[go: up one dir, main page]

WO2006018595A1 - Improved communications device - Google Patents

Improved communications device Download PDF

Info

Publication number
WO2006018595A1
WO2006018595A1 PCT/GB2005/002658 GB2005002658W WO2006018595A1 WO 2006018595 A1 WO2006018595 A1 WO 2006018595A1 GB 2005002658 W GB2005002658 W GB 2005002658W WO 2006018595 A1 WO2006018595 A1 WO 2006018595A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
memory
security
security information
host device
Prior art date
Application number
PCT/GB2005/002658
Other languages
French (fr)
Inventor
Danilo Melandri
Kristian Woodsend
Original Assignee
Matsushita Electric Industrial Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co., Ltd. filed Critical Matsushita Electric Industrial Co., Ltd.
Priority to EP05757838A priority Critical patent/EP1782397A1/en
Publication of WO2006018595A1 publication Critical patent/WO2006018595A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to an improved communications device for allowing a host device to connect to a network and in particular a communications device that has improved security features.
  • Communications devices for allowing a host device, such as a computer, laptop, pda, smartphone, etc, to connect to a network are known. These are sometimes referred to as network adaptors. Typically these are used in conjunction with some form of security device that is able to authenticate the host. In this context, the security devices are typically tamper resistant modules or smartcards. Access to the network is selectively allowed based on the required authentication information being provided by the security device. Various examples of this type of arrangement are described in US5778071 and JP2000151677.
  • Figure 1 shows a typical example of a known arrangement.
  • the host device has two input/output ports, one for a network adapter for allowing connection to the network and one for a separate smartcard for providing security information as part of an authentication process.
  • application software for interacting with the adapter and the smartcard.
  • the adapter and smartcard are connected to the appropriate input/output ports.
  • the network causes the adapter to send a message to the application software requesting that the host device identifies itself.
  • the application software passes an appropriate message to the smartcard requesting authentication information.
  • the smartcard returns the authentication data to the network through the application software in the host device. In the event that the authentication data provided by the smartcard is identified by the network as being acceptable access is allowed.
  • FIG. 2 shows another known arrangement.
  • This has a combined communications/network adaptor and smartcard device, i.e. the adaptor and the smartcard are included in a single discrete device or unit.
  • a connection process is initiated. This causes the adapter to send a message to the application software requesting that the host device identifies itself.
  • the application software then passes an appropriate message to the smartcard requesting authentication information.
  • the smartcard returns the authentication data to the network through the host device, hi the event that the authentication data provided by the smartcard is identified by the network as being acceptable, access is allowed.
  • a communications device for connecting a host device to a network
  • the communications device including a security module for providing security information, a communication module for allowing access to the network and a memory for storing security information, the communication module being operable to cause a request for security information to be sent from the network to the security module via the host device, and in response to that request the security module being operable to place security information in the memory, wherein the communication module is operable to access the security information in the memory and pass that information to the network.
  • a secure mechanism for allowing authenticated connection to a network By providing a single discrete device that is operable to communicate security information to a network adapter without having to pass that information through an insecure host, there is provided a secure mechanism for allowing authenticated connection to a network.
  • This device can be used with existing host machines that are set up to pass information from a separate smartcard to an adaptor without requiring modification thereof.
  • the security module may be operable to send a response to the communication module via the host device, the communication module being operable to use that response and the security information derived from the memory to construct a message for sending to the network.
  • the security module may comprise a smartcard.
  • the memory and/or smartcard may be tamper resistant.
  • the memory may be a temporary memory for example a temporary buffer.
  • the device may include means for clearing the security information from the memory after the security information is passed to the network.
  • a method for connecting a host device to a network using a communications device that has a security module for providing security information, a communications module for allowing access to the network and a memory, the method involving sending from the communication module a request for security information to the security module via the host device; in response to the request from the communication module placing security information in the memory; using the communications module to access the security information in the memory and passing the security information to the network.
  • the method may further comprise sending a response to the communication module via the host device, and using that response and the security information derived from the memory to construct a message for passing to the network.
  • the method may further comprise clearing the memory after the security information is passed to the network.
  • Figure 3 is a schematic view of a communications device connected between a host device and a network
  • Figure 4 is a more detailed view of the arrangement of Figure 3.
  • FIG 3 shows a communications device 10 for connecting a host device 12 to a network 14, for example the internet.
  • This is a single discrete device 10 that has a combined network adaptor portion or module 16 and tamper resistant security portion or module 18, both portions having separate connectors or ports for allowing them to be connected to a host terminal, such as a laptop computer or pda.
  • the adaptor 16 is shown connected to a first port in the host device and the security module 18 is shown connected to another separate port, so that each 16 and 18 can independently communicate with the host 12.
  • the adapter 16 is also connected to the network. This can be done using any suitable connection such as a mode ⁇ T ⁇ r a wireless interface.
  • the device 10 is releasable from its connection with the host 12 and the network 14, although this is not essential.
  • the network adaptor 16 has hardware and/or software for allowing messages to be passed between the host device 12 and the network 14.
  • the security module 18 is typically implemented using sniartcard technology and includes hardware and/or software for authenticating the host device and thereby allowing it to be connected to the network.
  • Also included in the communications device 10 is a tamper proof temporary memory 20 that is accessible by both the adaptor 16 and the smartcard 18. Tamper resistant smartcards and tamper resistant memory devices are well known in the art and so will not be described in detail.
  • the communications device 10 is connected to the host device so that both of the adaptor 16 and the smartcard 18 can communicate independently with application code
  • a connection process is initiated. This is typically done by selection of an appropriate application 22 on the host device. Once the process is started, the network sends a signal to the adapter that includes authentication data. This is then passed to the application code 22 in the host.
  • the application code 22 recognises this as a request for additional authentication information that can only be provided by the smartcard 18, and so passes the incoming data to the smartcard 18.
  • the smartcard 18 then performs secret calculations on the data to generate calculated security information that can be used by the network to authenticate the host device. Typically this is done using an encryption key that is unique to the smartcard and so the user, the key being securely held within the smartcard 18. After the smartcard 18 has calculated the security information, this is stored temporarily in the memory 20. This is not visible outside the communications device
  • a reply is then created with "dummy" data and transmitted back to the application code 22 and subsequently to the adaptor 16, where it is stored.
  • the adaptor 16 When the adaptor 16 is ready to send the authentication data back to the network 14, it first informs its internal hardware that the next packet to be written should contain the smartcard reply previously stored the temporary memory 20. This is then included in a message for sending back to the network. In this way, the appropriate authentication information is sent from the smartcard 18 to the network 14, without having to expose it in the host device 12, thereby avoiding the information being made vulnerable.
  • FIG. 4 shows a more detailed implementation of an enhanced security device 10.
  • an adaptor 24 for example a WIFI adaptor, for allowing connection to the network 14 and an interface 26, for example a secure digital input/output (SDIO) interface, for connecting the adaptor 24 to the host device 12.
  • an interface 26 for example a secure digital input/output (SDIO) interface
  • EAP extensible authentication protocol
  • This type of smartcard is well known and so will not be described in detail.
  • an interface 30 for example a TRM interface
  • a temporary buffer 32 Accessible by both of the smartcard module 28 and the WIFI adaptor 24 is a temporary buffer 32 in which authentication information can be stored.
  • Authentication of the host device 12 is provided by the EAP-SMARTCARD. Techniques for conducting the actual authentication process are known and so will not be described in detail.
  • SDIO and TRM drivers 34 and 36 respectively for interfacing with the SDIO and TRM interfaces in the device 10 and network and smartcard drivers 38 and 40 respectively for allowing communication with the network adaptor and smartcard of the device 10.
  • a network stack 42 that is able to communicate with both the network driver 38 and the smartcard driver 40. This stack 42 is operable to capture all requests from the network adaptor 24 and send them to the smartcard 28. The stack 42 is also operable to receive responses from the smartcard 28 and pass them back to the network 14.
  • a signal is sent from the host to the network 14 via the adaptor 24. Then, an authentication request command is sent from the network 14 to the adaptor 24.
  • This command includes information for use by the smartcard 28 in an authentication process.
  • the EAP-request command is then sent by the network stack 42 to the smartcard 28.
  • the smartcard 28 processes the EAP -Request command in a conventional manner to create an EAP-request command response. This includes authentication information that is generated using information provided in the EAP-request command and security information stored locally in the smartcard 28.
  • the smartcard 28 is adapted to store it in the temporary buffer 32.
  • the smartcard 28 then transmits "dummy" data back to the network stack 42 instead of the genuine response.
  • the network stack 42 then prepares to send back an EAP-Request command response to the network 14. Before it does so, it indicates to the network adaptor 24 that this is the case. This triggers a control mechanism in the adaptor 24, which ensures that the data next written by the network stack 42 is replaced by the real authentication data in the internal buffer 32. Data in the internal buffer 32 is then cleared and the control mechanism in the adaptor 24 reset.
  • the EAP-request command response including the real authentication information, is then forwarded to the network 14.
  • the authentication information is passed to the network 14 without being exposed in the host device 12.
  • this can be done without requiring any modification to the host device 12 or its application software 22 or how it interacts with the network 14 and/or the smartcard 28.
  • security information can be stored for use in an authentication process without passing it through the host.
  • the authentication data can effectively be used by or on behalf of a host device without the need for application software in that device to read the data. Because authentication data never appears in the host device this means that system is inherently more secure. In this way, it can be ensured that no critical security calculations are vulnerable to an attacker.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A communications device (10) for allowing a host device (12) to connect to a network (14), such as the internet. The communications device (10) includes a security module (18) for providing security information, a communications module (16) for allowing access to the network (14), and a memory (20) for storing security information. The communications module (16) is operable to send a request for security information to the security module (18) via the host device (12). In response to that request the security module (18) is operable to place security information in the memory (20) and return a message to the communications module (16) via the host device (12). The communications module (16) then accesses the security information in the memory (20) and passes it to the network.

Description

Improved Communications Device
The present invention relates to an improved communications device for allowing a host device to connect to a network and in particular a communications device that has improved security features.
Communications devices for allowing a host device, such as a computer, laptop, pda, smartphone, etc, to connect to a network are known. These are sometimes referred to as network adaptors. Typically these are used in conjunction with some form of security device that is able to authenticate the host. In this context, the security devices are typically tamper resistant modules or smartcards. Access to the network is selectively allowed based on the required authentication information being provided by the security device. Various examples of this type of arrangement are described in US5778071 and JP2000151677.
Figure 1 shows a typical example of a known arrangement. In this case, the host device has two input/output ports, one for a network adapter for allowing connection to the network and one for a separate smartcard for providing security information as part of an authentication process. Included in the host device is application software for interacting with the adapter and the smartcard. In use, the adapter and smartcard are connected to the appropriate input/output ports. When a network connection is to be made, the network causes the adapter to send a message to the application software requesting that the host device identifies itself. The application software then passes an appropriate message to the smartcard requesting authentication information. In response, the smartcard returns the authentication data to the network through the application software in the host device. In the event that the authentication data provided by the smartcard is identified by the network as being acceptable access is allowed.
Figure 2 shows another known arrangement. This has a combined communications/network adaptor and smartcard device, i.e. the adaptor and the smartcard are included in a single discrete device or unit. When the user wants to connect to the network, a connection process is initiated. This causes the adapter to send a message to the application software requesting that the host device identifies itself. The application software then passes an appropriate message to the smartcard requesting authentication information. In response, the smartcard returns the authentication data to the network through the host device, hi the event that the authentication data provided by the smartcard is identified by the network as being acceptable, access is allowed.
In each of the arrangements of Figures 1 and 2, authentication data is transported to the network through the host device. This is a problem, because the host device is an inherently insecure zone, which means that the information is vulnerable to attack.
According to one aspect of the present invention, there is provided a communications device for connecting a host device to a network, the communications device including a security module for providing security information, a communication module for allowing access to the network and a memory for storing security information, the communication module being operable to cause a request for security information to be sent from the network to the security module via the host device, and in response to that request the security module being operable to place security information in the memory, wherein the communication module is operable to access the security information in the memory and pass that information to the network.
By providing a single discrete device that is operable to communicate security information to a network adapter without having to pass that information through an insecure host, there is provided a secure mechanism for allowing authenticated connection to a network. This device can be used with existing host machines that are set up to pass information from a separate smartcard to an adaptor without requiring modification thereof.
The security module may be operable to send a response to the communication module via the host device, the communication module being operable to use that response and the security information derived from the memory to construct a message for sending to the network. The security module may comprise a smartcard. The memory and/or smartcard may be tamper resistant. The memory may be a temporary memory for example a temporary buffer.
The device may include means for clearing the security information from the memory after the security information is passed to the network.
According to another aspect of the present invention, there is provided a method for connecting a host device to a network using a communications device that has a security module for providing security information, a communications module for allowing access to the network and a memory, the method involving sending from the communication module a request for security information to the security module via the host device; in response to the request from the communication module placing security information in the memory; using the communications module to access the security information in the memory and passing the security information to the network.
The method may further comprise sending a response to the communication module via the host device, and using that response and the security information derived from the memory to construct a message for passing to the network.
The method may further comprise clearing the memory after the security information is passed to the network.
Various aspects of the invention will now be described by way of example only and with reference to the accompanying drawings, of which:
Figure 3 is a schematic view of a communications device connected between a host device and a network, and
Figure 4 is a more detailed view of the arrangement of Figure 3.
Figure 3 shows a communications device 10 for connecting a host device 12 to a network 14, for example the internet. This is a single discrete device 10 that has a combined network adaptor portion or module 16 and tamper resistant security portion or module 18, both portions having separate connectors or ports for allowing them to be connected to a host terminal, such as a laptop computer or pda. In Figure 3, the adaptor 16 is shown connected to a first port in the host device and the security module 18 is shown connected to another separate port, so that each 16 and 18 can independently communicate with the host 12. The adapter 16 is also connected to the network. This can be done using any suitable connection such as a modeπTόr a wireless interface. Typically the device 10 is releasable from its connection with the host 12 and the network 14, although this is not essential.
The network adaptor 16 has hardware and/or software for allowing messages to be passed between the host device 12 and the network 14. The security module 18 is typically implemented using sniartcard technology and includes hardware and/or software for authenticating the host device and thereby allowing it to be connected to the network. Also included in the communications device 10 is a tamper proof temporary memory 20 that is accessible by both the adaptor 16 and the smartcard 18. Tamper resistant smartcards and tamper resistant memory devices are well known in the art and so will not be described in detail.
In use the communications device 10 is connected to the host device so that both of the adaptor 16 and the smartcard 18 can communicate independently with application code
22 in the host 12. When the host 12 is to be connected to the network 14, a connection process is initiated. This is typically done by selection of an appropriate application 22 on the host device. Once the process is started, the network sends a signal to the adapter that includes authentication data. This is then passed to the application code 22 in the host. The application code 22 recognises this as a request for additional authentication information that can only be provided by the smartcard 18, and so passes the incoming data to the smartcard 18. The smartcard 18 then performs secret calculations on the data to generate calculated security information that can be used by the network to authenticate the host device. Typically this is done using an encryption key that is unique to the smartcard and so the user, the key being securely held within the smartcard 18. After the smartcard 18 has calculated the security information, this is stored temporarily in the memory 20. This is not visible outside the communications device
10. A reply is then created with "dummy" data and transmitted back to the application code 22 and subsequently to the adaptor 16, where it is stored. When the adaptor 16 is ready to send the authentication data back to the network 14, it first informs its internal hardware that the next packet to be written should contain the smartcard reply previously stored the temporary memory 20. This is then included in a message for sending back to the network. In this way, the appropriate authentication information is sent from the smartcard 18 to the network 14, without having to expose it in the host device 12, thereby avoiding the information being made vulnerable.
Figure 4 shows a more detailed implementation of an enhanced security device 10. Included in this is an adaptor 24, for example a WIFI adaptor, for allowing connection to the network 14 and an interface 26, for example a secure digital input/output (SDIO) interface, for connecting the adaptor 24 to the host device 12. Also provided is a tamper resistant extensible authentication protocol (EAP) smartcard module 28 that contains EAP-SMARTCARD application software for providing authentication information. This type of smartcard is well known and so will not be described in detail. To allow the smartcard module 28 to connect to the host 12 an interface 30, for example a TRM interface, is provided. Accessible by both of the smartcard module 28 and the WIFI adaptor 24 is a temporary buffer 32 in which authentication information can be stored. Authentication of the host device 12 is provided by the EAP-SMARTCARD. Techniques for conducting the actual authentication process are known and so will not be described in detail.
Inside the host device 10 are SDIO and TRM drivers 34 and 36 respectively for interfacing with the SDIO and TRM interfaces in the device 10 and network and smartcard drivers 38 and 40 respectively for allowing communication with the network adaptor and smartcard of the device 10. Also provided is a network stack 42 that is able to communicate with both the network driver 38 and the smartcard driver 40. This stack 42 is operable to capture all requests from the network adaptor 24 and send them to the smartcard 28. The stack 42 is also operable to receive responses from the smartcard 28 and pass them back to the network 14. In use when an application is selected on the host device 12 requesting connection to the network 14, a signal is sent from the host to the network 14 via the adaptor 24. Then, an authentication request command is sent from the network 14 to the adaptor 24. This passes the command to the network stack 42, which is operable to recognise it as an authentication request command, in this case an EAP-request command. This command includes information for use by the smartcard 28 in an authentication process. The EAP-request command is then sent by the network stack 42 to the smartcard 28. The smartcard 28 processes the EAP -Request command in a conventional manner to create an EAP-request command response. This includes authentication information that is generated using information provided in the EAP-request command and security information stored locally in the smartcard 28.
Once the EAP request command response is created, the smartcard 28 is adapted to store it in the temporary buffer 32. The smartcard 28 then transmits "dummy" data back to the network stack 42 instead of the genuine response. The network stack 42 then prepares to send back an EAP-Request command response to the network 14. Before it does so, it indicates to the network adaptor 24 that this is the case. This triggers a control mechanism in the adaptor 24, which ensures that the data next written by the network stack 42 is replaced by the real authentication data in the internal buffer 32. Data in the internal buffer 32 is then cleared and the control mechanism in the adaptor 24 reset. The EAP-request command response, including the real authentication information, is then forwarded to the network 14. In this way, the authentication information is passed to the network 14 without being exposed in the host device 12. For host devices that are set up to connect to a network and provide security information using the arrangements shown in Figures 1 or 2, this can be done without requiring any modification to the host device 12 or its application software 22 or how it interacts with the network 14 and/or the smartcard 28.
By providing a device that is connectable between a network and a host device and includes security means for providing security information, communication means for allowing access to a network and a memory for storing security information, security information can be stored for use in an authentication process without passing it through the host. In this way, the authentication data can effectively be used by or on behalf of a host device without the need for application software in that device to read the data. Because authentication data never appears in the host device this means that system is inherently more secure. In this way, it can be ensured that no critical security calculations are vulnerable to an attacker.
A skilled person will appreciate that variations of the disclosed arrangements are possible without departing from the invention. For example, whilst the invention has been described primarily with reference to a discrete device that can be selectively connected to a host device, it will be appreciated that the device could equally form an integral or permanent part of the host. Accordingly, the above description of the specific embodiment is made by way of example only and not for the purposes of limitation. It will be clear to the skilled person that minor modifications may be made without significant changes to the operation described.

Claims

Claims
1. A communications device for connecting a host device to a network, the device including security means for providing security information, communication means for allowing network access and a memory, the communication means being operable to allow a request for security information to be passed to the security means via the host device, the security means being operable to place security information in the memory without passing it through the host device, and the communication means being operable to access information in the memory and pass it to the network.
2. A communications device as claimed in claim 1 wherein the security means are operable to send a response to the communication means via the host device, the communication means being operable to use that response and the security information derived from the memory to construct a message for sending to the network.
3. A communications device as claimed in claim 1 wherein the security means comprises a smartcard.
4. A communications device as claimed in claim 1 or claim 2 wherein the memory and/or security means are tamper resistant.
5. A communications device as claimed in any of the preceding claims wherein the memory is a temporary buffer.
6. A communications device as claimed in any of the preceding claims comprising means for clearing the memory after the security information is passed to the network.
7. A method for connecting to a host device to a network using a communications device including security means for providing security information, a communications means for allowing access to a network and a memory for temporarily storing security information, the method involving sending from the communication means a request for security information to the security means via the host device; in response to that request placing security information in the memory without passing it through the host device; using the communications means to access information in the temporary memory and passing security information to the network.
8. A method as claimed in claim 7 further comprising sending a response to the communication means via the host device, and using that response and the security information derived from the memory to construct a message for passing to the network.
9. A method as claimed in claim 7 or claim 8 wherein the security means comprises a smartcard.
10. A method as claimed in claim 7 or 8 or 9 wherein the memory and/or smartcard are tamper resistant.
11. A method as claimed in any of claims 7 to 10 wherein the memory is a temporary buffer.
12. A method as claimed in any of claims 7 to 11 further comprising clearing the memory after the security information is passed to the network.
PCT/GB2005/002658 2004-08-16 2005-07-08 Improved communications device WO2006018595A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05757838A EP1782397A1 (en) 2004-08-16 2005-07-08 Improved communications device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0418215.0 2004-08-16
GB0418215A GB0418215D0 (en) 2004-08-16 2004-08-16 Improved communications device

Publications (1)

Publication Number Publication Date
WO2006018595A1 true WO2006018595A1 (en) 2006-02-23

Family

ID=33017555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2005/002658 WO2006018595A1 (en) 2004-08-16 2005-07-08 Improved communications device

Country Status (3)

Country Link
EP (1) EP1782397A1 (en)
GB (1) GB0418215D0 (en)
WO (1) WO2006018595A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6181735B1 (en) * 1995-09-25 2001-01-30 Gemplus S.C.A. Modem equipped with a smartcard reader

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6181735B1 (en) * 1995-09-25 2001-01-30 Gemplus S.C.A. Modem equipped with a smartcard reader

Also Published As

Publication number Publication date
EP1782397A1 (en) 2007-05-09
GB0418215D0 (en) 2004-09-15

Similar Documents

Publication Publication Date Title
US9473469B2 (en) Method and system for establishing a communications pipe between a personal security device and a remote computer system
US8209753B2 (en) Universal secure messaging for remote security tokens
EP2937805B1 (en) Proximity authentication system
US9282163B2 (en) Method and system for remote activation and management of personal security devices
JP4579969B2 (en) Method, apparatus and computer program product for sharing encryption key among embedded agents at network endpoints in a network domain
US7861015B2 (en) USB apparatus and control method therein
US20050240712A1 (en) Remote USB security system and method
US20120030745A1 (en) Method for carrying out an application with the aid of a portable data storage medium
US10278077B2 (en) Protection of a security module in a telecommunication device coupled to an NFC circuit
CN102215221A (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
CN102571340A (en) Certificate authentication device as well as access method and certificate update method thereof
EP1384370B1 (en) Method and system for authenticating a personal security device vis-a-vis at least one remote computer system
US20110016310A1 (en) Secure serial interface with trusted platform module
US7363486B2 (en) Method and system for authentication through a communications pipe
US12019717B2 (en) Method for the secure interaction of a user with a mobile terminal and a further entity
US20110258690A1 (en) Secure handling of identification tokens
EP1782397A1 (en) Improved communications device
CN102088453A (en) Method, system and method for controlling access of host computer
RU2633186C1 (en) Personal device for authentication and data protection
EP3573001A1 (en) Method and system for implementing a virtual smart card service
Lu et al. A new secure communication framework for smart cards
CN117792767A (en) Communication method, related device and storage medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005757838

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2005757838

Country of ref document: EP