Since the late 1990's, the universal serial bus (USB) has become firmly established and has gained wide acceptance in the PC marketplace. The USB was developed in response to a need for a standard interface that extends the concept of “plug and play” to devices external to a PC. It has enabled users to install and remove external peripheral devices without opening the PC case or removing power from the PC. The USB provides a low-cost, high performance, half-duplex serial interface that is easy to use and readily expandable.
USB uses four wires. The power supply is carried with two wires (VBus and ground), and data is carried with the other two wires (D+, D−). The latest version of the USB is currently defined by the Universal Serial Bus Specification Revision 2.0, written and controlled by USB Implementers Forum, Inc., a non-profit corporation founded by the group of companies that developed the USB Specification. This specification is incorporated herein by reference in its entirety. The increasingly widespread use of the USB has led manufacturers to develop USB interfaces for connection of their products to host computers to complement the existing serial and parallel interfaces. These devices are becoming increasingly smaller, such as USB mass storage tokens.
One type of mass storage device is a USB flash drive that is typically a NAND-type flash memory integrated with a USB interface. It uses the USB mass storage standard for removable storage devices. In many examples of such devices, a small printed circuit board is encased in a plastic housing, allowing a standard type-A USB connection (or interface) to be connected directly to a port on a personal computer. The flash drives are active when powered by a USB computer connection and typically require no other external power source or source of battery power.
Usually the drives are run off a limited supply and are forwarded by a USB connection of about 5 volts and up to 500 milliamps. The flash drive typically includes the mail type-A USB connector and a USB mass storage controller that implements a USB host controller to provide a linear interface to some type of block-oriented serial flash devices. This could contain a small RISC microprocessor and some on-chip ROM and RAM. In this type of circuit, a NAND flash memory chip stores the data and a crystal oscillator provides a clock signal and controls the data output. An LED could indicate data transfer or data reads and writes in some devices.
Typically, these flash drives and similar USB mass storage devices implement a USB mass storage device class, allowing most computer systems to read the device. Most USB flash drives do not use a write-protect mechanism. Some flash drives, however, encrypt data using an encrypted file system, including True Crypt, CryptoBuddy and Private Disk as examples. It is believed there have been some proposals for biometric fingerprinting, but these proposals have not been commercially implemented and the design has been technically complete and expensive.
It should be understood that the large acceptance of USB mass storage devices and flash drives in the PC world, and their use in corporate environments, indicates that the products are becoming ubiquitous for a PC user. These portable devices are USB “plug-and-play” compliant. They are small in size and are often lost with their sensitive information, including sensitive data, keys, or credentials of a user. Additionally, with the proliferation of USB devices, the user may have to connect a multitude of USB products to a user's computer to store information, to authenticate at the computer, network or web page, to pay on-line, or to encrypt sensitive data and verify the integrity of a platform application.
There are proposals to implement smart card technology to USB mass storage devices, but much of the hardware security provided by a smart card chip is limited to its use of the ISO 7816 protocol to communicate with a USB controller. It would be advantageous to incorporate a physical interface such as the USB, low pin count (LPC), Inter Integrated Circuit (I2C), serial peripheral interface (SPI), or other serial or parallel input/output interface such as the InterChip USB with a higher protocol layer not based on ISO 7816-3.
Some USB flash drive devices offer content protection by user name and password access, and use software encryption having a memory partition using a public and secure area. A security token could be made from a USB token, including a custom USB controller, or made from two chips, i.e., a smart card in a USB controller with a smart card reader functionality such as described in U.S. Pat. Nos. 6,748,541 and 6,763,399 to Margalit et al., the disclosures which are hereby incorporated by reference in their entirety. As disclosed generally in these references, a smart card chip can communicate to a USB controller using an ISO 7816 interface and protocol. In other examples, the token could use a USB reader with an ISO 7816 smart card or USB smart card as defined in ISO 7816-12.
Some proposals, such as disclosed in U.S. Patent Publication No. 2002/0073340 published on Jun. 13, 2002, disclose a secure mass storage device having an embedded biometric record that blocks access by disabling plug-and-play configuration. The system can use a thumbprint that is captured and compared to templates to either block the secured drive access or continue initializing the secured drive to allow access. Although some biometric circuit is provided in the disclosure, it may not provide the desired level of trusted authentication.