The present invention relates to the field of communication interfacing. More particularly, the invention relates to an interface, for example, an interface based on USB or Firewire, for connecting a peripheral to a host,
USB (Universal Serial Bus) is a plug-and-play interface between a computer and add-on devices (such as audio players, joysticks, keyboards, telephones, scanners, and printers). It is commonly used for connecting external devices to a computer without adding an adapter card or even turning the computer off. The USB standard was developed by Compaq, IBM, DEC, Intel, Microsoft, NEC, and Northern Telecom.
A USB interface, as any other computerized interface for connecting two devices, comprises two parties which mate upon connection. For the purpose of facilitating the text to follow, one party is referred to herein as host, and the other as a peripheral.
It is an object of the present invention to provide a communication interface between a host and a peripheral, which enables a user to interfere with the service(s) provided by the peripheral to a corresponding host, or the connectivity therebetween.
It is another object of the present invention to provide a more secure USB token than that of the prior art.
It is a further object of the present invention to provide a communication interface between a host and a peripheral, which is coupled with input means at the connector at the peripheral side, but still maintains the waterproofed characteristics of this connector.
Other objects and advantages of the invention will become apparent as the description proceeds.
In one aspect, the present invention is directed to a communication interface such as a USB and a Firewire, for transferring data between a peripheral and a host, the interface comprising: a first connector, at the host side, through which the host communicates with the peripheral; a second connector, at the peripheral or at an extension cable connected to the peripheral, through which the peripheral communicates with the host upon mating between the first connector and the second connector; a switch coupled to the second connector, the switch operative for modifying a service provided by the peripheral to the host, and/or a modifying a connectivity between the host and the peripheral. According to one embodiment, the switch may comprise a plurality of states. For example, “open”, “closed”, “state 1”, “state 2”. According to a preferred embodiment of the invention, the switch does not harm waterproof characteristic of the peripheral.
In a preferred embodiment of the invention, the switch is used for adding additional input means to a security token. In this case the switch can be used for signaling to the security token to generate a one-time password.
In another aspect, the present invention is directed to a security token, comprising: a switch at a connector of the security token through which the security token communicates with a host via a communication interface such as USB and Firewire, for modifying a service provided by the peripheral to the host and/or a connectivity between the host and the peripheral. According to a preferred embodiment of the invention, the switch does not harm waterproof characteristic of the peripheral. The switch comprises a plurality of states. In one embodiment of the invention, the switch is operative for signaling to the security token to generate a one-time password.
The present invention may be better understood in conjunction with the following figures:
The term “peripheral” refers herein as to a device which provides service(s) to another device, which is referred herein as a “host”. Exemplary peripherals include but are not limited to printers, scanners, and security tokens.
The connection between a peripheral and a host may be through a cable, such as in a printer, or directly, i.e. without a cable, such as in a security token.
The term “USB switch” refers herein to a switch that operates in conjunction with a USB connector.
The term “Interface” refers herein to hardware means (e.g., wires, plugs, sockets, etc.), software means, rules. etc., for communication between one device and another.
A security token, sometimes referred to as authentication token, is a small hardware device carried by an owner thereof in order to perform operations of a security nature, such as authenticating a user, authorizing access to a service (such as network service), one-time password authentication and transaction, key related operations such as encryption, decryption, digital signatures, secured memory, etc. A security token can be used also in one-factor authentication as well as in multi-factor authentication. A Flash memory device, such as Disk-On-Key of M-Systems, is also a security token, since it enables a user to retain data in a secure manner, i.e., out of reach of unauthorized people. A common form factor of a security token is a key fob, which is a portable device.
A USB token is a security token which connects with a system at least via a USB connection. The eToken-Pro and eToken-NG manufactured by Aladdin Knowledge Systems are examples of USB tokens. Also SecurID of RSA Security, and Disk-On-Key of M-Systems are security tokens.
FIGS. 1 to 6 illustrate a USB switch coupled on a USB token, according to a preferred embodiment of the invention. The switch mechanism comprises the contacts 12 and 16; the conductive bar 14 which connects and disconnects the connection between the contacts 12 and 16; the sliding plug 26 which can be moves inside the housing 2.
The USB connector 4 is coupled on a sliding plug 26 that fits closely inside the bore of the casing 2. The mechanism reminds a piston: in general, a piston is a sliding plug that fits closely inside the bore of a cylinder. Similarly, in this case the sliding plug is member 26, which slides inside a “cylinder”, i.e. a corresponding bore of the casing 2.
Bar 14 is composed of conductive material. In the “closed” state, as illustrated in
In contrast to the cylindrical form of a piston, according to a preferred embodiment of the invention the mating elements (members 26 and 2) preferably do not have a circular form, but rather a form which forces the plug to slide in the same position with regard to the bore, such as oval or rectangular form. This way the position of bar 14 with regard to the contacts 12 and 16 is fixed.
Since a USB token is a portable device and attachable to a key fob, it must be designed in such a way that it will resist “hard” conditions. Waterproofing, for example, is an essential requirement of a USB token. For instance, rain drops should not reach to the circuitry inside the token. A security token for military purposes may comply with even higher requirements, for example submersion of a token in a bath of water. According to the embodiment illustrated in FIGS. 1 to 4, the waterproof nature of the USB token 2 is maintained since the piston mechanism doesn't allow water to penetrate into the security token.
The USB switch may be operative to perform an operation such as closing a circuit, signaling to chip 10 or another circuit (not illustrated in the figures) that the user has pressed a switch, etc.
According to a preferred embodiment of the invention, in an interface the switch disconnects the peripheral from the host such that the host is “deceived to believe” that the peripheral is still connected, but no data is actually transferred. For example, in case where the indication that a peripheral is connected to a host is a certain voltage on a certain wire of the interfaced thereof, turning the USB switch on may disconnected the wire from its original connection and connect it to a circuit which generates the expected voltage. Thus, although no data is transferred between the peripheral and the host, the host continues to act like the communication channel is still active.
In a security token used for one-time password authentication, such as the eToken-NG of Aladdin Knowledge Systems, a button is used for signaling the token to generate the next one-time password. Thus, this application uses input means installed on the token.
It should be noted that a USB token is merely an example, and the USB switch can be implemented also in any USB connector, including a USB extension cable.
According to one embodiment of the invention, the token comprises a LED (Light Emission Diode) for providing to a user thereof indication about the operation of the token switch. For example, when the USB channel is active, the LED lights on.
Embedding a button in a security token or any other USB device (i.e., a device connecting to a system via a USB interface) allows increasing the security level of the token. For example, in a network a user gets access to the network by authenticating the user by his token at the beginning of the network communication session. However, since the same token is used for authenticating the user when connecting to his bank account, a malicious object which may take control of the user's computer may enter his bank account during the time the token is connected to the user's computer. The activation switch allows a user to signal the token to be available to the computer only for a limited time period (e.g., 2 minutes) or one authentication session. Thus, after the time period is over, a malicious object cannot enter the user's bank account.
Those skilled in the art will appreciate that the invention can be embodied in other forms and ways, without losing the scope of the invention. The embodiments described herein should be considered as illustrative and not restrictive. It should be noted that although the present invention has been described with regard to a USB protocol, it can be also used with other interfaces, such as Firewire.