIO latch/driver) 990.

HIC 900 is coupled to an optional flash memory BIOS configuration unit 901. Flash memory unit 901 stores basic input output system (BIOS) and PCI configuration information and supplies the BIOS and PCI configuration information to A/D MUX 960 and RD/WR Control 970, which control the programming, read, and write of flash memory unit 901.

Bus controller 910 is coupled to the host PCI bus, which is also referred to herein as the primary PCI bus, and manages PCI bus transactions on the host PCI bus.Bus controller 910 includes a slave (target)unit 911 and a master unit 916. Bothslave unit 911 and master unit 916 each include two first in first out (FIFO) buffers, which are preferably asynchronous with respect to each other since the input and output of the two FIFOs in the master unit 916 as well as the two FIFOs in theslave unit 911 are clocked by different clocks, namely the PCI clock and the PCK. Additionally,slave unit 911 includesencoder 922 and decoder 923, while master unit 916 includes encoder 927 and decoder 928. The

FIFOs

912, 913, 917 and 918 manage data transfers between the host PCI bus and the XPBus, which in the embodiment shown in FIG. 9 operate at 33 MHz and 66 MHz, respectively. PCI address/data (AD) from the host PCI bus is entered intoFIFOs 912 and 917 before they are encoded byencoders 922 and 927.Encoders 922 and 927 format the PCI address/data bits to a form more suitable for parallel to serial conversion prior to transmittal on the XPBus. Similarly, address and data information from the receivers is decoded by decoders 923 and 928 to a form more suitable for transmission on the host PCI bus. Thereafter the decoded data and address information is passed throughFIFOs 913 and 918 prior to being transferred to the host PCI bus.

FIFOs

912, 913, 917 and 918 allowbus controller 910 to handle posted and delayed PCI transactions and to provide deep buffering to store PCI transactions.

Bus controller 910 also comprises slave read/write control (RD/WR Cntl) 914 and master read/write control (RD/WR Cntl) 915. RD/WR controls 914 and 915 are involved in the transfer of PCI control signals betweenbus controller 910 and the host PCI bus.

Bus controller 910 is coupled to translator 920. Translator 920 comprisesencoders 922 and 927, decoders 923 and 928, control decoder & separate data path unit 924 and control encoder & merge data path unit 925. As discussed aboveencoders 922 and 927 are part ofslave data unit 911 and master data unit 916, respectively, receive PCI address and data information fromFIFOs 912 and 917, respectively, and encode the PCI address and data information into a form more suitable for parallel to serial conversion prior to transmittal on the XPBus. Similarly, decoders 923 and 928 are part ofslave data unit 911 and master data unit 916, respectively, and format address and data information fromreceiver 940 into a form more suitable for transmission on the host PCI bus. Control encoder & merge data path unit 925 receives PCI control signals from the slave RD/WR control 914 and master RD/WR control 915. Additionally, control encoder & merge data path unit 925 receives control signals from CPU CNTL & GPIO latch/driver 990, which is coupled to the CPU and north bridge (not shown in FIG. 9). Control encoder & merge data path unit 925 encodes PCI control signals as well as CPU control signals and north bridge signals into control bits, merges these encoded control bits and transmits the merged control bits to transmitter 930, which then transmits the control bits on the data lines PD0 to PD3 and control line PCN of the XPBus. Examples of control signals include PCI control signals and CPU control signals. A specific example of a control signal is FRAME# used in PCI buses. A control bit, on the other hand, is a data bit that represents a control signal. Control decoder & separate data path unit 924 receives control bits fromreceiver 940 which receives control bits on data lines PDR0 to PDR3 and control line PCNR of the XPBus. Control decoder & separate data path unit 924 separates the control bits it receives fromreceiver 940 into PCI control signals, CPU control signals and north bridge signals, and decodes the control bits into PCI control signals, CPU control signals, and north bridge signals, all of which meet the relevant timing constraints.

Transmitter 930 receives multiplexed parallel address/data (A/D) bits and control bits from translator 920 on the AD[31::0] out and the CNTL out lines, respectively. Transmitter 930 also receives a clock signal from PLL 950. PLL 950 takes a reference input clock and generates PCK that drives the XPBus. PCK is asynchronous with the PCI clock signal and operates at 66 MHz, twice the speed of the PCI clock of 33 MHz. The higher speed is intended to accommodate at least some possible increases in the operating speed of future PCI buses. As a result of the higher speed, the XPBus may be used to interface two PCI or PCI-like buses operating at 66 MHz rather than 33 MHz or having 64 rather than 32 multiplexed address/data lines.

The multiplexed parallel A/D bits and some control bits input to transmitter 930 are serialized by parallel to serial converters 932 of transmitter 930 into 10 bit packets. These bit packets are then output on data lines PD0 to PD3 of the XPBus. Other control bits are serialized by parallel toserial converter 933 into 10 bit packets and send out on control line PCN of the XPBus.

FIG. 10 is a detailed block diagram of one embodiment of the PIC of the present invention.PIC 1000 is nearly identical to HIC 900 in its function, except that HIC 900 interfaces the host PCI bus to the XPBus whilePIC 1000 interfaces the secondary PCI bus to the XPBus. Similarly, the components inPIC 1000 serve the same function as their corresponding components in HIC 900. Reference numbers for components inPIC 1000 have been selected such that a component inPIC 1000 and its corresponding component in HIC 900 have reference numbers that have the same two least significant digits. Thus for example, the bus controller inPIC 1000 is referenced asbus controller 1010 while the bus controller in HIC 900 is referenced asbus controller 910. As many of the elements inPIC 1000 serve the same functions as those served by their corresponding elements in HIC 900 and as the functions of the corresponding elements in HIC 900 have been described in detail above, the function of elements ofPIC 1000 having corresponding elements in HIC 900 will not be further described herein. Reference may be made to the above description of FIG. 9 for an understanding of the functions of the elements ofPIC 1000 having corresponding elements in HIC 900.

Like HIC 900,PIC 1000 handles the PCI bus control signals and control bits from the XPBus representing PCI control signals in the following ways:

1.PIC 1000 buffers clocked control signals from the secondary PCI bus, encodes them and sends the encoded control bits to the XPBus;

2.PIC 1000 manages the signal locally; and

3.PIC 1000 receives control bits from XPBus, translates them into PCI control signals and sends the PCI control signals to the secondary PCI bus.

PIC 1000 also supports a reference arbiter on the secondary PCI Bus to manage the PCI signals REQ# and GNT#.

FIG. 11 is a schematic diagram of lines PCK, PD0 to PD3, and PCN. These lines are unidirectional LVDS lines for transmitting clock signals and bits from the HIC to the PIC. The bits on the PD0 to PD3 and the PCN lines are sent synchronously within every clock cycle of the PCK. Another set of lines, namely PCKR, PDR0 to PDR3, and PCNR, are used to transmit clock signals and bits from the PIC to HIC. The lines used for transmitting information from the PIC to the HIC have the same structure as those shown in FIG. 11, except that they transmit data in a direction opposite to that in which the lines shown in FIG. 11 transmit data. In other words they transmit information from the PIC to the HIC. The bits on the PDR0 to PDR3 and the PCNR lines are sent synchronously within every clock cycle of the PCKR. Some of the examples of control information that may be sent in the reverse direction, i.e., on PCNR line, include a request to switch data bus direction because of a pending operation (such as read data available), a control signal change in the target requiring communication in the reverse direction, target busy, and transmission error detected.

The XPBus which includes lines PCK, PD0 to PD3, PCN, PCKR, PDR0 to PDR3, and PCNR, has two sets of unidirectional lines transmitting clock signals and bits in opposite directions. The first set of unidirectional lines includes PCK, PD0 to PD3, and PCN. The second set of unidirectional lines includes PCKR, PDR0 to PDR3, and PCNR. Each of these unidirectional set of lines is a point-to-point bus with a fixed transmitter and receiver, or in other words a fixed master and slave bus. For the first set of unidirectional lines, the HIC is a fixed transmitter/master whereas the PIC is a fixed receiver/slave. For the second set of unidirectional lines, the PIC is a fixed transmitter/master whereas the HIC is a fixed receiver/slave. The LVDS lines of XPBus, a cable friendly and remote system I/O bus, transmit fixed length data packets within a clock cycle.

The XPBus lines, PD0 to PD3, PCN, PDR0 to PDR3 and PCNR, and the video data and clock lines, VPD and VPCK, are not limited to being LVDS lines, as they may be other forms of bit based lines. For example, in another embodiment, the XPBus lines may be IEEE 1394 lines.

It is to be noted that although each of the lines PCK, PD0 to PD3, PCN, PCKR, PDR0 to PDR3, PCNR, VPCK, and VPD is referred to as a line, in the singular rather than plural, each such line may contain more than one physical line. For example, in the embodiment shown in FIG. 11, each of lines PCK, PD0 to PD3 and PCN includes two physical lines between each driver and its corresponding receiver. The term line, when not directly preceded by the terms physical or conductive, is herein used interchangeably with a signal or bit channel of one or more physical lines for transmitting a signal. In the case of non-differential signal lines, generally one physical line is used to transmit one signal. However, in the case of differential signal lines, a pair of physical lines is used to transmit one signal. For example, a pair of physical lines together transmit a signal in a bit line or bit channel in an LVDS or IEEE 1394 interface.

A bit based line (i.e., a bit line) is a line for transmitting serial bits. Bit based lines typically transmit bit packets and use a serial data packet protocol. Examples of bit lines include an LVDS line, an IEEE 1394 line, and a Universal Serial Bus (USB) line.

In another embodiment, such as that shown in FIG. 15, the connectors on the HIC and PIC do not directly engage with one another. In the embodiment shown in FIG. 15, anextension cord 1580 havingcable 1583 and

connectors

1581 and 1582 disposed at the ends ofcable 1583, is used to couple the

connectors

1505 and 1555 on theHIC 1500 andPIC 1550, respectively. FIG. 16 is a diagram of an attachedcomputer module 1600 with a “plug & display” port and direct power connection.

The interfaces of the present invention comprising an HIC, a PIC and the link between the HIC and PIC, either with or without an extension cord such asextension cord 1580 in FIG. 15, may be used to interface an ACM and a peripheral console. Moreover, the embodiment of the interface of the present invention having an extension cord, such as that disclosed in FIG. 15, may be used to interface two computer systems. Therefore, the interface of the present invention has broader application than that of interfacing an ACM and a peripheral console.

In one embodiment, the connectors may be limited to pins for transmitting PCI related signals. In such an embodiment, the cable would consist of conductive lines on the XPBus. In another embodiment, however, the connectors may include pins for transmitting video and/or power related signals in addition to the PCI related signals, in which case, the cable would have conductive lines for the video bus and/or power bus.

The above embodiments are described generally in terms of hardware and software. It will be recognized, however, that the functionality of the hardware can be further combined or even separated. The functionality of the software can also be further combined or even separated. Hardware can be replaced, at times, with software. Software can be replaced, at times, with hardware. Accordingly, the present embodiments should not be construed as limiting the scope of the claims here. One of ordinary skill in the art would recognize other variations, modifications, and alternatives.

While the above is a full description of the specific embodiments, various modifications, alternative constructions and equivalents may be used. Therefore, the above description and illustrations should not be taken as limiting the scope of the present invention which is defined by the appended claims.