Security tokens are tamper resistant hardware devices used to securely store digital credentials, cryptographic keys and other proprietary information. The tokens are packaged in a convenient and easily transportable medium and generally communicate with a host client using standardized IEEE serial communications protocols. Examples of security tokens include smart cards, integrated circuit cards, subscriber identification modules (SIM), wireless identification modules (WIM), USB token dongles, identification tokens, secure application modules (SAM), secure multi-media tokens (SMMC) and like devices.
The single input/output nature of a serial connection is known to cause local device contentions when multiple requests to access the security token are received by the local client. In a multi-user networking environment, serial device contentions can impair network performance as each requesting remote service must wait in line for its request to be processed by a particular security token. The device contentions can be minimized to some extent by assigning priorities to the access requests. However, prioritization does not provide significant performance improvements in operating environments where a multitude of identically prioritized requests occur within a small time frame such as at the start or end of a work day where large numbers of entities are logging into or out of a network.
A second problem arises when the information contained in the security token is shared among multiple services, Information requested by one application may be altered, moved or deleted by another application resulting in application errors, system crashes and lost data. One solution known in the art is to exclusively lock the security token to a particular application until all transactions between the exclusive application and security token have been completed. This solution has limited usefulness though since exclusively locking the security token for prolonged periods may exacerbate the network performance issues described above.
Other solutions include the use of secure shared memory arrangements and caching techniques. Memory sharing is useful if the information to be shared does not require extensive security protocols to be implemented. While secure memory sharing mechanisms do exist, the increasing complexity of maintaining the integrity of the shared memory tends to be system resource intensive and inadvertent “security holes” are always a concern. Caching of information is another common technique which provides reasonable performance improvements. An example of a data object caching technique is disclosed in U.S. Pat. No. 6,304,879 to Sobeski, et al. This patent describes a reasonable caching technique suitable for data objects but is not well suited for implementation with a security token as there are no intrinsic security measures incorporated into the disclosed invention.
Thus, it would be highly advantageous to provide a reasonably secure caching mechanism suitable for implementation with a security token which addresses the limitations described in the relevant art above.