WO2011107871A2 - Portable electronic device interfaceable with a computer - Google Patents

Portable electronic device interfaceable with a computer Download PDF

Info

Publication number
WO2011107871A2
WO2011107871A2 PCT/IB2011/000477 IB2011000477W WO2011107871A2 WO 2011107871 A2 WO2011107871 A2 WO 2011107871A2 IB 2011000477 W IB2011000477 W IB 2011000477W WO 2011107871 A2 WO2011107871 A2 WO 2011107871A2
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
electronic device
portable electronic
port
internal
Prior art date
Application number
PCT/IB2011/000477
Other languages
French (fr)
Other versions
WO2011107871A3 (en
Inventor
Aldo Gigantesco
Original Assignee
Elsag Datamat Spa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Elsag Datamat Spa filed Critical Elsag Datamat Spa
Publication of WO2011107871A2 publication Critical patent/WO2011107871A2/en
Publication of WO2011107871A3 publication Critical patent/WO2011107871A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Definitions

  • the present invention relates to a portable electronic device, and in particular to a portable electronic device that can be interfaced with a computer.
  • transceiver systems enable connection of the mobile computer apparatuses to a generic computer network, in a wired or else in a wireless mode, indifferently.
  • the connections are made in compliance with appropriate communication protocols, which, as is known, can regard one or more layers of the stack of layers described in the ISO-OSI (International Organization for Standardization - Open Systems Interconnection) model, just to mention the most widely known example of standardization.
  • ISO-OSI International Organization for Standardization - Open Systems Interconnection
  • the connection between two generic computer devices typically envisages the involvement of a number of layers of the aforementioned stack of layers, each associated to a respective communication protocol.
  • each of the protocols useful for connecting two generic computer devices is totally or partially entrusted to the aforementioned transceiver systems, possibly in co-operation with further subsystems present in the mobile computer apparatuses. Irrespective of said details, in the case where it is desired to connect in a wired mode a generic mobile computer apparatus to the outside world, it is sufficient connect the mobile computer apparatus to a so-called "network socket", by means of an appropriate network cable.
  • the transceiver system of the mobile computer apparatus is able to transmit and receive electromagnetic signals via so-called access points, which today are increasingly widespread, and perform a function similar to that of network sockets.
  • the mobile computer apparatuses available today hence enable a great flexibility of use.
  • they present a high circuit complexity, in so far as they require, amongst other things, first components such as, for example, respective RAMs, i.e., memories of a volatile type with random access for reading/writing, and respective ROMs, i.e., non-volatile memories in which respective operating systems can be stored.
  • Said first components have undergone and are still undergoing in time a continuous reduction of their overall dimensions, weights, and consumption levels.
  • mobile computer apparatuses require second components such as, for example, keyboards, computer mice, and displays, in order to enable users to interact with the mobile computer apparatuses themselves, as well as with the outside world.
  • said second components cannot be miniaturized excessively without jeopardizing ergonomy and comfort of use thereof.
  • USB keys are provided with respective USB connectors; hence, since by now practically all desktop computers and mobile computer apparatuses are provided with connectors compliant with the USB standard (and complementary to the connectors that usually equip USB keys) , it is possible to connect the USB keys to the desktop computers and to the mobile computer apparatuses and control operations of reading, writing, erasure, and re-writing of information in said USB keys by means of desktop computers and/or mobile computer apparatuses.
  • non-volatile portable mass memories which will be referred to hereinafter for simplicity as “memory cards”, are represented by so-called “Memory sticks”, “MicroSDs”, “Smart Media”, etc.
  • memory cards are simple and inexpensive, and enable storage of information in a flexible way.
  • memory cards require electrical coupling to computers, whether desktop computers or mobile computer apparatuses, in order to use one or more components thereof, such as for example keyboards and displays.
  • the operating system of the given computer mounts the given memory card as any peripheral connected to the given computer; next, it is thus possible to display and/or modify the information present in the given memory card.
  • driver is understood a set of software instructions, frequently written in a low-level language (for example, Assembler) , which enables an operating system to control a corresponding hardware device.
  • memory cards enable users to carry along with them all the information necessary (including operating systems) on a medium having very small dimensions that is convenient to carry. At the moment when there arises the need to access said information, it is sufficient to connect the memory card to a desktop computer or else to a mobile computer apparatus, which will be referred to hereinafter as a whole as "host computer" .
  • host computer a mobile computer apparatus
  • the owner of the memory card i.e., the person who physically possesses the memory card, is different from the owner of the host computer, and consequently the information present in the host computer and in the memory card must be inaccessible to the owner of the memory card and to the owner of the host computer, respectively.
  • the person who effectively uses the host computer can access, in general, not only the information contained in the memory card, but also the information contained in the host computer, and in particular in a possible hard disk of the host computer.
  • the patent application No .WO2007/123728 describes a system in which portable apparatuses are employed to enable secure use of host computers, which load in the respective memories operating systems contained in the portable apparatuses .
  • the operating systems contained in the portable apparatuses can function as virtual operating systems, which operate over operating systems resident in the host computers, or else as main operating systems, in the case where the host computers are not provided with an operating system of their own.
  • the system described in WO2007/123728 envisages that the host computers are provided with respective hardware profiles, i.e., collections of drivers that enable the operating systems contained in the portable apparatuses to use the host computers effectively.
  • Said hardware profiles are located alternatively in the host computers themselves, or else in a server to which the host computers are connected. In general, it is in any case necessary for the hardware profiles to be not only available but also secure.
  • execution of a reset procedure is envisaged, with consequent increase of the complexity of the system.
  • the aim of the present invention is to provide a portable electronic device that will solve at least in part the drawbacks of the known art .
  • a portable electronic device is provided as defined in Claim 1.
  • FIG. 1 shows a block diagram of an embodiment of a portable electronic device according to the present invention.
  • FIG. 2 shows a block diagram of a different embodiment of the present portable electronic device.
  • the portable electronic device 1 further comprises at least one light indicator 17, by means of which the internal processing unit 4 can notify to the owner of the mobile electronic device 1 information such as, for example, operating states of the portable electronic device 1. As described by way of example hereinafter, said operating states can comprise a power-on state, an authentication-request state, an error state, and a transmission state.
  • the portable electronic device 1 further comprises a fingerprint- recognition device 18, which is able to detect, in a way in itself known, a fingerprint.
  • a first operating system and a second operating system which will be referred to hereinafter, respectively, as “internal operating system OSl” and “external operating system OS2 " .
  • drivers stored in the internal non-volatile memory 8 are drivers (described hereinafter) and possible operating parameters of the internal operating system OSl and of the external operating system OS2, such as for example respective lists of accredited users and of respective communication devices that can be interfaced with the operating systems OSl, 0S2 themselves.
  • the internal non-volatile memory 8 can comprise a first portion and a second portion, designated respectively by 8a and 8b.
  • the second portion 8b can, instead, be used for storage of a plurality of internal drivers, the internal operating system OSl, possible operating parameters for the internal operating system OSl, and moreover possible applications that can be executed by the internal operating system OSl.
  • data of configuration of the portable electronic device 1 such as for example authorizations for the use of the first internal port 10 or of the first external port 14, or else first credentials (for example, a respective pair formed by a username and a password) to be used during transmission through a corresponding port, as described hereinafter.
  • Both the internal operating system OSl and the external operating system OS2 are of a certified type, for example according to the program known as "Common Criteria", which comprises a series of standards recognized at an international level (ISO 15408 standard) that define a scheme of evaluation of the characteristics of security of a computer product.
  • ISO 15408 standard an international level
  • both the internal operating system OS1 and the external operating system OS2 can present security functions (for example, the requirement of entering a password in order to be able to use the operating system) that cannot be circumvented electronically by ill-intentioned persons.
  • both the first operating system OSl and the second operating system OS2 can run a respective number of applications (for example, Internet browsers, text editors, etc.).
  • the internal operating system OSl is able to control, by means of a purposely provided internal driver, the fingerprint-recognition device 18, as well as to run possible applications (contained in the portion 8b) , and hence to load programs into the internal volatile memory 6.
  • the external operating system OS2 it is configured so that it can be equipped, as described in detail hereinafter, with just the external drivers, stored in the portion 8a of the internal non-volatile memory 8.
  • the external drivers correspond only to electronic components such as displays and corresponding video cards, keyboards, computer mice, and internal control devices such as, for example, processors, clocks, volatile memories, DMA
  • connection ports of the same type as the first port 10 for example, in the embodiment shown in Figure 1, USB ports.
  • the external operating system OS2 is configured for erasing any datum that has been written in any volatile memory of a generic computer in which the external operating system OS2 itself has been loaded, whenever one of the following erasure conditions arises: i) end of a session
  • the portable electronic device 1 can be connected to a host computer 22, which can be constituted by a desktop computer, a mobile computer, a tablet-PC, or any computer apparatus, provided that it is equipped, not only with a respective processor 23, but also with a display 24, a keyboard 26, and a first docking connector 28a suitable for being mechanically and electrically coupled to the first internal connector 10a, and connected in a way in itself known to a first docking control unit 28b in such a way as to form a first docking port 28.
  • the first internal port 10 is of a USB type
  • the first docking port 28 is of a USB type.
  • the first docking port 28 to be a USB port of a master type
  • the first internal port 10 to be a USB port of a slave type; in this way, the portable electronic device 1 can be supplied by the host computer 22.
  • boot or "bootstrap”
  • steps are generally known, as a whole, as “boot” or “bootstrap”, and typically terminate with loading into the external volatile memory 30 of a resident operating system (usually stored in the hard disk 29 or else in a respective dedicated non-volatile memory) , and with subsequent execution of said resident operating system by the processor 23.
  • a resident operating system usually stored in the hard disk 29 or else in a respective dedicated non-volatile memory
  • the external operating system OS2 is configured in such a way that, when run on the processor 23, it cannot load in the external volatile memory 30 any other drivers except for the external drivers, stored in the first portion 8a of the internal non-volatile memory 8. Moreover, as has been said previously, the external operating system OS2 is configured for erasing, whenever there arises one of the aforementioned shut-down conditions i-iii) , any datum that has been written in the external volatile memory 30 (or else in possible further volatile memories of the host computer 22) . Again, the external operating system OS2 prevents, when run, use of any port of the host computer 22 not connected to the portable electronic device 1, and in particular any port connected to an electronic device other than the portable electronic device.
  • the external operating system OS2 prevents use of any possible port (not shown) of the host computer 22 other than the first docking port 28.
  • the owner of the portable electronic device 1 after previously verifying (as described hereinafter) that he is effectively one of the aforementioned enabled users, can use hardware resources of the host computer 22, without, however, being able to access the data contained therein, in particular the data contained in the hard disk 29, or to access the outside world, i.e., electronic devices different from the host computer 22 and from the portable electronic device 1, if not through the mediation of the portable electronic device 1 itself, as described hereinafter.
  • the aforementioned owner can modify/display the user data present in the first portion 8a of the non-volatile memory 8 of the portable electronic device 1, which is seen by the external operating system OS2 as a generic storage-medium unit, when the first internal port 10 and the first docking port 28 are connected to one another.
  • the first portion 8a of the internal non-volatile memory 8 functions both as first memory key of a USB type, stored in which is the external operating system OS2, and as second memory key of a USB type, stored in which are the user data, which are accessible to the external operating system OS2 when it is run on the host computer 22.
  • the external operating system OS2 can identify the aforementioned first and second memory keys of a USB type as a single logic unit or else as two or more distinct logic units.
  • the external operating system OS2 is configured for identifying the aforementioned first and second memory keys of a USB type as two distinct logic units, it is moreover configured in such a way that the logic unit, stored in which is the external operating system OS2 itself, is not modifiable by the person who uses the host computer 22, i.e., is mounted read-only.
  • the external operating system OS2 is configured in such a way that the logic unit in which the user data are stored is accessible to the person who uses the host computer 22, i.e., is mounted read and write.
  • stored in the TPM 9 is at least one fingerprint (or the characteristic parameters of a fingerprint) of at least one enabled user.
  • the internal operating system 0S1 is loaded in the internal volatile memory 6 and run on the internal processing unit 4.
  • the internal operating system OS1 which during the step of loading of the internal operating system 0S1 controls the light indicator 17 so as to notify the power-on state, notifies the owner of the portable electronic device 1 that the portable electronic device 1 is in the authentication-request state, once again by means of the light indicator 17.
  • the owner of the portable electronic device 1 can interact in a way in itself known with the fingerprint- recognition device 18 in such a way that it will acquire a fingerprint of the owner of the portable electronic device 1.
  • the TPM 9, the internal processing unit 4, and the fingerprint-recognition device 18 co-operate to check that the fingerprints acquired by the fingerprint-recognition device 18 and corresponding to the owner of the portable electronic device 1 is the same as at least one of the fingerprints stored in the TPM 9.
  • the internal operating system OS possibly by means of an appropriate application, transmits to the host computer 22 the external operating system OS2, through the first internal port 10, hence enabling completion of the bootstrap procedure in the host computer 22.
  • the internal operating system 0S1 issues a command to the light indicator 17 so as that it will notify the error state.
  • the internal operating system OSl controls the first internal control unit 10b in such a way that, in compliance with to the USB protocol, the first port 10 will be in a wait state; hence, the bootstrap operation cannot be completed, and consequently the external operating system OS2 is not loaded in the host computer 22.
  • the internal operating system OSl transmits effectively the external operating system OS2 , but in such a way that, when the bootstrap operation is completed, the external operating system OS2 will remain waiting for entry of a password.
  • the host computer 22 will be unusable, and hence also the user data present in the internal non-volatile memory 8 will be inaccessible.
  • the owner of the portable electronic device 1 is effectively an enabled user, he can use the host computer 22 for modifying/displaying any user data that may present in the first portion 8a of the internal non-volatile memory 8, as described previously.
  • authorized user An enabled user whose fingerprint stored coincide with the fingerprint acquired will be referred to hereinafter as "authorized user”.
  • the owner of the portable electronic device 1 is in effect the authorized user; consequently, for reasons of brevity and simplicity, the owner of the portable electronic device 1 will be referred to hereinafter as “authorized user” .
  • the internal operating system OSl co-operates with the external operating system OS2 in such a way that the external operating system 0S2 will detect at least one virtual communication port, through which the person who uses the host computer 22 can communicate with the outside world, for example with a company gateway.
  • the portable electronic device 1 enables setting-up of at least one first communication channel between the host computer 22 and the outside world.
  • the first external port 14 it is possible to connect the portable electronic device 1 to a communication card 40 of a known type, for example constituted by a Wi-fi card, a GSM/GPRS/HSDPA card, or the like.
  • the first external port 14 can be a USB port of a master type
  • the communication card 40 can comprise an integrated circuit 42 and a card port 44, which can be mechanically and electrically coupled to the first external port 14, as well as being electrically connected to the integrated circuit 42.
  • the card port 44 can be formed by a USB port of a slave type.
  • the communication card 40 can comprise a wireless-communication apparatus 46, which is also connected to the integrated circuit 42.
  • the second application notifies the first application of the presence of one or more communication channels, detected by the internal operating system OSl as described hereinafter.
  • the portable electronic device 1 can present, in addition to the first external port 14, at least one second external port 50, formed by a second external connector 50a and by a respective second external control unit 50b connected to the second external connector 50a and to the connection bus 20.
  • the second external port 50 is formed by a port of the RJ45 (Registered Jack 45) type, and hence the second external control unit 50b is a wired-network card.
  • the second external port 50 is able to connect in a wired way to a network device such as, for example, a router, a switch, or a hub.
  • first and second external ports 14, 50 are precisely of a USB and RJ45 type, respectively.
  • first external port 14, the second external port 50 (if present) and possible further ports that have the function of enabling connection of the portable electronic device 1 with electronic devices additional to the host computer 22 will be as a whole referred to as "external connection ports”.
  • the internal operating system OSl selects each external connection port and checks whether a corresponding communication channel is present; namely, it checks whether the connection port selected is effectively connected to a respective network device. In addition, the internal operating system OSl determines the characteristics of each communication channel (Wi-fi channel, wired channel, etc.) and associates each communication channel to the respective external connection port.
  • the internal operating system OSl checks whether it is effectively connected to the communication card 40. Moreover, if we assume that the communication card 40 is of a Wi-fi type, the operating system OSl detects the presence of a communication channel of a Wi-fi type and associates said communication channel of a Wi-fi type to the first external port 14. Likewise, in the case of the second external port 50 (if present) , the internal operating system OSl checks whether it is effectively connected to a router or to a similar device, in which case it detects the presence of a communication channel of a wired type, associated to the second external port 50.
  • the second application then notifies the first application of the presence of the communication channels detected by the internal operating system OSl.
  • the first application is thus able to display on the display 24 the communication channels detected.
  • the authorized user can then select a communication channel from among the communication channels detected by the internal operating system OSl .
  • the selection by the authorized user of one of the communication channels detected implies the selection of the external connection port associated to the communication channel selected, which will be referred to hereinafter as "selected external port".
  • selected external port the external connection port associated to the communication channel selected.
  • a number of communication channels can be selected by the authorized user, even though in what follows reference will be made for simplicity to the case where the authorized user can select just one communication channel.
  • the selected external port represents, for the external operating system OS2, the aforementioned virtual communication port.
  • Said virtual communication port enables the host computer 22 to communicate, through the portable electronic device 1, with the outside world, for example with a destination computer 54 connected to the portable electronic device 1 by interposition of a generic communication network 56.
  • the communication network 56 can be connected to the communication card 40, and hence to the first external port 14, as shown by way of example in Figure 2; in particular, in this case, the communication network 56 is connected in wireless mode to the wireless-communication apparatus 46 of the communication card 40. Similar considerations can, however, be made in the case where the communication network 56 connects to the portable electronic device 1 through the second external port 50.
  • the authorized user can moreover communicate to the internal operating system OS1 any possible technical and/or access parameters useful for configuring the selected external port.
  • Said technical and/or access parameters can comprise second credentials (for example, a further username and password pair) , in the case where the communication channel selected is of a wireless type, or else, in the case where the communication channel selected is of a wired type, a second dynamic or static IP address (for example, corresponding to the second external port 50) , as well as the IP addresses of a respective gateway and of a respective DNS (Domain Name System) .
  • the second credentials which can be different from the aforementioned first credentials, these may possibly be requested from the authorized user, for example to enable access of the portable electronic device 1 to the communication network 56 through the selected external port; for example, said second credentials can be requested to enable connection of the communication card 40 with a public gateway (not shown) of the communication network 56.
  • the authorized user can communicate said second credentials to the internal operating system OSl, for example at the moment of selection of the communication port.
  • Said second credentials can be temporarily stored in the external volatile memory 30 of the host computer 22 and/or in the first portion 8a of the internal non-volatile memory 8 of the portable electronic device 1.
  • the internal operating system OSl sets/transmits said possible technical and/or access parameters communicated by the authorized user, configuring the selected external port in such a way that the selected external port is ready to transmit .
  • the first application transmits to the second application the aforementioned user information, which can be stored in the external volatile memory 30 of the host computer 22 and/or in the first portion 8a of the internal non-volatile memory 8 of the portable electronic device 1.
  • the aforementioned user information can be stored in the external volatile memory 30 of the host computer 22 and/or in the first portion 8a of the internal non-volatile memory 8 of the portable electronic device 1.
  • further applications can be involved during the operations of determination/transmission of the user information.
  • the internal operating system OSl typically by running of a third application, assumes the task of transmitting the user information to the selected external port (possibly after a prior operation of cryptography) , by which it is then transmitted to the outside world.
  • the internal operating system OS1 of the portable electronic device 1 supplies, if requested by the destination computer 54, the first credentials regarding the authorized user and stored in the second portion 8b, in addition to setting up a so-called virtual private network (VPN) of a secure type (for example, a so-called IPsec VPN) with the destination computer 54, using (for its own authentication), in a way in itself known, the private key of the authorized user contained in the TPM 9 and the corresponding public key, which is public by its very definition.
  • VPN virtual private network
  • the operating system OS1 can generate in a pseudorandom way a session key, encrypt it with the public key that corresponds to the destination computer 54, and send the result of the encryption to the destination computer 54. Any subsequent transmission between the portable electronic device 1 and the destination computer 54 is then encrypted on the basis of the session key.
  • the internal operating system OSl can in any case implement cryptographic techniques different from the one described.
  • the security of the communications presents characteristics of possibility of identification, authentication, confidentiality (thanks to the VPN) , and integrity of the data, the latter characteristic being achievable by using, for example, error-checking codes.
  • identification it regards the possibility of identification of the authorized user by the destination computer 54.
  • the portable electronic device 1 can, for example, encrypt the user information with the private key of the authorized user, and send it to the destination computer 54 together with data regarding the authorized user (for example, first name and surname) in such a way that the destination computer 54, after obtaining (for example, by a certification authority) the corresponding public key for the authorized user, can decrypt the information received, using the public key obtained, and thus checking the identity of the authorized user.
  • the authentication derives, instead, from the possibility of implementing access rules, for example in the destination computer 54, on the basis of the identification.
  • the first external port 14 to a memory card (not shown) in which the authorized user can store the user information, for example by issuing a command to the external operating system OS2 in such a way that it will govern the internal operating system OSl so that the internal operating system OSl will store, possibly in an encrypted way, the user information in the memory card connected.
  • the encryption can take place on the basis of a public key corresponding to a user, who can be the only person allowed to access the user information thus encrypted.
  • the communications between the authorized user and the outside world are made exclusively through the communications between the portable electronic device 1 and the outside world, which are managed entirely by the internal operating system OSl .
  • the portable electronic device 1 can comprise a second internal port 60 formed by a second internal connector 60a and by a second internal control unit 60b.
  • the second internal control unit 60b is connected to the second internal connector 60a and to the connection bus 20.
  • the second internal port 60 is of an RJ45 type.
  • the host computer 22 is provided with a second docking port 62 compatible with the second internal port 60 (and connected to the remaining components of the host computer 22 in a way in itself known) , it is possible to set up a further connection between the portable electronic device 1 and the host computer 22.
  • the portion 8a of the non-volatile memory 8 at least one driver for communication ports is present of the same type as the second internal port 60.
  • the second external port 50 is of a USB type in such a way that it can be connected to an additional communication card (not shown) that is different from the communication card 40 and can be used by the authorized user for making connections with the outside world. It is moreover possible to equip the portable electronic device 1 in such a way that will integrate inside it also the radio functions traditionally performed by the communication card 40 (or the like) .
  • the host computer 22 with at least one third docking port 64, which in itself could be used to connect the host computer 22 to the communication network 56, without interposition of the portable electronic device.
  • the external operating system OS2 prevents the use of any port of the host computer 22 not connected to the portable electronic device 1; hence, it prevents the use of the third docking port 64, as well as, possibly, the second docking port 62, in the case where said port is not connected to the portable electronic device 1. In this way, there is prevented the possibility of the host computer 22 connecting to the outside world with non-secure connections, in so far as not directly controlled by the portable electronic device 1.
  • the present portable electronic device enables at any moment data to be accessed, without the encumbrance and weights typical of portable computers (above all as regards display and keyboard) , thanks to the possibility of resorting in a secure way to hardware components of computers made available by third persons.
  • use of said computers made available by third persons is rendered possible without leaving any trace of said use within the computers themselves, and without any danger for the data contained in the portable electronic device.
  • the present mobile electronic device enables secure communication with a possible external computer, such as for example a company gateway, without the host computer having to generate in a pseudorandom way a code to be used for encryption, and hence preventing the risk of said code generated in a pseudorandom way remaining in some way stored within the host computer and recovered by some other user of the host computer.
  • a possible external computer such as for example a company gateway
  • the mobile electronic device 1 can comprise, in addition to the internal non-volatile memory 8, at least one additional non-volatile memory, in which case it is possible to store the internal operating system OS1 and the external operating system OS2 within the internal non-volatile memory 8 and the additional non-volatile memory, respectively (or vice versa) , preventing the need for partitioning the internal nonvolatile memory 8, as is instead expedient in the case where there is just the internal non-volatile memory 8.
  • Said internal non-volatile memory 8 can be of a type different from the one described.
  • the external drivers it is possible to store further drivers with respect to what has been described, such as for example printer drivers, even though this can entail a reduction of the overall security.
  • some of the operations described it is possible for some of the operations described to be carried out by applications executed by the internal operating system OS1 or by the external operating system OS2, instead of by the internal operating system OSl and by the external operating system 0S2 themselves, or else for them to be totally or partially entrusted to components of the portable electronic device 1 (for example, the TPM 9).
  • the internal drivers comprise drivers for the smart-card reader.
  • the portable electronic device 1 can be provided with a RFID (Radio-Frequency Identification) tag reader, so as to be able to interact with RFID devices and implement proximity- verification functions.
  • RFID Radio-Frequency Identification
  • first internal port 10 first external port 14
  • second external port 50 second internal port 60
  • first internal port 10 first external port 14
  • second external port 50 second internal port 60
  • the portable electronic device 1 it is possible to provide light indicators additional to the light indicator 17, and/or to equip the portable electronic device 1 with signalling devices of a different type, such as for example a display (not shown) of its own, or else acoustic signalling devices.
  • signalling devices of a different type, such as for example a display (not shown) of its own, or else acoustic signalling devices.
  • the fingerprint-recognition device 18 can be replaced by a biometric-recognition device, i.e., a device able to detect data regarding biological characteristics (for example, a retina) of the owner of the mobile electronic device 1.
  • a biometric-recognition device i.e., a device able to detect data regarding biological characteristics (for example, a retina) of the owner of the mobile electronic device 1.
  • stored in the TPM 9 are biometric data regarding said biological characteristics .
  • the portable electronic device 1 can moreover be equipped so that it can be supplied by an external power supply so as to be able to work even in the absence of connection to the host computer; in addition, the portable electronic device 1 can comprise a respective battery (not shown) .
  • the present portable electronic device 1 can be connected also to a host computer without storage media of a non-volatile type.
  • the host computer can be without hard disk, in which case there is anyway no danger of the authorized user accessing confidential information of the owner of the host computer.
  • the present portable electronic device 1 enables an appropriate use thereof.
  • a gateway such as for example a company gateway, in which case it may be the company gateway itself that asks the portable electronic device 1 for the first credentials regarding the authorized user and stored in the second portion 8b.
  • the portable electronic device 1 can set up the virtual private network with said company gateway, in a way similar to what has been described previously as regards the destination computer 54.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Calculators And Similar Devices (AREA)

Abstract

A portable electronic device including: a first memory (8) of a non-volatile type, in which a first operating system (0S1) and a second operating system (OS2) are stored; a first processing unit (4) connected to the first memory, which executes the first operating system; a first internal port (10), which is connected to the first memory and can be connected to a corresponding first connection port (28) of a first computer system (22) provided with a second processing unit (23) and a storage medium (29) of a non-volatile type. When the second operating system is executed by the second processing unit (23), it prevents access by a user of the first computer system to the storage medium, and moreover prevents the use of any port of the first computer system connected to devices different from the portable electronic device.

Description

PORTABLE ELECTRONIC DEVICE INTERFACEABLE WITH A COMPUTER
TECHNICAL FIELD
The present invention relates to a portable electronic device, and in particular to a portable electronic device that can be interfaced with a computer.
BACKGROUND ART
As is known, current requirements of mobility impose the use of mobile computer apparatuses (portable computers, palm-tops, etc.)/ which can be carried by users in such a way that the users themselves have available, in any point where they may be, the aforesaid mobile computer apparatuses. In this way, the users are provided with the possibility of performing working and non-working activities even when they are at a distance from pre-set areas such as, for example, workplaces, Internet points, etc.
Given the ever-increasing need to share information, and hence to communicate with computers even located at a great distance from the user, typically mobile computer apparatuses are provided with purposely designed transceiver systems in order to enable connection with the "outside world ", i.e., in more technical terms, connection to one or more computer networks, such as, for example, the Internet. In general, said transceiver systems enable connection of the mobile computer apparatuses to a generic computer network, in a wired or else in a wireless mode, indifferently. In either case, the connections are made in compliance with appropriate communication protocols, which, as is known, can regard one or more layers of the stack of layers described in the ISO-OSI (International Organization for Standardization - Open Systems Interconnection) model, just to mention the most widely known example of standardization. Without going into further detail, and once again with reference to the ISO-OSI standard, the connection between two generic computer devices (computers, mobile computer apparatuses, etc.) typically envisages the involvement of a number of layers of the aforementioned stack of layers, each associated to a respective communication protocol. In practice, and with particular reference to the case of mobile computer apparatuses, the implementation of each of the protocols useful for connecting two generic computer devices is totally or partially entrusted to the aforementioned transceiver systems, possibly in co-operation with further subsystems present in the mobile computer apparatuses. Irrespective of said details, in the case where it is desired to connect in a wired mode a generic mobile computer apparatus to the outside world, it is sufficient connect the mobile computer apparatus to a so-called "network socket", by means of an appropriate network cable. Alternatively, in the case where it is desired to set up a connection of a wireless type, typically the transceiver system of the mobile computer apparatus is able to transmit and receive electromagnetic signals via so-called access points, which today are increasingly widespread, and perform a function similar to that of network sockets.
The mobile computer apparatuses available today hence enable a great flexibility of use. However, they present a high circuit complexity, in so far as they require, amongst other things, first components such as, for example, respective RAMs, i.e., memories of a volatile type with random access for reading/writing, and respective ROMs, i.e., non-volatile memories in which respective operating systems can be stored. Said first components have undergone and are still undergoing in time a continuous reduction of their overall dimensions, weights, and consumption levels. In addition, mobile computer apparatuses require second components such as, for example, keyboards, computer mice, and displays, in order to enable users to interact with the mobile computer apparatuses themselves, as well as with the outside world. Unlike the aforementioned first components, said second components cannot be miniaturized excessively without jeopardizing ergonomy and comfort of use thereof.
In addition to the aforementioned mobile computer apparatuses, today available are non-volatile portable mass memories, the most widely known example of which is perhaps represented by so-called USB (Universal Serial Bus) keys, also known as USB pens or pendrives . They are in particular portable memories that can be connected to desktop computers, or else to mobile computer apparatuses, by means of the so-called USB protocol. In greater detail, the USB keys that are currently most widespread are formed by memories of a flash type, i.e., nonvolatile memories belonging to the class of EEPROMs (Electrically Erasable and Programmable Read-Only Memories) , in which the operations of writing, erasure, and re-writing are performed electrically. Said USB keys are provided with respective USB connectors; hence, since by now practically all desktop computers and mobile computer apparatuses are provided with connectors compliant with the USB standard (and complementary to the connectors that usually equip USB keys) , it is possible to connect the USB keys to the desktop computers and to the mobile computer apparatuses and control operations of reading, writing, erasure, and re-writing of information in said USB keys by means of desktop computers and/or mobile computer apparatuses.
Further examples of non-volatile portable mass memories, which will be referred to hereinafter for simplicity as "memory cards", are represented by so-called "Memory sticks", "MicroSDs", "Smart Media", etc.
Operatively, from a circuit standpoint, memory cards are simple and inexpensive, and enable storage of information in a flexible way. However, in order to store information or modify information already stored, memory cards require electrical coupling to computers, whether desktop computers or mobile computer apparatuses, in order to use one or more components thereof, such as for example keyboards and displays. In fact, given a computer to which a given memory card is connected, if said computer is equipped with the appropriate drivers for the given memory card, the operating system of the given computer mounts the given memory card as any peripheral connected to the given computer; next, it is thus possible to display and/or modify the information present in the given memory card. By way of clarification, by "driver" is understood a set of software instructions, frequently written in a low-level language (for example, Assembler) , which enables an operating system to control a corresponding hardware device.
In practice, memory cards enable users to carry along with them all the information necessary (including operating systems) on a medium having very small dimensions that is convenient to carry. At the moment when there arises the need to access said information, it is sufficient to connect the memory card to a desktop computer or else to a mobile computer apparatus, which will be referred to hereinafter as a whole as "host computer" . However, it very frequently happens that the owner of the memory card, i.e., the person who physically possesses the memory card, is different from the owner of the host computer, and consequently the information present in the host computer and in the memory card must be inaccessible to the owner of the memory card and to the owner of the host computer, respectively. However, at the moment when access is made to the host computer, and once the memory card is connected, the person who effectively uses the host computer can access, in general, not only the information contained in the memory card, but also the information contained in the host computer, and in particular in a possible hard disk of the host computer.
By way of example, there frequently arises the situation in which the owner of the host computer authorizes the owner of the memory card to use his own computer. In this way, the owner of the memory card can access the data present in the hard disk of the host computer, both in reading and in writing, and can hence alter the data contained therein. In addition, he himself is exposed to the risk of the host computer (and in particular the programs contained therein) not being secure, and hence is exposed to the risk of damage of the information present in the memory card. It is likewise possible that, following upon the use described, any confidential information present in the memory card will remain stored within the host computer even after the memory card has been disconnected from the host computer, and will become hence accessible to subsequent users of the host computer, in addition to the actual owner of the host computer .
The patent application No .WO2007/123728 describes a system in which portable apparatuses are employed to enable secure use of host computers, which load in the respective memories operating systems contained in the portable apparatuses . In particular, the operating systems contained in the portable apparatuses can function as virtual operating systems, which operate over operating systems resident in the host computers, or else as main operating systems, in the case where the host computers are not provided with an operating system of their own.
In detail, the system described in WO2007/123728 envisages that the host computers are provided with respective hardware profiles, i.e., collections of drivers that enable the operating systems contained in the portable apparatuses to use the host computers effectively. Said hardware profiles are located alternatively in the host computers themselves, or else in a server to which the host computers are connected. In general, it is in any case necessary for the hardware profiles to be not only available but also secure. In addition, in order to prevent propagation of viruses within the system, execution of a reset procedure is envisaged, with consequent increase of the complexity of the system.
DISLOSURE OF INVENTION
The aim of the present invention is to provide a portable electronic device that will solve at least in part the drawbacks of the known art .
According to the invention, a portable electronic device is provided as defined in Claim 1.
BRIEF DESCRIPTION OF THE DRAWINGS
For a better understanding of the invention, embodiments thereof are now described, purely by way of non-limiting example and with reference to the attached drawings, wherein:
- Figure 1 shows a block diagram of an embodiment of a portable electronic device according to the present invention; and
- Figure 2 shows a block diagram of a different embodiment of the present portable electronic device.
BEST MODE FOR CARRYING OUT THE INVENTION
As shown in Figure 1, the present portable electronic device 1 comprises an outer case 2, contained within which, as regards electronic components, are: an internal processing unit 4; a volatile memory, for example formed by a RAM, which will be referred to hereinafter as "internal volatile memory 6"; a non-volatile memory, for example of a flash type, which will be referred to hereinafter as "internal non-volatile memory 8"; a trusted-platform module (TPM) , which will be referred to hereinafter as "TPM 9"; at least one first internal connector 10a, which in the embodiment illustrated is of a USB type, and a respective first internal control unit 10b, Connected to the first internal connector 10a so as to form a first internal port 10; and at least one first external connector 14a, which in the embodiment illustrated is of a USB type, and a respective first external control unit 14b, connected to the first external connector 14a so as to form a first external port 14.
The portable electronic device 1 further comprises at least one light indicator 17, by means of which the internal processing unit 4 can notify to the owner of the mobile electronic device 1 information such as, for example, operating states of the portable electronic device 1. As described by way of example hereinafter, said operating states can comprise a power-on state, an authentication-request state, an error state, and a transmission state. The portable electronic device 1 further comprises a fingerprint- recognition device 18, which is able to detect, in a way in itself known, a fingerprint.
The portable electronic device 1 then comprises at least one connection bus 20, which electrically connects the electronic components of the portable electronic device 1, and hence the internal processing unit 4, the internal volatile memory 6, the internal non-volatile memory 8, the TPM 9, the first internal control unit 10b, the first external control unit 14b, and the fingerprint-recognition device 18.
In greater detail, stored in the internal non-volatile memory 8 are, in addition to possible user data, a first operating system and a second operating system, which will be referred to hereinafter, respectively, as "internal operating system OSl" and "external operating system OS2 " . Moreover stored in the internal non-volatile memory 8 are drivers (described hereinafter) and possible operating parameters of the internal operating system OSl and of the external operating system OS2, such as for example respective lists of accredited users and of respective communication devices that can be interfaced with the operating systems OSl, 0S2 themselves.
In particular, the internal non-volatile memory 8 can comprise a first portion and a second portion, designated respectively by 8a and 8b.
In detail, the first portion 8a can be used for storage of user data, a plurality of external drivers, the external operating system OS2, possible operating parameters for the external operating system OS2, and moreover possible applications that can be executed by the external operating system OS2.
The second portion 8b can, instead, be used for storage of a plurality of internal drivers, the internal operating system OSl, possible operating parameters for the internal operating system OSl, and moreover possible applications that can be executed by the internal operating system OSl. In addition, in the second portion 8b there may be stored data of configuration of the portable electronic device 1, such as for example authorizations for the use of the first internal port 10 or of the first external port 14, or else first credentials (for example, a respective pair formed by a username and a password) to be used during transmission through a corresponding port, as described hereinafter.
Both the internal operating system OSl and the external operating system OS2 are of a certified type, for example according to the program known as "Common Criteria", which comprises a series of standards recognized at an international level (ISO 15408 standard) that define a scheme of evaluation of the characteristics of security of a computer product. In other words, both the internal operating system OS1 and the external operating system OS2 can present security functions (for example, the requirement of entering a password in order to be able to use the operating system) that cannot be circumvented electronically by ill-intentioned persons. Moreover, as has been mentioned previously, both the first operating system OSl and the second operating system OS2 can run a respective number of applications (for example, Internet browsers, text editors, etc.).
In detail, the internal operating system OSl is such that, when loaded in the internal volatile memory 6 and executed by the internal processing unit 4, enables control of the portable electronic device 1, as well as interfacing of the portable electronic device 1 with further electronic devices or computers connected thereto, as described in detail hereinafter. Consequently, the internal operating system OSl is configured for loading in the internal volatile memory 6 the aforementioned internal drivers, which enable the internal operating system OSl itself to control the electronic components of the portable electronic device 1, and in particular the first internal control unit 10b and the first external control unit 14b. Consequently, the portable electronic device 1 is able to communicate with other electronic devices through the first internal port 10 and the first external port 14, as described in greater detail hereinafter. In addition, the internal operating system OSl is able to control, by means of a purposely provided internal driver, the fingerprint-recognition device 18, as well as to run possible applications (contained in the portion 8b) , and hence to load programs into the internal volatile memory 6. As regards, instead, the external operating system OS2, it is configured so that it can be equipped, as described in detail hereinafter, with just the external drivers, stored in the portion 8a of the internal non-volatile memory 8. In particular, the external drivers correspond only to electronic components such as displays and corresponding video cards, keyboards, computer mice, and internal control devices such as, for example, processors, clocks, volatile memories, DMA
(Direct Memory Access) devices, interrupt controllers, as well as connection ports of the same type as the first port 10 (for example, in the embodiment shown in Figure 1, USB ports) . In particular, in the portion 8a of the non-volatile memory 8 no drivers for hard disks or CD readers or floppy disks or drivers for communication ports different from the first internal port 10 are present; in other words, in the portion 8a no drivers for storage media of a non-volatile type are present. Moreover, the external operating system OS2 is configured for erasing any datum that has been written in any volatile memory of a generic computer in which the external operating system OS2 itself has been loaded, whenever one of the following erasure conditions arises: i) end of a session
(logout) during running of the external operating system OS2; ii) shut-down of the generic computer; and iii) disconnection of the mobile electronic device 1 from the generic computer.
As regards, instead, the TPM 9, it contains what is necessary for implementing an asymmetrical cryptography technique (also known as "public-key cryptography/encryption"), and hence one or more private keys for respective one or more enabled users . Each of said private keys corresponds (in a way in itself known) to a respective public key, which is associated to a digital certificate for the respective enabled user. In the TPM 9 there may moreover be stored one or more fingerprints (or, more precisely, given characteristic regarding said fingerprints) of the aforementioned enabled users, use of which will be clarified hereinafter. By way of example, storage of said one or more fingerprints can be carried out upon the very first time the portable electronic device 1 is used, or else by means of a (possibly repeatable) setting procedure executed by the internal operating system OSl.
As shown once again in Figure 1, the portable electronic device 1 can be connected to a host computer 22, which can be constituted by a desktop computer, a mobile computer, a tablet-PC, or any computer apparatus, provided that it is equipped, not only with a respective processor 23, but also with a display 24, a keyboard 26, and a first docking connector 28a suitable for being mechanically and electrically coupled to the first internal connector 10a, and connected in a way in itself known to a first docking control unit 28b in such a way as to form a first docking port 28. For example, in the case where, as illustrated in Figure 1, the first internal port 10 is of a USB type, also the first docking port 28 is of a USB type. Once again by way of example, and in a way in itself known, in this case it is moreover possible for the first docking port 28 to be a USB port of a master type, and for the first internal port 10 to be a USB port of a slave type; in this way, the portable electronic device 1 can be supplied by the host computer 22.
Typically, in addition to appropriate connection buses (not shown) , the host computer 22 further comprises at least one hard disk 29 of a non-volatile type, and a respective volatile memory, which will be referred to hereinafter as "external volatile memory 30". In addition, the host computer 22 generally comprises a dedicated non-volatile memory (not shown) , contained inside which is the so-called BIOS (Basic Input-Output System), i.e., a code portion responsible for execution of the operations comprised between power-on of the host computer 22 and loading of at least one operating system in the external volatile memory 30. These steps are generally known, as a whole, as "boot" or "bootstrap", and typically terminate with loading into the external volatile memory 30 of a resident operating system (usually stored in the hard disk 29 or else in a respective dedicated non-volatile memory) , and with subsequent execution of said resident operating system by the processor 23.
In a way in itself known, it is possible to set the BIOS of the host computer 22 in such a way that bootstrapping will be carried out through the first docking port 28, and that it will be performed so as to load in the external volatile memory 30 the external operating system OS2 contained in the internal non-volatile memory 8 of the portable electronic device 1, hence a certified operating system.
In practice, as mentioned previously, the external operating system OS2 is configured in such a way that, when run on the processor 23, it cannot load in the external volatile memory 30 any other drivers except for the external drivers, stored in the first portion 8a of the internal non-volatile memory 8. Moreover, as has been said previously, the external operating system OS2 is configured for erasing, whenever there arises one of the aforementioned shut-down conditions i-iii) , any datum that has been written in the external volatile memory 30 (or else in possible further volatile memories of the host computer 22) . Again, the external operating system OS2 prevents, when run, use of any port of the host computer 22 not connected to the portable electronic device 1, and in particular any port connected to an electronic device other than the portable electronic device. For example, with reference to Figure 1, the external operating system OS2 prevents use of any possible port (not shown) of the host computer 22 other than the first docking port 28. In this way, the owner of the portable electronic device 1, after previously verifying (as described hereinafter) that he is effectively one of the aforementioned enabled users, can use hardware resources of the host computer 22, without, however, being able to access the data contained therein, in particular the data contained in the hard disk 29, or to access the outside world, i.e., electronic devices different from the host computer 22 and from the portable electronic device 1, if not through the mediation of the portable electronic device 1 itself, as described hereinafter. However, by means of the keyboard 26 and the display 24, the aforementioned owner can modify/display the user data present in the first portion 8a of the non-volatile memory 8 of the portable electronic device 1, which is seen by the external operating system OS2 as a generic storage-medium unit, when the first internal port 10 and the first docking port 28 are connected to one another.
In detail, when run, the internal operating system OSl and the external operating system OS2 co-operate in such a way that the external operating system 0S2 will see the first portion 8a of the internal non-volatile memory 8 as resource accessible to the external operating system OS2 itself, i.e., as a common memory key of a USB type. Moreover, the internal operating system OSl and the external operating system OS2 cooperate in such a way that the second portion 8b of the internal non-volatile memory 8 is not accessible to the external operating system OS2, and hence to the host computer 22. For example, it is possible for the internal operating system OSl to notify to the external operating system OS the presence of just the first portion 8a of the internal non¬ volatile memory 8.
In practice, the first portion 8a of the internal non-volatile memory 8 functions both as first memory key of a USB type, stored in which is the external operating system OS2, and as second memory key of a USB type, stored in which are the user data, which are accessible to the external operating system OS2 when it is run on the host computer 22. In particular, the external operating system OS2 can identify the aforementioned first and second memory keys of a USB type as a single logic unit or else as two or more distinct logic units.
In the case where the external operating system OS2 is configured for identifying the aforementioned first and second memory keys of a USB type as two distinct logic units, it is moreover configured in such a way that the logic unit, stored in which is the external operating system OS2 itself, is not modifiable by the person who uses the host computer 22, i.e., is mounted read-only. In addition, in this case the external operating system OS2 is configured in such a way that the logic unit in which the user data are stored is accessible to the person who uses the host computer 22, i.e., is mounted read and write.
On the basis of what has been described, it follows that the use of the host computer 22 by the aforementioned owner is transparent with respect to the host computer 22 itself. In addition, it is possible to guarantee that the aforementioned owner of the portable electronic device 1 is effectively a user enabled to use said portable electronic device 1, and that hence access to the user data present in the internal non-volatile memory 8 is being performed by an enabled user.
In detail, as mentioned previously, stored in the TPM 9 is at least one fingerprint (or the characteristic parameters of a fingerprint) of at least one enabled user. In addition, after the portable electronic device 1 is connected to the host computer 22, and hence is supplied, the internal operating system 0S1 is loaded in the internal volatile memory 6 and run on the internal processing unit 4. Next, the internal operating system OS1, which during the step of loading of the internal operating system 0S1 controls the light indicator 17 so as to notify the power-on state, notifies the owner of the portable electronic device 1 that the portable electronic device 1 is in the authentication-request state, once again by means of the light indicator 17.
Following upon notification of the authentication-request state, the owner of the portable electronic device 1 can interact in a way in itself known with the fingerprint- recognition device 18 in such a way that it will acquire a fingerprint of the owner of the portable electronic device 1.
Next, the TPM 9, the internal processing unit 4, and the fingerprint-recognition device 18 co-operate to check that the fingerprints acquired by the fingerprint-recognition device 18 and corresponding to the owner of the portable electronic device 1 is the same as at least one of the fingerprints stored in the TPM 9.
In the case where the fingerprint acquired coincides with at least one fingerprint stored, it means that the owner of the portable electronic device is effectively one of the aforementioned enabled users. Consequently, the internal operating system OS1, possibly by means of an appropriate application, transmits to the host computer 22 the external operating system OS2, through the first internal port 10, hence enabling completion of the bootstrap procedure in the host computer 22.
Otherwise, the internal operating system 0S1 issues a command to the light indicator 17 so as that it will notify the error state. In addition, the internal operating system OSl controls the first internal control unit 10b in such a way that, in compliance with to the USB protocol, the first port 10 will be in a wait state; hence, the bootstrap operation cannot be completed, and consequently the external operating system OS2 is not loaded in the host computer 22. Alternatively, the internal operating system OSl transmits effectively the external operating system OS2 , but in such a way that, when the bootstrap operation is completed, the external operating system OS2 will remain waiting for entry of a password. In other words, in the case where no fingerprint is acquired, or else the fingerprint acquired does not coincide with any of the fingerprints stored, the host computer 22 will be unusable, and hence also the user data present in the internal non-volatile memory 8 will be inaccessible. Instead, in the case where the owner of the portable electronic device 1 is effectively an enabled user, he can use the host computer 22 for modifying/displaying any user data that may present in the first portion 8a of the internal non-volatile memory 8, as described previously.
An enabled user whose fingerprint stored coincide with the fingerprint acquired will be referred to hereinafter as "authorized user". In the case where the operations previously described are successful, the owner of the portable electronic device 1 is in effect the authorized user; consequently, for reasons of brevity and simplicity, the owner of the portable electronic device 1 will be referred to hereinafter as "authorized user" .
Once again with reference to the portable electronic device 1, the internal operating system OSl co-operates with the external operating system OS2 in such a way that the external operating system 0S2 will detect at least one virtual communication port, through which the person who uses the host computer 22 can communicate with the outside world, for example with a company gateway. In practice, the portable electronic device 1 enables setting-up of at least one first communication channel between the host computer 22 and the outside world.
In detail, through the first external port 14, it is possible to connect the portable electronic device 1 to a communication card 40 of a known type, for example constituted by a Wi-fi card, a GSM/GPRS/HSDPA card, or the like. As shown by way of example in Figure 1, the first external port 14 can be a USB port of a master type, and the communication card 40 can comprise an integrated circuit 42 and a card port 44, which can be mechanically and electrically coupled to the first external port 14, as well as being electrically connected to the integrated circuit 42. For example, the card port 44 can be formed by a USB port of a slave type. Moreover, the communication card 40 can comprise a wireless-communication apparatus 46, which is also connected to the integrated circuit 42.
In practice, in the case where the authorized user wishes to transmit to the outside world data, which will be referred to hereinafter as "user information" (for example, a subset of the user data) , the external operating system OS2 can execute a first application and communicate with a second application executed by the internal operating system OS1. For example, said communication can take place, in a way in itself known, by using a first IP address uniquely assigned to the portable electronic device 1 and known to the enabled users, in such a way that the authorized user can set said first IP address in the first application, which can be similar to a common application of a "web browser" type, the second application possibly being of the "web server" type.
In detail, the second application notifies the first application of the presence of one or more communication channels, detected by the internal operating system OSl as described hereinafter.
In this connection, it is anticipated that, as shown in Figure 2, the portable electronic device 1 can present, in addition to the first external port 14, at least one second external port 50, formed by a second external connector 50a and by a respective second external control unit 50b connected to the second external connector 50a and to the connection bus 20. In particular, in the embodiment shown by way of example in Figure 2, the second external port 50 is formed by a port of the RJ45 (Registered Jack 45) type, and hence the second external control unit 50b is a wired-network card. In addition, the second external port 50 is able to connect in a wired way to a network device such as, for example, a router, a switch, or a hub. In the sequel of the present description it is assumed for simplicity that, except where otherwise specified, the first and second external ports 14, 50 are precisely of a USB and RJ45 type, respectively. Moreover, the first external port 14, the second external port 50 (if present) and possible further ports that have the function of enabling connection of the portable electronic device 1 with electronic devices additional to the host computer 22 will be as a whole referred to as "external connection ports".
In order to detect the aforementioned one or more communication channels, before running the aforementioned second application (for example, as soon as the portable electronic device 1 is supplied, or else after start of execution of the first application) , the internal operating system OSl selects each external connection port and checks whether a corresponding communication channel is present; namely, it checks whether the connection port selected is effectively connected to a respective network device. In addition, the internal operating system OSl determines the characteristics of each communication channel (Wi-fi channel, wired channel, etc.) and associates each communication channel to the respective external connection port.
For example, in the case of the first external port 14, the internal operating system OSl checks whether it is effectively connected to the communication card 40. Moreover, if we assume that the communication card 40 is of a Wi-fi type, the operating system OSl detects the presence of a communication channel of a Wi-fi type and associates said communication channel of a Wi-fi type to the first external port 14. Likewise, in the case of the second external port 50 (if present) , the internal operating system OSl checks whether it is effectively connected to a router or to a similar device, in which case it detects the presence of a communication channel of a wired type, associated to the second external port 50.
The second application then notifies the first application of the presence of the communication channels detected by the internal operating system OSl. The first application is thus able to display on the display 24 the communication channels detected.
Through the co-operation between the first application and the second application, the authorized user can then select a communication channel from among the communication channels detected by the internal operating system OSl . From the standpoint of the internal operating system OSl, the selection by the authorized user of one of the communication channels detected implies the selection of the external connection port associated to the communication channel selected, which will be referred to hereinafter as "selected external port". Possibly, a number of communication channels can be selected by the authorized user, even though in what follows reference will be made for simplicity to the case where the authorized user can select just one communication channel.
For practical purposes, the selected external port represents, for the external operating system OS2, the aforementioned virtual communication port. Said virtual communication port enables the host computer 22 to communicate, through the portable electronic device 1, with the outside world, for example with a destination computer 54 connected to the portable electronic device 1 by interposition of a generic communication network 56. In particular, the communication network 56 can be connected to the communication card 40, and hence to the first external port 14, as shown by way of example in Figure 2; in particular, in this case, the communication network 56 is connected in wireless mode to the wireless-communication apparatus 46 of the communication card 40. Similar considerations can, however, be made in the case where the communication network 56 connects to the portable electronic device 1 through the second external port 50.
In greater detail, through the co-operation between the first application and the second application, the authorized user can moreover communicate to the internal operating system OS1 any possible technical and/or access parameters useful for configuring the selected external port. Said technical and/or access parameters can comprise second credentials (for example, a further username and password pair) , in the case where the communication channel selected is of a wireless type, or else, in the case where the communication channel selected is of a wired type, a second dynamic or static IP address (for example, corresponding to the second external port 50) , as well as the IP addresses of a respective gateway and of a respective DNS (Domain Name System) .
In particular, as regards the second credentials, which can be different from the aforementioned first credentials, these may possibly be requested from the authorized user, for example to enable access of the portable electronic device 1 to the communication network 56 through the selected external port; for example, said second credentials can be requested to enable connection of the communication card 40 with a public gateway (not shown) of the communication network 56. In this case, as mentioned previously, through the co-operation between the first application and the second application, the authorized user can communicate said second credentials to the internal operating system OSl, for example at the moment of selection of the communication port. Said second credentials can be temporarily stored in the external volatile memory 30 of the host computer 22 and/or in the first portion 8a of the internal non-volatile memory 8 of the portable electronic device 1.
Next, the internal operating system OSl sets/transmits said possible technical and/or access parameters communicated by the authorized user, configuring the selected external port in such a way that the selected external port is ready to transmit .
Next, the first application transmits to the second application the aforementioned user information, which can be stored in the external volatile memory 30 of the host computer 22 and/or in the first portion 8a of the internal non-volatile memory 8 of the portable electronic device 1. In a way in itself known and consequently not described, further applications can be involved during the operations of determination/transmission of the user information.
Next, the internal operating system OSl, typically by running of a third application, assumes the task of transmitting the user information to the selected external port (possibly after a prior operation of cryptography) , by which it is then transmitted to the outside world.
Irrespective of the type of communication channel selected by the authorized user, and hence of the type of selected external port, the internal operating system OS1 of the portable electronic device 1 supplies, if requested by the destination computer 54, the first credentials regarding the authorized user and stored in the second portion 8b, in addition to setting up a so-called virtual private network (VPN) of a secure type (for example, a so-called IPsec VPN) with the destination computer 54, using (for its own authentication), in a way in itself known, the private key of the authorized user contained in the TPM 9 and the corresponding public key, which is public by its very definition.
For example, for setting up the VPN, the operating system OS1 can generate in a pseudorandom way a session key, encrypt it with the public key that corresponds to the destination computer 54, and send the result of the encryption to the destination computer 54. Any subsequent transmission between the portable electronic device 1 and the destination computer 54 is then encrypted on the basis of the session key. The internal operating system OSl can in any case implement cryptographic techniques different from the one described.
In practice, the security of the communications presents characteristics of possibility of identification, authentication, confidentiality (thanks to the VPN) , and integrity of the data, the latter characteristic being achievable by using, for example, error-checking codes. As regards instead identification, it regards the possibility of identification of the authorized user by the destination computer 54. For this purpose, the portable electronic device 1 can, for example, encrypt the user information with the private key of the authorized user, and send it to the destination computer 54 together with data regarding the authorized user (for example, first name and surname) in such a way that the destination computer 54, after obtaining (for example, by a certification authority) the corresponding public key for the authorized user, can decrypt the information received, using the public key obtained, and thus checking the identity of the authorized user. The authentication derives, instead, from the possibility of implementing access rules, for example in the destination computer 54, on the basis of the identification.
Finally, in the case where no communication channel is available, it is possible to connect the first external port 14 to a memory card (not shown) in which the authorized user can store the user information, for example by issuing a command to the external operating system OS2 in such a way that it will govern the internal operating system OSl so that the internal operating system OSl will store, possibly in an encrypted way, the user information in the memory card connected. For example, the encryption can take place on the basis of a public key corresponding to a user, who can be the only person allowed to access the user information thus encrypted.
On the basis of what has been described, is understood that the communications between the authorized user and the outside world are made exclusively through the communications between the portable electronic device 1 and the outside world, which are managed entirely by the internal operating system OSl . This means that the first credentials stored in the portion 8b of the internal non-volatile memory 8, the cryptography algorithms, and possible security codes (for example, the aforementioned session key) remain within the portable electronic device 1, are processed by the internal operating system OS1, and are never transmitted to the host computer 22.
As regards, instead, the exchange of data between the host computer 22 and the portable electronic device 1, there is cooperation between the internal operating system OS1 and the external operating system OS2. In this connection, it should be noted that, as shown by way of example in Figure 2, the portable electronic device 1 can comprise a second internal port 60 formed by a second internal connector 60a and by a second internal control unit 60b. In particular, the second internal control unit 60b is connected to the second internal connector 60a and to the connection bus 20. In detail, in the embodiment shown in Figure 2, the second internal port 60 is of an RJ45 type. In this way, assuming that the host computer 22 is provided with a second docking port 62 compatible with the second internal port 60 (and connected to the remaining components of the host computer 22 in a way in itself known) , it is possible to set up a further connection between the portable electronic device 1 and the host computer 22. For this purpose, in the portion 8a of the non-volatile memory 8 at least one driver for communication ports is present of the same type as the second internal port 60.
Operatively, and with reference once again to the embodiment shown in Figure 2, it is hence possible to supply the portable electronic device 1 by means of the connection present between the first internal port 10 and the first docking port 28, using instead the connection present between the second internal port 60 and the second docking port 62 for exchanging data between the host computer 22 and the portable electronic device 1.
Other embodiments are in any case possible in which, for example, also the second external port 50 is of a USB type in such a way that it can be connected to an additional communication card (not shown) that is different from the communication card 40 and can be used by the authorized user for making connections with the outside world. It is moreover possible to equip the portable electronic device 1 in such a way that will integrate inside it also the radio functions traditionally performed by the communication card 40 (or the like) .
It is moreover possible, as is shown once again in Figure 2, to provide the host computer 22 with at least one third docking port 64, which in itself could be used to connect the host computer 22 to the communication network 56, without interposition of the portable electronic device. However, as previously mentioned, the external operating system OS2 prevents the use of any port of the host computer 22 not connected to the portable electronic device 1; hence, it prevents the use of the third docking port 64, as well as, possibly, the second docking port 62, in the case where said port is not connected to the portable electronic device 1. In this way, there is prevented the possibility of the host computer 22 connecting to the outside world with non-secure connections, in so far as not directly controlled by the portable electronic device 1.
The advantages that the present portable electronic device affords emerge clearly from the foregoing discussion. In particular, the present portable electronic device enables at any moment data to be accessed, without the encumbrance and weights typical of portable computers (above all as regards display and keyboard) , thanks to the possibility of resorting in a secure way to hardware components of computers made available by third persons. In particular, use of said computers made available by third persons is rendered possible without leaving any trace of said use within the computers themselves, and without any danger for the data contained in the portable electronic device.
In addition, since the host computer cannot connect to the outside world except through the portable electronic device 1, there is no risk of a security failure on account of non¬ secure connections with the outside world. In this regard, the portable electronic device 1 is set between the host computer 22 and the destination computer 54 in such a way that the communications between the latter two are managed in a secure way by the portable electronic device 1, and in particular by the internal operating system 0S1, in a way altogether independent of the presence of possible software pre- configured or in any case previously installed in the host computer 22. Furthermore, in this way, it is not necessary to carry out any preventive check of the security of the host computer 22, nor is it necessary for the portable electronic device 1 to provide any private key contained in the TPM 9 to the host computer 22, since it is the internal operating system OS1 that sets up a virtual private network of a secure type with the destination computer 54.
Again, the present mobile electronic device enables secure communication with a possible external computer, such as for example a company gateway, without the host computer having to generate in a pseudorandom way a code to be used for encryption, and hence preventing the risk of said code generated in a pseudorandom way remaining in some way stored within the host computer and recovered by some other user of the host computer.
Finally, it is evident that modifications and variations may be made to the portable electronic device described herein, without thereby departing from the scope of the present invention. For example, the mobile electronic device 1 can comprise, in addition to the internal non-volatile memory 8, at least one additional non-volatile memory, in which case it is possible to store the internal operating system OS1 and the external operating system OS2 within the internal non-volatile memory 8 and the additional non-volatile memory, respectively (or vice versa) , preventing the need for partitioning the internal nonvolatile memory 8, as is instead expedient in the case where there is just the internal non-volatile memory 8. Said internal non-volatile memory 8 can be of a type different from the one described. Again, as regards the external drivers, it is possible to store further drivers with respect to what has been described, such as for example printer drivers, even though this can entail a reduction of the overall security. Likewise, it is possible for some of the operations described to be carried out by applications executed by the internal operating system OS1 or by the external operating system OS2, instead of by the internal operating system OSl and by the external operating system 0S2 themselves, or else for them to be totally or partially entrusted to components of the portable electronic device 1 (for example, the TPM 9).
Furthermore, together with or else as an alternative to the TPM 9, it is possible for a smart-card reader, with equivalent functions, to be present. In this case, the internal drivers comprise drivers for the smart-card reader. Likewise, the portable electronic device 1 can be provided with a RFID (Radio-Frequency Identification) tag reader, so as to be able to interact with RFID devices and implement proximity- verification functions.
Again, in the case of the embodiment provided with the second internal port 60 of an RJ45 type, and in the case where the BIOS of the host computer 22 so permits, it is possible to carry out bootstrapping of the host computer 22 through said second internal port 60.
It is likewise possible for the portable mobile device 1 to be provided with further ports with respect to what has been described and shown, and for the aforementioned first internal port 10, first external port 14, second external port 50, and second internal port 60 to be of a type different from what has been described and shown.
Likewise, it is possible to provide light indicators additional to the light indicator 17, and/or to equip the portable electronic device 1 with signalling devices of a different type, such as for example a display (not shown) of its own, or else acoustic signalling devices.
As regards, instead, the fingerprint-recognition device 18, it can be replaced by a biometric-recognition device, i.e., a device able to detect data regarding biological characteristics (for example, a retina) of the owner of the mobile electronic device 1. In this case, stored in the TPM 9 are biometric data regarding said biological characteristics .
The portable electronic device 1 can moreover be equipped so that it can be supplied by an external power supply so as to be able to work even in the absence of connection to the host computer; in addition, the portable electronic device 1 can comprise a respective battery (not shown) .
It should moreover be noted that the present portable electronic device 1 can be connected also to a host computer without storage media of a non-volatile type. For example, the host computer can be without hard disk, in which case there is anyway no danger of the authorized user accessing confidential information of the owner of the host computer. In practice, even in the case where the host computer is without the resident operating system of its own, the present portable electronic device 1 enables an appropriate use thereof.
Finally, it should be noted that between the destination computer 54 and the communication network 56 there can be set a gateway (not shown) , such as for example a company gateway, in which case it may be the company gateway itself that asks the portable electronic device 1 for the first credentials regarding the authorized user and stored in the second portion 8b. Moreover, in this case, the portable electronic device 1 can set up the virtual private network with said company gateway, in a way similar to what has been described previously as regards the destination computer 54.

Claims

1. A portable electronic device comprising:
- first storage means (8) of a non-volatile type, stored in which are a first operating system (OS1) and a second operating system (0S2);
- a first processing unit (4) connected to the first storage means and configured for running the first operating system; and
- a first internal port (10) connected to the first storage means and configured for being connected to a first connection port (28) of a first computer system (22) provided with a second processing unit (23) and a storage medium (29) of a non-volatile type;
said device being characterized in that the second operating system is configured in such a way that, when, after prior connection of the first internal port to the first connection port, it is executed by the second processing unit, it prevents access by a user of the first computer system to the storage medium, and moreover prevents the use of any port of the first computer system connected to devices different from the portable electronic device.
2. The device according to Claim 1, further comprising a first external port (14) configured for being connected to a second computer system (54) to define a communication channel and in such a way that the portable electronic device is set between the first and second computer systems; and wherein the first and second operating systems (OSl, OS2) are moreover configured for co-operating for transmitting user data through the communication channel, the user data being stored in the first storage means (8) and/or, in the case where the first computer system comprises a memory system (30) of a volatile type, in the memory system.
3. The device according to Claim 2, wherein the first operating system (0S1) is moreover configured for setting up a virtual private network with the second computer system (54) and carrying out transmission of the user data through the virtual private network.
4. The device according to Claim 3, further comprising a security module (9, 18), stored in which is at least one cryptographic key for an enabled user, the first operating system (OSl) being moreover configured for setting up the virtual private network on the basis of the cryptographic key, and for preventing access to the security module (9, 18) by the second operating system (OS2) when the second operating system is executed by the second processing unit (23) .
5. The device according to Claim 4, wherein the security module comprises a module for a trusted platform (9).
6. The device according to Claim 4 or Claim 5, wherein the security module (9, 18) moreover contains at least one first biometric datum regarding the enabled user, the portable electronic device further comprising a biometric-recognition system (4, 9, 18) configured for acquiring a second biometric datum and for comparing the second biometric datum with the first biometric datum; and wherein the first operating system (OSl) is moreover configured for co-operating with the biometric-recognition system (4, 9, 18) and for executing, in the case where the first and second biometric data are different, at least one between the operations of:
- setting the first internal port (10) in a wait state, where the first internal port is electronically inaccessible to the first computer system (22);
- modifying the second operating system (OS2) stored in the first storage means (8) in such a way that, when executed by the second processing unit (23), the second operating system requests an operation of authentication.
7. The device according to Claim 6, wherein the biometric- recognition system (4, 9, 18) comprises a fingerprint- recognition unit (18) .
8. The device according to any one of the preceding claims, wherein the first storage means (8) contain a first plurality of drivers, the second operating system (0S2) being configured for preventing, when executed by the second processing unit (23), the use, by the first computer system (22), of drivers different from said first plurality of drivers.
9. The device according to Claim 8, wherein the first plurality of drivers does not comprise drivers for hard disks, floppy disks, and CD readers.
10. The device according to any one of the preceding claims, wherein the second operating system (OS2) is moreover configured so as to erase, in the case where the first computer system (22) comprises a memory system (30) of a volatile type, said memory system (30), in the case of:
- disconnection of the first internal port (10) from the first connection port (28); or
- end of a session (logout) during execution of the second operating system (OS2) by the second processing unit (23) .
11. The device according to any one of the preceding claims, wherein the first storage means (8) comprise a first memory portion (8a) and a second memory portion (8b) , the first operating system (OSl) being stored in the second memory portion (8b), the second operating system (0S2) being stored in the first memory portion (8a); and wherein the first and second operating systems are moreover configured for co¬ operating, when executed respectively by the first processing unit (4) and the second processing unit (23), in such a way that the first and second memory portions (8a, 8b) are respectively accessible and inaccessible to the second operating system.
12. The device according to any one of the preceding claims, further comprising second storage means (6) of a volatile type connected to the first processing unit (4) , and wherein the first operating system (0S1) is moreover configured for controlling the portable electronic device.
PCT/IB2011/000477 2010-03-05 2011-03-04 Portable electronic device interfaceable with a computer WO2011107871A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITTO2010A000171A IT1398578B1 (en) 2010-03-05 2010-03-05 PORTABLE ELECTRONIC DEVICE INTERFACEABLE TO A CALCULATOR
ITTO2010A000171 2010-03-05

Publications (2)

Publication Number Publication Date
WO2011107871A2 true WO2011107871A2 (en) 2011-09-09
WO2011107871A3 WO2011107871A3 (en) 2011-12-01

Family

ID=42767945

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2011/000477 WO2011107871A2 (en) 2010-03-05 2011-03-04 Portable electronic device interfaceable with a computer

Country Status (2)

Country Link
IT (1) IT1398578B1 (en)
WO (1) WO2011107871A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11079799B2 (en) 2016-05-04 2021-08-03 Hewlett-Packard Development Company, L.P. Mateable computing devices
JP2021522619A (en) * 2018-10-29 2021-08-30 北京博衍思創信息科技有限公司 Data transfer control method and system based on hardware control logic

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007123728A2 (en) 2006-03-31 2007-11-01 Huang Evans S Methods and apparatuses for securely operating shared host computers with portable apparatuses

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080082813A1 (en) * 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
CA2632590A1 (en) * 2005-12-09 2008-02-28 Signacert, Inc. Method to verify the integrity of components on a trusted platform using integrity database services
US20080126810A1 (en) * 2006-11-06 2008-05-29 Li-Kuo Chiu Data protection method for optical storage media/device
US7991824B2 (en) * 2007-08-28 2011-08-02 Teletech Holdings, Inc. Secure computer working environment utilizing a read-only bootable media

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007123728A2 (en) 2006-03-31 2007-11-01 Huang Evans S Methods and apparatuses for securely operating shared host computers with portable apparatuses

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11079799B2 (en) 2016-05-04 2021-08-03 Hewlett-Packard Development Company, L.P. Mateable computing devices
JP2021522619A (en) * 2018-10-29 2021-08-30 北京博衍思創信息科技有限公司 Data transfer control method and system based on hardware control logic
JP7191990B2 (en) 2018-10-29 2022-12-19 北京博衍思創信息科技有限公司 Data transfer control method and system based on hardware control logic

Also Published As

Publication number Publication date
IT1398578B1 (en) 2013-03-01
ITTO20100171A1 (en) 2011-09-06
WO2011107871A3 (en) 2011-12-01

Similar Documents

Publication Publication Date Title
EP2965195B1 (en) User authorization and presence detection in isolation from interference from and control by host central processing unit and operating system
US8122172B2 (en) Portable information security device
US9015848B2 (en) Method for virtualizing a personal working environment and device for the same
US8201239B2 (en) Extensible pre-boot authentication
US20120198538A1 (en) Multi-enclave token
WO2012020292A1 (en) Host device and method for securely booting the host device with operating system code loaded from a storage device
EP3355231B1 (en) Mobile data storage device with access control functionality
KR20090078551A (en) Method and apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof
IL266078A (en) A system and method for securing electronic devices
US20100115116A1 (en) System and method for switching communication protocols in electronic interface devices
KR100991191B1 (en) Computer security module and computer apparatus using the same
JP2003030613A (en) Storage device and data processor provided with the storage device
US9727740B2 (en) Secure information access over network
US11960737B2 (en) Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof
WO2011107871A2 (en) Portable electronic device interfaceable with a computer
JP2003022216A (en) Storage device
US8185941B2 (en) System and method of tamper-resistant control
KR20110023685A (en) Solid state disk with authentication function and driving method thereof
KR100504330B1 (en) USB token that recognize automatically in window operating system and method thereof
CN112905495A (en) Storage device, operation method thereof and non-volatile memory system
US11443075B2 (en) Secure storage system
US20150154393A1 (en) Electronic access-protection system, method of operating a computer system, chip card and firmware component
CN114329434A (en) Equipment data reading method and device and data access system
KR200317409Y1 (en) USB token that recognize automatically in window operating system
CN113454624A (en) Storage of network credentials

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
WA Withdrawal of international application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 11744054

Country of ref document: EP

Kind code of ref document: A2