The present invention relates generally to information security on portable devices, and more particularly to providing information security on a portable device through authentication of a user on another device and having that authentication apply to the portable device.
In the early 21st century advances in technology has changed everyone's life, some for the better, some for the worse. While most persons have a digital life in parallel with their physical life one danger that comes with that is the vulnerability of digital information coming into the wrong hands. Most enterprises, such as corporations and governmental agencies, are very aware of that risk and implement policies to provide for digital security of information stored on their networks, servers, and their employees' personal computers.
However, some advances in technology make even such policies more and more difficult to maintain. Consider, for example, flash drives. A flash drive, also known as a thumb drive, are small flash memory devices that may be attached to a personal computer as a peripheral device for highly portable file storage. It is common to see such drives on keychains, on lanyards, and being left behind very insecurely in desk trays. Yet, it is not uncommon for owners of such devices to use them for storing and transporting highly sensitive information.
Gemalto, S/A of Meudon, France has introduced a flash drive known as Smart Guardian™ that provides security to the information in a private partition on the flash memory module of the flash drive by having that partition secured using a smart card module installed on the flash drive. The data stored in the private partition is stored encrypted and the decryption is managed using cryptography functionality of the smart card module. To access the private partition, a user must authenticate with the flash drive via the smart card module. While that architecture is very secure, one could envision a flash drive without the smart card module also requiring authentication before permitting access to information stored thereon.
One burden that has come with the advances in technology is the heavy load of remembering authentication mechanisms for many different devices and accounts. An average person with a digital life probably has passwords and PINS (personal identification numbers) for a dozen or more computers, computerized devices, and online accounts. Not only is that a burden, it raises the security risk to these devices and accounts in that to manage the passwords users frequently device very insecure ways for keeping track of passwords and PINs ranging from using their own name or other easily remembered phrase, using the same password or PIN for many accounts, to simply writing down the authentication phrase on a sticky-note attached to their computer or other device. Of course, such techniques for password management are highly insecure.
Although enterprises may have password policies, such policies become more difficult to enforce for peripheral devices that are not connected to a network.
Many enterprises now use a corporate badge that is a smart card both for physical access to premises, for conventional identification using a photograph placed on the corporate badge and for authentication of a user to the user's computer and the enterprise network. Because a user must authenticate to the corporate badge before being allowed access to the user's computer and network, and because the user may wish to use a secure flash drive, such as Smart Guardian, with that computer, it would be very desirable to allow the authentication of the user to the corporate badge to automatically operate as an authentication to the flash drive or other secure peripheral devices connected to the computer.
From the foregoing it will be apparent that there is still a need for a method to provide a mechanism by which a user may authenticate to a corporate badge and have that authentication also allow access to other secure peripheral devices connected to the same computer as is the corporate badge.