WO2001096990A2 - Usb-compliant personal key using a smartcard processor and a smartcard reader emulator - Google Patents
Usb-compliant personal key using a smartcard processor and a smartcard reader emulator Download PDFInfo
- Publication number
- WO2001096990A2 WO2001096990A2 PCT/EP2001/006816 EP0106816W WO0196990A2 WO 2001096990 A2 WO2001096990 A2 WO 2001096990A2 EP 0106816 W EP0106816 W EP 0106816W WO 0196990 A2 WO0196990 A2 WO 0196990A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- smartcard
- processor
- usb
- compliant
- interface
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/0772—Physical layout of the record carrier
- G06K19/07732—Physical layout of the record carrier the record carrier having a housing or construction similar to well-known portable memory devices, such as SD cards, USB or memory sticks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/0772—Physical layout of the record carrier
- G06K19/07733—Physical layout of the record carrier the record carrier containing at least one further contact interface not conform ISO-7816
-
- H—ELECTRICITY
- H05—ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
- H05K—PRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
- H05K1/00—Printed circuits
- H05K1/02—Details
- H05K1/11—Printed elements for providing electric connections to or between printed circuits
- H05K1/117—Pads along the edge of rigid circuit boards, e.g. for pluggable connectors
Definitions
- the present invention relates to computer peripherals, and in particular to an inexpensive USB-compliant personal key that is compatible with existing smartcard processors, drivers, and instruction sets.
- Smartcards represent a longstanding attempt to deal with at least some of the foregoing challenges. Substantial resources have been made in the design and development of smartcards, smartcard readers, and the associated reader/smartcard drivers which allow computer applications to interface with the smartcard to perform security and data storage functions. Even so, smartcards have not enjoyed widespread popularity. Smartcard readers are relatively expensive, and not widely available. Further, the lack of uniform smartcard/smartcard reader physical interface standards have resulted in smartcard/smartcard reader physical interface compatibility problems, ⁇ many of which remain unresolved.
- USB-compliant personal keys such as that which is disclosed in co-pending and commonly assigned U.S. Patent Application Nos. 09/449,159 and 09/281,017, described above, offer the benefit of smartcard functionality in a universally accepted USB form factor.
- the Universal Serial Bus (USB) is a connectivity standard developed by computer and telecommunication industry members for interfacing computers and peripherals. USB-compliant devices allow the user to install and hot- swap devices without long installation procedures and reboots, and features a 127 device bus capacity, dual-speed data transfer, and can provide limited power to devices attached on the bus. Because the USB connectivity standard is rapidly becoming available on most personal computers, it offers a standard, widely available physical interface, the unavailability of which has prevented smartcards from achieving widespread acceptance.
- USB-compliant personal keys utilize special purpose processors, instead of the low cost, limited capability processors currently available for smartcards. This increases the cost of the USB-compliant personal key, making widespread acceptance more difficult. Also, because each USB-compatible personal key may use a different processor (and different instruction sets), users may require different device drivers for different personal keys. This too represents another barrier to widespread acceptance of the personal key.
- USB-compliant personal key that is usable with legacy personal identification devices, such as processors having smartcard processors. and/or those complying with the ISO 7816.
- USB-compliant personal key that makes maximum use of existing smartcard protocols, software and devices wherever possible, and which retain at least a limited compatibility with existing devices designed to interface with smartcards. The present invention satisfies that need.
- the present invention satisfies all of these needs with a personal key in a form factor that is compliant with a commonly available I/O interface such as the Universal Serial Bus (USB) and at the same time, usable with existing smartcard software applications.
- the personal key comprises a USB-compliant interface releaseably cou leable to a host processing device operating under command of an operating system; a smartcard processor having a smartcard processor-compliant interface for communicating according to a smartcard input and output protocol; and an interface processor, communicatively coupled to the USB-compliant interface and to the smartcard processor-compliant interface, the interface processor implementing a translation module for interpreting USB-compliant messages into smartcard processor-compliant messages and for interpreting smartcard processor-compliant messages into USB-compliant messages.
- the method comprises the steps of accepting a message comprising a smartcard reader command selected from a smartcard reader command set from a host computer operating system in a virtual smartcard reader; packaging the message for transmission via a USB-compliant interface according to a first message transfer protocol; transmitting the packaged message to a personal key communicatively coupled to the USB-compliant interface; receiving the packaged message in the personal key; unpackaging the message in the personal key to recover the smartcard reader command; translating the smartcard reader command into a smartcard command within the personal key; and providing the smartcard command to the smartcard processor.
- the present invention is well suited for controlling access to network services, or anywhere a password, cookie, digital certificate, or smartcard might otherwise be used, including:
- Remote access servers including Internet protocol security (IPSec), point to point tunneling protocol (PPTP), password authentication protocol (PAP), challenge handshake authentication protocol (CHAP), remote access dial-in user service (RADIUS), terminal access controller access
- IPSec Internet protocol security
- PTP point to point tunneling protocol
- PAP password authentication protocol
- CHAP challenge handshake authentication protocol
- RADIUS remote access dial-in user service
- TACACS control system
- SET secure electronic transaction
- MilliCent MilliCent
- FIG. 1 is a diagram showing an exemplary hardware environment for ⁇ praetic-ingthe present invention
- FIG. 2 is a. block diagram of a personal key communicatively coupled to a host computer
- FIG. 3 is a block diagram of a personal key with a smartcard processor communicatively coupled to a host computer;
- FIGs. 4A-4D are flow charts presenting exemplary method steps that can be used to practice the present invention.
- FIG. 1 illustrates an exemplary computer system 100 that could be used to implement the present invention.
- the host computer 102 comprises a processor 104 and a memory, such as random access memory (RAM) 106.
- the host computer 102 is operatively. coupled to a display 122, which presents images such as windows to the user on a graphical. uset- jgrface 118B.
- the host computer 102 may be coupled to other devices, such as a keyboard 114, a mouse device 116, a printer 128, etc.
- keyboard 114 a keyboard 114
- a mouse device 116 a printer 128, etc.
- the host computer 102 operates under control of an operating system 108 stored in the memory i ⁇ 6, and interfaces with the user to accept inputs and commands and to present results through a graphical user interface (GUI) module 118 A.
- GUI graphical user interface
- the instructions performing the GUT functions can be resident or distributed in the operating system 108, the computer program 110, or implemented with special purpose memory-and ⁇ oeessors- .
- the host computer 102 also implements a compiler 112 which allows an application -program 110 written in a programming language such as COBOL, C++, FORTRAN, or other language to be translated into processor 104 readable code.
- the host computer 102 also comprises an input/output (I/O) port for a personal token 200 (hereinafter alternatively referred to also as a personal key 200).
- I/O port is a USB- compliant interface comprising a host computer USB-compliant interface 130A and a personal token USB-compliant interface 130B (hereinafter referred to collectively as the USB-compliant interface 130.
- instructions implementing the operating system 108, the computer program 110, and the compiler 112 are tangibly embodied in a computer- readable medium, e.g., data storage device.120, which could include one or more fixed or removable data storage devices, such as a zip drive, floppy disc drive 124, hard drive, CD-ROM drive, tape drive, etc.
- the operating system 108 and the computer program 110 are comprised of instructions which, when read and executed by the computer 102, causes the computer.102 to perform the steps necessary to implement and/or use the present i ve ⁇ p..
- Computer program 110 and/or operating instructions may also be tangibly embodied n memory 106 and/or data communications devices, thereby making a computer program product or article of manufacture according to the invention.
- article of manufacture and “computer program product” as used herein are intended to encompass a computer program accessible from any computer readable device or media.
- the host computer 102 may be communicatively coupled to a remote computer or server 134 via communication medium 132 such as a dial-up network, a wide area network (WAN), local area network (LAN), virtual private network (VPN) or the Internet.
- Communication medium 132 such as a dial-up network, a wide area network (WAN), local area network (LAN), virtual private network (VPN) or the Internet.
- Program instructions for computer operation, including additional or alternative application programs can be. loaded from the remote computer/server 134.
- the compute-Cv,lQ2.sii!-npIements-an Internet browser allowing the user to • access the world wide web (WWW) ⁇ and other internet resources.
- FIG. 2 is a block diagram illustrating the components of one embodiment of a personal key 200.
- the personal key 200 communicates with and obtains power from the host computer 102 through a USB-compliant communication path in the USB- compliant interface 130 which includes the input/output port 130A of the host computer 102 and a matching input/output (I/O) port 130B on the personal key 200.
- the processor 212 is communicatively coupled to a memory 214, which stores data and instructions to implement the above-described features of the invention-.
- the memory 214 is a non- volatile random-access memory that can retain factory-supplied data as well as customer-supplied application related data.
- the processor 212 may also include some internal memory for performing some of these functions. . • : ' .' . -
- the processor 212 is optionally,c.pjg ⁇ unicatively coupled to an input -device 218 via an input device communication path.224. and to an output device 222 via an output device communication path 224,-both of which are distinct from the USB- compliant interface 130.
- These separate communication paths 220 and 224 allow the user to view information about processor 212 operations and provide input related to processor 212 operations without allowing a process or other entity with visibility to the USB-compliant interface 130 to eavesdrop or intercede. This permits secure communications between the key processor 212 and the user.
- the user communicates directly with the ' processor 212 by physical manipulation of mechanical switches or devices actuatable from the external side of the key (for example, by pressure-sensitive devices such as buttons and invention set forth more fully below, the input device includes a wheel with tactile detents indicating the selection of characters. ' -
- the input device and output devices 218, 222 may cooperatively interact with one another to enhance the functionality of the personal key 200.
- the output device 222 may provide information prompting the user to enter information into the input device 218.
- the output device 222 may comprise a visual display such as an alphanumeric LED or LCD display (which can display Arabic numbers and or letters) and/or an aural device. The user may be prompted to enter information by a beeping of the aural device, by a flashing pattern of the LED, or by both.
- the output device 222 may also optionally be used to confirm entry of information by the input device 218. For example, an aural output device may beep when the user enters information into the input device 218 or when the user input is invalid.
- the input device 218 may take one of many forms, including different combinations of input devices. Although the input device communication path 220 and the output device communication path 224 are illustrated in FIG. 2 as separate paths, the present invention can be implemented by combining the paths 220 and 224 while still retaining a communication path distinct from the USB-comphant interface 130. For example, the input device 218 and output device 222 may be packaged in a single device and communications with the processor 212 multiplexed over a single communication path.
- FIG. 3 is a block diagram of the personal key 200 and host computer 102 as applied to the present invention.
- the personal key 300 illustrated in FIG. 3 comprises a smartcard processor 320.
- the smartcard processor 300 is a processor which complies with well-known smartcard 17O protocols and smartcard command sets and functions, such as those described by the International Standards Organization (ISO) standard 7816 Part III (defining electronic properties and transmission characteristics), which is hereby incorporated by reference herein.
- the smartcard compliant I/O interface 324 includes a serial I/O line, a reset (RST) line, a clock (CLK) line, a programming voltage (VPP), a power supply voltage (VCC) and a ground.
- This I/O interface 324 is further described in the publication "Introduction to Smartcards" by Dr. David B. Everett, which was published in 1999 by the Smart Card News Ltd., and is incorporated by reference herein.
- the present invention allows the use of a personal key 300 communicating with the host computer 102 via a USB-compliant interface 130.
- the substitution of the smartcard processor 320 for the ordinary processor 212 depicted in FIG. 2 has several advantages.
- smartcard processors 212 are relatively inexpensive and readily available.
- a large number of application programs 110 have been developed for the use of smartcards, including the personal computer/smartcard (PC/SC) interface developed by the MICROSOFT CORPORATION.
- PC/SC personal computer/smartcard
- this software can be used with a personal key 300 in a USB-compliant form factor.
- the use of the smartcard processor 320 in the personal key 300 is-enab worseled by use of an interface processor 314 communicatively coupled to the smartcard processor 320 via a smartcard-compatible (S/C 7816) interface 324.
- the interface processor 3 * 14 comprises a smartcard reader emulator module (SREM) 316 and a translation module 318.
- SREM smartcard reader emulator module
- the SREM 316 implements functions that emulate those of a smartcard reader, thus projecting the image of a smartcard reader to the smartcard processor 320.
- the SREM 316 provides all instructions and commands to the smartcard processor 320 and receives messages and responses from the smartcard processor 320 according to the S/C protocol.
- the host computer 102 comprises a virtual smartcard reader module (VSRM) 302.
- the VSRM comprises a communication module 312, an answer-to-reset module 308, and a smartcard insertion removal reporting module 306v-Th ⁇ L ⁇ ⁇ ommumcation module 312 packages messages intended for the personal key 300 for transmission via the USB-compliant interface.
- messages and commands that are sent to the personal key 300 packaged as:
- USB command USB header + USB cdata (wherein USB cdata is the smartcard compliant command) and messages and responses from the personal key 300 are packaged as:
- USB response USB header + USB rdata (wherein USB rdata is the smartcard compliant response)
- the VSRM 302 emulates the presence of a smartcard reader to the OS 108 in the host computer 102. These functions are accomplished in the bootup module 311, the insert/remove module 306, the answer-to-reset module 308, and the PTS module 310.
- the host computer's 102 operating system performs a startup sequence to determine which hardware elements are available for use.
- the smartcard reader remains coupled to the host computer 102, whether a smartcard is inserted into the reader or not.
- the smartcard reader can respond to startup sequence queries, and the smartcard reader is recognized by the operating system 108 for further operations.
- the operating system would ordinarily be unable to operate with a smartcard thereafter.
- the present invention comprises a bootup module 311, which responds to messages from the operating system 108 in the same way as a smartcard reader would if it were coupled to the host computer 102.
- the insert/remove module 306 provides an indication to the operating system 108 that the personal key 300 has been inserted or removed from the USB-compliant interface 130. This is accomplished by querying the host computer USB-compliant interface port 130A.
- the smartcard reader passes a reset command to the smartcard.
- the smartcard returns an answer-to- reset message which indicates, among other things, the protocol and I/O interface supported by the attached smartcard.
- the reset signal is used to start up the program contained in a memory 322 communicatively coupled to or resident within the- smartcard processor 320.
- the ISO standard defines three reset modes, internal reset, active low reset, and synchronous high active reset. Most smartcard processors 320 operate using the active low reset mode. In this mode, the smartcard processor 320 transfers control to the entry address for the program when the reset signal returns to the high voltage level.
- the synchronous mode of operation is more commonly met with smartcards used for telephonic applications.
- the sequence of operations for activating the smartcard processor 320 is defined in order to minimize the possibility of damaging the smartcard processor 320. Of particular importance is avoiding corruption of the non- volatile memory 322 of the smartcard.
- Most smartcard processors 320 operate using an active low reset mode in which the smartcard processor 320 transfers control to the entry address for the program when the reset signal returns to the high voltage level.
- the sequence performed by the smartcard processor includes the steps of setting the RST line low, applying VCC to the proper supply voltage, setting the I/O in the receive mode, setting VPP in the idle mode, applying the clock, and taking the RST line high (active low reset).
- the smartcard processor 320 responds with an answer-to-reset message.
- the answer-to-reset signal is at most 33 characters, and includes 5 fields including an initial character (TS), a format character (TO), interface characters (TAi, TBi, TCi, and TDi), historical characters (Tl, T2, ... , TK), and a check character (TCK).
- TS initial character
- TO format character
- TO interface characters
- Ti TAi, TBi, TCi, and TDi
- historical characters Tl, T2, ... , TK
- TCK check character
- the answer-to-reset signal provides an indication of the smartcard protocol(s) which are supported smartcard processor.
- the reset signal is provided by the VSRM 302, packaged by the communication module 312, and sent via the USB-compliant interface 130B to the personal key 300.
- the message is unwrapped by the translation module 318.
- the smartcard reader emulation module activates the RST signal path in the smartcard interface 324, thus providing the RST command to the smartcard processor 320.
- the smartcard processor 320 responds with an answer-to-reset message, sends the message via the serial I/O line of the smartcard interface 324 to the interface processor 314.
- the personal key 300 does not comprise a smartcard processor 320, but rather a special purpose processor which does not respond to messages and commands in the smartcard I/O protocol (such as that which is illustrated in FIG. 1).
- the present invention can still be used with existing smartcard applications 110, however, because the VSRM 302 and the interface processor 314 can be used to simulate the presence of a smartcard processor 320.
- the NSRM accepts the reset command from the PC/SC modules in the operating system 108, translates the reset message into a functionally equivalent message for the special purpose processor in the personal key 300, and transmits the message to the personal key 300.
- the personal key 300 After the personal key 300 is activated, it sends a message indicating as such to the host computer 102.
- the VSRM 302 and translates this ⁇ message to a response that is compatible with the smartcard application 110, namely, an ATR message.
- the smartcard command to special purpose processor command translation can occur i the emulation processor 314 in the personal key 300:
- a protocol type selection (PTS) message maybe sent to the smartcard processor 320.
- the PTS-message from the OS 108 is received by the ' PTS ' riiodule 310 in the VSRM 302, packaged for transmission via the USB-compliant interface 130 to the personal key 300, where it is unpackaged and provided to the smartcard processor 320.
- the smartcard provides a response consistent with the ISO standards to the emulation module 316. The response is packaged, and transmitted over the USB-compliant interface 130 to the host computer 102, where it is unpackaged by the communication module 312 and provided to the operating system.
- FIGS. 4A-4D are flow charts presenting exemplary method steps used to practice one embodiment of the present invention.
- the virtual smartcard reader 302 accepts 402 a bootup query from the host ⁇ computer's operating system 108. Although a smartcard reader is not communicatively coupled to the host computer 130 the virtual smartcard reader 302 emulates the existence of a smartcard reader and provides an indication that a smartcard reader is available to the OS 108. Consequently, when the bootup procedures are completed, a smartcard reader will be registered as an available device to smartcard applications 110.
- a personal key 300 may or may not be communicatively coupled to the USB-compliant interface 130.
- the VSRM 302 When a personal key 300 is not attached, the VSRM 302 provides 404 the same indication to the operating system 108 as would be supplied by a smartcard reader without an inserted smartcard. This is accomplished by receiving 406 an indication that the personal key has been communicatively coupled to the USB-compliant interface, and providing an indication to the host computer operating system. Since the NSRM is emulating the functions of a smartcard, the indicatio is provided 408 to the host computer operating system (or equivalently, the personal computer/smartcard (PC/SC) interface modules therein) is that of an insert event. . .
- PC/SC personal computer/smartcard
- a protocol type selection (PTS) command may be issued by the operating system 108.
- the VSRM 302 receives ;4iiQ ihe.PTS command, packages the command for transmission to the personal key 300 via the USB-compliant interface 130.
- the wrapped PTS command is then transmitted over the USB-compliant interface 130 and received by the personal key 300.
- the PTS command is unwrapped by the translate module 318 in the interface processor 314 and provided to the smartcard processor 320 via the smartcard-compliant interface 324.
- the smartcard processor computes the appropriate response, sends the response to the interface processor 314, where the response is packaged by the translate module 318 for transmission to the host computer 102 via the USB-compliant interface 130.
- FIG. 4B is a flow chart .describing exemplary method steps used to provide commands and or data from the OS 108 to the smartcard processor 320 and from the smartcard processor 320 to the OS 108.
- a message which may comprise a smartcard reader command belonging to a smartcard reader command set is accepted 414 from a host computer operating system 108 in the virtual smartcard reader module (VSRM) 302.
- the message is packaged 416 for transmission via the USB-compliant interface 130 according to a first message transfer protocol.
- the packaged message is then transmitted 418 to the communicatively coupled personal key 300 via the USB-compliant interface 130.
- the packaged message is received 420 and unpackaged 422 in the personal key 300.
- the smartcard reader command is translated 424 into a smartcard command within the personal key 300 before being provided 426 to the smartcard processor 320.
- the smartcard processor 320 -then performs the indicated operation, and a response is accepted 428 from the smartcard processor 320.
- the smartcard response requires further processing by a smartcard.reader, the smartcard response is translated 430 into a smartcard reader reader response is then packaged 432 and transmitted 434 to the host computer 102 via the USB.-com ⁇ liant interface 130.
- the host computer 102 receives 436" and unpackages 438 the message and provides 440 the response to the smartcard software application 110 that issued the command.
- the VSRM 302 reports 444 an indication to the OS 108 that the "virtual smartcard" (the personal key 300) has been removed.
- the provided indication is the same as that which would be provided by a smartcard reader when a smartcard is. ⁇ emoved..
- the indication can be obtained, for example by receiving 442 an indication-from. a USB driver or other device indicating the removal of a USB device.
- Tables I and ⁇ pE ⁇ sides- an summary of the communication protocol for an OS 108 command from-.the host, computer 102 to the smartcard processor 320 in the personal key (Table 1) ⁇ . and for a smartcard processor 320 response to the operating system 108.
- Table H Tables m and IV provides a summary of the communication protocol for a request from an application program 110 to the smartcard processor 320 and for a request from an application program 110 to the smartcard processor 320.
- the present invention describes a personal key comprising a USB-compliant interface releaseably coupleable to a host processing device operating under command of an operating system; a smartcard processor having a smartcard processor-compliant interface for communicating according to a smartcard input and output protocol; and an interface processor, communicatively coupled to the USB- compliant interface and to the smartcard processor-compliant interface, the interface processor implementing a translation module for interpreting USB-compliant messages into smartcard processor-compliant messages and for interpreting smartcard processor-compliant messages into USB-compliant messages.
- the invention is described by a method comprising the steps of accepting a message comprising a smartcard reader command selected from a smartcard reader command set from a host computer operating system in a virtual smartcard reader; packaging the message for transmission via a USB-compliant interface according to a first message transfer protocol; transmitting the packaged message to a personal key communicatively coupled to the USB-compliant interface; receiving the packaged message in the personal key; unpackaging the message in the personal key to recover the smartcard reader command; translating the smartcard reader command into a smartcard command within the personal key; and providing the smartcard command to the smartcard processor.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Information Transfer Systems (AREA)
- Communication Control (AREA)
- Computer And Data Communications (AREA)
- Bus Control (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU83866/01A AU8386601A (en) | 2000-06-15 | 2001-06-15 | Usb-compliant personal key using a smartcard processor and smartcard reader emulator |
EP01962744A EP1290536A2 (en) | 2000-06-15 | 2001-06-15 | Usb-compliant personal key using a smartcard processor and a smartcard reader emulator |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US59445600A | 2000-06-15 | 2000-06-15 | |
US09/594,456 | 2000-06-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001096990A2 true WO2001096990A2 (en) | 2001-12-20 |
WO2001096990A3 WO2001096990A3 (en) | 2002-04-04 |
Family
ID=24378943
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2001/006816 WO2001096990A2 (en) | 2000-06-15 | 2001-06-15 | Usb-compliant personal key using a smartcard processor and a smartcard reader emulator |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1290536A2 (en) |
AU (1) | AU8386601A (en) |
WO (1) | WO2001096990A2 (en) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003079163A2 (en) * | 2002-03-13 | 2003-09-25 | Fujitsu Siemens Computers Gmbh | Access protection for a computer by means of a transportable storage medium |
WO2004031923A1 (en) * | 2002-10-07 | 2004-04-15 | Axalto Sa | Signature creation device |
EP1429283A2 (en) * | 2002-12-12 | 2004-06-16 | Giesecke & Devrient GmbH | Portable data carrier |
US6752321B1 (en) | 2003-03-31 | 2004-06-22 | Stmicroelectronics, Inc. | Smart card and method that modulates multi-color LED indicative of operational attributes and/or transactions between the smart card and USB port of a USB host |
US6769622B1 (en) | 2003-03-14 | 2004-08-03 | Stmicroelectronics, Inc. | System and method for simulating universal serial bus smart card device connected to USB host |
US6772956B1 (en) | 2003-03-31 | 2004-08-10 | Stmicroelectronics, Inc. | Smart card and method that modulates traffic signaling indicative of operational attributes of the smart card and/or transactions between the smart card and USB port of a USB host |
WO2004109529A1 (en) * | 2003-05-22 | 2004-12-16 | Nokia Corporation | A connection bus, an electronic device, and a system |
FR2856211A1 (en) * | 2003-06-11 | 2004-12-17 | Laurent Olivier Philipp Maitre | Removable device for user identification and authentication, and signing of user action, has mode of connection to host, memories storing data and software, and microcontroller connected to memories and embedded security sub-set |
WO2004059562A3 (en) * | 2002-12-20 | 2005-01-06 | Giesecke & Devrient Gmbh | Portable data carrier with network server functionality |
US6843423B2 (en) | 2003-03-13 | 2005-01-18 | Stmicroelectronics, Inc. | Smart card that can be configured for debugging and software development using secondary communication port |
US6945454B2 (en) | 2003-04-22 | 2005-09-20 | Stmicroelectronics, Inc. | Smart card device used as mass storage device |
US7044390B2 (en) | 2003-06-02 | 2006-05-16 | Stmicroelectronics, Inc. | Smart card emulator and related methods using buffering interface |
US7127649B2 (en) * | 2003-06-09 | 2006-10-24 | Stmicroelectronics, Inc. | Smartcard test system and related methods |
US7178724B2 (en) | 2003-04-21 | 2007-02-20 | Stmicroelectronics, Inc. | Smart card device and method used for transmitting and receiving secure e-mails |
US7213766B2 (en) | 2003-11-17 | 2007-05-08 | Dpd Patent Trust Ltd | Multi-interface compact personal token apparatus and methods of use |
WO2007149671A2 (en) * | 2006-06-23 | 2007-12-27 | Sentillion, Inc. | Remote network access via virtual machine |
WO2009003682A2 (en) * | 2007-07-02 | 2009-01-08 | Giesecke & Devrient Gmbh | Execution of applications on a mobile phone card |
US7597250B2 (en) | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US7762470B2 (en) | 2003-11-17 | 2010-07-27 | Dpd Patent Trust Ltd. | RFID token with multiple interface controller |
US7823133B2 (en) | 2003-04-23 | 2010-10-26 | Stmicroelectronics, Inc. | Smart card device and method for debug and software development |
GB2486920A (en) * | 2010-12-31 | 2012-07-04 | Daniel Cvrcek | USB data storage and generation device connected to a host computer as or as an interface to a Human Interface Device |
US8326449B2 (en) | 2007-04-05 | 2012-12-04 | Microsoft Corporation | Augmenting a virtual machine hosting environment from within a virtual machine |
US20140032809A1 (en) * | 2012-07-24 | 2014-01-30 | Walton Advanced Engineering Inc. | Composite data transmission interface and a judgment method thereof |
US9213513B2 (en) | 2006-06-23 | 2015-12-15 | Microsoft Technology Licensing, Llc | Maintaining synchronization of virtual machine image differences across server and host computers |
US20210064767A1 (en) * | 2016-11-23 | 2021-03-04 | Entrust Corporation | Printer identity and security |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
EP0936530A1 (en) * | 1998-02-16 | 1999-08-18 | Siemens Nixdorf Informationssysteme AG | Virtual smart card |
WO2000023936A1 (en) * | 1998-10-21 | 2000-04-27 | Litronic, Inc. | Apparatus and method of providing a dual mode card and reader |
EP1001329A2 (en) * | 1998-11-10 | 2000-05-17 | Aladdin Knowledge Systems Ltd. | A user-computer interaction method for use by flexibly connectable computer systems |
WO2000075755A1 (en) * | 1999-06-08 | 2000-12-14 | Eutron Infosecurity S.R.L. | Identification device for authenticating a user |
-
2001
- 2001-06-15 EP EP01962744A patent/EP1290536A2/en not_active Withdrawn
- 2001-06-15 AU AU83866/01A patent/AU8386601A/en not_active Abandoned
- 2001-06-15 WO PCT/EP2001/006816 patent/WO2001096990A2/en not_active Application Discontinuation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
EP0936530A1 (en) * | 1998-02-16 | 1999-08-18 | Siemens Nixdorf Informationssysteme AG | Virtual smart card |
WO2000023936A1 (en) * | 1998-10-21 | 2000-04-27 | Litronic, Inc. | Apparatus and method of providing a dual mode card and reader |
EP1001329A2 (en) * | 1998-11-10 | 2000-05-17 | Aladdin Knowledge Systems Ltd. | A user-computer interaction method for use by flexibly connectable computer systems |
WO2000075755A1 (en) * | 1999-06-08 | 2000-12-14 | Eutron Infosecurity S.R.L. | Identification device for authenticating a user |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003079163A2 (en) * | 2002-03-13 | 2003-09-25 | Fujitsu Siemens Computers Gmbh | Access protection for a computer by means of a transportable storage medium |
WO2003079163A3 (en) * | 2002-03-13 | 2004-03-18 | Fujitsu Siemens Computers Gmbh | Access protection for a computer by means of a transportable storage medium |
WO2004031923A1 (en) * | 2002-10-07 | 2004-04-15 | Axalto Sa | Signature creation device |
EP1429283A2 (en) * | 2002-12-12 | 2004-06-16 | Giesecke & Devrient GmbH | Portable data carrier |
EP1724713A3 (en) * | 2002-12-12 | 2007-01-24 | Giesecke & Devrient GmbH | Portable data carrier |
EP1429283A3 (en) * | 2002-12-12 | 2004-07-14 | Giesecke & Devrient GmbH | Portable data carrier |
EP1724713A2 (en) * | 2002-12-12 | 2006-11-22 | Giesecke & Devrient GmbH | Portable data carrier |
WO2004059562A3 (en) * | 2002-12-20 | 2005-01-06 | Giesecke & Devrient Gmbh | Portable data carrier with network server functionality |
US6910638B2 (en) | 2003-03-13 | 2005-06-28 | Stmicroelectronics, Inc. | Smart card that can be configured for debugging and software development using secondary communication port |
US6843423B2 (en) | 2003-03-13 | 2005-01-18 | Stmicroelectronics, Inc. | Smart card that can be configured for debugging and software development using secondary communication port |
US6769622B1 (en) | 2003-03-14 | 2004-08-03 | Stmicroelectronics, Inc. | System and method for simulating universal serial bus smart card device connected to USB host |
US6772956B1 (en) | 2003-03-31 | 2004-08-10 | Stmicroelectronics, Inc. | Smart card and method that modulates traffic signaling indicative of operational attributes of the smart card and/or transactions between the smart card and USB port of a USB host |
US6752321B1 (en) | 2003-03-31 | 2004-06-22 | Stmicroelectronics, Inc. | Smart card and method that modulates multi-color LED indicative of operational attributes and/or transactions between the smart card and USB port of a USB host |
US7178724B2 (en) | 2003-04-21 | 2007-02-20 | Stmicroelectronics, Inc. | Smart card device and method used for transmitting and receiving secure e-mails |
US6945454B2 (en) | 2003-04-22 | 2005-09-20 | Stmicroelectronics, Inc. | Smart card device used as mass storage device |
US7823133B2 (en) | 2003-04-23 | 2010-10-26 | Stmicroelectronics, Inc. | Smart card device and method for debug and software development |
WO2004109529A1 (en) * | 2003-05-22 | 2004-12-16 | Nokia Corporation | A connection bus, an electronic device, and a system |
US7430625B2 (en) | 2003-05-22 | 2008-09-30 | Spyder Navigations L.L.C. | Connection of a memory component to an electronic device via a connection bus utilizing multiple interface protocols |
US7044390B2 (en) | 2003-06-02 | 2006-05-16 | Stmicroelectronics, Inc. | Smart card emulator and related methods using buffering interface |
US7127649B2 (en) * | 2003-06-09 | 2006-10-24 | Stmicroelectronics, Inc. | Smartcard test system and related methods |
FR2856211A1 (en) * | 2003-06-11 | 2004-12-17 | Laurent Olivier Philipp Maitre | Removable device for user identification and authentication, and signing of user action, has mode of connection to host, memories storing data and software, and microcontroller connected to memories and embedded security sub-set |
US7597250B2 (en) | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US7213766B2 (en) | 2003-11-17 | 2007-05-08 | Dpd Patent Trust Ltd | Multi-interface compact personal token apparatus and methods of use |
US7762470B2 (en) | 2003-11-17 | 2010-07-27 | Dpd Patent Trust Ltd. | RFID token with multiple interface controller |
WO2007149671A3 (en) * | 2006-06-23 | 2008-08-28 | Sentillion Inc | Remote network access via virtual machine |
WO2007149671A2 (en) * | 2006-06-23 | 2007-12-27 | Sentillion, Inc. | Remote network access via virtual machine |
US9213513B2 (en) | 2006-06-23 | 2015-12-15 | Microsoft Technology Licensing, Llc | Maintaining synchronization of virtual machine image differences across server and host computers |
US9392078B2 (en) | 2006-06-23 | 2016-07-12 | Microsoft Technology Licensing, Llc | Remote network access via virtual machine |
US8326449B2 (en) | 2007-04-05 | 2012-12-04 | Microsoft Corporation | Augmenting a virtual machine hosting environment from within a virtual machine |
WO2009003682A3 (en) * | 2007-07-02 | 2009-02-26 | Giesecke & Devrient Gmbh | Execution of applications on a mobile phone card |
WO2009003682A2 (en) * | 2007-07-02 | 2009-01-08 | Giesecke & Devrient Gmbh | Execution of applications on a mobile phone card |
GB2486920A (en) * | 2010-12-31 | 2012-07-04 | Daniel Cvrcek | USB data storage and generation device connected to a host computer as or as an interface to a Human Interface Device |
US20140032809A1 (en) * | 2012-07-24 | 2014-01-30 | Walton Advanced Engineering Inc. | Composite data transmission interface and a judgment method thereof |
US8959273B2 (en) * | 2012-07-24 | 2015-02-17 | Walton Advanced Engineering Inc. | Composite data transmission interface and a judgment method thereof |
US20210064767A1 (en) * | 2016-11-23 | 2021-03-04 | Entrust Corporation | Printer identity and security |
Also Published As
Publication number | Publication date |
---|---|
WO2001096990A3 (en) | 2002-04-04 |
AU8386601A (en) | 2001-12-24 |
EP1290536A2 (en) | 2003-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001096990A2 (en) | Usb-compliant personal key using a smartcard processor and a smartcard reader emulator | |
EP1473664B1 (en) | Smart card device as mass storage device | |
RU2267155C2 (en) | Method for user-computer interaction for use by a set of flexibly connected computer systems, device, having block for connection to flexibly connected computer systems, a set of devices, having a block for connection to flexibly connected computer system, universal serial bus key, method for interaction with main computer via usb and data storage method (variants) | |
US6769622B1 (en) | System and method for simulating universal serial bus smart card device connected to USB host | |
US7011247B2 (en) | Method of communication between a smart card and a host station | |
EP2698738B1 (en) | User authentication device having multiple isolated host interfaces | |
US6470284B1 (en) | Integrated PC card host controller for the detection and operation of a plurality of expansion cards | |
EP1643372B1 (en) | USB device with secondary USB on-the-go function | |
JP3776401B2 (en) | Multi-mode smart card system and related method | |
US7222240B2 (en) | Token for storing installation software and drivers | |
EP1834276A2 (en) | System and method for securing the intialization of a smartcard controller | |
US20010024066A1 (en) | Handheld device, smart card interface device (IFD) and data transmission method | |
JPH08297634A (en) | Card reader terminal and execution method of plurality of applications of said terminal | |
CN104102870B (en) | Electron underwriting authentication expansion equipment and information processing method | |
Itoi et al. | SCFS: A UNIX Filesystem for Smartcards. | |
Balacheff et al. | Smartcards–from security tokens to intelligent adjuncts | |
Itoi et al. | Practical security systems with smartcards | |
TW567440B (en) | Smart card virtual hub | |
Catuogno et al. | Securing operating system services based on smart cards | |
Seminar | GPD/STIP Technology For Devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001962744 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001962744 Country of ref document: EP |
|
NENP | Non-entry into the national phase in: |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001962744 Country of ref document: EP |