`Bialick et al.
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US006088802A
`[HJ Patent Number:
`[451 Date of Patent:
`
`6,088,802
`Jul. 11, 2000
`
`[54] PERIPHERAL DEVICE WITH INT EGRATED
`SECURITY FUNCTIONALITY
`
`5,828,832 10/1998 Holden el al. ..................... 395/ 187.01
`3/1999 Caputo et al. ............................ 380/25
`5,878, 142
`
`(75)
`
`Inventors: William P. Bialick, Clarksville, Md.;
`Mark J. Sutherland, Milpitas, Calif.;
`Janet L. Dolphin-Peterson, Belvedere,
`Calif.; Thomas K. Rowland, Los
`Gatos, Calif.; Kirk W. Skeba, Fremont,
`Calif.; Russell D. Housley, Herndon,
`Va.
`
`(73) Assignee: Spyrus, Inc., Santa Clara, Calif.
`
`(21) Appl. No.: 08/869,305
`Jun. 4, 1997
`
`Filed:
`
`(22)
`
`[51]
`[52]
`(58)
`
`(56)
`
`Int. C l.7 ..................................................... G06K 14/67
`U.S. C l .
`........................... 713/200; 713/201; 713/202
`Field of Sean :h ......................... 395/188.01, 187.01,
`395/186; 380/4, 25, 49; 713;200, 201, 202
`
`Refer ences Cited
`
`U.S. PATENT DOCUMENTS
`
`4,709, 136
`4,910,776
`5,191,611
`5,282,247
`5,297,206
`5,442,704
`5,457,590
`5,473,692
`5,491,827
`5,524,134
`5,537,544
`5,546,463
`5,548,721
`5,610,981
`5,630,174
`5,640,302
`5,694,335
`5,742,683
`5,770,849
`5,790,674
`
`11/1987 Watanabe ................................ 235/379
`3/1990 Dyke ......................................... 380/25
`3/1993 Lang ......................................... 380/25
`1/1994 McLean et al. ............................ 380/4
`3/1994 Orton ........................................ 380/30
`8/1995 Holley ....................................... 380/23
`10/1995 BaHell el al. ........................... 360/ 133
`12/1995 Davis ........................................ 380/25
`2/1996 Holley ..................................... 395/800
`6/1996 Gustafson et al. ........................ 379/58
`7/1996 Morisawa e l al. ................. 395/ 188.01
`8/1996 Caputo e! al. ............................ 380/25
`8/1996 Denslow ............................ 395/ 187.01
`3/1997 Mooney et al. .......................... 380125
`5/1997 Stone, III et al. ...................... 395/883
`6/1997 Kikinis .................................... 361/687
`12/1997 Hollenberg .............................. 364/514
`4/1998 Lee et al. .................................. 380123
`6/1998 Novis e l al. ............................ 235/492
`8/1998 Houvener et al. ........................ 380123
`
`D
`
`605
`
`µP
`
`603b
`
`607
`
`FOREIGN PATENT DOCUMENTS
`
`WO 82/03286
`WO 97/29416
`
`9/1982 WIPO .
`8/1997 WlPO .
`
`OTHER PUBLICATIONS
`U.S. application No. 08/869,120, Bialick et al., filed Jun. 4,
`1997, pending.
`Primary Examiner-Ly V. Hua
`Attorney, Agent, or Firm-David R. Graham
`
`(57)
`
`ABSTRACT
`
`The invention enables a peripheral device Lo communicate
`with a host computing device to enable one or more security
`operations to be performed by the peripheral device on data
`stored within the host computing device, data provided from
`the host computing device to the peripheral device (which
`can then be, for example, stored in the peripheral device or
`transmitted to yet another device), or data retrieved by the
`host computing device from the peripheral device (e.g., data
`that has been stored in the peripheral device, transmitted to
`the peripheral device from another device or input to the
`peripheral device by a person). In particular, the peripheral
`device can be adapted to enable, in a single integral periph(cid:173)
`eral device, performance of one or more security operations
`on data, and a defined interaction with a host computing
`device that has not previously been integrated with security
`operations in a single integral device. The defined interac(cid:173)
`tions can provide a variety of types of functionality (e.g.,
`data storage, data communication, data input and output,
`user identification) . The peripheral device can a1'>0 be imple(cid:173)
`mented so that the security operations are performed in-line,
`i.e., the security operations are performed between the
`communication of data to or from the host computing device
`and the performance of the defined interaction. Moreover,
`the peripheral device can be implemented so that the secu(cid:173)
`rity functionality of the peripheral device is transparent to
`the host computing device.
`
`39 C la ims, 9 Drawing Sheets
`
`-,
`I
`
`614
`
`I 611 --.......____,
`I
`I
`I
`I 615 -.J~__.._ _ ____. __ .......,
`I
`
`I
`I
`
`-""-
`
`609 608 601
`
`602
`
`613
`
`IPR2017-00430
`UNIFIED EX1001
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 1 of 9
`
`6,088,802
`
`Host
`Computing
`Device
`
`101a ../ H Security I 101
`
`Portable
`Device
`
`-
`
`-
`-
`
`102
`
`/100
`
`FIG. 1
`(PRIOR ART)
`
`/200
`
`Host
`Computing
`Device
`
`-
`-
`
`~
`
`-
`
`201
`
`Security
`Device
`
`Portable
`Device
`
`-
`-
`
`..._
`
`-
`
`203
`
`202
`
`FIG. 2
`(PRIOR ART)
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 2 of 9
`
`6,088,802
`
`300
`j
`
`Host
`Computing
`Device
`
`\
`~ 303
`
`-
`
`Peripheral
`Device
`I Security I 302
`\
`302a
`
`FIG. 3A
`
`FIG. 3B
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 3 of 9
`
`6,088,802
`
`/400
`
`Host
`Interface
`
`~ -
`- -
`
`Security
`Functionality
`
`~
`
`-
`
`-
`-
`
`Target
`Functionality
`
`403
`
`401
`
`402
`
`404
`
`FIG. 4
`
`500
`
`!
`
`501 ---
`
`User connects peripheral device
`to host computing device.
`t
`502 ---
`Host computing device detects presence
`of peripheral device.
`t
`503 -
`Peripheral device establishes its identity.
`t
`504 - Host computing device identifies peripheral device.
`+
`-
`User interacts with host computing device
`to begin using peripheral device.
`
`505
`
`FIG. 5
`
`
`
`U.S. Patent
`U.S. Patent
`
`Jul. 11, 2000
`Jul. 11,2000
`
`Sheet 4 of 9
`Sheet 4 of 9
`
`6,088,802
`6,088,802
`
`.c
`N
`
`,.-
`<.O
`C\J ---t-- -
`c.o
`
`,.- ---
`
`..:::t"
`0
`
`,...
`,...
`LO
`.,-
`co
`co
`co r - ------
`I
`
`C\J
`0 co
`
`•
`
`c.o
`(!) -u..
`
`~g
`I
`co
`0 c.o
`
`O>
`0 co
`
`r-
`0
`c.o
`
`Q_
`=i.
`
`.c
`<.O
`0
`<.O
`
`~
`<.O
`0
`<.O
`
`LO
`0
`<.O
`
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I_ -
`
`,..
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`I
`I
`- _.
`
`
`
`FIG. 7
`
`FIG. 7A
`
`FIG. 78
`
`701
`
`Request host to execute security device driver.
`
`FIG. 7A
`
`/700
`
`No
`
`0 •
`rJ'J.
`•
`
`~
`
`i:: :-
`'"""
`!'"'
`N §
`
`Security
`Onl
`
`
`
`0 •
`rJ'.J.
`•
`
`706
`
`Input all instructions
`regarding use of
`security functionality
`for a transaction.
`
`Input all instructions
`regarding use of
`security functionality
`for a transaction.
`
`710
`
`707
`
`Input all instructions
`regarding use of
`target functionallty
`for this transaction.
`
`711
`
`714
`
`Input all instructions
`regarding use of
`target functionality
`for this transaction.
`
`Input all instructions
`regarding use of
`target functionality
`for this transaction.
`
`Execute transaction . .....,. __ __,
`
`Execute transaction.
`
`Execute transaction.
`
`708
`
`712
`
`Yes
`
`718
`
`END
`
`FIG. 78
`
`
`
`800 \
`
`805
`
`RTC
`
`-
`
`-
`~
`
`801
`
`CPU
`
`~ flash t-- 803
`
`RAM
`
`f--804
`
`c .
`
`00
`•
`~
`~
`""""
`~ =
`""""
`
`~
`E..
`.....
`:-
`§
`
`N
`
`Host
`Computing ~ ...
`Device
`
`68 pin
`PCM CIA
`l/F
`
`806 ./ I
`
`I
`
`\
`
`PCMCIA Bus
`
`FPGA
`
`\
`802
`
`t
`
`I
`local bus
`
`Peripheral
`Mechanism
`
`'
`807
`
`fJ)
`::r
`I"!
`....
`I"!
`.......
`
`e -
`
`\C
`
`FIG. 8
`
`0\
`....
`0
`QC
`QC
`....
`QC
`0
`N
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 8 of 9
`
`6,088,802
`
`Host
`Interface
`
`/
`
`806
`
`-
`
`~ I
`
`I'-.-
`
`808
`
`r---------i
`I
`I Cryptographic
`I
`I
`Processing
`I - Device
`I -
`Interface
`. -
`I
`-
`I
`I
`
`I
`I
`I
`I
`
`1---. i - - - - - -I
`
`..
`
`802
`
`Target
`Functionality
`Interface
`
`I'-.- 807
`
`FIG. 9A
`
`
`
`r--------- -------------------------------
`RDY/BSY
`I
`I
`I
`I
`I
`!
`
`1
`I
`I
`~- I
`
`I
`PCMCIA
`~ t1" ~~TLR
`
`I
`RDY/BSY
`REGISTER
`
`COMMAND
`~ DETECTOR
`
`COMPACT
`FLASH
`SECTOR
`
`......
`
`CNTR
`1/0 CNTROL
`ADDRESS
`DATA
`
`~
`
`;
`'18...
`'16
`
`I
`C
`I
`I
`I
`PCMCIA
`A
`I ~ADDA
`N
`11 8 BUFFER
`T
`I
`~ I
`I
`F
`I
`PCMCIA
`A
`C
`,:..,.L. DATA
`1'16 BUFFER
`E
`I
`I
`I
`I
`I
`I
`
`0 •
`rJ'J.
`•
`
`c
`R
`y
`p
`T
`0
`p
`R
`0 c
`E s
`s
`0
`R
`I
`N
`T
`E
`R
`F
`A c
`E
`
`1
`1
`I
`I
`I
`I
`~
`
`I
`
`BUF EN
`
`_STATE
`CNTLR
`
`LOCAL CONTROL
`~ LOCAL DATA
`'16
`
`LCL ADDRESS
`
`;
`'12
`
`COMPACT FLASH
`DATA BUFFER
`
`CARD ENABLE
`DCDR
`
`I
`I
`I
`I
`I
`- - - - - - - - - - - - - ______ I
`-
`"' ___ c_o_M_P_AC_T_F_L_AS_H_IN_T_E_RF_A_C_E ___ ~
`1
`
`COMPACT FLASH
`- 1/0 CONTROL
`~
`-
`
`CONFIG
`REGISTERS
`
`,- -
`I
`
`~ ---7-----1------J
`
`910
`
`911
`
`FIG. 98
`
`
`
`6,088,802
`
`1
`PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`This application is related to the commonly owned,
`co-pending United States patent Application entitled
`"Modular Security Device," by William P. Bialick, Mark J.
`Sutherland, Janet L. Dolphin-Peterson, Thomas K.
`Rowland, Kirk W. Skeba and Russell D. Housley, filed on
`the same date as the present application and having Attorney
`Docket No. SPY-003, the disclosure of which is incorpo(cid:173)
`rated by reference herein.
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`This invention relates to a peripheral, often portable,
`device (as well as the methods employed by such a periph(cid:173)
`eral device, and systems including such a peripheral device
`and a host computing device with which the peripheral
`device communicates) that can communicate with a host
`computing device to enable one or more security operations
`to be performed by the peripheral device on data stored
`within the host computing device, data provided from the
`host computing device to the peripheral device, or data
`retrieved by the host computing device from the peripheral
`device.
`2. Related Art
`Computing capability is becoming increasingly portable.
`In particular, there are more and more portable peripheral
`devices that are adapted for communication with a host
`computing device (e.g., desktop computer, notebook com(cid:173)
`puter or personal digital assistant) to enable particular func(cid:173)
`tionality to be achieved. These portable peripheral devices
`can take a variety of physical forms (e.g., PCMCIA cards,
`smart cards, CD-ROMs) and can perform an assortment of
`functions (e.g., storage, communications and cryptography).
`However, while portable computing affords a number of
`advantages, it has a significant disadvantage in that the
`computational environment (including the portable periph(cid:173)
`eral devices, the host computing devices in which they are
`used, and any other computational devices that communi(cid:173)
`cate with those devices) is more susceptible to security
`breaches, i.e., unauthorized access to, or modification of,
`programs and/or data resident within the environment.
`Consequently, cryptographic devices and methods have
`been developed for use with such computational environ(cid:173)
`ments (as well as other computational environments) to
`enable increased levels of environment security to be
`obtained.
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 1,
`a system 100 includes a host computing device 101 and a
`portable device 102. The host computing device 101 and
`portable device 102 are adapted to enable communication
`between the devices 101 and 102. The host computing
`device 101 includes a security mechanism lOla (which can
`be embodied by appropriately configured hardware, soft(cid:173)
`ware and/or firmware, such as, for example, a general
`purpose microprocessor operating in accordance with
`instructions of one or more computer programs stored in a
`data storage device such as a hard disk) which can be
`directed to perform one or more cryptographic operations.
`In the system 100, if it is desired to provide secured data
`from the host computing device 101 to the portable device
`
`10
`
`2
`102, the host computing device 101 causes the security
`mechanism lOla to perform appropriate cryptographic
`operations on data before the data is transferred to the
`portable device 102. Similarly, the host computing device
`5 101 can receive secured data from the portable device 102
`and perform appropriate cryptographic operations on the
`data to convert the data into a form that enables the data to
`be accessed and/or modified by a person who is authorized
`to do so.
`A significant deficiency of the system 100 is that the
`security mechanism lOla is itself typically not adequately
`secure. It is commonly accepted that the components
`(including hardware, software and/or firmware) of most host
`computing devices are inherently insecure. This is because
`15 the system design of host computing devices is, typically,
`intentionally made open so that components made by dif(cid:173)
`ferent manufacturers can work together seamlessly. Thus, an
`unauthorized person may obtain knowledge of the operation
`of the security mechanism lOla (e.g., identify a crypto-
`20 graphic key), thereby enabling that person to gain access to,
`and/or modify, the (thought to be secured) data.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 2,
`25 a system 200 includes a host computing device 201, a
`portable device 202 and a security device 203. The host
`computing device 201, the portable device 202 and security
`device 203 are adapted to enable communication between
`the devices 201 and 202, and between the devices 201 and
`30 203. The security device 203 includes appropriately config(cid:173)
`ured hardware, software and/or firmware which can be
`directed to perform one or more cryptographic operations.
`In the system 200, if it is desired to provide secured data
`from the host computing device 201 to the portable device
`35 202, the host computing device 201 first causes data to be
`transferred to the security device 203, where appropriate
`cryptographic operations are performed on the data. The
`secured data is then transferred back to the host computing
`device 201, which, in turn, transfers the secured data to the
`40 portable device 202. Similarly, the host computing device
`201 can receive secured data from the portable device 202
`by, upon receipt of secured data, transferring the secured
`data to the security device 203, which performs appropriate
`cryptographic operations on the data to convert the data into
`45 a form that enables the data to be accessed and/or modified
`by a person who is authorized to do so, then transfers the
`unsecured data back to the host computing device 201.
`The system 200 can overcome the problem with the
`system 100 identified above. The security device 203 can be
`50 constructed so that the cryptographic functionality of the
`device 203 can itself be made secure. (Such a security device
`is often referred to as a security "token.") An unauthorized
`person can therefore be prevented (or, at least, significantly
`deterred) from obtaining knowledge of the operation of the
`55 security device 203, thereby preventing (or significantly
`deterring) that person from gaining access to, and/or
`modifying, the secured data.
`However, the system 200 may still not always ensure
`adequately secured data. In particular, unsecured data may
`60 be provided by the host computing device 201 to the
`portable device 202 if the host computing device 201-
`whether through inadvertent error or deliberate attack by a
`user of the host computing device 201, or through malfunc(cid:173)
`tion of the host computing device 201-fails to first transfer
`65 data to the security device 203 for appropriate cryptographic
`treatment before providing the data to the portable device
`202.
`
`
`
`3
`Additionally, the system 200 requires the use of two
`separate peripheral devices (portable device 202 and secu(cid:173)
`rity device 203) to enable the host computing device 201 to
`exchange secured data with the portable device 202. For
`several reasons, this may be inconvenient. First, both
`devices 202 and 203 may not be available at the time that it
`is desired to perform a secure data exchange (e.g., one may
`have been forgotten or misplaced). Second, even if both
`devices 202 and 203 are available, it may not be possible to
`connect both devices 202 and 203 at the same time to the
`host computing device 201, making use of the devices 202
`and 203 cumbersome and increasing the likelihood that
`unsecured data is provided by the host computing device
`201 to the portable device 202.
`
`15
`
`SUMMARY OF THE INVENTION
`A peripheral device according to the invention can be
`used to communicate with a host computing device to enable
`one or more security operations to be performed by the
`peripheral device on data stored within the host computing 20
`device, data provided from the host computing device to the
`peripheral device (which can then be, for example, stored in
`the peripheral device or transmitted to yet another device) or
`data retrieved by the host computing device from the periph(cid:173)
`eral device (e.g., data that has been stored in the peripheral 25
`device, transmitted to the peripheral device from another
`device or input to the peripheral device by a person). In
`particular, the peripheral device can be adapted to enable, in
`a single integral peripheral device, performance of one or
`more security operations on data, and a defined interaction 30
`with a host computing device that has not previously been
`integrated with security operations in a single integral
`device. The defined interactions can provide a variety of
`types of functionality (e.g., data storage, data
`communication, data input and output, user identification), 35
`as described further below. The peripheral device can be
`implemented so that the peripheral device can be operated in
`any one of multiple user-selectable modes: a security func(cid:173)
`tionality only mode, a target functionality mode, and a
`combined security and target functionality mode. The 40
`peripheral device can also be implemented so that the
`security operations are performed in-line, i.e., the security
`operations are performed between the communication of
`data to or from the host computing device and the perfor(cid:173)
`mance of the defined interaction. Moreover, the peripheral
`device can be implemented so that the security functionality
`of the peripheral device is transparent to the host computing
`device.
`A peripheral device according to the invention can advan(cid:173)
`tageously enable application of security operations to a wide 50
`variety of interactions with a host computing device. In
`particular, a peripheral device according to the invention can
`accomplish this without necessity to use two peripheral
`devices: one that performs the security operations and one
`that performs the defined interaction. This can, for example, 55
`minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing
`system without proper application of security operations to
`that interaction. Moreover, the provision of in-line security
`in a peripheral device according to the invention enables a 60
`more secure exchange of data between a host computing
`device and the peripheral device, overcoming the problems
`identified above in previous systems for performing security
`operations on data exchanged between such devices.
`Additionally, implementing a modular device according to 65
`the invention so that the performance of security operations
`by the modular device is transparent can reduce or eliminate
`
`45
`
`6,088,802
`
`4
`the need to modify aspects of the operation of the host
`computing device (e.g., device drivers of the host computing
`device), making implementation and use of a data security
`system including the modular device simpler and easier.
`5 Thus, the possibility that a user will use the system incor(cid:173)
`rectly (e.g., fail to apply security operations to an interaction
`with the host computing device, or apply the security
`operations incorrectly or incompletely) is reduced. Making
`the security operations transparent can also enhance the
`10 security of those operations.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 3A is a block diagram of a system according to the
`invention.
`FIG. 3B is a perspective view of a physical implementa(cid:173)
`tion of the system of FIG. 3A according to one embodiment
`of the invention.
`FIG. 4 is a block diagram of a peripheral device according
`to an embodiment of the invention.
`FIG. 5 is a flow chart of a method, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention.
`FIG. 6 is a block diagram of a system, according to an
`embodiment of the invention, illustrating operation of the
`system during a method according to the invention as in
`FIG. 5.
`FIGS. 7A and 7B is a flow chart of a method, according
`to an embodiment of the invention, for using a peripheral
`device according to the invention.
`FIG. 8 is a block diagram of a peripheral device according
`to another embodiment of the invention.
`FIG. 9A is a block diagram illustrating the flow of data
`through the interface control device of FIG. 8.
`FIG. 9B is a block diagram of a particular embodiment of
`an interface control device for use in a peripheral device
`according to the invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`FIG. 3A is a block diagram of a system 300 according to
`the invention. The system 300 includes a host computing
`device 301 and a peripheral device 302 that communicate
`via a communications interface 303. Herein, "peripheral
`device" can refer to any device that operates outside of a
`host computing device and that is connected to the host
`computing device. The peripheral device 302 includes a
`security mechanism 302a that enables security operations
`(examples of which are described in more detail below) to
`be performed on data that is stored within the host comput(cid:173)
`ing device 301, data that is transmitted from the host
`computing device 301 to the peripheral device 302, or data
`that is transmitted from the peripheral device to the host
`computing device 301. As explained in more detail below,
`the peripheral device 302 also provides additional function(cid:173)
`ality (referred to herein as "target functionality") to the
`system 300, such as, for example, the capability to store data
`in a solid-state disk storage device, the capability to enable
`communications from the host computing device 301 to
`
`
`
`6,088,802
`
`5
`
`5
`another device, the capability to accept biometric input to
`enable user authentication to the host computing device 301,
`and the capability to receive and read a smart card inserted
`into the peripheral device 302.
`Generally, the communications interface 303 can be any
`embodied by any of a variety of communication interfaces,
`such as a wireless communications interface, a PCMCIA
`interface, a smart card interface, a serial interface (such as an
`RS-232 interface), a parallel interface, a SCSI interface or an
`IDE interface. Each embodiment of the communications 10
`interface 303 includes hardware present in each of the host
`computing device 301 and peripheral device 302 that oper(cid:173)
`ates in accordance with a communications protocol (which
`can be embodied, for example, by software stored in a
`memory device and/or firmware that is present in the host
`computing device 301 and/or peripheral device 302) appro(cid:173)
`priate for that type of communications interface, as known
`to those skilled in the art. Each embodiment of the commu(cid:173)
`nications interface 303 also includes mechanisms to enable
`physical engagement, if any, between the host computing 20
`device 301 and peripheral device 302.
`Generally, the security mechanism 302a can be config(cid:173)
`ured to perform any electronic data security operation
`(herein, referred to simply as "security operation")
`including, for example, operations that provide one or more
`of the basic cryptographic functions, such as maintenance of
`data confidentiality, verification of data integrity, user
`authentication and user non-repudiation. Particular security
`operations that can be implemented in a peripheral device
`according to the invention are described in more detail
`below.
`The security mechanism 302a can be, for example,
`embodied as a security token. Herein, "security token" refers
`to a device that performs security operations and that
`includes one or more mechanisms (such as, for example, use
`of a hardware random number generator and/or protected
`memory) to provide security for the content of those opera(cid:173)
`tions.
`FIG. 3B is a perspective view of a physical implementa- 40
`tion of the system 300 of FIG. 3A, according to one
`embodiment of the invention. In FIG. 3B, the peripheral
`device 302 is embodied as a card 312 that can be inserted
`into a corresponding slot 313 formed in a portable computer
`311 that, in FIG. 3B, embodies the host computing device 45
`301. Often a peripheral device according to the invention is
`a portable device, such as the card 312 shown in FIG. 3B.
`Herein, "portable device" can refer generally to any device
`that is capable of being easily carried by hand.
`FIG. 4 is a block diagram of a peripheral device 400 50
`according to an embodiment of the invention. The peripheral
`device 400 includes security functionality 401, target func(cid:173)
`tionality 402 and a host interface 403 that are formed
`together as part of a single physical device. For example, the
`security functionality 401 and target functionality 402 can 55
`be enclosed in a single, card-like housing (designated in
`FIG. 4 by the numeral 404) conforming to a PCM CIA card
`or smart card standard.
`The peripheral device 400 can have a number of advan(cid:173)
`tageous characteristics. The peripheral device 400 can be 60
`implemented in a manner that enables the security opera(cid:173)
`tions of the security functionality 401 to be performed in a
`manner that is transparent to a host computing device (and,
`depending upon the particular implementation of the periph(cid:173)
`eral device 400, to a user of a system including the periph- 65
`eral device 400) of a system according to the invention, so
`that the host computing device (and, perhaps, user) is aware
`
`6
`only of the presence of the target functionality 402.
`Additionally, the peripheral device 400 can be implemented
`so that security operations are performed "in-line," i.e., the
`security operations are performed between the communica-
`tion of data to or from the host computing device and the
`performance of the target functionality provided by the
`peripheral device. Further, the peripheral device 400 enables
`a wide variety of secure target functionality to be easily
`provided to a host computing device.
`FIG. 5 is a flow chart of a method 500, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention. The method 500 enables an
`aspect of the invention in which the presence of security
`functionality as part of a peripheral device is not detected by
`15 a host computing device, thus making the security function(cid:173)
`ality transparent to the host computing device and, depend(cid:173)
`ing upon the particular manner in which the security func(cid:173)
`tionality is implemented, to a user of the system.
`FIG. 6 is a block diagram of a system 600, according to
`an embodiment of the invention, illustrating operation of the
`system 600 during a method according to the invention such
`as the method 500 of FIG. 5. The system 600 includes a host
`computing device 601 and a peripheral device 602. The host
`computing device 601 includes a display device 603a (e.g.,
`25 a conventional computer display monitor) and user input
`device 603b (e.g., a keyboard, mouse, trackball, joystick or
`other appropriate device), referred to collectively hereinafter
`as user interface device 603. The host computing device 601
`also includes, mounted within a housing 604, a processing
`30 device 605, a memory device 606, an input/output (110)
`device 607 for enabling communication with the user inter(cid:173)
`face device 603, and an input/output (110) device 608 for
`enabling communication with peripheral device 602. The
`devices 605, 606, 607 and 608 can each be implemented by
`35 conventional such devices and can communicate with each
`other via a conventional computer bus 609, as is well known
`and understood. The peripheral device 602 includes security
`functionality 611, a memory device 612, an input/output
`(110) device 613 for enabling communication with the host
`computing device 601 and target functionality 614. The
`security functionality 611, memory device 612, 110 device
`613 and target functionality 614 can each be implemented by
`conventional devices and can communicate with each other
`via a conventional computer bus 615, as is well known and
`understood. The host computing device 601 and the periph(cid:173)
`eral device 602 are shown in simplified form in FIG. 6 to
`facilitate clarity in illustration of this aspect of the invention;
`as described in more detail below and as understood by those
`skilled in the art, the host computing device 601 and the
`peripheral device 602 can-and typically will-include
`other devices not shown in FIG. 6.
`Returning to FIG. 5, use of a system according to the
`invention begins when, as shown by step 501, a user of the
`system connects a peripheral device according to the inven(cid:173)
`tion to a host computing device. Such connection can occur
`in any manner that enables the peripheral device to com(cid:173)
`municate with the host computing device. Frequently, this
`will occur as a result of a physical connection of the
`peripheral device to the host computing device. (In general,
`such physical connection can occur either before or after the
`host computing device begins operating; however, in the
`former case, subsequent steps of the method 500-with the
`exception of, depending upon the implementation of the
`peripheral device, the step 503---cannot be performed until
`the host computing device begins operating.) For example,
`the peripheral device can be embodied in a card or disk (e.g.,
`a card conforming to a PCM CIA form factor as established
`
`
`
`6,088,802
`
`7
`by the appropriate standard) that is inserted into a corre(cid:173)
`sponding socket formed in the host computing device. Or,
`the peripheral device can be embodied in a housing from
`which a cord extends, a plug of the cord being inserted into
`a mating receptacle formed in the host computing device. 5
`However, such physical connection need not necessarily
`occur; the peripheral device can also be connected to the
`host computing device by any type of wireless communi(cid:173)
`cation for which the host computing device contains an
`appropriate interface.
`Once connection between the peripheral device and the
`host computing device is made, the host computing device
`detects the presence of the peripheral device, as shown by
`step 502. Such detection of the presence of a peripheral
`device is typically enabled as a standard aspect of the 15
`operating system software of the host computing device.
`Typically, once the presence of a new peripheral device is
`detected by the operating system software of the host
`computing device, the operating system software (or com(cid:173)
`panion software program) also identifies the type of the 20
`peripheral device. This can be accomplished, for example,
`by a standard software device driver (hereinafter, "host
`driver") for devices of the type that use the host computing
`device interface that is being used by the peripheral device
`602. In FIG. 6, the host driver is shown stored in the memory 25
`section 606a of the memory device 606 of the host com(cid:173)
`puting device 601. (The Card Services or Socket Services
`programs that often are bundled with the Windows95™
`operating system software for use in performing various
`"housekeeping" functions associated with a PCM CIA inter- 30
`face are examples of such drivers.) However, in the method
`500, before the operating system software can perform such
`identification, the peripheral device according to the inven(cid:173)
`tion suspends operation of this aspect of the operating
`system software, so that the peripheral device can establish 35
`its identity, as shown by step 503, and ex