GB2443878A - Card reader with internal USB connector - Google Patents

Card reader with internal USB connector Download PDF

Info

Publication number
GB2443878A
GB2443878A GB0622794A GB0622794A GB2443878A GB 2443878 A GB2443878 A GB 2443878A GB 0622794 A GB0622794 A GB 0622794A GB 0622794 A GB0622794 A GB 0622794A GB 2443878 A GB2443878 A GB 2443878A
Authority
GB
United Kingdom
Prior art keywords
read
memory device
write unit
connector
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0622794A
Other versions
GB2443878B (en
GB0622794D0 (en
Inventor
David Henry Krasner
Elaine Carol Kornbluth
Jul Kornbluth
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HES Ltd
Original Assignee
HES Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HES Ltd filed Critical HES Ltd
Priority to GB0622794A priority Critical patent/GB2443878B/en
Publication of GB0622794D0 publication Critical patent/GB0622794D0/en
Priority to GB0713252A priority patent/GB2440041B/en
Priority to PCT/GB2007/050393 priority patent/WO2008007139A2/en
Priority to EP07766435A priority patent/EP2044560A2/en
Priority to AU2007274028A priority patent/AU2007274028A1/en
Priority to CA002659812A priority patent/CA2659812A1/en
Priority to PCT/GB2007/050692 priority patent/WO2008059291A2/en
Publication of GB2443878A publication Critical patent/GB2443878A/en
Priority to US12/319,582 priority patent/US20090182911A1/en
Application granted granted Critical
Publication of GB2443878B publication Critical patent/GB2443878B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01RELECTRICALLY-CONDUCTIVE CONNECTIONS; STRUCTURAL ASSOCIATIONS OF A PLURALITY OF MUTUALLY-INSULATED ELECTRICAL CONNECTING ELEMENTS; COUPLING DEVICES; CURRENT COLLECTORS
    • H01R12/00Structural associations of a plurality of mutually-insulated electrical connecting elements, specially adapted for printed circuits, e.g. printed circuit boards [PCB], flat or ribbon cables, or like generally planar structures, e.g. terminal strips, terminal blocks; Coupling devices specially adapted for printed circuits, flat or ribbon cables, or like generally planar structures; Terminals specially adapted for contact with, or insertion into, printed circuits, flat or ribbon cables, or like generally planar structures
    • H01R12/70Coupling devices
    • H01R12/71Coupling devices for rigid printing circuits or like structures
    • H01R12/72Coupling devices for rigid printing circuits or like structures coupling with the edge of the rigid printed circuits or like structures
    • H01R12/721Coupling devices for rigid printing circuits or like structures coupling with the edge of the rigid printed circuits or like structures cooperating directly with the edge of the rigid printed circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01RELECTRICALLY-CONDUCTIVE CONNECTIONS; STRUCTURAL ASSOCIATIONS OF A PLURALITY OF MUTUALLY-INSULATED ELECTRICAL CONNECTING ELEMENTS; COUPLING DEVICES; CURRENT COLLECTORS
    • H01R12/00Structural associations of a plurality of mutually-insulated electrical connecting elements, specially adapted for printed circuits, e.g. printed circuit boards [PCB], flat or ribbon cables, or like generally planar structures, e.g. terminal strips, terminal blocks; Coupling devices specially adapted for printed circuits, flat or ribbon cables, or like generally planar structures; Terminals specially adapted for contact with, or insertion into, printed circuits, flat or ribbon cables, or like generally planar structures
    • H01R12/50Fixed connections
    • H01R12/51Fixed connections for rigid printed circuits or like structures
    • H01R12/52Fixed connections for rigid printed circuits or like structures connecting to other rigid printed circuits or like structures

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Coupling Device And Connection With Printed Circuit (AREA)

Abstract

An apparatus 20 for reading a memory card 10 comprises a receiver slot 21 for taking the whole or part of the body of the card and an internal female USB connector 65 located a the base of the receiving slot 66 which mates with a USB connector 15 that can be slid or rotated from the card so as extend beyond the perimeter of the card. In general the receiving slot is planar and of a height equivalent to a standard USB connector. The apparatus may be equipped with a plurality of such receiving slots (Fig 3). In one embodiment the apparatus is part of a security system.

Description

SECURITY SYSTEMS AND APPARATUS
DESCRIPTION
Iethnical Field
This invention relates to security systems and apparatus, and in particular to security systems and apparatus for ensuring the safe electronic transmission and memory storage of data.
Background
It is known to provide a so-called "dongle" to permit operation of a computer program only by a licensed user. For this, the "dongle" may be a hard-wired key within a body having a plug connector face and an opposite socket connector face, one connector face being connected to, say, the serial printer port of a computer and its other connector face being connected to the printer cable. Similar dongles connectible to a USB port are also known, but without the opposite socket connector face (e.g. the Aladdin HASP System from Aladdin Knowledge Systems Ltd), and can serve to protect intellectual property and provide software copy protection. Such "dongles" of the prior art utilise an existing standard port or like connection device that is part of the computer and is generally used for connection to other or alternative devices. In general, such "dongles" control operation of a program running on the computer into which the "dongle" is plugged.
It is also known to provide a USB connectible portable memory device as a means to store, retrieve and transfer information or data from one computer to another.
Typically, in one mode of use, the portable memory device is temporarily connected to the standard USB port of a computer which regards it as a removable disk drive, data from the computer's hard disk is then downloaded onto the memory device, the memory device is then disconnected from the computer's standard USB port and removed so as to provide a backup' store of the downloaded data. The stored data can be subsequently restored to the same computer or loaded into another computer, by connecting the memory device to the standard USB port of that computer or the other computer, which can then upload the stored data from the temporarily connected memory device.
Proposals have been made for memory devices having USB connectibility to be provided in a generally planar form. Examples are described in, for example, WO- 2005/124932, WO-0169881, WO-03027946, WO-0148994, US-A-6813164, US-A- 6900988, US-A-6744634, and US-A-2004/0102093. A further such memory device which provides a combination of compactness, neat appearance, ease of use and convenient snag-free storage, e.g. in a pocket, wallet, purse or handbag, is proposed in UK Patent Application 0613579.2 and examples of such devices are represented in Community Registered Designs Nos. 551122-0001 to -0004.
Whilst such memory devices with USB connectibility and of planar form can be used with a conventional, computer-mounted, USB connector, certain special circumstances or requirements can arise where the information or data contained in, or to be transferred to or from, the memory device is of a sensitive or privatre nature such that access thereto should be restricted and safeguarded (rather than being easily available through any conventional USB port. It is therefore considered desirable to provide a security system and apparatus that permits access to data in a restricted manner.
Summary of the Invention
According to one aspect of this invention there is provided a security system comprising, in use: a memory device with computer interface connectibility (e.g USB connectibility), said memory device comprising: -3.
a body having a substantially planar form (preferably of a thickness conimmensurate with the internal height between two opposed wider faces of a standard USB interface slot socket) and having the general shape of a polygon, and further having an interface connector (e.g. a USB connector) in use projecting from one edge of the polygon and occupying a predetermined position relative to two mutually spaced outermost edges of the polygon having a predetermined distance between them, and a read/write unit to read data from and/or to write data to the memory device, said unit having (a) an entrance slot to receive at least partially said body when the body is in use inserted into said slot with the connector leading, (b) mutually spaced engagement means -having a like predetennined distance between them -within the unit for engagement of the said two mutually spaced outermost edges of the polygon, (c) an interface slot socket (e.g. a USB interface slot socket) to receive and be couplingly connected to the projecting connector of a said inserted body, said socket occupying a position relative to said mutually spaced engagement means in correspondence with the said predetermined position of the connector.
The term "polygon" as used herein is not intended exclude shapes having linear edges that are curved at their ends to provide for the generally polygonal shape to have rounded corners.
It will be appreciated that by providing the mutually spaced engagement means with a predetermined distance between them which is substantially the same as (i.e. commensurate with) the predetermined distance between said two mutually spaced outermost edges of the polygon, insertion into or through the entrance slot of an improper, oversize memory device -that has a greater distance between said two outermost edges -is prevented.
Optionally, and for use with a plurality of memory devices having a common size of body but different predetermined positions for their respective projecting connectors, the read/write unit may include a plurality of interface slot sockets occupying different positions relative to the said mutually spaced enagagement means, each such socket position corresponding respectively with a different one of predetermined connector positions of the plurality of memory devices, but having a common entrance slot to receive at least partially said common size body when the body is in use inserted into said slot with the connector leading and having common mutually spaced engagement means -having a like predetermined distance between them -within the unit for engagement of the said two mutually spaced outermost edges of the common size polygon, Preferably the connector, or one of the connectors, has both its side edges spaced from the line of each of said two mutually spaced edges. Alternatively or additionally the connector, or one of the connectors, may have a side edge in alignment with one of said two mutually spaced outermost edges.
The mutually spaced engagement means may be provided by rollers, slides or other guidance members to guide the body of the memory device along the path of its insertion into the read/write unit.
Alternatively, and preferably, the mutually spaced engagement means are provided by the opposed, narrow, side walls of an open-mouthed, box-like receptacle having its mouth defmed by said entrance slot, a base wall of said receptacle serving to mount said interface slot socket and to provide an end stop for said one edge of the polygon when the memory device's body is inserted.
The effect of such mounting is to create the equivalent of a stepped recess with a wider portion adjacent the entrance slot and, opposite the entrance slot, with a narrower portion defined by the interface slot socket, the predetermined position of which corresponding with some precision to the predetermined position of the connector.
Accordingly a good mating physical fit is provided for the specific memory device employed, and the said read/write unit and memory device are thereby substantially dedicated to one another.
Advantageously, and to enhance the level of security for the system provided by the physical interfitting of the memory device and the read/write unit, the system may include a computer program in use responsive to a personal entitlement code associated with the memory device (e.g. at least in part encoded thereon) to ensure that only data to which that person is entitled can be written by the read/write unit onto that memory device.
In one embodiment the read/write unit is for use by a system administrator and the memory device therefor is the administrator memory device, and said security system comprises another, like, read/write unit, the two units being in use connected to one another with said other read/write unit being for use by an end user or data recipient and to receive another, like, memory device personal to that end user.
Preferably the security system is programmed to permit selected data from the updatable memory store to be transferred to the personal memory device under the control of the administrator's read/write unit.
Advantageously the administrator's read/write unit is programmed to manipulate and/or translate the selected data it receives into a uniform format and transfer it in that format (a) to the end end user read/write unit so as to be written to the pesonal memory device therein, and (b) to the administrator read/write unit so as to be written to the administrator's memory device therein to be added to previously written and transferred selected data pertaining to previous end users of the system.
Preferably, before transferring said selected data (which is preferably specific to the end user), the program controlling the administrator read/write unit generates a master code that is transferred to the end user read/write unit so as to be written to the personal memoiy device therein in combination with a personal code generated by the end user read/write unit.
In one preferred embodiment the (or each) said memory device comprises a memory device according to UK Patent Application No. 0613579.2.
According to another aspect of this invention there is provided security apparatus comprising a read/write unit having features suiting it for use in a security system according to said one aspect of the invention.
According to yet another aspect of this invention there is provided apparatus comprising a read/write unit comprising a memory card receiver to receive a memory card inserted therein and to effect read/write operations from/to the memory card, the receiver being adapted to interconnect in a plug-and-socket maimer with a projecting connector of the memory card and to accommodate fittingly (preferably matingly) a body portion of the memory card from which in use the memory card's connector projects.
Preferably, in a combination of the read/write unit of the previous paragraph and a memory card to be received therein as aforesaid, the body portion is substantially wider than the plug-and-socket interconnection of the combination.
In a preferred embodiment the read/write unit comprises a USB socket connector located at the foot of a recess of which the sides serve to guide insertion of the memory card's said body portion until said connector -a mating USB tab connector -engages in said plug-and-socket manner with the USB socket connector.
Brief Description of the Drawings
By way of example embodiments of this invention will now be described with reference to the accompanying drawings of which: Figure 1 is a front perspective view of a first read/write unit of an embodiment, Figure 2 is a rear perspective view of the read/write unit of Fig 1, Figure 3 is a front perspective view of a second read/write unit of an embodiment, Figure 4 is a rear perspective view of the read/write unit of Fig 3, Figure 5 is a schematic plan view of the units of Figs 1 to 4 and illustrating electrical connections between them, Figure 6 is a plan view of a memory device, in out-of-use condition, for use in the units of Figs 1 to 4, and Figure 7 is a plan view of the memory device of Fig 6 in a condition suiting it for use by insertion into the units of Figs 1 to 4.
Detailed Description of Example(s) of the Invention The illustrated security system 10 (Fig 5) is for use in a medical facility, e.g. in the surgery or consulting rooms of a doctor, physician, surgeon, dentist or veterinary surgeon, in a clinic or in a hospital. Its purpose is to provide for the secure downloading, onto a portable memory device, of a patient's personal medical records from a store of many such patient records held in a main computer of the medical facility. The illustrated security system lOis a "stand alone" installation in that it does not alter or interfere with the data stored in the main computer but simply reads any one of specific selections of that data that pertains, on a case-by-case basis, to a corresponding one, pre-authenticated patient (or other entitled recipient), and transfers that data to a memory device personal to that one patient. Optionally the data is manipulated and/or translated prior to transfer into a common, user readable format that is independent of the format of the originating data stored in the main computer.
The preferred illustrated system 10 (fig 5) comprises two read/write units 20,40 that are each co-operative, for reading and writing, with a memory device 50 (Figs 6,7) that is a flash memory card.
The memory device e.g. memory card 50 comprises a body 52 having a substantially planar form and having the general shape of a rectangular polygon of a size corresponding to that of a conventional credit card. The body 52 has a unifonn thickness which is comnunensurate with the internal height between two opposed wider faces of a standard USB interface slot socket, e.g. in this embodiment a height between 1mm and 2.7mm, and such that part of the body can be slidingly inserted into such a socket. The body 52 has a USB connector 55 of the same thickness as the remainder of body 52. This USB connector 55, at least in use, projects from one shorter edge 56 of the rectangular polygon and occupies a predetermined position relative to the two mutually spaced, outermost, longer edges 57,58 of the rectangular polygon. The predetermined distance D between these longer edges 57,58 is defined by the width of the card-like body 52, e.g. in this embodiment a width of 5.4cm. As shown best in Figs 6 and 7, the USB connector 55 itself has a width 4 and is located a distance ö (delta) from the nearest edge 57 of the memory card 50.
Although the USB connector 55 can be provided as a fixed and immovable extension of the remainder of the body 52, the present embodiment advantageously provides for the memory device 50 to be as proposed in UK Patent Application 0613579.2 whereby the USB connector 55 is movable, preferably pivotably, into and out of a slot 54 provided in the form of a cut-out (of the same width 4) in the shorter edge 56 of the body 52 of the flash card memory device 50.
The read/write unit 20 is for use by a system administrator. It comprises a housing of generally parallepiped form and has a front face 23 (Fig 3) with two slot-like openings 21,22 therein (see also Fig 5). An ON/OFF switch 24 is mounted on the front face 23 which is also provided with two LED visula indicators 26,27 labelled "LINK" and "POWER". The rear face 25 of the unit 20 (Fig 4), and/or a circuit board 29 (Fig 5) mounted within the housing of unit 20, serves to mount a mains power input connector 28, a mains power switch 30, a 5volt DC output connector 31 -deriving its power from a transformer/rectifier arrangement (not shown) located within unit 20-a mini-USB connector 32, and a full-size USB connector 34. The circuit board 29 serves to mount appropriate electronic components and circuitry designated 33 in Fig 5.
The read/write unit 40 also comprises a housing of generally parallepiped form is of parallelepiped form with a front face 43 (Fig 1) provided with just a single slot-like opening 41 therein (see also Fig 5). The front face 43 is provided with four LED visual indicators 46-49 labelled "POWER", "PROCESSING", "COMPLETE" and "ERROR". The rear face 45 of unit 40 (Fig 2), and/or a circuit board 39 (Fig 5) mounted within the housing of unit 40, serves to mount a Svolt DC input connector 42 and a mini-USB connector 44. The circuit board 39 serves to mount appropriate electronic components and circuitry designated 53 in Fig 5.
Each unit 20,40 also houses a flat, open-mouthed, box-like receptacle 60 having its mouth defined by or aligned with a respective entrance slot 21,22 and 41. The base wall 66 of each receptacle 60 serves to mount a respective USB interface slot socket 65 and provides an end stop for the leading shorter edge 56 of the rectangular memory device's body 52 when it is inserted into the entrance slot 2 1,22 or 41 (as the case may be). The side walls 67,68 of each box-like receptacle 60 are spaced apart by a distance D and thus serve as guidance members to guide the body of the memory device slidingly along the path of its insertion into the read/write unit 20,40. The USB interface slot socket 65 is to receive and be couplingly connected to the projecting USB connector 55 of' the relevant inserted card 50, said socket 65 occupying a position relative to the mutually spaced engagement means provided by walls 67,68 in correspondence with the predetermined position of the USB connector 55 on the card's body 52. In other words, and as shown schematically in FigS, the socket 65 is spaced a similar distance 8 (delta) from receptacle side wall 67 as the the distance 6 (delta) of connector 55 from the longer side edge 57 of the rectangular body 52.
The effect of such mounting is to provide the interior of each receptacle 60 as substantially equivalent to a stepped recess with a wider portion adjacent the entrance slot 21,22 or 41, and, opposite that entrance slot, with a narrower portion defined by the USB interface slot socket 65 and having a predetermined position corresponding with some precision to the predetermined position of the USB connector 55.
Accordingly a good mating physical fit is provided for the specific memory device 50 employed, and the said readlwrite unit 20,44) and memory device 50 are thereby substantially dedicated to one another.
Assembly of the system 10 and interconnection of units 20 and 40 are best illustrated in Fig 5. This shows, somewhat schematically, a mains power cable 35 connected from a mains source (not shown) to input connector 28, a low-voltage cable 36 interconnecting ouput connector 31 of unit 20 to the input connector 42 of unit 40, a USB cable 37 interconnecting connector 34 of unit 20 with the connector 44 of unit 40, and another USB cable 38 connecting connector 32 of unit 20 to a USB port of the main computer (not shown).
It will be appreciated that almost every doctor's surgery or other medical facility in the UK operates a medical information system (MIS) to manage its patient medical records, and that, with the above-described and illustrated system 10, such an MIS is capable of exporting an individual patient's (or user's) medical record -upon the user's request -to the user's personal and portable memory device e.g. memory card 50.
This will allow the user to access/read the data as necessary at various different locations -including on his/her personal computer, other computers he/she may use for his/her needs, or even indeed a computer system at another doctor, specialist, physician or surgeon -merely by connecting that personal memory card 50 into the standard USB socket of that computer. The "location" can be either secure or insecure, such as an Internet Café, Airport etc. In both cases, the information on the personal memory device e.g. memory card 50 must be "read only", i.e. be only viewable and non-modifiable; it must not be cached or passed to some other computer programs.
Furthermore, for "writing" the data to the personal memory device e.g. memory card it is of prime importance that the user's authenticity be verified (e.g. by presentation of a passport or other photographic ID) when he/she comes to the surgery to obtain a data download onto his/her personal card. Moreover, and that after successful verification and during the medical data export in a secure and authorised manner (e.g. by the doctor or an authorised member of the surgery staff), the user's card must be -11 -prevented from infecting the surgery's computer with viruses and malware from the card.
To achieve these criteria, the system and its operation can be considered composed of the following 3 different parts or stages: 1. The "Card Issuing Stage", 2. The "Surgery Stage" and 3. The "End User Stage".
Each of these 3 stages involves data storage on one or more different removable media devices e.g. memory cards 50, and each such stage includes storage onto the respective memory device 50 of some software components and a special protected area (e.g. a file) which is encrypted using a combination encryption technique.
Stage 1 The office responsible for issuing the cards (which may be the doctor's surgery or, preferably, the main service provider supplying the memory cards 50) creates both a surgery card 50 for use in unit 20 and an end user card 50 for use in unit 40. Each doctor's surgery has its own unique RSA 4096 Digital Signature and this is incorporated into each of the user cards 50 of end users belonging to, i.e. patients of, that particular surgery. This ensures that any end-user card 50 will be operational (i.e. susceptible of being written to) only within that doctor's surgery -although, as indicated above, that end-user card 50 can be read from at any other surgery or by the patient himself/herself.
Usually the (or each) office responsible for the card issuing stage produces just one "Office" card and this holds a list of surgeries and their associated unique RSA 4096 Digital Signatures. The "Office" software has the capability to activate an empty card for the office, for a surgery and for the end user. This "Office" software asks for an encryption pass-phrase to be provided, and from this it generates a code in the form of an AES 256 key' for the card being encrypted. The office card 50 cannot be used in the system 10 before it is authenticated and authorised, to which end an Office employee enters (into the PC running the software) the pre-selected encryption pass-phrase and this grants authorization or authentication to the office card 50. Once authorized or authenticated, the Office employee can perform one or more of the following: * Change his/her current pass-phrase.
* Create Surgery and User cards * Manage records pertaining to card usage by surgeries and users.
* Delete a surgery or a user.
Stage 2/3 The Surgery Stage and the User Stage are provided in the surgery premises by the two terminals or read/write units 20,40. As indicated above, the surgery tenninal 20 and the user terminal 40 are interconnected to each other, and the surgery terminal 20 is further connected to the computer on which the Medical Information System (MIS) is installed. Under the software installed on that computer, the surgery terminal 20 acts and controls the activity of the end user terminal 40, but does not permit back interference' from terminal 20 (or 40) to the MIS. System 10 thus functions as a stand alone' system. The surgery terminal 20 is activated by inserting the surgery card 50 and entering the correct pass-phrase for that surgery. The surgery terminal 20 is inactive and cannot be used for data transfer if the correct surgery pass-phrase has not been first entered, whereby the user terminal 40 in consequence remains inactive as well. Once the correct surgery pass-phrase has been entered both the surgery terminal 20 and the end user terminal 40 are activated.
When the user inserts his/her flash memory card 50 into the user terminal 40, the surgery software application produces an RSA Handshake Test upon the user card 50.
If the card signifies the user does not belong to (i.e. is not a patient of) that particular surgery, the surgery terminal 20 de-activates the user terminal 40.
To provide for this, the surgery card 50 initially received from Stage 1, i.e. from the card issuing office, has an RSA 4096 (handshake) public key part recorded on it by that office for user card identification when the user comes to the surgery. The software application running on the surgery computer renders a number of operations available for the surgery with the surgery card 50, including: * Change of the surgery card encryption pass-phrase, * Register a new User card into the surgery card database issued by the Office and signed with the handshake key, * Perform an MD5 checksum to check if data was tampered with by the user since his/her previous update, * Upload a User's medical data from the main computer's MIS to his/her card, and * Browse/Manage an associated user database.
To be initially issued with an end user flash memory card 50 from the Card Issuance Office of Stage 1, i.e. the main service provider (which is generally consituted by the doctor's surgery or, preferably, the supplier of the memory cards 50), the prospective user must first subscribe to the service by completing a form with his/her details either at the surgery or from the website of the main service provider. A clerk or other employee of the main service provider registers the user with his/her details in the office registry and initializes/activates an end user card in tandem with the office software and the service provider's main office (backup) card 50.
Once the user receives his/her personal card 50, he/she will have to choose a pass-phrase to activate the card. A Dynamic AES 256 volatile key and an RSA 4096 public and private key pair are generated based on this chosen pass-phrase. Both the public and private keys are stored on the end user's card 50 until he/she proceeds to register at the doctor's surgery.
For such registration, the first time the user goes to the surgery (s)he needs to present a personal identification document, e.g. Passport or Driving Licence. After the doctor's receptionist has confirmed the user's identity, the user is asked to insert his/her card 50 into the user terminal 40. An RSA 4096 key handshake attempt is effected between the surgery card in terminal 20 and the end user card 50 in terminal 40 to check if the user card 50 is genuine and if its owner is a patient of that particular surgery. At this point the user's personal details and the RSA 4096 public key (which was generated based on his pass-phrase) is exported to the surgery card 50 in terminal 20.
The RSA 4096 public key is then erased from (or ceases to exist on) the user card 50 in terminal 40 until the user decides to change his/her pass-phrase.
Prior to export of a user's personal Medical Data to that user's flash memory card 50 in terminal 40, the RSA Handshake test first checks to see if this particular card 50 belongs to a patient of this surgery. Once the user's card 50 passes the RSA Handshake test, the surgery program will generate a one-time random AES encryption key and encrypt the medical data of that particular user with it. The AES key set itself is encrypted by the user's public key part of the RSA 4096 bit key stored in that user's record on the master card 50 in the read/write terminal 20. It then applies the MD5 algorithm on the encrypted data, and stores the digest on the master card 50 in the read/write terminal 20.
Finally the program stores the encrypted medical data and the encrypted AES key set to the user card in the read/write terminal 40. The AES key set can now be decrypted by the private part of the RSA 4096 key which is stored on the User card and is protected by the encryption pass-phrase. This ensures that only the genuine end user who possesses the card and knows the correct pass-phrase can access the medical data recorded thereon.
The detail of this procedure, whereby the user-specific personal medical data is exported to the user's card 50, is as follows. When the user comes to the surgery to download his/her medical data, he/she inserts his/her card 50 into the terminal 40. The RSA Handshake test checks to see if this particular card belongs to this surgery. Once the RSA Handshake is successfully passed, the MIS will export the patient's medical data to a program "clip-board" in an unstructured text format. The surgery program then parses that text in to an XML format and stores it in binary databases, generates a one-time random AES key, encrypts the databasesusing this AES key, then utiises the user's private key stored on the surgery card 50 in terminal 20 to encrypt it (further), applies the MD5 algorithm on the encrypted data, and then stores the digest on the surgery card 50 in terminal 20 for time-stamp purposes. Finally the program scrambles the encrypted medical data and stores it to the end-user card 50 in terminal 40. The AES key set can now be decrypted by the private part of the RSA 4096 key which is stored on the user's card 50 and which is protected by the encryption pass-phrase. This ensures that only the genuine user who possesses the user card and knows the correct passphrase can access the specific medical data personal to himlher and stored on that user card 50.
It will be appreciated that data security is maximised in the above-described embodiment of this invention separately and jointly by the software program and by the physical interfitting of the card 50 and its associated terminal 20,40. This physical interfitting includes: * the guiding/sliding between the card edges 57,58 and the correspondingly distanced receptacle walls 67,68 providing a mating fit with one another, * the guiding/sliding between the the card's USB connector tab 55 and the USB socket 65 which are a close and mating fit with one another, and additionally * the resilient gripping interconnection of the card's USB connector tab 55 and the USB socket 65 due to the standard resilient contacts provided in the socket 65.
From the foregoing it will be appreciated that secure computer downloads can be readily made to a portable, personal memory device such as a USB flash memory card 50. For this, two linked card reader' units 20,40 are provided capable of writing to and reading from two rewritable data storage cards 50 provided with USB connectors, for example such as the cards illustrated in Community Registered Designs Nos. 551122-000! to -0004. One card reader, the master unit 20, controls download from the main system computer to the other card reader, the end user unit 40, after supplying a master' key code (somewhat like a public key code) to the end user data storage card in the end user unit 40. The latter uses that key code to compose a composite master +private' key code which is supplied to the data storage card 50 in the end user unit 40. Once security enabled' by receipt and recordal of the master +private' key code, the operator can switch from computer isolated' mode to download' mode to permit download to the end user card 50 of specific pre-selected data from the MIS (i.e. data specific to that end user) and to the master card which holds data of all users -or at least those to whom an end user download has been made.
In optional modifications, and either as an alternative to or in addition to the read/write unit 20 and/or 40 being for use with the memory device provided by the flash memory card 50 of Figs 6 and 7, the unit 20 and/or 40 may be capable of reading from and writing to a memory device 50 that is a flash memory card of different shape and/or of different construction. Such an alternative card may be one of the other shapes represented in Community Registered Designs Nos. 551122-000! to -0004. It may instead be a card such as that illustrated in WO-2005/124932 where -instead of the USB connector 55 having both its side edges spaced from the line of each of the two mutually spaced longer side edges 57,58 of the card -the USB connector 55 has a side edge in colinear alignment with one side edge 57 (or alternatively 58) so that 6 = zero (or alternatively 6 = D-d). Clearly in such a case, the USB connector 55 must needs be fixed and rigid with the remaining body of the card 50. Such a fixed/rigid form of construction may be employed for one of the other alternative cards 50 just described instead of having the USB connector 55 movable (preferably pivotably) as for example described in UK Patent Application 0613579.2.
Where either or both of the terminals 20,40 is for use with a plurality of memory devices having different predetermined positions for their respective projecting USB connectors 55, the or each read/write unit 20,40 will need to include a plurality of USB interface slot sockets 65 occupying different positions (i.e. different values of 6) relative to the mutually spaced, card-guiding, enagagement means provided by the side walls 67,68 of the open-mouthed, box-like receptacle 60, and with each such socket -17 -position corresponding respectively to a different one of the predetermined USB connector positions (i.e. different values of ô) of the plurality of memory devices 50.
It will be recognised by those skilled in this art that the memory cards 50 employed may be other than the specific type of non-volatile memory represented by flash cards.
It will Likewise be recognised by those skilled in this art that the connector 55 and interface socket 65 need not provide for a USB interface but may comprise an alternative kind of interface, e.g. an IEEE 1394 (Firewire) interface, that supports mass-storage.
It will be appreciated from the foregoing that the software governing operation of the system 10 of this embodiment provides a program to manipulate and/or translate the selected data to be received by unit 20 into a uniform format, e.g. the format of a conventional text file or of an XML format, and transfer it in that fonnat (a) to the end end user read/write unit 40 so as to be written to the personal memory device 50 therein and be thereby readable as conventional text by a conventional word processor program on a home computer, and (b) to the administrator read/write unit 20 so as to be written to the administrator's memory device 50 therein to be added to previously written and transferred selected data pertaining to previous end users of the system (optionally also so as to be thereby readable as conventional text by a conventional word processor program on a home computer).
It will also be appreciated that one or other (or each) of the read/write units 20,40 can be provided independently of the system as a whole. Thus, for example, a read/write unit may be provided comprising a memory card receiver to receive in use a memory card inserted therein and to effect read/write operations from/to the memory card, the receiver being adapted to interconnect in a plug-and-socket manner with a connector of the memory card and to accommodate fittingly (preferably matingly) a body portion of the memory card from which in use the memory card's connector projects. In a preferred embodiment the readlwrite unit comprises a USB socket connector located at the foot of a recess of which the sides serve to guide insertion of the memory card's said body portion until said connector -a mating USB tab connector -engages in said plug-and-socket manner with the USB socket connector. It will be noted that in a preferred combination of such a read/write unit and a memory card to be received therein as aforesaid, the memory card's body portion is substantially wider than the plug-and-socket interconnection of the combination.
It will further be appreciated that other modifications and embodiments of the invention, which will be readily apparent to those skilled in this art, are to be deemed within the ambit and scope of the invention, and the particular embodiment(s) hereinbefore described may be varied in construction and detail, e.g. interchanging (where appropriate or desired) different features of each, without departing from the scope of the patent monopoly hereby sought.

Claims (19)

  1. -19 -
    I. Apparatus comprising a read/write unit including a memory card receiver to receive a memory card inserted therein and to effect read/write operations fromlto the memory card, characterised in that the receiver incorporates internally within it a USB interface slot socket that is adapted to interconnect in use in a plug-and-socket manner with a projecting USB interface cormector of the memory card and to accommodate fittingly (preferably matingly) a body portion of the memory card from which in use the memory card's USB interface connector projects.
  2. 2. Apparatus according to Claim 1, wherein the body portion is substantially wider than the plug-and-socket interconnection of the combined memory card receiver and a memory card received therein.
  3. 3. Apparatus according to any preceding Claim wherein the body has a thickness commmensurate with the internal height between two opposed wider faces of a standard USB interface slot socket.
  4. 4. Apparatus comprising in use a memory device with computer interface connectibility, and a read/write unit to read data from and/or to write data to the memory device, wherein said memory device comprises a body having a substantially planar form and having the general shape of a polygon, and further having an interface connector in use projecting from one edge of the polygon and occupying a predetermined position relative to two mutually spaced outermost edges of the polygon having a predetermined distance between them, and wherein said read/write unit comprises: (a) an entrance slot to receive at least partially said body when the body is in use inserted into said slot with the interface connector leading, (b) mutually spaced engagement means -having a like predetermined distance between them -within the unit for engagement of the said two mutually spaced
    S
    -20 -outermost edges of the polygon and to guide the body during its insertion and withdrawal into and from said slot, (c) an interface slot socket occupying a position relative to said mutually spaced engagement means in correspondence with the said predetermined position of the connector such as to receive and be couplingly connected to the projecting interface connector of a said inserted body in a plug-and-socket manner and internally of the read/write unit.
  5. 5. Apparatus according to Claim 4, wherein no connector, or at least no connector of a different kind, is provided on any other of the edges of the polygon.
  6. 6. Apparatus according to Claim 4 or Claim 5, wherein said body's interface connector is a USB connector and the said interface slot socket is a USB interface slot socket, whereby interconnection of the USB connector and the USB interface slot socket provides USB interface connectibility between the memory device and the read/write unit via a USB connection, and wherein said body has a thickness commmensurate with the internal height between two opposed wider faces of a standard USB interface slot socket.
  7. 7. Apparatus according to any one of Claims 4 to 6, and for use with a plurality of memory devices having a common size of body but different predetermined positions for their respective projecting connectors, wherein the read/write unit includes a plurality of interface slot sockets occupying different positions relative to the said mutually spaced enagagement means, each such socket position corresponds respectively with a different one of predetermined connector positions of the plurality of memory devices, the read/write unit has a common entrance slot to receive at least partially said common size body when the body is in use inserted into said slot with the connector leading, -21 - and the readlwrite unit has common mutually spaced engagement means -having a like predetermined distance between them -within the unit for engagement of the said two mutually spaced outermost edges of the common size polygon.
  8. 8. Apparatus according to any one of Claims 4 to 7, wherein the connector, or one of the connectors, has both its side edges spaced from the line of each of said two mutually spaced edges.
  9. 9. Apparatus according to any one of Claims 4 to 8, wherein the connector, or one of the connectors, has a side edge in alignment with one of said two mutually spaced outermost edges.
  10. 10. Apparatus according to any one of Claims 4 to 9, wherein the mutually spaced engagement means are provided by rollers, slides or other guidance members to guide the body of the memory device along the path of its insertion into the read/write unit.
  11. 11. Apparatus according to any one of Claims 4 to 10, wherein the mutually spaced engagement means are provided by the opposed, narrow, side walls of an open-mouthed, box-like receptacle having its mouth defined by said entrance slot, a base wall of said receptacle serving to mount said interface slot socket and to provide an end stop for said one edge of the polygon when the memory device's body is inserted.
  12. 12. Apparatus according to any one of Claims 4 to 11 including a computer programmed to provide a security system that is responsive in use to a personal entitlement code associated with the memory device to ensure that only data to which that person is entitled can be written by the read/write unit onto that memory device.
  13. 13. Apparatus providing a security system according to Claim 12, wherein the personal entitlement code associated with the memory device is at least in part encoded on the memory device.
  14. -22 - 14, Apparatus providing a security system according to Claim 12 or Claim 13, wherein the read/write unit is for use by a system administrator and the memory device therefor is the administrator memory device, and said security system comprises another, like, read/write unit, the two units being in use connected to one another with said other read/write unit being for use by an end user or data recipient and to receive another, like, memory device personal to that end user.
  15. 15. Apparatus providing a security system according to Claim 14 and programmed to permit selected data from an updatable memory store to be transferred to the personal memory device under the control of the administrator's read/write unit.
  16. 16. Apparatus providing a security system according to Claim 14 or Claim 15, wherein the administrator's read/write unit is programmed to manipulate and/or translate the selected data it receives into a uniform format and transfer it in that format (a) to the end end user read/write unit so as to be written to the pesonal memory device therein, and (b) to the administrator read/write unit so as to be written to the administrator's memory device therein to be added to previously written and transferred selected data pertaining to previous end users of the system.
  17. 17. Apparatus providing a security system according to Claim 15 or Claim 16 wherein, before transferring said selected data, the program controlling the administrator read/write unit generates a master code that is transferred to the end user read/write unit so as to be written to the personal memory device therein in combination with a personal code generated by the end user read/write unit.
  18. 18. Apparatus providing a security system according to any one of Claims 15 to 17, wherein said selected data is specific to the end user.
  19. 19. Apparatus substantially as herein described with reference to and/or as illustrated in the accompanying drawings.
GB0622794A 2006-07-10 2006-11-15 Security systems and apparatus Expired - Fee Related GB2443878B (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
GB0622794A GB2443878B (en) 2006-11-15 2006-11-15 Security systems and apparatus
GB0713252A GB2440041B (en) 2006-07-10 2007-07-09 Memory devices and security systems and apparatus for use with such memory devices
AU2007274028A AU2007274028A1 (en) 2006-07-10 2007-07-10 Memory devices and security systems and apparatus for use with such memory devices
EP07766435A EP2044560A2 (en) 2006-07-10 2007-07-10 Memory devices and security systems and apparatus for use with such memory devices
PCT/GB2007/050393 WO2008007139A2 (en) 2006-07-10 2007-07-10 Memory devices and security systems and apparatus for use with such memory devices
CA002659812A CA2659812A1 (en) 2006-07-10 2007-07-10 Memory devices and security systems and apparatus for use with such memory devices
PCT/GB2007/050692 WO2008059291A2 (en) 2006-11-15 2007-11-15 Security systems and apparatus
US12/319,582 US20090182911A1 (en) 2006-07-10 2009-01-09 Memory devices and security systems and apparatus for use with such memory devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0622794A GB2443878B (en) 2006-11-15 2006-11-15 Security systems and apparatus

Publications (3)

Publication Number Publication Date
GB0622794D0 GB0622794D0 (en) 2006-12-27
GB2443878A true GB2443878A (en) 2008-05-21
GB2443878B GB2443878B (en) 2011-06-15

Family

ID=37605347

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0622794A Expired - Fee Related GB2443878B (en) 2006-07-10 2006-11-15 Security systems and apparatus

Country Status (2)

Country Link
GB (1) GB2443878B (en)
WO (1) WO2008059291A2 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004227455A (en) * 2003-01-27 2004-08-12 Dainippon Printing Co Ltd Reader/writer for ic card
JP2004234254A (en) * 2003-01-29 2004-08-19 Dainippon Printing Co Ltd Ic card reader/writer
JP2004265166A (en) * 2003-03-03 2004-09-24 Dainippon Printing Co Ltd Reader writer for ic cards
JP2005197909A (en) * 2004-01-06 2005-07-21 Funai Electric Co Ltd Digital camera

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040075977A1 (en) * 2002-10-22 2004-04-22 Kuo-Shao Lee USB memory receptacle of electronic device
DE202004008661U1 (en) * 2004-06-02 2004-08-05 Wem Technology Inc. Connector for four types of memory card, namely: secure-digital memory card, multi-media memory card, reduced size multi-media memory card and mini secure digital memory card
US20060226223A1 (en) * 2005-04-06 2006-10-12 Northstar Systems Corp. Socket of card reader (ii) for memory card with connecting terminals following specification of USB containing card-unloading structure
US20070247803A1 (en) * 2006-04-24 2007-10-25 Immanuel Eickholdt Portable computing device housing assembly, and associated methodology, providing for carriage of an external mass storage device
US7866996B2 (en) * 2006-05-24 2011-01-11 Sandisk Il Ltd. Internal UFD
GB2440041B (en) * 2006-07-10 2011-08-24 Hes Ltd Memory devices and security systems and apparatus for use with such memory devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004227455A (en) * 2003-01-27 2004-08-12 Dainippon Printing Co Ltd Reader/writer for ic card
JP2004234254A (en) * 2003-01-29 2004-08-19 Dainippon Printing Co Ltd Ic card reader/writer
JP2004265166A (en) * 2003-03-03 2004-09-24 Dainippon Printing Co Ltd Reader writer for ic cards
JP2005197909A (en) * 2004-01-06 2005-07-21 Funai Electric Co Ltd Digital camera

Also Published As

Publication number Publication date
GB2443878B (en) 2011-06-15
GB0622794D0 (en) 2006-12-27
WO2008059291A2 (en) 2008-05-22
WO2008059291A3 (en) 2008-10-02

Similar Documents

Publication Publication Date Title
US20090182911A1 (en) Memory devices and security systems and apparatus for use with such memory devices
EP1001329B1 (en) A user-computer interaction method for use by flexibly connectable computer systems
US7249266B2 (en) User-computer interaction method for use by a population of flexible connectable computer systems
US20070033320A1 (en) Crypto pass-through dangle
EP1910911B1 (en) Mass storage device with near field communications
US6088802A (en) Peripheral device with integrated security functionality
US6003135A (en) Modular security device
US20070276760A1 (en) Digital Copyright Management Using Secure Device
JP4610557B2 (en) DATA MANAGEMENT METHOD, PROGRAM THEREOF, AND PROGRAM RECORDING MEDIUM
JP2008084059A (en) Electronic apparatus and information processing method
US7849513B1 (en) Method and system for authorizing use of software programs
WO2012024115A1 (en) Method and system using two or more storage devices for authenticating multiple users for a single transaction
US20030097580A1 (en) Data encipher/decipher system for a portable rack of a computer
KR101043255B1 (en) Usb hub device for providing datasecurity and method for providing datasecurity using the same
GB2443878A (en) Card reader with internal USB connector
TWI835134B (en) Card reader and controller thereof, and method for permission management
WO2004081706A2 (en) Method and apparatus for controlling the provision of digital content
JPS62134679A (en) Encryption document generator/reader
US12032700B2 (en) Embedded removable boot drive
CN1328671C (en) Method of activating virtual hard disc in computer and its portable key
JP2001084081A (en) Multi-function keyboard
KR20050079951A (en) Authetification system using public certification with smart card that includes i.c chip
eToken eToken PRO & eToken PRO HD
CN117131554A (en) Card reader, controller and authority management method thereof
TW540215B (en) Encryption and protection method of software message

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20121115