Method and system for communication between a USB device and a USB host
First Claim
Patent Images
1. A method for providing efficient communication between a computer and a plug-and-play secure token connected to the computer, comprising:
- upon establishing a physical connection between the computer and the plug-and-play secure token, enumerating the secure token as a device of a first type and as a device of a second type;
launching on the computer a host agent stored on the secure token;
operating the computer according to instructions of a driver for devices of the first type to receive messages communicated in a first protocol associated with devices of the first type from the secure token;
operating the computer according to instructions of a driver of devices of the second type to receive messages communicated in a second protocol associated with devices of the second type from the secure token;
operating the computer according to instructions stored in the host agent to;
receive messages of a first type from the secure token communicated in the first protocol associated with messages of the first type via the driver for devices of the first type;
receive messages of a second type from the secure token communicated in the second protocol associated with messages of the second type via the driver for devices of the second type; and
in response to detecting a message of the first type indicative of an availability of a data in a data buffer, retrieving the available data from the data buffer by sending a message of the second type to the secure token;
operating the secure token according to instructions of a card-agent program including instructions to;
write data to a second data buffer of the secure token;
upon having written data to the second data buffer, sending a message of the first type indicative of the availability of data in the second data buffer;
upon receiving a message of the second type requesting access to the data buffer, transmitting the contents of the second data buffer using the protocol associated with messages of the second type; and
operating the computer according to instructions stored in the host agent to;
transmit messages from the computer to the secure token by writing data to a second data buffer of the secure token using the protocol associated with messages of the second type; and
embed in the messages from the computer to the secure token messages of an application layer protocol having at least one security level wherein messages embed therein security credentials permitting the computer to perform restricted actions on the secure token.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit use two hardware device protocols readily supported by computer operating systems. Other systems and methods are disclosed.
20 Citations
16 Claims
-
1. A method for providing efficient communication between a computer and a plug-and-play secure token connected to the computer, comprising:
-
upon establishing a physical connection between the computer and the plug-and-play secure token, enumerating the secure token as a device of a first type and as a device of a second type; launching on the computer a host agent stored on the secure token; operating the computer according to instructions of a driver for devices of the first type to receive messages communicated in a first protocol associated with devices of the first type from the secure token; operating the computer according to instructions of a driver of devices of the second type to receive messages communicated in a second protocol associated with devices of the second type from the secure token; operating the computer according to instructions stored in the host agent to; receive messages of a first type from the secure token communicated in the first protocol associated with messages of the first type via the driver for devices of the first type; receive messages of a second type from the secure token communicated in the second protocol associated with messages of the second type via the driver for devices of the second type; and in response to detecting a message of the first type indicative of an availability of a data in a data buffer, retrieving the available data from the data buffer by sending a message of the second type to the secure token; operating the secure token according to instructions of a card-agent program including instructions to; write data to a second data buffer of the secure token; upon having written data to the second data buffer, sending a message of the first type indicative of the availability of data in the second data buffer; upon receiving a message of the second type requesting access to the data buffer, transmitting the contents of the second data buffer using the protocol associated with messages of the second type; and operating the computer according to instructions stored in the host agent to; transmit messages from the computer to the secure token by writing data to a second data buffer of the secure token using the protocol associated with messages of the second type; and embed in the messages from the computer to the secure token messages of an application layer protocol having at least one security level wherein messages embed therein security credentials permitting the computer to perform restricted actions on the secure token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A plug-and-play secure token with means for being connected to a host computer, comprising:
-
a memory, a card-agent program that upon establishing a physical connection between the host computer and the plug-and-play secure token, enumerating the secure token as a device of a first type and as a device of a second type; a host agent stored in the memory of the secure token for execution on the host computer, the host agent comprising; a driver for devices of the first type to receive messages communicated in a first protocol associated with devices of the first type from the secure token, and a driver of devices of the second type to receive messages communicated in a second protocol associated with devices of the second type from the secure token; logic to receive messages of a first type from the secure token communicated in the first protocol associated with messages of the first type via the driver for devices of the first type; logic to receive messages of a second type from the secure token communicated in the second protocol associated with messages of the second type via the driver for devices of the second type; and logic to in response to detecting that message of the first type indicative of an availability of a data in a data buffer, retrieving the available data from the data buffer by sending a message of the second type to the secure token; the card-agent further comprising instructions to cause the secure token to; write data to a second data buffer of the secure token; upon having written data to the second data buffer, sending a message of the first type indicative of the availability of data in the second data buffer; upon receiving a message of the second type requesting access to the data buffer, transmitting the contents of the second data buffer using the protocol associated with messages of the second type and the host-agent further comprising instructions to cause the host computer to; transmit messages from the computer to the secure token by writing data to a second data buffer of the secure token using the protocol associated with messages of the second type; embed in the messages from the host computer to the secure token messages of an application layer protocol having at least one security level wherein messages embed therein security credentials permitting the computer to perform restricted actions on the secure token. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification