Two-way portable communications devices such as two-way radios and the like have many applications for both business and pleasure. It is often desirable that certain features or capabilities of the device be restricted from general use. In one instance, certain features or capabilities may only be appropriate for users with special training. In other instances, certain features may be legally or administratively authorized only for a specific group of users. In such cases, the typical user has no access or use of the special features of the device.
It is undesirable to control access to special features of each device by configuring each differently. One such implementation would be to program some devices with “basic” firmware and program enhanced devices with “extended” firmware. This approach provides maximum security but no flexibility. Each device has a static configuration and may not be changeable in the field. If it is changeable, this would effectively be an upgrade and would likely require a personal computer (PC), software, and customized cables. As can be easily recognized, this process is both time-consuming and inconvenient. A reverse process may be required to restore a device to the “basic” level of functionality. One additional solution is to program configuration information in each device that selects whether the extended functions are available. In this approach, the extended level firmware is present in all devices, but is selectively blocked based on pre-programmed configuration data. This approach is less secure in that an unauthorized person can potentially change the configuration data. Activating or de-activating functionality is still time-consuming and inconvenient, because a PC, software and customized cables are all required to re-program the configuration data.
Still yet another improved approach is to deploy all devices with “extended” firmware and to limit access to special features (i.e., those beyond “basic” firmware feature set) using an access control mechanism that is part of the device. This might be in the form of a computer dongle to authorize use of PC software. Thus, the software providing operation of general features is present on all devices and is available to all users. The software providing operation of the restricted features is present on all devices and is potentially available to any authorized user. If the access control mechanism is simple, portable, and unobtrusive, any device can be quickly and conveniently changed between a basic device and an extended device, thus enabling or disabling special functions, features, or capabilities.
The need to enable or disable special functionality easily in the field is very important. An example of such need is a two-way radio with Front Panel Programming (FPP) capability. Such a radio is capable of being programmed directly using the radio's own keypad and display. Since a commercial two-way radio is capable of transmitting on a large number of frequencies, including those used by police and public safety agencies, it is desirable to restrict access to the front panel programmable feature to minimize the impact of a malicious user.
A common access control method employed to restrict access to radio functionality is a password. Correct entry of a password will enable access to one or more restricted features. Although the password technique is easy to implement and use, it does have a security disadvantage. If the password is learned by an unauthorized party, it can be used to gain unauthorized access until the radio is re-programmed with a new password. Due to practical considerations, it is typical for a group or “fleet” of radios to have the same access password, so a compromised password could be used against any radio. In such a case, the security disadvantage of the password access method is a serious concern. An alternate method involves the use of a hardware key that attaches to the radio. When the radio detects the presence of a valid hardware key, the radio will allow access to restricted features. This technique offers some improvement over a password-only scheme, since physical possession of the hardware key is required. In FPP radio applications, the Federal Communications Commission (FCC) has required radio manufacturers to utilize a hardware key mechanism to control access to the FPP feature. Combining a hardware key with a password scheme offers even more enhanced security.
The addition of a typical hardware key to a portable communication device such as a two-way radio has, however, a number of disadvantages. These include: 1) Altering the form factor of the device and/or increasing its size, making it less comfortable to use; 2) The hardware key must be designed and tooled, which is costly, and changes in industrial design or electrical interface in successive products may preclude the re-use of the hardware key; and 3) The key requires the addition of a connector on the radio, or the key occupies an existing connector that can no longer be used for other purposes while the key is present. Radio accessories, for example, may be unusable if the hardware key occupies this connector.
Thus, there is a great need for an access control mechanism to control access to restricted functionality of a portable communications device. It is preferable that the means to obtain access utilizes a hardware key that is inexpensive to design and manufacture, does not alter the form factor of the device, and does not prevent the use of accessories or other capabilities.