EP1290536A2 - Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce - Google Patents

Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce

Info

Publication number
EP1290536A2
EP1290536A2 EP01962744A EP01962744A EP1290536A2 EP 1290536 A2 EP1290536 A2 EP 1290536A2 EP 01962744 A EP01962744 A EP 01962744A EP 01962744 A EP01962744 A EP 01962744A EP 1290536 A2 EP1290536 A2 EP 1290536A2
Authority
EP
European Patent Office
Prior art keywords
smartcard
processor
usb
compliant
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01962744A
Other languages
German (de)
English (en)
Inventor
Shawn D. Abbott
Allan D. Anderson
Patrick N. Godding
Maarten G. Punt
Mehdi Sotoodeh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rainbow Technologies BV
Original Assignee
Rainbow Technologies BV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rainbow Technologies BV filed Critical Rainbow Technologies BV
Publication of EP1290536A2 publication Critical patent/EP1290536A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/0772Physical layout of the record carrier
    • G06K19/07732Physical layout of the record carrier the record carrier having a housing or construction similar to well-known portable memory devices, such as SD cards, USB or memory sticks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/0772Physical layout of the record carrier
    • G06K19/07733Physical layout of the record carrier the record carrier containing at least one further contact interface not conform ISO-7816
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K1/00Printed circuits
    • H05K1/02Details
    • H05K1/11Printed elements for providing electric connections to or between printed circuits
    • H05K1/117Pads along the edge of rigid circuit boards, e.g. for pluggable connectors

Definitions

  • the present invention relates to computer peripherals, and in particular to an inexpensive USB-compliant personal key that is compatible with existing smartcard processors, drivers, and instruction sets.
  • Smartcards represent a longstanding attempt to deal with at least some of the foregoing challenges. Substantial resources have been made in the design and development of smartcards, smartcard readers, and the associated reader/smartcard drivers which allow computer applications to interface with the smartcard to perform security and data storage functions. Even so, smartcards have not enjoyed widespread popularity. Smartcard readers are relatively expensive, and not widely available. Further, the lack of uniform smartcard/smartcard reader physical interface standards have resulted in smartcard/smartcard reader physical interface compatibility problems, ⁇ many of which remain unresolved.
  • USB-compliant personal keys such as that which is disclosed in co-pending and commonly assigned U.S. Patent Application Nos. 09/449,159 and 09/281,017, described above, offer the benefit of smartcard functionality in a universally accepted USB form factor.
  • the Universal Serial Bus (USB) is a connectivity standard developed by computer and telecommunication industry members for interfacing computers and peripherals. USB-compliant devices allow the user to install and hot- swap devices without long installation procedures and reboots, and features a 127 device bus capacity, dual-speed data transfer, and can provide limited power to devices attached on the bus. Because the USB connectivity standard is rapidly becoming available on most personal computers, it offers a standard, widely available physical interface, the unavailability of which has prevented smartcards from achieving widespread acceptance.
  • USB-compliant personal keys utilize special purpose processors, instead of the low cost, limited capability processors currently available for smartcards. This increases the cost of the USB-compliant personal key, making widespread acceptance more difficult. Also, because each USB-compatible personal key may use a different processor (and different instruction sets), users may require different device drivers for different personal keys. This too represents another barrier to widespread acceptance of the personal key.
  • USB-compliant personal key that is usable with legacy personal identification devices, such as processors having smartcard processors. and/or those complying with the ISO 7816.
  • USB-compliant personal key that makes maximum use of existing smartcard protocols, software and devices wherever possible, and which retain at least a limited compatibility with existing devices designed to interface with smartcards. The present invention satisfies that need.
  • the present invention satisfies all of these needs with a personal key in a form factor that is compliant with a commonly available I/O interface such as the Universal Serial Bus (USB) and at the same time, usable with existing smartcard software applications.
  • the personal key comprises a USB-compliant interface releaseably cou leable to a host processing device operating under command of an operating system; a smartcard processor having a smartcard processor-compliant interface for communicating according to a smartcard input and output protocol; and an interface processor, communicatively coupled to the USB-compliant interface and to the smartcard processor-compliant interface, the interface processor implementing a translation module for interpreting USB-compliant messages into smartcard processor-compliant messages and for interpreting smartcard processor-compliant messages into USB-compliant messages.
  • the method comprises the steps of accepting a message comprising a smartcard reader command selected from a smartcard reader command set from a host computer operating system in a virtual smartcard reader; packaging the message for transmission via a USB-compliant interface according to a first message transfer protocol; transmitting the packaged message to a personal key communicatively coupled to the USB-compliant interface; receiving the packaged message in the personal key; unpackaging the message in the personal key to recover the smartcard reader command; translating the smartcard reader command into a smartcard command within the personal key; and providing the smartcard command to the smartcard processor.
  • the present invention is well suited for controlling access to network services, or anywhere a password, cookie, digital certificate, or smartcard might otherwise be used, including:
  • Remote access servers including Internet protocol security (IPSec), point to point tunneling protocol (PPTP), password authentication protocol (PAP), challenge handshake authentication protocol (CHAP), remote access dial-in user service (RADIUS), terminal access controller access
  • IPSec Internet protocol security
  • PTP point to point tunneling protocol
  • PAP password authentication protocol
  • CHAP challenge handshake authentication protocol
  • RADIUS remote access dial-in user service
  • TACACS control system
  • SET secure electronic transaction
  • MilliCent MilliCent
  • FIG. 1 is a diagram showing an exemplary hardware environment for ⁇ praetic-ingthe present invention
  • FIG. 2 is a. block diagram of a personal key communicatively coupled to a host computer
  • FIG. 3 is a block diagram of a personal key with a smartcard processor communicatively coupled to a host computer;
  • FIGs. 4A-4D are flow charts presenting exemplary method steps that can be used to practice the present invention.
  • FIG. 1 illustrates an exemplary computer system 100 that could be used to implement the present invention.
  • the host computer 102 comprises a processor 104 and a memory, such as random access memory (RAM) 106.
  • the host computer 102 is operatively. coupled to a display 122, which presents images such as windows to the user on a graphical. uset- jgrface 118B.
  • the host computer 102 may be coupled to other devices, such as a keyboard 114, a mouse device 116, a printer 128, etc.
  • keyboard 114 a keyboard 114
  • a mouse device 116 a printer 128, etc.
  • the host computer 102 operates under control of an operating system 108 stored in the memory i ⁇ 6, and interfaces with the user to accept inputs and commands and to present results through a graphical user interface (GUI) module 118 A.
  • GUI graphical user interface
  • the instructions performing the GUT functions can be resident or distributed in the operating system 108, the computer program 110, or implemented with special purpose memory-and ⁇ oeessors- .
  • the host computer 102 also implements a compiler 112 which allows an application -program 110 written in a programming language such as COBOL, C++, FORTRAN, or other language to be translated into processor 104 readable code.
  • the host computer 102 also comprises an input/output (I/O) port for a personal token 200 (hereinafter alternatively referred to also as a personal key 200).
  • I/O port is a USB- compliant interface comprising a host computer USB-compliant interface 130A and a personal token USB-compliant interface 130B (hereinafter referred to collectively as the USB-compliant interface 130.
  • instructions implementing the operating system 108, the computer program 110, and the compiler 112 are tangibly embodied in a computer- readable medium, e.g., data storage device.120, which could include one or more fixed or removable data storage devices, such as a zip drive, floppy disc drive 124, hard drive, CD-ROM drive, tape drive, etc.
  • the operating system 108 and the computer program 110 are comprised of instructions which, when read and executed by the computer 102, causes the computer.102 to perform the steps necessary to implement and/or use the present i ve ⁇ p..
  • Computer program 110 and/or operating instructions may also be tangibly embodied n memory 106 and/or data communications devices, thereby making a computer program product or article of manufacture according to the invention.
  • article of manufacture and “computer program product” as used herein are intended to encompass a computer program accessible from any computer readable device or media.
  • the host computer 102 may be communicatively coupled to a remote computer or server 134 via communication medium 132 such as a dial-up network, a wide area network (WAN), local area network (LAN), virtual private network (VPN) or the Internet.
  • Communication medium 132 such as a dial-up network, a wide area network (WAN), local area network (LAN), virtual private network (VPN) or the Internet.
  • Program instructions for computer operation, including additional or alternative application programs can be. loaded from the remote computer/server 134.
  • the compute-Cv,lQ2.sii!-npIements-an Internet browser allowing the user to • access the world wide web (WWW) ⁇ and other internet resources.
  • FIG. 2 is a block diagram illustrating the components of one embodiment of a personal key 200.
  • the personal key 200 communicates with and obtains power from the host computer 102 through a USB-compliant communication path in the USB- compliant interface 130 which includes the input/output port 130A of the host computer 102 and a matching input/output (I/O) port 130B on the personal key 200.
  • the processor 212 is communicatively coupled to a memory 214, which stores data and instructions to implement the above-described features of the invention-.
  • the memory 214 is a non- volatile random-access memory that can retain factory-supplied data as well as customer-supplied application related data.
  • the processor 212 may also include some internal memory for performing some of these functions. . • : ' .' . -
  • the processor 212 is optionally,c.pjg ⁇ unicatively coupled to an input -device 218 via an input device communication path.224. and to an output device 222 via an output device communication path 224,-both of which are distinct from the USB- compliant interface 130.
  • These separate communication paths 220 and 224 allow the user to view information about processor 212 operations and provide input related to processor 212 operations without allowing a process or other entity with visibility to the USB-compliant interface 130 to eavesdrop or intercede. This permits secure communications between the key processor 212 and the user.
  • the user communicates directly with the ' processor 212 by physical manipulation of mechanical switches or devices actuatable from the external side of the key (for example, by pressure-sensitive devices such as buttons and invention set forth more fully below, the input device includes a wheel with tactile detents indicating the selection of characters. ' -
  • the input device and output devices 218, 222 may cooperatively interact with one another to enhance the functionality of the personal key 200.
  • the output device 222 may provide information prompting the user to enter information into the input device 218.
  • the output device 222 may comprise a visual display such as an alphanumeric LED or LCD display (which can display Arabic numbers and or letters) and/or an aural device. The user may be prompted to enter information by a beeping of the aural device, by a flashing pattern of the LED, or by both.
  • the output device 222 may also optionally be used to confirm entry of information by the input device 218. For example, an aural output device may beep when the user enters information into the input device 218 or when the user input is invalid.
  • the input device 218 may take one of many forms, including different combinations of input devices. Although the input device communication path 220 and the output device communication path 224 are illustrated in FIG. 2 as separate paths, the present invention can be implemented by combining the paths 220 and 224 while still retaining a communication path distinct from the USB-comphant interface 130. For example, the input device 218 and output device 222 may be packaged in a single device and communications with the processor 212 multiplexed over a single communication path.
  • FIG. 3 is a block diagram of the personal key 200 and host computer 102 as applied to the present invention.
  • the personal key 300 illustrated in FIG. 3 comprises a smartcard processor 320.
  • the smartcard processor 300 is a processor which complies with well-known smartcard 17O protocols and smartcard command sets and functions, such as those described by the International Standards Organization (ISO) standard 7816 Part III (defining electronic properties and transmission characteristics), which is hereby incorporated by reference herein.
  • the smartcard compliant I/O interface 324 includes a serial I/O line, a reset (RST) line, a clock (CLK) line, a programming voltage (VPP), a power supply voltage (VCC) and a ground.
  • This I/O interface 324 is further described in the publication "Introduction to Smartcards" by Dr. David B. Everett, which was published in 1999 by the Smart Card News Ltd., and is incorporated by reference herein.
  • the present invention allows the use of a personal key 300 communicating with the host computer 102 via a USB-compliant interface 130.
  • the substitution of the smartcard processor 320 for the ordinary processor 212 depicted in FIG. 2 has several advantages.
  • smartcard processors 212 are relatively inexpensive and readily available.
  • a large number of application programs 110 have been developed for the use of smartcards, including the personal computer/smartcard (PC/SC) interface developed by the MICROSOFT CORPORATION.
  • PC/SC personal computer/smartcard
  • this software can be used with a personal key 300 in a USB-compliant form factor.
  • the use of the smartcard processor 320 in the personal key 300 is-enab worseled by use of an interface processor 314 communicatively coupled to the smartcard processor 320 via a smartcard-compatible (S/C 7816) interface 324.
  • the interface processor 3 * 14 comprises a smartcard reader emulator module (SREM) 316 and a translation module 318.
  • SREM smartcard reader emulator module
  • the SREM 316 implements functions that emulate those of a smartcard reader, thus projecting the image of a smartcard reader to the smartcard processor 320.
  • the SREM 316 provides all instructions and commands to the smartcard processor 320 and receives messages and responses from the smartcard processor 320 according to the S/C protocol.
  • the host computer 102 comprises a virtual smartcard reader module (VSRM) 302.
  • the VSRM comprises a communication module 312, an answer-to-reset module 308, and a smartcard insertion removal reporting module 306v-Th ⁇ L ⁇ ⁇ ommumcation module 312 packages messages intended for the personal key 300 for transmission via the USB-compliant interface.
  • messages and commands that are sent to the personal key 300 packaged as:
  • USB command USB header + USB cdata (wherein USB cdata is the smartcard compliant command) and messages and responses from the personal key 300 are packaged as:
  • USB response USB header + USB rdata (wherein USB rdata is the smartcard compliant response)
  • the VSRM 302 emulates the presence of a smartcard reader to the OS 108 in the host computer 102. These functions are accomplished in the bootup module 311, the insert/remove module 306, the answer-to-reset module 308, and the PTS module 310.
  • the host computer's 102 operating system performs a startup sequence to determine which hardware elements are available for use.
  • the smartcard reader remains coupled to the host computer 102, whether a smartcard is inserted into the reader or not.
  • the smartcard reader can respond to startup sequence queries, and the smartcard reader is recognized by the operating system 108 for further operations.
  • the operating system would ordinarily be unable to operate with a smartcard thereafter.
  • the present invention comprises a bootup module 311, which responds to messages from the operating system 108 in the same way as a smartcard reader would if it were coupled to the host computer 102.
  • the insert/remove module 306 provides an indication to the operating system 108 that the personal key 300 has been inserted or removed from the USB-compliant interface 130. This is accomplished by querying the host computer USB-compliant interface port 130A.
  • the smartcard reader passes a reset command to the smartcard.
  • the smartcard returns an answer-to- reset message which indicates, among other things, the protocol and I/O interface supported by the attached smartcard.
  • the reset signal is used to start up the program contained in a memory 322 communicatively coupled to or resident within the- smartcard processor 320.
  • the ISO standard defines three reset modes, internal reset, active low reset, and synchronous high active reset. Most smartcard processors 320 operate using the active low reset mode. In this mode, the smartcard processor 320 transfers control to the entry address for the program when the reset signal returns to the high voltage level.
  • the synchronous mode of operation is more commonly met with smartcards used for telephonic applications.
  • the sequence of operations for activating the smartcard processor 320 is defined in order to minimize the possibility of damaging the smartcard processor 320. Of particular importance is avoiding corruption of the non- volatile memory 322 of the smartcard.
  • Most smartcard processors 320 operate using an active low reset mode in which the smartcard processor 320 transfers control to the entry address for the program when the reset signal returns to the high voltage level.
  • the sequence performed by the smartcard processor includes the steps of setting the RST line low, applying VCC to the proper supply voltage, setting the I/O in the receive mode, setting VPP in the idle mode, applying the clock, and taking the RST line high (active low reset).
  • the smartcard processor 320 responds with an answer-to-reset message.
  • the answer-to-reset signal is at most 33 characters, and includes 5 fields including an initial character (TS), a format character (TO), interface characters (TAi, TBi, TCi, and TDi), historical characters (Tl, T2, ... , TK), and a check character (TCK).
  • TS initial character
  • TO format character
  • TO interface characters
  • Ti TAi, TBi, TCi, and TDi
  • historical characters Tl, T2, ... , TK
  • TCK check character
  • the answer-to-reset signal provides an indication of the smartcard protocol(s) which are supported smartcard processor.
  • the reset signal is provided by the VSRM 302, packaged by the communication module 312, and sent via the USB-compliant interface 130B to the personal key 300.
  • the message is unwrapped by the translation module 318.
  • the smartcard reader emulation module activates the RST signal path in the smartcard interface 324, thus providing the RST command to the smartcard processor 320.
  • the smartcard processor 320 responds with an answer-to-reset message, sends the message via the serial I/O line of the smartcard interface 324 to the interface processor 314.
  • the personal key 300 does not comprise a smartcard processor 320, but rather a special purpose processor which does not respond to messages and commands in the smartcard I/O protocol (such as that which is illustrated in FIG. 1).
  • the present invention can still be used with existing smartcard applications 110, however, because the VSRM 302 and the interface processor 314 can be used to simulate the presence of a smartcard processor 320.
  • the NSRM accepts the reset command from the PC/SC modules in the operating system 108, translates the reset message into a functionally equivalent message for the special purpose processor in the personal key 300, and transmits the message to the personal key 300.
  • the personal key 300 After the personal key 300 is activated, it sends a message indicating as such to the host computer 102.
  • the VSRM 302 and translates this ⁇ message to a response that is compatible with the smartcard application 110, namely, an ATR message.
  • the smartcard command to special purpose processor command translation can occur i the emulation processor 314 in the personal key 300:
  • a protocol type selection (PTS) message maybe sent to the smartcard processor 320.
  • the PTS-message from the OS 108 is received by the ' PTS ' riiodule 310 in the VSRM 302, packaged for transmission via the USB-compliant interface 130 to the personal key 300, where it is unpackaged and provided to the smartcard processor 320.
  • the smartcard provides a response consistent with the ISO standards to the emulation module 316. The response is packaged, and transmitted over the USB-compliant interface 130 to the host computer 102, where it is unpackaged by the communication module 312 and provided to the operating system.
  • FIGS. 4A-4D are flow charts presenting exemplary method steps used to practice one embodiment of the present invention.
  • the virtual smartcard reader 302 accepts 402 a bootup query from the host ⁇ computer's operating system 108. Although a smartcard reader is not communicatively coupled to the host computer 130 the virtual smartcard reader 302 emulates the existence of a smartcard reader and provides an indication that a smartcard reader is available to the OS 108. Consequently, when the bootup procedures are completed, a smartcard reader will be registered as an available device to smartcard applications 110.
  • a personal key 300 may or may not be communicatively coupled to the USB-compliant interface 130.
  • the VSRM 302 When a personal key 300 is not attached, the VSRM 302 provides 404 the same indication to the operating system 108 as would be supplied by a smartcard reader without an inserted smartcard. This is accomplished by receiving 406 an indication that the personal key has been communicatively coupled to the USB-compliant interface, and providing an indication to the host computer operating system. Since the NSRM is emulating the functions of a smartcard, the indicatio is provided 408 to the host computer operating system (or equivalently, the personal computer/smartcard (PC/SC) interface modules therein) is that of an insert event. . .
  • PC/SC personal computer/smartcard
  • a protocol type selection (PTS) command may be issued by the operating system 108.
  • the VSRM 302 receives ;4iiQ ihe.PTS command, packages the command for transmission to the personal key 300 via the USB-compliant interface 130.
  • the wrapped PTS command is then transmitted over the USB-compliant interface 130 and received by the personal key 300.
  • the PTS command is unwrapped by the translate module 318 in the interface processor 314 and provided to the smartcard processor 320 via the smartcard-compliant interface 324.
  • the smartcard processor computes the appropriate response, sends the response to the interface processor 314, where the response is packaged by the translate module 318 for transmission to the host computer 102 via the USB-compliant interface 130.
  • FIG. 4B is a flow chart .describing exemplary method steps used to provide commands and or data from the OS 108 to the smartcard processor 320 and from the smartcard processor 320 to the OS 108.
  • a message which may comprise a smartcard reader command belonging to a smartcard reader command set is accepted 414 from a host computer operating system 108 in the virtual smartcard reader module (VSRM) 302.
  • the message is packaged 416 for transmission via the USB-compliant interface 130 according to a first message transfer protocol.
  • the packaged message is then transmitted 418 to the communicatively coupled personal key 300 via the USB-compliant interface 130.
  • the packaged message is received 420 and unpackaged 422 in the personal key 300.
  • the smartcard reader command is translated 424 into a smartcard command within the personal key 300 before being provided 426 to the smartcard processor 320.
  • the smartcard processor 320 -then performs the indicated operation, and a response is accepted 428 from the smartcard processor 320.
  • the smartcard response requires further processing by a smartcard.reader, the smartcard response is translated 430 into a smartcard reader reader response is then packaged 432 and transmitted 434 to the host computer 102 via the USB.-com ⁇ liant interface 130.
  • the host computer 102 receives 436" and unpackages 438 the message and provides 440 the response to the smartcard software application 110 that issued the command.
  • the VSRM 302 reports 444 an indication to the OS 108 that the "virtual smartcard" (the personal key 300) has been removed.
  • the provided indication is the same as that which would be provided by a smartcard reader when a smartcard is. ⁇ emoved..
  • the indication can be obtained, for example by receiving 442 an indication-from. a USB driver or other device indicating the removal of a USB device.
  • Tables I and ⁇ pE ⁇ sides- an summary of the communication protocol for an OS 108 command from-.the host, computer 102 to the smartcard processor 320 in the personal key (Table 1) ⁇ . and for a smartcard processor 320 response to the operating system 108.
  • Table H Tables m and IV provides a summary of the communication protocol for a request from an application program 110 to the smartcard processor 320 and for a request from an application program 110 to the smartcard processor 320.
  • the present invention describes a personal key comprising a USB-compliant interface releaseably coupleable to a host processing device operating under command of an operating system; a smartcard processor having a smartcard processor-compliant interface for communicating according to a smartcard input and output protocol; and an interface processor, communicatively coupled to the USB- compliant interface and to the smartcard processor-compliant interface, the interface processor implementing a translation module for interpreting USB-compliant messages into smartcard processor-compliant messages and for interpreting smartcard processor-compliant messages into USB-compliant messages.
  • the invention is described by a method comprising the steps of accepting a message comprising a smartcard reader command selected from a smartcard reader command set from a host computer operating system in a virtual smartcard reader; packaging the message for transmission via a USB-compliant interface according to a first message transfer protocol; transmitting the packaged message to a personal key communicatively coupled to the USB-compliant interface; receiving the packaged message in the personal key; unpackaging the message in the personal key to recover the smartcard reader command; translating the smartcard reader command into a smartcard command within the personal key; and providing the smartcard command to the smartcard processor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Information Transfer Systems (AREA)
  • Communication Control (AREA)
  • Computer And Data Communications (AREA)
  • Bus Control (AREA)

Abstract

La présente invention concerne une clé personnelle compacte et autonome, qui comprend : une interface compatible avec le bus série universel (USB) couplée de façon détachable avec un dispositif de traitement hôte qui fonctionne sous le contrôle d'un système d'exploitation ; un processeur de carte à puce comportant une interface compatible avec un processeur de carte à puce, destiné à communiquer selon un protocole d'entrée et de sortie de carte à puce ; et un processeur d'interface, couplé en communication avec l'interface compatible USB et avec l'interface compatible avec le processeur de carte à puce, le processeur d'interface mettant en oeuvre un module de traduction qui permet d'interpréter les messages compatibles USB en messages compatibles avec le processeur de carte à puce et d'interpréter les messages compatibles avec le processeur de carte à puce en messages compatibles USB.
EP01962744A 2000-06-15 2001-06-15 Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce Withdrawn EP1290536A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US59445600A 2000-06-15 2000-06-15
US594456 2000-06-15
PCT/EP2001/006816 WO2001096990A2 (fr) 2000-06-15 2001-06-15 Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce

Publications (1)

Publication Number Publication Date
EP1290536A2 true EP1290536A2 (fr) 2003-03-12

Family

ID=24378943

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01962744A Withdrawn EP1290536A2 (fr) 2000-06-15 2001-06-15 Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce

Country Status (3)

Country Link
EP (1) EP1290536A2 (fr)
AU (1) AU8386601A (fr)
WO (1) WO2001096990A2 (fr)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10211036A1 (de) * 2002-03-13 2003-10-09 Fujitsu Siemens Computers Gmbh Zugangsschutz
JP2006502511A (ja) * 2002-10-07 2006-01-19 アクサルト ソシエテ アノニム 署名生成装置
DE10344049A1 (de) * 2002-12-12 2004-06-24 Giesecke & Devrient Gmbh Tragbarer Datenträger
DE10261916A1 (de) * 2002-12-20 2004-07-01 Giesecke & Devrient Gmbh Tragbarer Datenträger mit Netzserverfunktionalität
US6843423B2 (en) 2003-03-13 2005-01-18 Stmicroelectronics, Inc. Smart card that can be configured for debugging and software development using secondary communication port
US6769622B1 (en) 2003-03-14 2004-08-03 Stmicroelectronics, Inc. System and method for simulating universal serial bus smart card device connected to USB host
US6752321B1 (en) 2003-03-31 2004-06-22 Stmicroelectronics, Inc. Smart card and method that modulates multi-color LED indicative of operational attributes and/or transactions between the smart card and USB port of a USB host
US6772956B1 (en) 2003-03-31 2004-08-10 Stmicroelectronics, Inc. Smart card and method that modulates traffic signaling indicative of operational attributes of the smart card and/or transactions between the smart card and USB port of a USB host
US7178724B2 (en) 2003-04-21 2007-02-20 Stmicroelectronics, Inc. Smart card device and method used for transmitting and receiving secure e-mails
US6945454B2 (en) 2003-04-22 2005-09-20 Stmicroelectronics, Inc. Smart card device used as mass storage device
US7823133B2 (en) 2003-04-23 2010-10-26 Stmicroelectronics, Inc. Smart card device and method for debug and software development
FI20035072A0 (fi) 2003-05-22 2003-05-22 Nokia Corp Liitäntäväylä, elektroniikkalaite ja järjestelmä
US7044390B2 (en) 2003-06-02 2006-05-16 Stmicroelectronics, Inc. Smart card emulator and related methods using buffering interface
US7127649B2 (en) * 2003-06-09 2006-10-24 Stmicroelectronics, Inc. Smartcard test system and related methods
FR2856211B1 (fr) * 2003-06-11 2006-01-20 Laurent Olivier Philipp Maitre Dispositif amovible permettant a un individu de s'identifier, s'authentifier et de signer ses actes sur des reseaux electroniques, et a un emetteur de contenus de gerer des droits d'acces
US7213766B2 (en) 2003-11-17 2007-05-08 Dpd Patent Trust Ltd Multi-interface compact personal token apparatus and methods of use
US7762470B2 (en) 2003-11-17 2010-07-27 Dpd Patent Trust Ltd. RFID token with multiple interface controller
US7597250B2 (en) 2003-11-17 2009-10-06 Dpd Patent Trust Ltd. RFID reader with multiple interfaces
US9213513B2 (en) 2006-06-23 2015-12-15 Microsoft Technology Licensing, Llc Maintaining synchronization of virtual machine image differences across server and host computers
US9392078B2 (en) 2006-06-23 2016-07-12 Microsoft Technology Licensing, Llc Remote network access via virtual machine
US8326449B2 (en) 2007-04-05 2012-12-04 Microsoft Corporation Augmenting a virtual machine hosting environment from within a virtual machine
DE102007030621A1 (de) * 2007-07-02 2009-03-12 Giesecke & Devrient Gmbh Ausführen von Applikationen auf einer Mobilfunkkarte
GB2486920A (en) * 2010-12-31 2012-07-04 Daniel Cvrcek USB data storage and generation device connected to a host computer as or as an interface to a Human Interface Device
TWI484419B (zh) * 2012-07-24 2015-05-11 Walton Advanced Eng Inc Composite Data Transmission Interface and Interface Judgment Method
US10872161B2 (en) * 2016-11-23 2020-12-22 Entrust Corporation Printer identity and security

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799258A (en) * 1984-02-13 1989-01-17 National Research Development Corporation Apparatus and methods for granting access to computers
EP0936530A1 (fr) * 1998-02-16 1999-08-18 Siemens Nixdorf Informationssysteme AG Carte virtuelle à puce
US6168077B1 (en) * 1998-10-21 2001-01-02 Litronic, Inc. Apparatus and method of providing a dual mode card and reader
EP1001329B1 (fr) * 1998-11-10 2007-04-18 Aladdin Knowledge Systems Ltd. Procédé d'interaction entre un utilisateur et un ordinateur pour l'utilisation de systèmes d'ordinateurs pouvant être reliés entre eux de manière flexible
IT1308078B1 (it) * 1999-06-08 2001-11-29 Eutron Infosecurity S R L Dispositivo di idientificazione e sistema per l'inserimento di unnumero di identificazione personale all'interno di tale dispositivo

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0196990A3 *

Also Published As

Publication number Publication date
WO2001096990A2 (fr) 2001-12-20
WO2001096990A3 (fr) 2002-04-04
AU8386601A (en) 2001-12-24

Similar Documents

Publication Publication Date Title
WO2001096990A2 (fr) Cle personnelle compatible avec le bus serie universel faisant appel a un processeur de carte a puce et a un emulateur de lecteur de carte a puce
EP1473664B1 (fr) Dispositif de carte à puce comme dispositif de mémoire de masse
RU2267155C2 (ru) Способ взаимодействия пользователь - компьютер для использования совокупностью гибко подключаемых компьютерных систем (гпкс), устройство, имеющее блок подключения к гпкс, совокупность устройств, имеющих блок подключения к гпкс, устройство ключа универсальной последовательной шины, способ взаимодействия с главным компьютером с usb и способ хранения данных (варианты)
US6769622B1 (en) System and method for simulating universal serial bus smart card device connected to USB host
US7011247B2 (en) Method of communication between a smart card and a host station
EP2698738B1 (fr) Dispositif d'authentification d'utilisateur ayant de multiples interfaces hôtes isolées
US6470284B1 (en) Integrated PC card host controller for the detection and operation of a plurality of expansion cards
EP1643372B1 (fr) Dispositif USB avec fonction secondaire USB en route
US7222240B2 (en) Token for storing installation software and drivers
EP1834276A2 (fr) Systeme et procede pour securiser l'initialisation d'un controleur de carte a puce
US20010024066A1 (en) Handheld device, smart card interface device (IFD) and data transmission method
JPH08297634A (ja) カードリーダー端末およびこのような端末の複数アプリケーション実行方法
CN104102870B (zh) 电子签名认证扩展设备及信息处理方法
Itoi et al. SCFS: A UNIX Filesystem for Smartcards.
Balacheff et al. Smartcards–from security tokens to intelligent adjuncts
Itoi et al. Practical security systems with smartcards
TW567440B (en) Smart card virtual hub
Catuogno et al. Securing operating system services based on smart cards
Seminar GPD/STIP Technology For Devices

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20021216

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17Q First examination report despatched

Effective date: 20040225

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20050614