`
`
`
`
`
`ISSUECLASSIFICATION
`|
`AN L6/¥
`
`
`Subclass
`
`
`Class
`
`
`
`UTILITY
`PATENT DATE
`
`PATENT
`NUMBER
`NUMBER
`JUL TL 2000
`
`
`GROUP ART UNIT
`
`
`:Foreign priority claimed
`Dyes
`5. USC 119 conditions met
`
`Oy
`
`ATTORNEY'S
`DOCKET NO,
`
`ees
` U.S. DEPT. OF COMM,/ PAT. & TM~~PTO-436t, {Rev.12-94} J
`
`
`Fom PTO-4364
`
`
`
`
`
`
`1
`
`KINGSTON 1002
`
`PARTS OF APPLICATION
`
`FILED SEPARATELY
`
`NOTICE OF ALLOWANCE MAILED |-
`
`Figs. Drwg.|Print-Fig.* 2
`
`/l
`
`
`
`ISSUE
`BATCH
`
`
` DRAWING
`NUMBER
`(Rev. 8/92)
`
`1
`
`KINGSTON 1002
`
`
`
`
`
`oe
`
` Peeseed“INITIALS
`
`
`PATENT+ APPLICATION
`
`AE08869305 =“
`
`
`Date
`Entered
`or,
`CONTENTS
`Countea
`——_—_—_
`
`
` i: Application _f papers. / _
`
`IES
`ft Nt,
`Noy
`xX aS Upland. he BAA i L ay 4
`or
`:
`
`.
`
`Date
`Received
`; Mailed
`
`
`
`2
`
`
`
`
`
`
`
`Staplé IssueSlip Here
`
`
`
`POSITION SPEC. HAND
`
`
`
`FILE MAINT.
`DRAFTING
`
`
`
`
`
`
`
`
`
`Claim yah Date
`Claim
`Date
`_}
`8)
`¢
`_|8
`'g/ BNA
`2/5 |
`
`4
`t
`~
`i
`
`ae v7
`.
`si]
`|
`
`ig] 2 ils
`52
`
`Bl si + =|
`53
`
`Lif 41¥ =
`|
`54
`i
`
`rss iets)
`55
`|
`
`a :
`
`—i-
`ee
`
`
`Gpl@)|“1 = | 58
`ey el)
`[sep
`
`
`‘Sia +)
`Ss
`60
`
`if W/L =|
`61
`r
`
`
`ani2 |p|>} a2] |
`
`
`
`233) o|= 63} |
`
`
`oeydal v=
`64|
`|
`
`esiisiri = fT
`65
`
`lie [| =
`* 66
`
`!
`67
`Sh 17 eT
`=| |
`
`ay) 18 =
`68|
`
`+
`69
`[
`
`i${
`20 =
`70
`
`[SS oe
`am
`|
`{
`|
`
`#7 [22,4] =
`72
`
`Ty]
`73
`(23
`[4
`=
`
`| ae
`74]:
`
`
`zoles|7] =| jt |
`
`
`2A 26|| = 76
`
`ye
`77
`
`Z|.
`78
`Sess
`=
`SYMBOLS
`[7
`
`
`7 GON
`7]
`=
`80
`
`wo TEL a si
`
`
`Bales
`VL =
`82
`
`a3,
`| =
`|
`83
`AE
`=
`|
`84
`Lg [35
`=
`85
`
`f6) 36
`=
`36
`
`13) 37
`=
`87
`
`6 erst
`Ts
`9
`
`
`2yol=
`[80
`
`aya
`=)
`91
`
`ByepS tL
`2.4
`92
`—+
`
`(3 43|
`=
`93
`[
`
`4
`—
`aren
`2
`a) 44 [
`94
`=|
`r
`Yt
`
`34145
`=|
`95
`
`atcy
`stot
`97
`{
`|
`48
`98
`195 Jt
`a
`50]
`|
`
` a FET INSINF)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`INDEX OF CLAIMS
`
`i
`
`|
`
`4
`
`99
`100
`
`3
`
`3
`
`
`
`PATENT ANO TRADEMARK OFFICE
`
`
`
`
`ORIGINAL CLASSIFICATION
`SUBCLASS
`CLASS
`
`
`UA
`LOO
`
`CROSS REFERENCE(S)
` BOL
`
`
`esee
`
`
`
`BIA LICK ef Au |>||—
`
`
`
`
`\F REISSUE, ORIGINAL PATENT NUMBER aeeeeeeee
`
`
`a+a
`
`
`
`
`
`aad|vez}—}|
`
`eeEXAMINER(PLEASESTAMPORPRINTFULLNAME}
`
`APPLICATION SERIAL NUMBER
`
`ee
`
`PTO 270
`(REV. 5-91)
`
`ISSUE CLASSIFICATION SLIP *
`
`U.S. DEPARTMENT OF COMMERCE
`
`-
`
`4
`
`STAPLE
`
`aut, }OVERNMENTPRINTING OFFICE: 1998-440-769
`AREA
`som ek,
`my
`+
`
`+
`
`
`
`PATENT NUMBER
`
`i
`
`.
`
`
`
`
`
`4
`
`
`
`~ SEARCHED
`
`ooss| oefew
`
`
`
`
`
`
`
`
`
`
`
`
`peas[se[oan[em|
`
`
`
`5
`
`
`
`ys ~~
`rivvt
`/04/97
`WN‘Ww
`
`06
`
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`Attorney Docket No.:
`
`SPY-004
`
`June 4, 1997
`
`Assistant Commissioner for Patents
`Washington, D. C.
`20231
`ATTN:
`BOX PATENT APPLICATION
`
`Se
`
`Deore
`
`
`
`Transmitted herewith for filing is a patent application; as
`Follows:
`
`Inventors: William P. Bialick, Mark J. Sutherland, Janet L.
`Dolphin-Peterson, Thomas K. Rowland, Kirk W. Skeba
`and Russell D. Housley
`PERIPHERAL DEVICE WITH INTEGRATED SECURITY FUNCTIONALITY
`
`Title:
`
`
`
`Enclosed with this transmittal letter are:
`
`Bs nw
`
`PETE
`
`pages of specification, claims and abstract
`sheets of drawings:
`(Formal) _X
`(Informal)
`pages of Declaration and Power of Attorney (Unexecuted)
`Power of Attorney
`Assignment of invention to Spyrus,
`Small Entity Declaration
`Independent Inventor's Declaration
`PTO Form-1449
`Preliminary amendment
`
`Inc.
`
`The filing fee is calculated as follows (small entity status is
`claimed):
`*
`
`CLAIMS AS FILED (fees computed under §1.9(f))
`
`Number
`Filed
`
`Number
`Extra
`
`Rate
`
`Fee
`
`Basic Filing Fee:
`
`Total Claims:
`
`Independent Claims:
`
`32
`
`12
`
`-
`
`20
`
`=
`
`=—- 30
`
`12
`
`9
`
`x
`
`Xx
`
`sii
`
`$40
`
`=
`
`=
`
`Application contains one or more multiple
`dependent claims ($260 total fee)
`
`5 385.00
`
`§ 132.00
`
`$ 360.00
`
`S
`
`0.00
`
`877.00
`S$
`TOTAL FILING FEE:
`
`A Return Post Card and this sheet in duplicate are also enclosed.
`
`I hereby certify that this correspondence is being
`deposited with the United States Postal Service as
`Express Mail
`in an envelope addressed to:
`Assistant Commissioner for Patents, Washington,
`D.c,, 20231, on June 4, 1997.
`Express Mail
`Receipt No. EF 557 934 406 US
`by nl de bral
`6-4-9?
`David
`R. Graham
`Date
`
`Respectfully submitted,
`
`‘
`
`.
`David R Graham
`Reg. No. 36,150
`Attorney for Applicants
`
`
`
`
`
`
`
`6
`
`
`
`
`
`Attorney Docket Now:
`
`SPY-004
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`June 4, 1997
`
`Assistant Commissioner for Patents
`Washington, D. C.
`20231
`ATTN:
`BOX PATENT APPLICATION
`
`16/%0/90
`
` “snPate9
`606698/90
`
`Old
`
`Transmitted herewith for filing is a patent application, as
`follows:
`
`Inventors: William P. Bialick, Mark J. Sutherland, Janet L.
`Dolphin-Peterson, Thomas K. Rowland, Kirk W. Skeba
`and Russell D. Housley
`PERIPHERAL DEVICE WITH INTEGRATED SECURITY FUNCTIONALITY
`
`Title:
`
`Enclosed with this transmittal letter are:
`
`MELTI)8
`
`pages of specification, claims and abstract
`sheets of drawings: _(Formal) _X
`(Informal)
`pages of Declaration and Power of Attorney (Unexecuted)
`Power of Attorney
`Assignment of invention to Spyrus,
`Small Entity Declaration
`Independent Inventor's Declaration
`PTO Form-1449
`Preliminary amendment
`
`Inc.
`
`.
`
`The filing fee is calculated as follows (small entity status is
`claimed):
`
`CLAIMS AS FILED (fees
`
`computed under
`*
`
`§1.9(f
`
`Number
`Filed
`
`Number
`Extra
`
`Rate
`
`Fee
`
`Basic Filing Fee:
`
`Total Claims:
`
`Independent Claims:
`
`32
`
`12
`
`-
`
`=«-
`
`20
`
`3
`
`=
`
`=
`
`12
`
`9
`
`x
`
`x
`
`$11
`
`$40
`
`=
`
`=
`
`$ 385.00
`
`$ 132.00
`
`§$ 360.00
`
`Application contains one or more multiple
`dependent claims ($260 total fee)
`$
`0.00
`
`TOTAL FILING FEE:
`$
`877.00
`
`
`A Return Post Card and this sheet in duplicate are also enclosed.
`
`
`
`I hereby certify that this correspondence is being
`deposited with the United States Postal Service as
`Express Mail
`in an envelope addressed to:
`Assistant Commissioner for Patents, Washington,
`D.C., 20231, on June 4, 1997.
`Express Mail
`Receipt No. EF 557 934 406 US
`.
`Lanna fhe brad
`R, Graham
`
`Davia
`
`Date
`
`G-u-97
`
`Respectfully submitted,
`t
`
`‘
`David R. Graham
`Reg. No. 36,150
`
`Attorney for Applicants
`
`7
`
`
`
`
`
`
`PERIPHERAL DEVICE WITH INTEGRATED SECURITY FUNCTIONALITY
`
`-_ 1 -
`
`William P. Bialick
`Mark J. Sutherland
`
`Janet L. Dolphin-Peterson
`Thomas K. Rowland
`Kirk W. Skeba
`
`Russell D. Housley
`
`
`CROSS~REFERENCE TO RELATED APPLICATION
`
`This application is related to the commonly owned, co-
`pending United States Patent Application entitled “Modular
`Security Device," by William P. Bialick, Mark J. Sutherland,
`Janet L. Dolphin-Peterson, Thomas K. Rowland, Kirk W. Skeba
`and Russell D. Housley, filed on the same date as the present
`application and having Attorney Docket No. SPY-003,
`the
`disclosure of which is incorporated by reference herein.
`
`10
`
`15
`
`BACKGROUND OF THE INVENTION
`
`1.
`
`Field of the Invention
`
`This invention relates to a peripheral, often portable,
`device (as well as the methods employed by such a peripheral
`device, and systems including such a peripheral device anda
`
`20
`
`host computing device with which the peripheral device
`communicates)
`that can communicate with a host computing
`device to enable one or more security operations to be
`performed by the peripheral device on data stored within the
`host computing device, data provided from the host computing
`device to the peripheral device, or data retrieved by the
`host computing device from the peripheral device.
`2.
`Related Art
`
`Computing capability is becoming increasingly portable.
`In particular,
`there are more and more portable peripheral
`devices that are adapted for communication with a host
`computing device (e.g., desktop computer, notebook computer
`or personal digital assistant) to enable particular
`
`
`
`
`
`
`
`
`
`
`
`8
`
`
`
`
`
`
`
`- 2 -
`
`These portable peripheral
`functionality to be achieved.
`Gevices can take a variety of physical forms (e.g., PCMCIA
`cards, smart cards, CD~ROMs) and can perform an assortment of
`functions (e.g., storage, communications and cryptography).
`
`However, while portable computing affords a number of
`advantages, it has a significant disadvantage in that the
`computational environment
`(including the portable peripheral
`devices,
`the host computing devices in which they are used,
`
`and any other computational devices that communicate with
`those devices)
`is more susceptible. to security breaches,
`i.e., unauthorized access to, or modification of, programs
`and/or data resident within the environment. Consequently,
`cryptographic devices and methods have been developed for use
`with such computational environments (as well as other~
`computational environments)
`to enable increased levels of
`environment security to be obtained.
`FIG.
`1 is a block diagram of a prior art system for
`
`enabling a host computing device to provide secured data to,
`
`In
`and retrieve secured data from, a portabl@ device.
`FIG. 1, a system 100 includes a host computing device 101 and
`a portable device 102.
`The host computing device 101 and
`portable device 102 are adapted to enable communication
`between the devices 101 and 102.
`The host computing
`device 101 includes a security mechanism 10la (which can be
`embodied by appropriately configured hardware, software
`and/or firmware, such as, for example, a general purpose
`microprocessor operating in accordance with instructions of
`one or more computer programs stored in a data storage device
`such as a hard disk) which can be directed to perform one or
`more cryptographic operations.
`
`In the system 100, if it is desired to provide secured
`data from the host computing device 101 to the portable
`
`the host computing device 101 causes the security
`device 102,
`mechanism 101a to perform appropriate cryptographic
`operations on data before the data is transferred to the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`
`
`
`
`
`
`9
`
`
`
`
`
`=
`
`3
`
`=
`
`the host computing
`portable device 102. Similarly,
`device 101 can receive secured data from the portable
`device 102 and perform appropriate cryptographic operations
`on the data to convert the data into a form that enables the
`
`data to be accessed and/or modified by a person who is
`authorized to do so.
`
`10
`
`15
`
`20
`
`25
`
`A significant deficiency of the system 100 is that the
`security mechanism 101la is itself typically not adequately
`secure.
`It is commonly accepted that the components
`{including hardware, software and/or firmware) of most host
`computing devices are inherently insecure. This is because
`
`typically,
`the system design of host computing devices is,
`intentionally made. open so that components made by different
`
`Thus, an .
`manufacturers can work together seamlessly.
`unauthorized person may obtain knowledge of the operation of
`the security mechanism 10la (e.g.,
`identify a cryptographic
`key),
`thereby enabling that person to gain access to, and/or
`modify,
`the (thought to be secured) data.
`
`2 is a block diagram of anothergprior art system
`FIG.
`for enabling a host computing device to provide secured data
`to, and retrieve secured data from, a portable device.
`In
`FIG. 2, a system 200 includes a host computing device 201, a
`portable device 202 and a security device 203.
`The host
`computing device 201,
`the portable device 202 and security
`device 203 are adapted to enable communication between the
`devices 201 and 202, and between the devices 201 and 203.
`
`The security device 203 includes appropriately configured
`hardware, software and/or firmware which can be directed to
`
`perform one or more cryptographic operations.
`In the system 200, if it is desired to provide secured
`data from the host computing device 201 to the portable
`device 202,
`the host computing device 201 first causes data
`to be transferred to the security device 203, where
`appropriate cryptographic operations are performed on the
`data.
`The secured data is then transferred back to the host
`
`30
`
`35
`
`
`
`
`
`
`10
`
`
`
`10
`
`
`
`
`
`= 4 =
`
`transfers the secured
`in turn,
`computing device 201, which,
`data to the portable device 202. Similarly,
`the host
`
`computing device 201 can receive secured data from the
`portable device 202 by, upon receipt of secured data,
`transferring the secured data to the security device 203,
`which performs appropriate cryptographic operations on the
`
`data to convert the data into a form that enables the data to
`be accessed and/or modified by a person who is authorized to
`do so,
`then transfers the unsecured data back to the host
`
`computing device 201.
`The system 200 can overcome the problem with the
`system 100 identified above.
`The security device 203 can be
`
`constructed so that the cryptographic functionality of the
`device 203 can itself be made secure.
`(Such a security
`Gevice is often referred to as a security "token.")
`An
`unauthorized person can therefore be prevented (or, at least,
`significantly deterred)
`from obtaining knowledge of the
`operation of the security device 203,
`thereby preventing (or
`
`significantly deterring) that person fromgaining access to,
`and/or modifying,
`the secured data.
`However,
`the system 200 may still not always ensure
`adequately secured data.
`In particular, unsecured data may
`be provided by the host computing device 201 to the portable
`
`device 202 if the host computing device 201 - whether through
`inadvertent error or deliberate attack by a user of the host
`computing device 201, or through malfunction of the host
`computing device 201 - fails to first transfer data to the
`security device 203 for appropriate cryptographic treatment
`
`before providing the data to the portable device 202.
`Additionally,
`the system 200 requires the use of two
`separate peripheral devices (portable device 202 and security
`device 203)
`to enable the host computing device 201 to
`exchange secured data with the portable device 202.
`For
`several reasons,
`this may be inconvenient. First, both
`
`devices 202 and 203 may not be available at the time that it
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`
`
`
`
`11
`
`11
`
`
`
`
`
`
`
`
`
`10
`
`
`
`25
`
`30
`
`-_
`
`5
`
`-
`
`is desired to perform a secure data exchange (e.g., one may
`
`Second, even if both
`have been forgotten or misplaced).
`devices 202 and 203 are available, it may not be possible to
`connect both devices 202 and 203 at the same time to the host
`
`computing device 201, making use of the devices 202 and 203
`cumbersome and increasing the likelihood that unsecured data
`is provided by the host computing device 201 to the portable
`device 202.
`,
`
`SUMMARY OF THE INVENTION
`
`A peripheral device according to the invention can be
`used to communicate with a host computing device to enable
`one or more security operations to be performed by the
`
`peripheral device on data stored within the host computing
`device, data provided from the host computing device to the
`
`for example, stored in
`peripheral device (which can then be,
`the peripheral device or transmitted to yet another device),
`
`or data retrieved by the host computing device from the
`peripheral device (e.g., data that has been stored in the
`peripheral device @F, transmitted to the péripheral device
`from another device.
`In particular,
`the peripheral device
`can be adapted to enable,
`in a single integral peripheral
`device, performance of one or more security operations on
`data, and a defined interaction with a host computing device
`that has not previously been integrated with security
`operations in a single integral device.
`The defined
`interactions can provide a variety of types of functionality
`(e.g., data storage, data communication, data input and
`output, user identification), as described further below.
`The peripheral device can be implemented so that the
`
`peripheral device can be operated in any one of multiple
`user-selectable modes:
`a security functionality only mode, a
`target functionality mode, and a combined security and target
`functionality mode.
`The peripheral device can also be
`implemented so that the security operations are performed in-
`
`
`12
`
`12
`
`
`
`
`
`-~ 6 -
`
`the security operations are performed between the
`line, i.e.,
`communication of data to or from the host computing device
`and the performance of the defined interaction. Moreover,
`
`the peripheral device can be implemented so that the security
`functionality of the peripheral device is transparent to the
`host computing device.
`A peripheral device according to the invention can
`advantageously enable application of security operations to a
`wide variety of interactions with a host computing device.
`In particular, a peripheral device according to the invention
`can accomplish this without necessity to use two peripheral
`devices:
`one that’ performs the security operations and one
`that performs the defined interaction. This can,
`for
`example, minimize the possibility that the device adapted to
`perform the defined interaction will be used with the host
`computing system without proper application of security
`operations to that interaction. Moreover,
`the provision of
`in-line security in a peripheral device a@cording to the
`invention enables a more secure exchange of data between a
`host computing device and the peripheral device, overcoming
`the problems identified above in previous systems for
`performing security operations on data exchanged between such
`devices. Additionally,
`implementing a modular device
`according to the invention so that the performance of
`security operations by the modular device is transparent can
`reduce or eliminate the need to modify aspects of the
`operation of the host computing device (e.g., device drivers
`of the host computing device}, making implementation and use
`of a data security system including the modular device
`simpler and easier.
`Thus,
`the possibility that a user wiil
`use the system incorrectly (e.g., fail to apply security
`operations to an interaction with the host computing device,
`or apply the security operations incorrectly or incompletely)
`
`10
`
`15
`
`20
`
`25
`
`30
`
`is reduced. Making the security operations transparent can
`also enhance the security of those operations.
`
`35
`
`13
`
`13
`
`
`
`-7-
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. xis a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 2 is a block diagram of another prior art system
`for enabling a host computing device to provide secured data
`
`to, and retrdeve secured data from, a portable device.
`PIG.
`3A is a block diagram of a system according to the
`invention.
`oo
`FIG.
`3Bis a perspective view of a physical
`implementation of the system of FIG.
`3A according to one
`embodiment pt the invention.
`FIG.
`4 is a block diagram of a peripheral device
`according to,dan embodiment of the invention.
`FIG.
`5° is a flow chart of a method, according to an
`embodiment of the invention,
`for initiating use of a system
`according tg/the invention.
`FIG.
`6 is a block diagram of a system, according to an
`
`5
`
`10
`
`15
`
`illustrating operation of the
`embodiment of the invention,
`20 system during a method according to the invention as in
`FIG. 5.
`
`FIG.
`
`7 is a flow chart of a method, according to an
`
`25
`
`for using a peripheral device
`
`embodiment of the invention,
`according to“the invention.
`FIG.
`8 “is a block diagram of a peripheral device
`according tof another embodiment of the invention.
`FIG.
`9A i's a block diagram illustrating the flow of data
`through the interface control device of FIG. 8.
`FIG.
`9B is a block diagram of a particular embodiment of
`30 an interface control device for use in a peripheral device
`according to the invention.
`
`
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`
`
`FIG.
`
`3A is a block diagram of a system 300 according to
`
`the invention.
`
`The system 300 includes a host computing
`
`14
`
`14
`
`
`
`a
`a
`
`OW
`
`CA
`
`
`
`= 8 =
`
`device 301 and a peripheral device 302 that communicate via a
`communications interface 303. Herein, "peripheral device”
`
`can refer to any device that operates outside of a host
`
`carrieAart device and that is connected to the host
`5
`olarrareein device.
`The peripheral device 302 includes a
`“z
`security mechanism 302a that enables security operations
`(examples of which are described in more detail below)
`to be
`
`performed on data that is stored within the host computing
`
`device 301, data that
`
`is transmitted from the host computing
`
`10sevess sfpesebeces devic&or data that is transmitted
`
`device to the host computing device 301. As
`from 4
`explained in more detail below,
`the peripheral device 302
`also provides additional functionality (referred to herein as
`"target functionality") to the system 300,
`such as,
`for
`15 example,
`the capability to store data in a solid-state disk
`storage device,
`the capability to enable communications from
`the host computing device 301 to another device,
`the
`
`capability to accept biometric input to effable user
`authentication to the host computing device 301, and the
`20 capability to receive and read a smart card inserted into the
`peripheral device 302.
`Generally,
`the communications interface 303 can be any
`
`embodied by any of a variety of communication interfaces,
`such as a wireless communications interface, a PCMCIA
`25 interface,
`a smart card interface, a serial interface (such
`
`as an RS-232 interface), a parallel interface, a SCSI
`interface or an IDE interface.
`Each embodiment of the
`
`communications interface 303 includes hardware present in
`each of the host computing device 301 and peripheral device
`30 302 that operates in accordance with a communications
`
`for example, by software
`(which can be embodied,
`protocol
`stored in a memory device and/or firmware that is present in
`the host computing device 301 and/or peripheral device 302)
`
`appropriate for that type of communications interface, as
`35 known to those skilled in the art.
`Each embodiment of the
`
`15
`
`
`
`15
`
`
`
`
`
`-
`
`9
`
`-
`
`communications interface 303 also includes mechanisms to
`
`enable physical engagement, if any, between the host
`computing device 301 and peripheral device 302.
`Generally,
`the security mechanism 302a can be configured
`to perform any electronic data security operation (herein,
`
`for
`referred to simply as "security operation”) including,
`example, operations that provide one or more of the basic
`cryptographic functions,
`such as maintenance of data
`
`10
`
`confidentiality, verification of data integrity, user
`authentication and user non-repudiation. Particular security
`operations that can be implemented in a peripheral device
`according to the invention are described in more detail
`below.
`.
`
`for example,
`The security mechanism 302a can be,
`embodied as a security token. Herein, "security token"
`refers to a device that performs security operations and that
`
`includes one or more mechanisms
`
`(such as,
`
`for example, use of
`
`a hardware random number generator and/or“*protected memory)
`to provide security for the content of those operations.
`FIG.
`3B is a perspective view of a physical
`implementation of the system 300 of FIG. 3A, according to one
`embodiment of the invention.
`In ric. 3, the peripheral
`device 302 is embodied as a card 312 that can be inserted
`into a corresponding slot 313 formed in a portable
`computer 311 that,
`in FIG. 3B, embodies the host computing
`device 301. Often a peripheral device according to the
`invention is a portable device,
`such as the card 312 shown in
`
`FIG. 3B. Herein, "portable device" can refer generally to
`any device that is capable of being easily: carried by hand.
`FIG.
`4 is a block diagram of a peripheral device 400
`according to an embodiment of the invention.
`The peripheral
`
`20
`
`25
`
`30
`
`target
`device 400 includes security functionality 401,
`functionality 402 and a host interface 403 that are formed
`
`For example,
`together as part of a single physical device.
`the security functionality 401 and target functionality 402
`
`35
`
`
`
`16
`
`16
`
`
`
`
`
`
`
`~ 10 -
`
`can be enclosed in a single, card-like housing (designated in
`FIG.
`4 by the numeral 404) conforming to a PCMCIA card or
`smart card standard.
`
`The peripheral device 400 can have a number of
`advantageous characteristics.
`The peripheral device 400 can
`be implemented in a manner that enables the security
`operations of the security functionality 401 to be performed
`in a manner that is transparent to a host computing device
`(and, depending upon the particular implementation of the
`peripheral device 400,
`to a user of a system including the
`peripheral device 400) of a system according to the
`invention,
`so that the host computing device (and, perhaps,
`
`is aware only of the presence of the target
`user)
`functionality 402. Additionally,
`the peripheral device 400
`can be implemented so that security operations are performed
`"in-line," i.e.,
`the security operations are performed
`between the communication of data to or from the host
`
`computing device and the performance of the target
`
`functionality provided by the peripheral @evice. Further,
`the peripheral device 400 enables a wide variety of secure
`target functionality to be easily provided to a host
`computing device.
`FIG.
`5 is a flow chart of a method 500, according to an
`embodiment of the invention,
`for initiating use of a system
`according to the invention,
`The method 500 enables an aspect
`of the invention in which the presence of security
`functionality as part of a peripheral device is not detected
`by a host computing device,
`thus making the security
`
`10
`
`15
`
`20
`
`25
`
`functionality transparent to the host computing device and,
`depending upon the particular manner in which the security
`functionality is implemented,
`to a user of the system.
`FIG.
`6 is a block diagram of a system 600, according to
`an embodiment of the invention,
`illustrating operation of the
`system 600 during a method according to the invention such as
`the method 500 of FIG. 5.
`The system 600 includes a host
`
`30
`
`35
`
`
`
`
`
`17
`
`17
`
`
`
`
`
`
`
`
`
`- 12 =
`
`The host
`computing device 601 and a peripheral device 602.
`computing device 601 includes a display device 603a (e€.g.,
`conventional computer display monitor) and user input
`device 603b (e.g., a keyboard, mouse,
`trackball,
`joystick or
`
`a
`
`other appropriate device), referred to collectively
`hereinafter as user interface device 603.
`The host computing
`
`device 601 also includes, mounted within a housing 604, a
`processing device 605, a memory device 606, an input/output
`(I/O) device 607 for enabling communication with the user
`interface device 603, and an input/output
`(1/0) device 608
`for enabling communication with peripheral device 602.
`The
`devices 605, 606, 607 and 608 can each be implemented by
`
`conventional such devices and can communicate with each other
`via a conventional computer bus 609, as is well known and
`understood.
`The peripheral device 602 includes security
`(1/0)
`functionality 611, a memory device 612, an input/output
`device 613 for enabling communication with the host computing
`device 601 and target functionality 614.
`The security
`
`10
`
`15
`
`20
`
`I/O device 613 and
`functionality 611, memory device 612,
`target functionality 614 can each be implemented by
`conventional devices and can communicate with each other via
`
`a conventional computer bus 615, as is well known and
`
`The host computing device 601 and the peripheral
`understood.
`device 602 are. shown in simplified form in FIG.
`6 to
`facilitate clarity in illustration of this aspect of the
`invention; as described in more detail below and as
`
`the host computing
`understood by those skilled in the art,
`device 601 and the peripheral device 602 can - and typically
`will -
`include other devices not shown in FIG. 6.
`
`Returning to FIG. 5, use of a system according to the
`
`invention begins when, as shown by step 501, a user of the
`system connects a peripheral device according to the
`invention to a host computing device.
`Such connection can
`occur in any manner that enables the peripheral device to
`communicate with the host computing device. Frequently,
`
`this
`
`25
`
`30
`
`35
`
`
`
`18
`
`
`
`
`
`
`
`- 12 ~
`
`will occur as a result of a physical connection of the
`peripheral device to the host computing device.
`(In general,
`
`such physical connection can occur either before or after the
`host computing device begins operating; however,
`in the
`former case, subsequent steps of the method 500 ~ with the
`exception of, depending upon the implementation of the
`
`the step 503.- cannot be performed until
`peripheral device,
`the host computing device begins operating.)
`For example,
`
`the peripheral device can be embodied in a card or disk
`(e.g., a card conforming to a PCMCIA form factor as
`
`10
`
`that is inserted
`established by the appropriate standard)
`into a corresponding socket formed in the host computing
`device. Or,
`the peripheral device can be embodied in a
`
`15
`
`20
`
`25
`
`30
`
`a plug of the cord being
`housing from which a cord extends,
`inserted into a mating receptacle formed in the host
`computing device. However, such physical connection need not
`necessarily occur;
`the peripheral device can also be
`
`connected to the host computing device by any type of
`
`wireless communication for which the host,computing device
`contains an appropriate interface.
`Once connection between the peripheral device and the
`host computing device is made,
`the host computing device
`detects the presence of the peripheral device, as shown by
`step 502.
`Such detection of the presence of a peripheral
`device is typically enabled as a standard aspect of the
`operating system software of the host computing device.
`Typically, once the presence of a new peripheral device
`is detected by the operating system software of the host
`computing device,
`the operating system software (or companion
`software program) also identifies the type of the peripheral
`device. This can be accomplished,
`for example, by a standard
`software device driver (hereinafter, "host driver")
`for
`
`devices of the type that use the host computing device
`
`interface that is being used by the peripheral device 602.
`In FIG. 6,
`the host driver is shown stored in the memory
`
`35
`
`
`
`
`
`19
`
`19
`
`
`
`
`
`- 13 =
`
`section 606a of the memory device 606 of the host computing
`device 601.
`(The Card Services or Socket Services programs
`
`that often are bundled with the Windows95™ operating system
`software for use in performing various "housekeeping"
`functions associated with a PCMCIA interface are @® examples
`
`in the method 500, before the
`of such drivers.) However,
`operating system software can perform such identification,
`the peripheral device according to the invention suspends
`operation of this aspect of the operating system software,
`that the peripheral device can establish its identity, as
`shown by step 503, and explained further below.
`As will be
`
`so
`
`from that explanation, performance of the step 503
`apparent
`advantageously enables the peripheral device to assume”the
`identity of the target functionality that is part of the
`peripheral device.
`Since, as described elsewhere herein, a
`peripheral device according to the invention can include a
`
`variety of types of target functionality,
`device can take a variety of identities.
`
`the peripheral
`
`The particular manner in which operation of the
`operating system software is suspended so that the peripheral
`device can establish its identity can depend on the
`characteristics of the operating system software and/or the
`device interface. However,
`for many combinations of
`operating system software and device interface,
`the operating
`system software waits for confirmation that the device
`connected to the device interface is ready for further
`interaction with the operating system software before the
`
`operating system software seeks to identify the type of the
`device connected to the interface (the standard for PCMCIA
`
`In such
`for example, specifies such operation).
`interfaces,
`cases,
`the peripheral device can be configured to delay
`informing the operating system software that the peripheral
`device is ready for further interaction until the peripheral
`device has established its identity.
`The following description of one way in which the
`
`16
`
`15
`
`20
`
`25
`
`30
`
`35
`
`20
`
`20
`
`
`
`
`
`
`
`- 14 -
`
`step 503 can be implemented can best be understood by
`
`reference to the system 600shown in FIG. 6. One way in
`which the operating system software of a host computing
`device can identify the type of a peripheral device is to
`access a known memory section of a memory device of the
`
`peripheral device, as established by an interface standard
`developed for that type of peripheral device,
`that stores
`data representing the type of the peripheral device. This is
`true for a variety of types of peripheral devices, such as,
`for example, peripheral devices that conform to the PCMCIA
`standard.
`(The PCMCIA standard,
`for example,
`includes a
`specification, called the Card Information Structure,
`that
`defines,
`among other things, a location in a portion of
`
`memory of a PCMCIA card, denoted as “attribute memory",
`stores data identifying the type of the PCMCIA card.)
`system 600,
`the peripheral device 602 is such a device.
`memory section of the memory device 612 of the peripheral
`device 602 which the host computing devic@ 601 seeks to
`access is shown in FIG.
`6 as the memory section 612a, and the
`data stored therein is referred to herein as "peripheral
`device identification data."
`
`that
`In the
`The
`
`The peripheral device 602 can