Security method and apparatus for controlling the data exchange on handheld computers

US 7,346,778 B1
Filed: 11/29/2000
Issued: 03/18/2008
Est. Priority Date: 11/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for preventing unauthorized transfer of data between a portable computer system and systems of data storage and communication including another computer, said method comprising:

a) automatically receiving identification authentication information for said portable computer system at a communication interface device embodied as a cradle for said portable computer system, wherein said authentication information comprises a unique identity for said portable computer system and wherein said authentication information is embedded in said portable computer system;

b) comparing at said communication interface device said identification authentication information with a list of authorized portable computer system identities corresponding to said system of data storage;

c) determining at said communication interface device whether said portable computer system identity is authorized based on said identification authentication information and said unique identity;

d) enabling at said communication interface device communication between said portable computer system and said other computer provided said identity is authorized and disabling said communication if said identity is not authorized; and

e) enabling at said communication interface device decryption of encrypted data and synchronization with said systems of data storage from said portable computer system provided said identity is authorized and disabling decryption if said identity is not authorized.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting portable computer data from unauthorized transfer or using portable computers to download unauthorized data. The invention is applicable to any computer capable of transferring data, but in one embodiment a portable computer is described. Authorization is enabled by an interface permitting synchronization of the portable computer with a host computer by authentication of the particular portable computer identity. For instance, in one embodiment, when a portable computer is docked with a compatible interface connected to a host desktop computer, it is sensed and identified by the interface. If the particular portable computer identity is authenticated as authorized for that desktop, then synchronization will be enabled by the interface. The computers may then transfer data. However, if the identity is not an authorized one, then authentication will not occur, synchronization is correspondingly disabled, and data transfer is prevented. Various systems can enable the identity authentication.

188 Citations

25 Claims

1. A method for preventing unauthorized transfer of data between a portable computer system and systems of data storage and communication including another computer, said method comprising:
- a) automatically receiving identification authentication information for said portable computer system at a communication interface device embodied as a cradle for said portable computer system, wherein said authentication information comprises a unique identity for said portable computer system and wherein said authentication information is embedded in said portable computer system;
  
  b) comparing at said communication interface device said identification authentication information with a list of authorized portable computer system identities corresponding to said system of data storage;
  
  c) determining at said communication interface device whether said portable computer system identity is authorized based on said identification authentication information and said unique identity;
  
  d) enabling at said communication interface device communication between said portable computer system and said other computer provided said identity is authorized and disabling said communication if said identity is not authorized; and
  
  e) enabling at said communication interface device decryption of encrypted data and synchronization with said systems of data storage from said portable computer system provided said identity is authorized and disabling decryption if said identity is not authorized.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein said identification authentication information is transferred from said portable computer system to said interface device to uniquely identify said portable computer system to said interface device.
  - 3. The method as recited in claim 1 wherein said b) comprises:
    - recognizing said identification authentication information as an indication of unique identity of the source sending said information; and
      
      indexing said unique identity to a list of programmed identities.
  - 4. The method as recited in claim 1 wherein said c) comprises:
    - reacting to positive indexing match as an authenticated authorized identity and to negative indexing match as an unauthorized identity; and
      
      authorizing communications enablement in response to an authenticated authorized identity, andprohibiting communications in response to an unauthorized identity.
  - 5. The method as recited in claim 1 wherein said d) comprises:
    - allowing said portable computer to synchronize with said other computer upon authorization of communication; and
      
      preventing synchronization upon prohibition of communication.
  - 6. The method as recited in claim 1 wherein said e) comprises:
    - disclosing a specific key value with which said data is encrypted upon authorization of communication; and
      
      not disclosing said specific key value upon prohibition of communication.

7. A system for preventing unauthorized transfer of data between a portable computer system and a host system, comprising:
- a) a portable computer device capable of synchronizing with said host;
  
  b) an interface device separate from said portable computer device and said host, compatible to receive said portable computer device and capable of facilitating communication, authentication, and synchronization between said portable computer device and said host system;
  
  c) an identification authenticating component embedded into said interface device and providing a unique identification signal corresponding to the unique identity thereof; and
  
  d) an identification authorizing component embedded into said interface device capable of determining if said unique identity is authorized for synchronization with said host system, and for correspondingly enabling and disabling synchronization between said portable computer and said host system, wherein decryption of encrypted data from said portable computer device is enabled provided said unique identity is authorized and wherein said decryption is disabled if said unique identity is not authorized.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. A system as recited in claim 7 wherein said portable computer device comprises a palmtop computer.
  - 9. A system as recited in claim 7 wherein said interface device comprises a palmtop computer cradle.
  - 10. A system as recited in claim 7 wherein said synchronous communication is further encrypted with a specific key value from said identification authenticating tagging component such that unauthorized applications external to said portable computer system are locked out from deciphering data therefrom.
  - 11. A system as recited in claim 7 wherein said identification authenticating tagging component is a magnetic key and said identification authentication reading component is a magnetic key reader.
  - 12. A system as recited in claim 7 wherein said identification authenticating tagging component is a smart card and said identification authentication reading component comprises a smart card reader.
  - 13. A system as recited in claim 7 wherein said identification authorizing component comprises is an application specific integrated circuit.
  - 14. A system as recited in claim 7 wherein said identification authorizing component comprises a software program.
  - 15. A system as recited in claim 7 wherein said identification authenticating tagging component is in direct electrical connection with said identification authentication reading component via contacts.
  - 16. A system as recited in claim 7 wherein said identification authenticating tagging component is in contact free communication with said identification authentication reading component via an infrared communication mechanism.
  - 17. A system as recited in claim 7 wherein said identification authenticating tagging component is in contact free communication with said identification authentication reading component via a transmitter/receiver modality and antenna array.

18. A system for preventing unauthorized transfer of data between a portable computer system and a system of data storage and communication, comprising:
- a) a portable computer device capable of synchronizing with said system of data storage and communication;
  
  b) an interface device separate from said portable computer device and said system of data storage and communication, compatible to receive said portable computer device and coupled with said system of data storage and communication and capable of facilitating communication between said portable computer device and said system of data storage, authentication, and communication;
  
  c) an identification authenticating tagging and data encryption keying component embedded into said interface device and providing a unique identification signal and an encryption key cipher value corresponding to the unique identity thereof;
  
  d) an identification authentication reading component capable of sensing and reading said unique identification signal, said identification authentication reading embedded into said interface device;
  
  e) an identification authorizing component embedded into said interface device receiving input from said reading component and incorporated into the same one of said devices as said reading component, capable of determining if said unique identity is authorized for communication with said system of data storage, said identification authorizing component corresponding to said system of data storage, and synchronization and of correspondingly enabling and disabling synchronization between said portable computer and said system of data storage and communication; and
  
  f) an identification authorizing component further capable of enabling deciphering of encrypted communication from said portable computer device if said unique identity is authorized and disabling decryption if said unique identity is unauthorized.
- View Dependent Claims (19, 20)
- - 19. A system as recited in claim 18 wherein said identification authorizing component incorporates software for determining if said unique identity is authorized for synchronization, for correspondingly enabling and disabling synchronization, and deciphering encrypted data from said portable computer device.
  - 20. A system as recited in claim 18 wherein said interface device is a palmtop computer cradle.

21. A communication system comprising:
- a host computer system comprising a communication port;
  
  a portable electronic device comprising a communication port and an identity reference, said identity reference embedded into said portable electronic device; and
  
  a communication interface module separate from said host computer system for coupling and synchronization between said communication ports of said portable electronic device and said host computer system, said communication interface module comprising;
  
  an authentication device for authenticating said identity reference; and
  
  a communication interface circuit coupled to said authentication device and for allowing direct communication between said portable electronic device and said host computer system provided said authentication device indicates a proper authentication of said identity reference with said host system, said communication interface circuit corresponding to said host system, and, otherwise, for disallowing communication between said portable electronic device and said host computer system, wherein decryption of encrypted data from said portable computer device is enabled provided said unique identity is authorized and wherein said decryption is disabled if said unique identity is not authorized.
- View Dependent Claims (22, 23, 24, 25)
- - 22. A communication system as recited in claim 21 wherein said communication interface circuit comprises a decryption circuit.
  - 23. A communication system as recited in claim 21 wherein said communication module contains a slot for receiving said communication port of said electronic device.
  - 24. A communication system as recited in claim 21 wherein said identity reference is stored on a removable smart card.
  - 25. A system as recited in claim 21 wherein said communication module is a palmtop computer cradle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Access Company Limited
Original Assignee
Palmsource Incorporated (Access Company Limited)
Inventors
Martel, Thierry, Nicolas, Regis, Guiter, Olivier
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
CHEN, SHIN HON

Application Number

US09/726,822
Time in Patent Office

2,666 Days
Field of Search

713200-202, 713/172, 713/182, 395/281, 395/200, 380/21, 380/274, 380/255, 705/76, 707/201, 707/202, 726/2, 726/9, 726/20, 726/17, 726 27- 30, 710/28, 710/36, 710/37
US Class Current

713/182
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2129   Authenticate client device ...

Security method and apparatus for controlling the data exchange on handheld computers

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Security method and apparatus for controlling the data exchange on handheld computers

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others