The present invention relates to flexibly connectible computer apparatus and methods for using flexibly connectible hosts.
The USB interface is described in specifications available over the Internet at www.usb.org.
Firewire technology, also termed xe2x80x9cIEEE 1394 technologyxe2x80x9d, is an alternative to USB which also provides flexible connectivity and is described in the IEEE 1394 standard.
USBHasp is an Aladdin software protection product, announced in October 1997, which includes a USB key. USBHasp does not control access of a user to a computer network but rather impedes interaction between software and a computer system by activating a copy of the software only if a USB key corresponding to that copy is plugged into the computer system.
Conventionally, the only devices which have interacted via USB have been computers, keyboard, monitor, printer, mouse, smart card readers, and biometric readers.
Conventional devices for providing computerized servicing to a mobile or stationary population of users typically include a smart card reader. The members of the mobile population bear smart cards which are used to interact with the computerized servicing device via the smart card reader.
A particular disadvantage of smart cards is that they require a smart card reader which is a relatively costly device. Computer hosts which are equipped with a smart card reader are a small subset of the universe of computer hosts because addition of a smart card reader makes the computer considerably more expensive.
German Patent document DE 19631050 describes an interface converter for a universal serial bus having a module with a processor that changes format and protocol into that of a different bus system.
Rainbow Technologies, Inc., in a news release dated Nov. 17, 1998, announce USB software protection keys which can also be used as authentication or access control devices. A unique ID number if assigned to each USB key, enabling the key to replace or supplement personal passwords. The unique ID of the USB key makes it useful as a notebook computer security device providing theft deterrence. Other uses for the USB keys include Web access control, client token for Virtual Private Network access, replacement for password generator tokens and storage of credentials, certificates and licenses.
In a news release dated Jan. 19, 1999, Rainbow Technologies, Inc. announce a new line of USB tokens for VPNs (virtual private networks) which provides end user client authentication to VPNs and enables operator access to secured network equipment. Features of these tokens include xe2x80x9cInternet security small enough to fit on a key-ringxe2x80x9d and xe2x80x9cpersonalization for the end userxe2x80x9d. The tokens allow a user to keep personal information in his or her pocket rather than on a hard drive.
A new xe2x80x9cunique per individualxe2x80x9d model of its USB based tokens was announced by Rainbow Technologies Inc. on Mar. 15, 1999.
The disclosures of all publications mentioned in the specification and of the publications cited therein are hereby incorporated by reference.
The present invention seeks to provide improved flexibly connectible apparatus and improved methods for using the same.
There is thus provided, in accordance with a preferred embodiment of the present invention, a user-computer interaction method for use by a population of flexibly connectible computer systems and a population of mobile users, the method including storing information characterizing each mobile user on an FCCS plug to be borne by that mobile user and accepting the FCCS plug from the mobile user for connection to one of the flexibly connectible computer systems and employing the information characterizing the mobile user to perform at least one computer operation.
Further in accordance with a preferred embodiment of the present invention, at least one computer operation comprises authentication.
Also provided, in accordance with another preferred embodiment of the present invention, is a an FCCS plug device to be borne by a mobile user, the FCCS plug device including a portable device which mates with a flexibly connectible computer system and comprises a memory and information characterizing the mobile user and stored in the memory accessibly to the flexibly connectible computer system.
Also provided, in accordance with another preferred embodiment of the present invention, is a population of FCCS plug devices to be borne by a corresponding population of mobile users, the population of FCCS plug devices including a multiplicity of portable devices each of which mates with a flexibly connectible computer system and comprises a memory and information characterizing each mobile user in the population of mobile users and stored, accessibly to the flexibly connectible computer system, in the memory of the FCCS plug device to be borne by the mobile user.
Additionally provided, in accordance with another preferred embodiment of the present invention, is an FCCS plug device including a mating element operative to mate with a flexibly connectible computer system and a memory connected adjacent the mating element, thereby to form a portable pocket-size plug, wherein the memory is accessible to the flexibly connectible computer system via the mating element.
Also provided, in accordance with another preferred embodiment of the present invention, is an FCCS plug device including a mating element operative to mate with a flexibly connectible computer system and a CPU connected adjacent the mating element, thereby to form a portable pocket-size plug, wherein the CPU has a data connection to the flexibly connectible computer system via the mating element.
Further in accordance with a preferred embodiment of the present invention, the FCCS plug device also comprises a CPU connected adjacent the mating element, thereby to form a portable pocket-size plug, wherein the CPU has a data connection to the flexibly connectible computer system via the mating element.
Still further in accordance with a preferred embodiment of the present invention, at least one computer operation comprises digital signature verification and/or controlling access to computer networks.
Further in accordance with a preferred embodiment of the present invention, the information characterizing each mobile user comprises sensitive information not stored in the computer system, thereby to enhance confidentiality.
Also provided, in accordance with another preferred embodiment of the present invention, is a user-computer interaction method for use by a population of flexibly connectible computer systems and a population of mobile users, the method including storing confidential information not stored by the flexibly connectible computer systems on an FCCS plug to be borne by an individual user within the population of mobile users and accepting the FCCS plug from the mobile user for connection to one of the flexibly connectible computer systems and employing the confidential information to perform at least one computer operation, thereby to enhance confidentiality.
Preferably the apparatus also includes a microprocessor operative to receive the USB communications from the USB interface, to perform computations thereupon and to provide results of the computations to the data storage unit for storage and/or for encryption and/or for authentication and/or for access control.
The term xe2x80x9cUSB portxe2x80x9d refers to a port for connecting peripherals to a computer which is built according to a USB standard as described in USB specifications available over the Internet at www.usb.org.
The term xe2x80x9cUSB plugxe2x80x9d or xe2x80x9cUSB keyxe2x80x9d or xe2x80x9cUSB tokenxe2x80x9d refers to a hardware device whose circuitry interfaces with a USB port to perform various functions.
The term xe2x80x9csmart cardxe2x80x9d refers to a typically plastic card in which is embedded a chip which interacts with a reader, thereby allowing a mobile bearer of the smart card to interact with a machine in which is installed a smart card reader, typically with any of a network of machines of this type.
Also provided in accordance with a preferred embodiment of the present invention is an electronic token, which preferably mates with a flexible connection providing port such as the USB port of any computer system such as a PC, laptop, palmtop or peripheral. The electronic token preferably does not require any additional reading equipment. The token may authenticate information and/or store passwords or electronic certificates in a token which may be the size of a domestic house key.
Preferably, when the token is inserted into a flexible connection providing port, a highly secure xe2x80x9cdual factor authenticationxe2x80x9d process (e.g. xe2x80x9cwhat you havexe2x80x9d plus xe2x80x9cwhat you knowxe2x80x9d) takes place in which (a) the electronic token is xe2x80x9creadxe2x80x9d by the host PCC or network and (b) the user types in his or her personal password for authorization.
Suitable applications for the electronic token include authentication for VPN, extranet and e-commerce.