Abstract: A computer security device comprising a processor that is independent of the host CPU for controlling access between the host CPU and the storage device. A program memory that is independent of the computer memory and the storage device unalterably stores and provides computer programs for operating the processor in a manner so as to control access to the storage device. The security device is connected only in line with the data access channel between the host CPU and the storage device, and off the main data and control bus of the host CPU. All data access by the host CPU to the data storage device is blocked before initialization of the security device and is intercepted immediately after the initialization under the control of the processor. The processor effects independent control of the host CPU and configuration of the computer to prevent unauthorized access to the storage device during the interception phase.

Abstract: An access control system (10) is disclosed for controlling access to data stored on at least one data storage medium (14) of a computing system. The access control system (10) comprises authentication means (25) to authenticate users permitted to access data stored in the at least one data storage medium (14) and database means (29) arranged to store data access profiles. Each data access profile is associated with a user permitted to access data stored in the at least one data storage medium (14), each data access profile includes information indicative of the degree of access permitted by a user to data stored in the at least one data storage medium (14), and each data access profile includes a master data access profile (M) and a current data access profile (C). The current data access profile (C) is modifiable within parameters defined by the master data access profile (M).

Abstract: A security system for a computer operating system comprising a processor (37) that is independent of the host CPU (13) for controlling access between the host CPU (13) and a security partition formed in the storage device (21) for storing the operating system. A program memory (41) that is independent of the computer memory and the storage device (21) unalterably stores and provides computer programs for operating the processor (37) in a manner so as to control access to the security partition in the storage device (21). All data access by the host CPU (13) to the data storage device (21) is blocked before initialization of the security system and is intercepted immediately after the initialization under the control of the processor (37). The processor (37) effects independent control of the host CPU (13) and configuration of the computer (11) to prevent unauthorised access to the security partition on the storage device (21) during the interception phase.

Abstract: An access control system (10) is disclosed for controlling access to data stored on at least one data storage medium (14) of a computing system. The access control system (10) comprises authentication means (25) to authenticate users permitted to access data stored in the at least one data storage medium (14) and database means (29) arranged to store data access profiles. Each data access profile is associated with a user permitted to access data stored in the at least one data storage medium (14), each data access profile includes information indicative of the degree of access permitted by a user to data stored in the at least one data storage medium (14), and each data access profile includes a master data access profile (M) and a current data access profile (C). The current data access profile (C) is modifiable within parameters defined by the master data access profile (M).

Abstract: A computer security system comprising security logic that is independent of the host CPU (13) for controlling access between the host CPU (13) and the storage device (21). A program memory (41) that is independent of the computer memory unalterably stores and provides computer programs for operating the processor (37) in a manner so as to control access to the storage device (21). The security logic comprises logic in bus bridge circuitry . The bus bridge circuitry can be embodied in the south bridge circuit (326) of a computer system (11) or alternatively in a SOC circuit (351) of a HDD. All data access by the host CPU (13) to the data storage device (21) is blocked before initialisation of the security system and is intercepted immediately after the initialisation under the control of the security logic. The security logic effects independent control of the host CPU (13) and configuration of the computer (11) to prevent unauthorised access to the storage device (21) during the interception phase.