TW456103B - Reconfigurable secure hardware apparatus and method of operation - Google Patents

Abstract

A system and method of ensuring that a hardware apparatus in a data-link system can be operated only by an authorized user. The method comprises the steps of assigning a unique identification number to the hardware apparatus, generating at least one security information set for the hardware apparatus which is based on the unique identification number of the hardware apparatus, distributing to an authorized user at least one data string from which the security information set for the hardware apparatus can be derived to functionally enable the hardware apparatus, and inputting the data string into the hardware apparatus to either disable at least one level of functionality of the hardware apparatus if an incorrect security information set is derived from the data string, or to enable at least one level of functionality of the hardware apparatus if a correct security information set is derived from the data string.

Description

456103 Description of the invention fr The invention of the technology street fr * r domain This invention is widely used to explain the domain of the computer hardware device architecture * More clearly illustrates the design and redesign of a cryptographic key system 1 ^ · Ε: ίί & lt A system and method of sighing device with an electric monthly bag rX% 3 Background of the Invention Today's computer systems and other growing numbers of devices are combined and interfaced. According to an accurate inspection measurement, it is usually established in an authorized group Or the boundary between devices is more desirable to ensure proper use of computer hardware & software ^ data. Various solutions have been developed to ensure that only authorized groups can use the information transferred between individuals by an electric pedal. One such method to ensure proper authorization is the common key password m: 〇 Common key The password uses an encrypted word key set composed of two word keys. Generally, valid software can use any of the two word keys to encrypt a computer file. If it is not decoded, the computer file can be operated and retrieved. Generally, as long as a user can provide the proper complement of the key used to encrypt the file, the valid software can also decode the same encrypted file similarly to each of the encryption / decoding key sets- Each word key encrypts the data, and can be used to complement the numeric keys to decode the data. However, it is extremely difficult and time-consuming to determine a word key in the key group from knowing the other word keys. This fact allows a messenger to disclose a key in the key group in order to be willing to use it. Allows the weekly person to pass the message to the messenger's first benefit and the 1 public rir ten key • Encrypt the message. The two should keep the complement or " find the cornerstone horse π, 1-. Secret so that only the user can decode this method #: 人 利 同

Df- V87 \ 55437. Ptd page 6 456103 V. Description of the invention (2) The message transmitted by the common word key. Conversely, a person who uses the unique base code can encrypt a message that is transmitted to another person. The message can be decoded only if the recipient has the right to make the public key. In this case, the originator of the message may be told to the recipient as the holder of the exclusive Kima. In addition, if the sender of the message reveals the public key to only a small group of recipients, it can be reasonably confirmed that the sender of the message can only decode the message by the recipient of the design. The right to use the decode key = the software provider can use the same encryption technique to control the right to use the software program. By encrypting the file with one word key and providing the other word keys on a limited basis, the software provider can prevent unauthorized use or copying of US products. However, the above-mentioned solution only explains the control of the use right of the asset or a group of software objects. It cannot explain the security issues surrounding the computer peripherals and their environment. One such peripheral device is a portable electrical communication interface specification (P C M C I A) card. The computer card meets the minimum compliance requirements of the PCM CIA standard (herein incorporated by reference). The PCMC I A card is typically used to add the functionality or memory of a personal computer, portable computer, or desktop computer (ie, host computer), as described in the PCMC I A standard. Many types of P C M C I A cards can be effectively used, including input / output (I / 0) PCM C I A cards that transfer data between a main track system and an I / O bus, and data acquisition P C M C I A cards. Type 1 data acquisition card reception and digitization Analog information from sensors, and before transferring that information to the host computer

D: \ Y87 \ 55437. Ptd Page 7 4 5 6 1 0 3 V. Description of the invention (3) Temporarily store the information. A typical PCMCIA card includes a standard PCMCIA connector connected to a PCMCIA interface circuit via a standard PCMCIA bus. The PCMCIA interface circuit operates in accordance with the standard PCMCIA protocol to transfer data to and from a host computer. Computer receives data. The typical PCMCi A card can also include a PCMCIA card controller to transfer data to and from the PCMCIA interface circuit, and to control the operation of the functional hardware on the card. For example, 'If the PCMCI A card is a memory card, the functional hardware is memory (such as a cluster of random access memory (RAM) chips or a hard drive), and the PCMC IA card controller controls The memory is read and written. It can be implemented as wired hardware serialization or programmable logic (such as one or more digit programmable gate arrays (FPG As)) like pCMc A card controller and boundary circuit. The programmable structure of the FPGAs is provided through a programmable logic data segment, where the programmable logic data segment is connected to each other by an intelligent layer of selected path resources. The programming data is loaded into the internal static memory unit to formulate the device. ^ FPGA programming data is specially designed data. It defines the internal data segment of the F PGA and the pain of its success. Typically, when a PCMCIA card is inserted into a host computer that is in operation (that is, the power is turned on) or inserted into a main circuit of an immediate machine, the PCMC ΑΑ card has the pcMnA card screwdriver and the sector靣 The circuit is executed in an FPGA (s), then the “to” is stored in the nonvolatile memory of the PCMC [A card]. For example, the electrical type can be programmed to read only 100 million, the electrical type can be cleared Stylized read-only record of Yiji, flash memory

Page 8 I); \ Y87 \ 55437. Ptd 4 5 6 1 Q 3_ 5. Description of the invention (4) Memories, etc.) FPG A programming data design. However, the memory required for storing the FPGA programming data usually consumes a measurable area in the PCMCIA card. The measurable area can be used to provide other functions in the PCMCIA card. In addition, since the card is easily stolen, a security agreement should be established to ensure the authorized use of the programmable computer hardware device and programming, especially when the device is designed to protect data or access data and When including key information to protect data or data access, a security agreement should be established. If so, an improved system and method are needed to ensure the authorization and safe use of a computer hardware device. An improved type is also required System to ensure the authorization and secure programming of programmable computer hardware devices. In addition, an improved system is needed to ensure the authorization and secure programming of reconfigurable electronic hardware devices. There is also a need for an improved system to ensure authorized and secure communication between re-programmable computer hardware devices and the main gaming system. What's more, a system is needed to prevent unauthorized execution of program 3 on unauthorized hardware devices. A system is also required to fulfill each of the above requirements in a single system solution. The invention provides a system and method for re-planning a secure hardware device in a data link system. One of the data linking systems includes multiple objects for data exchange, which substantially eliminates or cuts and reissues previously issued

D: \ VS7 \ 55437.ptd 456103 V. Description of the invention ί5) Points and problems associated with the system and method for planning hardware devices. More specifically, the present invention provides a system and method for ensuring that a hardware device is operated by only a messenger in an oblique knot system. The method includes the steps of: assigning a unique number * may be a serial number to the hardware device, generating at least one word key or a word key group for the hardware device according to the unique serial number of the hardware device, and allocating at least one data String to an authorized user, wherein the key set of the hardware device can be derived from the data string to functionally enable the hardware device, and enter the data string into the hardware device, such as from the An incorrect word key set derived from the data string inhibits at least one level of function in the hardware device, or a correct word key set derived from the data string enables at least one level of function in the hardware device. The supplementary system of the reconfigurable safety hardware device of the present invention provides a method and system for ensuring that only two authorized hardware systems can be used by one authorized computer system or one authorized electronic system group. A method and system for ensuring that a reprogrammable secure hardware device can only be designed by an authorized user using an authorized host computer system. A further system of the present invention ensures that neither the re-programmable safety hardware device nor the main track system will have sufficient information separately to allow an already acquired main track system or the re-programmable Of the two security hardware devices, the only one that allows the right person to successfully operate the re-programmable security hardware device is another unauthorized gaming system. In a still further system of the present invention, a part of a cryptographic shame is recorded in a billion-body position of the re-planable security hardware device_, and another part of the encrypted code is recorded in the master Computer t. Preventive

D: \ V87 \ 55437. Ptd Page 10 456103 V. Description of the invention (6) Two unauthorized persons who can re-regulate the security hardware device or make the main electronic library material store find an account and The more related parts between the related personal serial numbers. The invention also provides the use of a changeable personal encryption key stored in a memory location. A further system of the present invention can store multiple word keys. The present invention includes one word key for each word key group. The misstore is generated by an extension of the standard CIS (Card Information Structure) memory space of the PC card. If so, an object of the present invention is to substantially improve the security protocol of a computer hardware device. A technical advantage of the present invention is that it provides a personal identification verification method, in which any part of the terminal system can be accessed, only that part needs to associate an account number and feature information For effective and thoughtful. Another advantage of the present invention is that it can authorize the device operation of the entire device key set to store an encrypted typing key, or store additional passwords for individual key sets, which can be based on the user's Depending on the choice = yet another advantage of the invention in the street is the combination of these two capabilities, the ability to prevent software plagiarism, and the ability to allow secure user communication via accelerated encryption in a single device. Brief Description of the Drawings Reference is made to the following detailed description together with the accompanying drawings, wherein similar reference numbers in the drawings refer to similar characteristics, to obtain a more complete understanding of the present invention and its advantages, of which: Figure 1 is A system overview of a system of the re-programmable safety hardware device of the present invention;

D: \ Y87 \ 55437.ptd Page 1 of 4 5 6103 5 'Invention 玥 (7)' Figure 2 shows the · · ~ production designated key? Figure 3 is a flowchart of the method of the method. Figure 3 is a flowchart of a note-injection procedure by one of the systems according to the present invention. Figure 4 is a flowchart of a software registration method that enables the present invention to be re-planned. The use of a secure hardware device has 'protection against plagiarism'; Figure 5 illustrates a method of machine registration; Figure 6 is a flowchart of a QARD insertion procedure according to one of the systems of the invention: Figure 7 illustrates a method according to the invention A method for password protection of the system; and FIG. 8 illustrates one system of the reconfigurable security hardware device of the present invention. Figure 9 illustrates a functional block diagram of the re-programmable computer hardware device. DETAILED DESCRIPTION OF THE INVENTION Several systems of the present invention will be described in detail below and in the drawings. Similar numbers are used to refer to similar and corresponding parts in the different drawings. It should be understood, however, that the present invention can be modified, changed, and altered without departing from the spirit and scope of the invention. The present invention implements a splittable card, where the detachable card can be used to operate on different computing devices. For example, a PCMC I Α card slot can be used on a personal computer to use a detachable card. The following is a description of a detachable card (hereinafter referred to as a "PC-card") thrown on a personal computer, but the present invention can also be applied to other types of computing devices.

D: \ V37 \ 55437. Ptci 12th I 456103 V. Description of the invention (8) An example of a PC-card that can execute the present invention is a re-programmable security hardware device, or a re-planable calculation (RC ) Cards, such as RC cards designed by QUI CKFLEX Inc., Austin, Texas. The Quick Qard technology is composed of a series of several PO card products, allowing different software applications to define the hardware in the PC-card, specifically defining that each one executed at the time should be two. The RC PC-card is nicknamed 1'QUICK QARDS " or n QARDSn, and can be used in a variety of standard or customized interfaces and hardware acceleration software. Applications that can benefit from QQT include personal digital assistant interfaces, PC industry, industry, analog > video, audio, encryption, e-task games and more. The security features of the re-programmable security hardware device of the present invention described herein can be used for third-party software access or plagiarism protection. The third-party software may be composed of a configuration file of a hardware device contained in the PC-card, or the third-party software may be software that does not normally set the re-programmable computing viewpoint of using the PC-card. The safety feature of the present invention can be implemented like a safety system, and the safety feature can also be adapted to the execution types of other non-QQT products. Li Zhou said that the security features of the present invention can achieve the protection of archives, including files, materials, executable code, direct decoding, or other intellectual property rights or information that need to be protected. Protection can be achieved through the use of different public week key groups. Half of each public key group is stored in the PC-ten, which can be physically protected because it is detachable, and at the same time, another common key group can be stored on the main electronic system. half. A re-programmable calculation can be performed on the PC-card to implement a supplementary security layer,

D: \ V8T \ 55437. Pud page 13 456103 V. Description of the invention (9) Encryption / Decoding General Rules "and" Easily Adaptable Reprogrammable Enforceable Encryption / Decoding General Rules "to allow the development of this security feature In order to fully understand the scope of the present invention, although reference is made to the encryption / decoding general rule, it should be clear that the general rule implemented in the reprogrammable computing function circuit is for the purpose of hardware acceleration of the general rule. There will be a more complete explanation. This is different from the "view character" general rule, where the "view character" general rule is implemented with the purpose of enabling the different security levels. The latter two enable the present invention to the device Performs the final functions of the re-programmable computing platform. Figure 1 illustrates an overview of the system of the system of the present invention * The system provides any form of information, individual messengers, users that are stored internally or transmitted to the outside. Groups and groups provide protection. Figure 1 illustrates how Quick Qards 1 from Anti-Plagiarism 3 and / or Communication and Data Security Software 5 generates a secure Qard system 7. The secure Qard system 7 Furthermore, the encryption / decoding key management and confirmation software 9 forms a comprehensive Q uick security system 1 1. FIG. 2 is a flowchart of a method for assigning a unique production key group 30 to an individual hardware device 34. The production word key group 30 can be used to ensure the authorized characteristics provided by the Qu 1 ck security system 11 in FIG. 1 to enable the different characteristics. In step 14 of FIG. 4, a unique production is designated during production. Serial number 32 is given to each hardware device 34. A unique production serial number 32 is designed to the CIS non-eruptive memory t at the time of production. It can be derived according to the unique production serial number 32 2. Or it can be derived by various other methods or general Used to generate the seed value for the production key group 30. Steps 16 in FIG. 2 correspond to those generated from the unique production serial number 32.

D: \ V87 \ 5b437. Ptd Page 14 4 5 6 1 Ο 3 V. Description of the invention no) Production of key group 3 0. The production word key set 30 is the first group of the multi-word key set of the re-programmable security hardware device of the present invention, and means the level-zero word key set (L0 £ S) 36, as in step骡 16. When the production key group 30 is produced, the production key group 30 can be produced and designed into the hardware device 34. The L0KS 36 includes an encrypted word key (L0EK) 38 and a decoded word key (L0DK) 40. In step 18 of FIG. 2, the unique production serial number 32 and the L0DK 40 of a production hardware device group can be stored. It is listed in step 18 in step 18 for future use. Step 20 generates an injection asset file 43 including a unique production serial number 32 and LOEK 38. Because both L0DK 40 and L0EK 38 must be used to enable the hardware device 34, the registration data file 43 complements the list file 42. The registration data file 43 should be stored in a remote location of a hardware device 34 so as to be accessed by the end user. The remote location includes a remote host computer system 8 6 1 as shown in step 50 of FIG. 3, which can be accessed via a communication path such as the Internet. It should be noted that a serial number list and a key list for designing into the hardware device can be easily generated beforehand, and the serial number list and the key list can be designated to the producer so that a contract is not required The information is generated at the location of the producer. The contract producer does not need to know the information that is not designed into the physical hardware device. In step 22, for the purpose of production tracking, a unique barcode is assigned 4 5 for each hardware device 3 4 = The bar code 4 5 can be entered into the list file 42 and made it correspond to a special combination of unique serial number 32 and L0DK 4 0. In step 24, the bar code 4 5 will ensure that the correct production serial number 32 and L0DK 40 pair are designed into the hardware during the test of the hardware device 3 4

D: W87 \ 55437. Ptci page 丨 5 456103 V. Description of the invention (π) Device 34. After testing, you can package the hardware device 3 4 3 with a unique production serial number 3 2, L 0 D Κ 4 0 and a strip bird 4 5 in step 26. This will allow a hardware device 34 The designer ensures that "the hardware device 34 is not injected until the designer authorizes the production of purchases" to prevent an unauthorized manufacturer from copying the design. The product is shipped in steps 28. During the product registration and effective period, the unique production serial number 32 and L0EK 38 (or the production encryption common key of this group) can be returned to the designer of the card by mail, e-mail or other electronic devices. This allows them to check the validity of the registration information against the injection file 4 3 (including an approved production PC-card list). At the same time, because each PC-card should have a unique code, the designer of a card can detect whether a given PC-card has been previously registered to ensure that an unauthorized PC- Card replica. Figure 3 illustrates a potential registration procedure of the present invention. In step 50, a communication Gongfeng · path is set up between a local electric running music system 84 and a main cell phone operating system 86. The hardware device 34 is installed in the local computer system 84. The communication data path can be an international Internet connection to a "QUICKFLE X" website. A body object operating in the main track system 86 can provide the user with a variety of options regarding the hardware device 34 Among them, the user may choose to research the hardware device 3 4 by the designer, such as step 5 2. Step 5 4 in FIG. 3 corresponds to a registration process, and the user may be requested to provide a note 8 8, including name, email address, tribute to where to buy the hardware device 34, etc. This will allow to trace the source of production of the unauthorized hardware device 34. More importantly, the Prompt the user to provide a bar code 4 5 corresponding to FIG. 2 or a unique serial number 3 2 and

D: \ VS7 \ 55-I37. Pid No. 16 I 456103 V. Description of Invention 02j L0DK 4 0 License number. In step 56, a check is performed to determine whether the supporting software 90 of the hardware device 34 is installed on the area electric pedal system 84. Depending on the result of this review, it is decided in step 58 or the required software support 90 is downloaded and installed in step 60 or it proceeds to step 62. If the software 90 is on the local computer system 84, it is prepared to establish a security knot 92 between the hardware device 34 and the main computer system 86 in step 62. The safety link 92 prepares to transfer the unique production serial number 32 and LODK 40 of the one-way design memory location in the hardware device 34 to the host computer system 86. In step 64 of FIG. 3, the user is required to manually enter the bar code 45 or the unique production serial number 32 and LODK 40 pair. In step 66, a copy of a unique production serial number 32 and LODK 40 transferred from a programming memory location in the hardware device 3 4 is compared with a bar code 45 manually aligned or aligned The production serial number 32 and LODK 40 perform a verification on the pair. If the verification fails, an error message is prompted in steps 6 to 8 to cause the same person to return to the note registration process of step 5 4. If the verification is successful, perform additional verification, verify that the unique production serial number 32 is included in the registration data file 43 in step 70, and verify that the hardware device 34 has not been previously researched in step 72. Any questions related to the verification error, such as the note error shown in step 74, will force the user to contact the designer to be able to identify and resolve the problem 3 Update the registration in step 3 of step 3 Document 45 includes the implementation associated with the unique production serial number provided in step 54. In order to further prevent the improper or unauthorized use of the hardware device 3 4, a new step 7 8

D: \ V87 \ 55437.pid Page 17 4 5 6 10 3 5-Description of the invention (13) UKS 36, including a new LOKDK 40 and a new LOK 38, in step 80 A security link was set up between the hardware device 34 and the main electronic system 86 to allow the main computer system 86 to redesign the new LOK 40 into a memory location of the hardware device a. Download a new LOEK 38 to the user so that it can be recorded on the license 46 or directly designed into a memory location on the hardware device 34. At the same time, in step 骒 82, the new LOKS 36 is used to update the charge injection section 43. : An important technical advantage associated with the present invention is that it allows a software vendor to prevent unauthorized use of its patented software. The manufacturer or author of the software or configuration file can use the L0KS 36 encryption key to provide an access code to authorize or allow one or only one secure Qard user to access the virtual hardware dog included in the system Intellectual property rights (ιρ). The manufacturer or author of the software or configuration file can also use other security terms to limit the time range that it can access or limit the number of times that the user can access it. The manufacturer can also benefit from the user ’s su The public key list of the card designer, assuming that the user is allowed to do so during registration, to verify that a given user has made a note of using the security authorization. Fig. 4 is a flowchart of a software registration method, which enables the present invention to protect two other software symmetrically. In step 90, the messenger starts again: white Internet or other devices are set up between the regional electronic ratchet system 84 containing the hard disk device 34 and a manufacturer (host) computer system 86-a communication path. Yu Bu said 9 2 f7, which was too flat; the computer department now reminds the user to choose-option to allow the user to register a software application 434. Step 94 requires the two to provide the note information i 2 0 to the manufacturer's electronic recording system 86, and the registration information 2 can be included.

D ； \ VST \ 55437. Pcd Page 18 456103 V. Description of invention (M) Including name, email address, information about where to buy software should be 4 34, the unique software note number 124, etc. a The manufacturer ’s gaming system 86 may directly access the unique production serial number 32 of the hardware device 34 directly from a memory location in the hardware device 34, as shown in step 96. In step 98, the factory-storage computer system 86 establishes a communication path to the software registration database 1 2 2. The software registration information database 122 may be included in a third computer system 424 'and may include a website such as the note website of QUICKFLEX Corporation. In step funeral 102, a unique software registration number 124 is proposed to the software registration database of the third computer system 4 2 4 1 2 = In step 104, the unique software note number 124 and the software registration data are compared The registration is performed in the library 122 to determine whether it is a valid unique software registration number Ma 124. If the unique software registration number 124 is invalid, an error message will be generated in step i06, and the waste computer system 86 will respond to the user in the step < " if the unique software registration number 124 is valid Then, in step Π 0, the manufacturer's computer system 86 can provide a software license 1 2 6 and pass it to the third performance system 4 2 4. In step 112, the third electronic hardware system 424 generates a soft key for the hardware device 34 to execute the software 1 28 3 to transmit the software execution code 1 2 8 to the manufacturer's computer system 8 6, which is benefitted from the manufacturer's electronic system 8 6 Respond to hardware devices 3 4. The software execution code 128 can allow the manufacturer's software to be installed on the computer system in the region, or the manufacturer's software can verify that the hardware execution code 128 exists on the hardware device 34 before executing the waste business model. For example, on a given regional gaming system 32, the authoritative installation of the manufacturer's software is ensured 'and the authoritative execution of the manufacturer's software is also ensured.

D; \ YS7 \ 55437. Ptcl # 9 1 456103 V. Description of the invention (15j In step 116, a counter 750 increments by one each software execution code 1 28 passed to the manufacturer's electronic system 86, In order to explain the possible payment. In step 骒 18, the software manufacturer's electronic system 86 appropriately sets a license for the user to use the software. An important technical advantage related to the present invention is that it not only allows The hardware device 34 is operated by a special user only, and the hardware device 34 is allowed to be operated only on a special area electronic system 84. The area computer system 84 may include a group of individual computers. 5 is a method to ensure that only the authorized regional computer system 84 can use the hardware device 34. Fig. 5 uses the QIH CK QARD system of Fig. 1 as an illustration, but any re-planable or unavailable The re-planned security hardware device replaces it. Install and execute the support device 90 of the hardware device 34 on the local computer system 84. Set up a communication path between the hardware device 34 and the regional computer system 84. Implementation A verification Determine if the hardware device 34 is password protected = If yes, a valid password must be provided before proceeding. The support software 90 chooses to verify whether the unique production serial number 32 of the hardware device 34 is a registry maintained on the regional computer system 84 Column 130. If the unique production serial number 32 of the hardware device 34 is not in the registry column 130, the user must register the hardware device 3 4 = the authorized host arranged by the unique serial number or key group information The identifier list can also be stored in the electrically erasable, programmable, read-only memory of the device to allow the device to also take effect on a special machine. In this case, the device must be marked with砑 The host identifier. A registration method like this will be explained in Fig. 5. Software and hardware must be installed and registered for each game in the local computer system 84. This feature allows

D: \ VS7 \ 55437. Ptd Page 20 4 5 6 1 Ο 3 V. Invention (16) It is possible to lock a PC-card on a machine or a group of machines. With the note of the designer of a card, when forgotten or lost a L038 certificate or a password, it can ensure that the PC-card can be redesigned to erase the password to produce a new LOKS 36 for the PO card, or Design a reversible serial number and key set at the request of the registered user. This ensures that any encrypted material cannot be compromised. In order to retain an encrypted password defined by the user, a valid usable memory space can be generated in the CIS memory device. In this way, the present invention can ensure that the PC-card is only used by the user. The memory space can be cleared (all zero) during the test, and if the buyer decides to activate the feature This memory space can be enabled for password protection. After purchasing the PC-card and during the initial setup, the user can define any password they want, and then can use the LOEK 38 present on the machine to encrypt the login. When performing a password check, the encrypted password designed to the PC-card can be decoded using the LODK 40, and the encrypted password can be checked against the entered value. The PC-card for implementing the present invention can also be planned as a PC-card for execution with the password only on a special machine or a group of special machines. If the PO card hardware is stolen, only the Make it a trivial matter. Fig. 5 provides a detailed description of a main research method for machine 1 = Fig. 6 is a flowchart of a Q A R D insertion procedure according to one of the systems of the present invention. In step 150, a hardware device 34 is installed in an area performance system 84. A check is performed in step 15 to determine whether the required supporting software 90 in the regional computer system 84 is present. If support software 9 G does not exist, then

D: \ V87 \ 55437. Ptd page 21 V. The invention says that the male (π) Μ ί D insertion process ends, and the support software 90 must be installed before resuming the q A R D insertion process. The hardware device 34 may be protected by a password and tested in step 154 to determine whether password protection is enabled = if password protection is enabled, the password must be provided in step i56. In step Bδ, the L0EK 38 encrypts the provided password. If the provided password matches the password stored in a memory location on the hardware device 34, then the step S60 is followed to allow M to continue the insertion process. In addition, the hard disk device 34 can be protected by a verification step. In order to verify the authorization of the regional computer system 84, an input (such as a hard disk serial number) that matches the unique serial number I74 provided by the regional computer system 84 is required. Except for the unique serial number 174 entered in step 162 and the unique serial number 1 7 4 stored in the area computer system 84, the use of the hardware device 34 is not allowed. Step 164 determines whether the entered serial number 174 is a match. If so, the Q A R D insertion procedure is complete. As described in FIG. 3 above ', a unique serial number 174 is generated during the user registration process. This unique serial number Π4 can be stored in the memory of the hardware device 34 or in the memory of the local computer system 84. If the unique serial number 1 7 4 in step 1 6 4 does not match, the user's note program in FIG. 3 must be executed in steps 1 6 8-7 2 in FIG. 6 to complete the Q A R D insertion procedure. FIG. 7 illustrates a method for password protection of a system according to the present invention, which supplements a part of the flowchart proposed in FIG. 6. Steps 1 5 4-丨 60 of FIG. 6 correspond to the password protection method. FIG. 8 illustrates another aspect of the reconfigurable safety hardware device of the present invention.

V. Description of the Invention (18) System. The reconfigurable hardware device 100 and a main electrical system 2 G 0 or another hardware interface. The re-planable hardware device 100 can be divided into three modules, a configuration control module 300, a configuration status module 400 and a tilt function module 500. The main electric rattan system 200 incorrect data input / round out bus 002 and reconfigurable hardware device 1000 phase boundary. / As shown in the data input / round out bus 2 02 is accessing the four control data registers 304a, 340b, 304c, and 304d in the configuration control module 300 and the configuration status module 400 The two status data registers 306a and 30 6b = the control data registers 30 4a-30 4d provide a temporary storage location for the assets transmitted or received in the data input / output bus 202. When the system of the re-programmable safety hardware device of the present invention is explained with four data registers, it can also = have more or less data registers β and '^ code 1 required. The generator (CG) 31 accepts the input data in the data register 304b to generate and view the actual characters. The f-depleted character generated by the code generator (CG) 310 may be LOKS 36. Characters can be generated for different security features, so that the individual security features of the present invention can be enabled. ^ The nature of the description is security-related, so a procedure or general rule used to generate the review character should be considered as a trade secret for an organization that produces reprogrammable devices. The review data characters that are not easy to determine from the information in the program should be used as the basis for generating the selection process $. The remote program can be composed of the production serial number 3 2 and should have a sufficient length to output. The nature of a pseudo-random sequence that cannot be easily measured by trial and error. The body of the reconfigurable safety hardware device of the present invention described herein

D: ^ YS7 \ 55437.ptd No. 23 I 456103 V. Description of the invention Π9) system, which is only one of many kinds of full implementation, and is only provided as an illustration 闬, the focus of the system of the present invention is the same as CG 31 0 The method of security features that should not be described. It can compare an input view value stored in the data register 3 04c and 304d with the code comparator (CC) 32 i to view the view data character output by CG 31 0, which collectively includes the code view 'temporary' Register (CCR) 3U. The input view stored in C.CR 314 can be composed of L0EK 38 and L0DK 40, or can be input by the user. C.CR 314 can be a register with the same length as the CG 3 1 0 view data character output. It can also be written into CC 4 3 1 4 to allow the use of the re-programmable hardware device 1 0 0 features. An authorized view. Longer viewing data characters, if they extend beyond the data bus width of the main track system 2000, may require multiple CC R 3 i 4. The value written in CCR 3 14 can be provided in several different ways depending on the characteristics licensed to the re-programmable hardware device 10 Q. CC 312 performs a character-by-character review on the CG 3 10 review data character output and the input CCR _3 1 4 value to determine if the feature authorization review is passed. If this feature is authorized for inspection, CC 3 1 2 generates a high-order bit output (a number π 1 ") and passes it to the configuration and control gate 3 I 8, where the configuration and control gate 3 1 8 is composed of multiple A logical gate corresponding to the multiple characteristics of the re-programmable hardware device 1 0 0 70 0 = the feature includes product enablement view 3 1 9 > hard disk ID enablement view 320 ' Flash write enable 322 * password enable 324 and configuration file vendor enable. 3 2 5 but the display is not limited to these items. The control register 31 6 uses the data registers 3 0 4a and 3 04 b to receive an input from the main track system 2 0 to select the re-programmable hardware device i 〇 〇

Ϊ): '· ν87 \ 55437. Did page 24 5. Description of the invention (20) One or more characteristics. Based on the input received from the asset registers 304a and 30b, the control register 3 16 will generate a high-order bit output ("1") as an input for the selected feature and generate A low-order bit output ("0 ") is used as an input for all other characteristics. Therefore, the" sum "gate 7 0 0 which has to be selected will have two high-order bit inputs and will output a high-order bit The bit is used as an input to its corresponding pull-down resistor 350 in the configuration status module 400, thereby allowing access to the corresponding characteristics in the functional circuit 500, such as the main computer system 2 〇 The same guidance. If the secure login module 300 may disappear due to the execution of the secure login module 300 in the FPGA of the RC hardware device 100, the pull-down resistor is necessary. In this way, the 'configurable state module 400' can be selected to redesign and enable the different characteristics of the functional circuit 500. The function group 500 can receive virtual hardware objects to Performs special application work in the re-programmable computing hardware device FPGA. In addition, the status data temporary storage 7 " devices 3 0 6 a and 3 0 6 b can be interfaced with the data input / rotation bus 2 0 2 and the main computer system 2 0 0 to transfer the function circuit 5 0 0 Configure the main power supply system to '200. — In the Γ table, a representative input view of the programmable safety and security device I OO that illustrates the different characteristics of the different systems of the present invention. Source: Security characteristics: Source of Ecrh: ... A portion of the enabling product enabling license (after the first authorization, 'the code is designed into the flash memory of the hardware device as an automatic actuator access). new

D: \ V3T \ 55437. Ptd

Page 25 4 5 6 10 3 V. Description of the invention (21) 1 Notes on the operation of the new machine; 1 The second part of the product enablement code (which has never been designed into the flash memory of the hardware device) , Always asking to type). The machine operation enables a hard disk drive to read a hard disk code list inputted into the flash memory order of the hardware device and check each hard disk code until a matching hard disk code is found or the table is completed Column. The hard disk identification code can be obtained by reading the list, because the value is the result of the CG of the previously authorized machine. The password operation enables the flash memory to be read by the drive and designed into the CCR. The password cannot be obtained from the CG result of checking the password. Anti-piracy operation enabled (this feature may include a special CG defined by the manufacturer, different from the CG used in the QQT feature) written by the application software program Figure 9 provides a functional block diagram of the re-planable computing hardware device 4 0 0 is used to exemplify how the present invention makes this replanable computing operation possible. EE P R0M 4 1 0 provides C i S memory, word key memory and password storage function. Programmable logic device 4 2 0 can provide a special application integrated circuit with boundary / configuration / and status register functions. In addition, the safety feature circuit (block 3 0 0 in FIG. 8) can be in FPG A 4 2 0 or in the P L D configuration register 4 3 0 'and provide the required execution to the function. The digging bit programmable gate array 4 2 0 performs the safety feature circuit function of this system. A programmable repression device or a position programmable gate array 4 2 0

D: '\ V87x55437. Otd page 26 5 6 10 3 M ___________________ —--------- 5. Description of the invention (22) makes the re-programmable calculation function circuit possible. Note that the virtual hardware object 500 of FIG. 8 can also provide this function. The main bus interface socket 440 includes a 68-pin PCMCIA connector 3 and other components of FIG. 9, including the different types of items such as the oscillator 450, expansion connectors 460 and 4 70, and random access memory 4 8 0 , Or other features have the ability to provide the ability to introduce reprogrammable calculations to a suitable application. The following paragraphs explain the different characteristics and conditions of the different system and the operation of the reconfigurable safety hardware device of the present invention. Level-One Word Key Set (L IKS): The user common word key can provide an L1KS space for a messenger to generate and define a word key set, which is especially for designers who do not use the card. The user who is registered and kept secret by the user. This L1KS can be stored like L0KS 36. A password space of one level-one password (L1 M) can also be configured in the CI, and can be implemented in the same manner as the level-zero password (L0PW). The messenger L 1 KS can be generated by the messenger, and if so, the encoding cannot be guaranteed to be unique. However, the bit can be long enough to ensure that the character set cannot be used by another player. The bit length of this word key can be different from the length of LOKS 36. The weekly common word key is a secure word key group and can be changed by the user over time. When the information is only designed for the messenger 1 the word key is effective 5 but even so 'a further advantage of the invention is that it can design several PC_cards for the same L 1 KS as a plan to share the memory Taking the word key group of the group 3 may be common to all PC-cards of the group. The word key is an example of how to encrypt and decode information about the total number of days. ’

D: \ V87 \ 55-l37.ptd Page 27 45 6 Ο Ο 3 V. Description of the Invention (23) Among them, the components of the multiple plan are used for access. The group's components can be regional or remote. The key can safely exchange data. Supplementary key groups. The present invention hopes to expand the number of key groups beyond the two-level word defined in the above section. Key ancestor. File Header Information This section explains how a system of the present invention uses the security features of the present invention to use the header information of an encrypted file. For a particular operating system, a file header contains the following message in addition to the regular file header information normally found in files. The system can use the supplementary header information to enhance encapsulation. A system for carrying out the present invention using a QQT card with two encryption levels from QUICKFLEX Corporation is explained below. QQTSL: (0, I) Quick PC-card technology security level 0 or 1 Type The type of file AN The name of the encryption rule used to encrypt the file. LnEK is used to encrypt the file's level-n encryption key. EMD encrypted message data EFD encrypted file data QQTSL (1 or 1): QUICK PC-card technology security level 0 or 1: This information can indicate the security level of the key used for the encryption program. QQTSLO and QQTSU correspond to the LOKS and L1KS used in the PC-card, respectively.

D: \ V87 \ 55437. Old Page 28 456103 V. > Explanatory note (24) Type: Type of file This information indicates one of the following file types: QQT: Model | QmckPC of the specified PC-card model -Card technology configuration file ΕΕΕ: The type defines the type of machine and operating system executable. Other types of files can be inserted during a configuration load. The QQT PC MCI A driver can automatically decode using the specified general rule. QQT files. During the loading process of the borrowed application, a window message may be displayed to indicate the information that the author wants to display, and the user must respond to the window to continue execution. A notice such as "QQT module: the property of the company named XYZ, which cannot be sold or sold without the prior endorsement of XYZ". This allows the author to freely sell PC-card hardware devices. For potential development companies interested in licensing the hardware devices, it will allow them the ability to evaluate the work before agreeing to the work. jobs. The encrypted configuration file can be encrypted so that only a certain type of PC-card is used to protect a large number of unauthorized supply of the intellectual property rights. The creation of a unique encryption hardware device can be done automatically and clearly via a website as a target for evaluating PC-cards. The required carcass may be required to have a PC-card and note the PC-card on the station to create an encrypted configuration file of the hardware device for evaluation. AN: General rule name The general rule of encryption used to encrypt or decode files can change over time.

D: \ Y87 \ 55437. Otd page 29 456103 V. Description of invention (25) A group or a software manufacturer can develop its own custom general rules. Provided that the RC PC-card has sufficient gate capacity to implement the general rules defined in hardware, the general rules can be implemented in an RC PC-card as software or hardware. For example, when the data passes through the PC-card, a preset rule built into the ⑻T drive is executed in the software as a configuration file protection. Use the execution time authorization code, date termination code, or other access Restricted rules allow access to supplementary external information instead of using information found in the encrypted file that needs to be provided by the source of the encrypted data for access. Level (0 or 1) Encryption Key This information is the public key encryption key used to encrypt the file. The key is initially provided by a receiver and made public. The length of the word key can be derived from the QQT security file index on the first line. The word key length is included in the file so that a quick and easy decision can be made when verifying the target end point of the data. E il D: Encrypted message data The E M D contains information about the contents of the file that can be decoded and quickly inspected without having to decode the entire E F D. For example, whenever a QQT configuration file is loaded, the EXiD of the QQT configuration file is displayed in a window. Some rules can also use the EMD to transmit a supplementary encrypted word key, and decode the E F D with a non-public key word rule. In other words, the security system can secretly transmit another secure word key with the common word key. EFD. Encrypted Standard Data This EFD includes the encrypted file data containing the header information of the original operating system.

D: \\ '87 \ 55-137. Ptd page 30 V. Description of the invention (26) Software purchase authorization A supplementary technical advantage of the present invention is its adaptability to allow software distributors. For example, the software distributor may freely sell the software or provide the software to the public in a freely downloadable format} but in order to execute the software, a valid authorization code must be provided. The software vendor can generate an authorized PC corresponding to a special PC-card included in the present invention. Just as the PC-card group / this file can be obtained via the-webpage, it can also be purchased through a combined webpage: 1 Authorization to execute software Each user will only need one PC-card, which facilitates the idea of theft of the present invention to allow the execution of any software authorization. Each software manufacturer can also define its own rules to protect its software using the PC — ^. As long as the authorization code for the special QARD in the system exists and the software is executed today 97, a machine can execute the software. A more advanced system of the present invention will allow the generation of a valid and usable authorized QARD user database to software vendors. 0 The present invention__ A further system can leverage the RC perspective of a PC-card to allow the user Defines hardware encryption / decoding conventions that can change over time. Although the present invention has been described in detail with respect to the exemplified system, it should be noted that this description is provided for illustration only and is not to be interpreted in terms of the restrictive point of view. Therefore, it is necessary to further know -2. For those who refer to the description and know the technology, they will see a lot of changes in the details of the systems and supplementary systems of the present invention7 and they can also be changed. It is expected that all such changes and supplementary systems are within the scope of the patents of this invention, and the scope of this article is within the scope of yi- * T.

D: \ YS7 \ 55437.ptd Page 31

Claims (1)

4 5 61 Ο 3 Case number 87117334 f0年厶月 # Yue / Yue # 正 Jt 正 补 I 6. Scope of patent application 1. A plan for re-planning can be re-routed to enable more and the re-usable for storage Multiple packages can be used with a personal computer. 2. If the application requires special steps, it includes use and the reusable operation. If you apply for personal security, if you apply for personal security 5. If you apply for private security, further include: Further acceleration rules 3. In the 4. In 4. Should be integrated into a personal computer portable, removable interface of a countable system, including: Computing circuits, including electrical safety features that can be easily adapted and re-planned; memory circuits associated with newly-planned computing circuits that use safety information; and re-planned computing circuits and the memory circuits work together as a portable combination . The reconfigurable computing system of item 1 of the scope of interest, the circuit of the hardware that interprets data protection cryptography is changed, and the hardware associated with the newly planned calculation circuit performs the rescheduling of the scope of item 1 of security. Computing system, whose information includes a common key set. The reprogrammable computing system in item 1 of the scope of interest includes information on a unique base code group. The reprogrammable computing system in item 1 of the scope of benefit, a data input hardware device and an input / output system to allow the reprogrammable security to transfer data between the first host computer system; multiple A data register that accepts at least one data input from the data input / output system; an encoding generator that accepts at least one data input from at least one data register and generates an output code; O: \ 55 \ 55437.ptc Page 1 2001.06. 06. 032 _Case No. 87117334_ and June of the year β_M-_ VI. Patent application scope A coded comparator that stores at least one data register A authorization code in the code is compared with the output code of the code generator, and a signal is transmitted to indicate whether the authorization code and the output code are completely the same; a control register is assigned to a plurality of logic circuits to view the reprogrammable Enabling the function of the security hardware device, wherein the plurality of logic circuits provide at least one signal to a configuration register according to the input of the code comparator and the control register; and at least one functional circuit is operable Ground is connected to the configuration register, where the function of the functional circuit is specified by the configuration register. 6. The re-programmable computing system of item 5 of the patent application, wherein the at least one functional circuit further includes at least one external input / output bus connector. 7. If the reprogrammable computing system of item 5 of the patent application, the reprogrammable security hardware device includes a PCMCIA card. 8. The reprogrammable computing system according to item 5 of the patent application scope, wherein at least one data register is used as a code viewing register to provide an input to the code comparator. 9. A method for re-planning and calculating security features, the method is used for a personal computer modem interface to ensure that a hardware device is operated by only an authorized user in a data link system, the method includes: Enabling a plurality of security features using a replanable computing circuit including an easily adaptable and programmable circuit; using a memory circuit associated with the replanable computing circuit to store a plurality of personal safety information groups: and O: \ 55 \ 55437.ptc Page 2 2001.06. 06.033 5 6 彳 〇 3 _ Case No. 87U7334_y0 Years & Months / Days Amendment_ VI. Patent application package encapsulates the replanable computing circuit and the memory circuit To be associated with a personal computer. 10. The method according to item 9 of the scope of patent application, further comprising the step of changing the data protection cryptography deciphering hardware to accelerate the operation of the hardware associated with the replanable computing circuit to perform the operation of the security rule . Π. The method according to item 9 of the scope of patent application, further comprising the step of: assigning a unique identification code to the hardware device; generating a first level-zero security information group for the hardware device, wherein the The first level-zero security information group is based on the unique identification code of the hardware device; at least one piece of data is allocated to an authorized user, which enables the hardware device to derive the data device from the data string. First level-zero security information set to functionally enable the hardware device; and enter the at least one data string into the hardware device, where, for example, an incorrect first is derived from the data string A level-zero security information set inhibits at least one level of function in the hardware device, and if a correct first level-zero security information set is derived from the data string, at least the hardware device is enabled A hierarchy of functions. 112. The method according to item 11 of the scope of patent application, further comprising the step of: forming the first level-zero security information group with a first encrypted data string and a first decoded data string. Design the unique identifier and the first level-zero security information O: \ 55 \ 55437.ptc Page 3 2001.06. 06.034 4 5 6 彳 Ο 3 Case No. 87117334 Amendment of patent application scope Set body memory = Mount 1 of mouth 1 Jay Xuan = ° To the group mount The code solution is 1 and the sum of the code is +3. Only the person who assigns the code must use the other to enter the other. ' , Ge Ma is the one who deserves to be assigned one point to the ytir solution, the middle and middle S of the ancient ° set ° 1SB storage position • 'temporary memory, dt \ dm-15 ° fixed d The temporary &#; 4 ^ Xuanzhuangshi 5 a set of hard-loaded M meter set = ° 至 到 # 体 入 'Hard lose Ma should match with a match S item · No code and no identification A unique and unique stratification level can set up a sum and a medium code, set a body, a hard and proper system, and reduce the number of inputs, and reduce the number of inputs. Add a 1st entry to the combined group by · 13 from the string of materials to form the surrounding β spear Specially apply for this group to use the method of the French side of the code and add the code to add a 1 for Betong the code for the use of the code is suitable. 石 4 stone 1 solution book includes a step by step In addition, the Ti Ti IX fan Fan Li special request, such as the installation body = b, BR step by step, including the installation of the slave, the master of the system should be on the hard electric path of the brain EEG master to the installation All the things you can do to provide and pick up all the items are soft. Select all items and choose a device. The author of this book grants a license to the right to use it. It should be a device. The body is soft and hard, and it is set to ts; the body is equipped with a hard message to write the book, and M is used to write U, for β to be set. ^ ^ Only O: \ 55 \ 55437.ptc Page 4 2001. 06.06.035 5 6 10 3 _Case No. 87117334 June _ifi_ VI. Patented user's computer; If the software application does not exist on the authorized user's computer, transfer the software application to the authorized user's computer ; Using this software application, set Establishing a security link from the memory location of the hardware device to the host computer system; transferring the unique identification code of the hardware device and the first encrypted / decoded data decoded into the host computer system Library; confirm that the hardware device has not been previously registered with a registration database located on the host computer system, and if the hardware device has been previously registered, inhibit at least one level of function; take the note. The registration information update is located in the registration database on the host computer; and transferring the first added password to the hardware device. 15. As described in the method of item 11 of the patent scope, the step of individually assigning the first added password to the authorized user is completed after the authorized user registers the hardware device. 16. The method of claim 11 in the scope of patent application, wherein the step of establishing a communication path from the hardware device to a host computer system includes using an area computer system to sail to an international Internet operated by a host computer system _Website. 17. The method according to item 11 of the scope of patent application, wherein the step of establishing a communication path from the hardware device to the host computer system includes a security connection to the host computer system using an international Internet Communication path. 18. The method according to item 11 of the scope of patent application, wherein the hardware device O: \ 55 \ 55437.ptc Page 5 2001.06. 06.036 4 5 6 10 3 _ Case No. 87117334 f 0 < Month Day _f | i_ VI. The application for patent scope registration further includes this step: from the first The two data strings generate a second level-zero security information group, which is different from the first level-zero security information group generated by using the first data string; according to the second level-zero security information group, The security information group generates a second encryption code and a second decoding; updates the encryption / decoding database in the host computer system with the second level-zero security information group, wherein the second encryption code And the second decoding is associated with the unique identification code of the hardware device; erasing the first level-zero security information set from the memory location of the hardware device; at the second level- The zero-level security information group designs the hardware device, where the second level-zero security information group can be used in place in the first level-zero security information group for any subsequent registration event; and Assign a second decode to an authorized agent Or at least the second level-zero security information group of the hardware device can be derived from a data string, and the second level-zero security information group can be used for the first level-zero security information Where in the info group thought any subsequent? Book event use. 19. The method of claim 11 in the scope of patent application, wherein the communication path between the hardware device and the host computer system is included in a secure connection. 2 0. —A method for ensuring that a hardware device is operated by only an authorized regional computer system in a data link system, including this step: O: \ 55 \ 55437.ptc Page 6 2001.06. 06.037 5 6 10 3 Case No. 87117334 Amended the scope of the patent application to assign a first unique identification code to the hardware device; assign a second unique identification code For the authorized regional computer system accessible by the hardware device, a first level-zero security information set of the hardware device is generated, which is first decoded and first encrypted Formed; allocating the first decoding to the authorized user, wherein according to the first unique identification code, the first level-zero security information of the hardware device can be derived from the first decoding Group to functionally enable the hardware device; design the first unique identification code, the first decoding, a copy of the second unique identification code, and the first level-zero security information Set to a memory location of the hardware device; enter the first add password into the hardware device, and together with the first decode to form a data string corresponding to the first level-zero Security information group, if the data string is incomplete Matching the first level-zero security information group, at least one level of function in the hardware device is inhibited; verifying that the second unique identification code of the authorized regional computer system is completely and designed to the The memory location of the hardware device matches the copy of the second unique identification code, such as the second unique identification code of the authorized regional computer system that can be accessed by the hardware device. Completely matching the copy of the second unique identification code in the memory location of the hardware device, at least one level of function in the hardware device is suppressed. 2001.06.06. 038 5 6 彳 Ο 3 D _Case No. 87117334_fb Year 孑 Month __ VI. Application for patent scope 2 1. For the method of applying for patent scope No. 20, it further includes this step: individually Assigning the first encryption code to the authorized user; entering the first unique identification code, the first encryption code and the first decoding into the hardware device; and the use of the general rule The first encrypted code and the first decode are combined to form the data string, corresponding to the first level-zero security information group. 2 2. The method of claim 20 in the scope of patent application, wherein the general rule for combining the first encryption code and the first decoding is an applicable encryption / decoding general rule. 23. The method of claim 20, wherein the step of verifying the second unique identification code of the authorized regional computer system further includes verifying the second accessible by the hardware device. Each unique identification code completely matches a second unique identification code in a second unique identification group, which makes the second unique identification group correspond to a regional computer system group and design To a memory location of the hardware device, where the second unique identification code of the authorized regional computer system, which can be accessed by the hardware device, is not completely the same as the second unique identification code group If a second unique identifier in the group matches, at least one level of functionality in the hardware device is suppressed. 24. The method of claim 20 in the scope of patent application, wherein the hardware device is a re-programmable safety hardware device. 2 5. — A way to ensure that a software application cannot be used on an unauthorized local computer system O: \ 55 \ 5S437.ptc 2001.06.06. 039 Page 8 4 5 6 10 3 _ Case No. 87117334_f0 September Sept. __ VI. The method of installation and execution on the scope of patent application, including this step: Set up a data path between a hardware device and a host computer system; select an option from a plurality of options provided by a software object operating on the host computer system to register the software application; the software application will be registered A unique identification code of the software application collected during the selection period of the software is transferred from the host computer system to a software vendor computer system including a software registration database; verifying the unique identification input to the software application The code matches the information contained in the software registration database; and through the host computer system, a software execution code is provided from the software manufacturer's computer system to the regional computer system, where the unique identification code is not included in the Matching information in the software registration database will inhibit at least one level of functionality. 26. The method of claim 25, wherein the step of establishing a data path between the hardware device and the host computer system includes sailing to the host computer system using an area computer system including the hardware device An Internet site operated on the Internet "27. The method according to item 25 of the patent application, wherein the data path between the hardware device and the host computer system is included in a secure connection. _ O: \ 55 \ 55437.ptc Page 9 2001.06.06.040