1. Field of the Invention
The present invention is in the field of network computer client devices (NCs) which rely upon a network connection to supply all necessary program files and data files and which accept individual users' smart cards containing account information with various internet service providers (ISPs). Specifically, the present invention addresses the need for authentication of the ISP to the NC and authentication of the smart card contents to the ISP.
2. Discussion of the Related Art
In a network-centric computing environment, the three major computing components are a network computer client device (NC), a server device, and a smart card. The NC does not contain a hard disk, and therefore relies upon a network connection for virtually all program and data. Therefore, the NC needs the server device for booting security, file storage, and system management. The smart card is used to identify and authenticate a particular user and to carry individual information about the user. The user combines his smart card with an NC to access his logical workspace from the NC.
In the network-centric computing environment, there are several business entities. An internet service provider (ISP) is the entity with which the user has an agreement to provide basic server resources. An internet access provider (IAP) is an entity with which the ISP has a relationship for provision of its internet protocol (IP) address to enable users to connect to the internet. An ISP may function as its own IAP. An NC client device manufacturer builds NCs.
An NC user's ISP account information is stored on the user's smart card. This ISP account information allows the user to obtain services from the ISP. Therefore, the ISP requires the ability to both read and write from the smart card. Because a smart card may contain account information for several ISPs, in order to protect the confidentially of the user's account information with other ISPs, the NC must insure that only the information written by a specific ISP is read by that ISP. In addition, before providing services to the user, the ISP must verify that the ISP account information on the user's smart card is not forged. In other words, the ISP must verify that it in fact wrote the ISP account information on the smart card.