Browse Prior Art Database

ELECTRONIC IDENTITY PLUG-AND-PLAY

IP.com Disclosure Number: IPCOM000132332D
Publication Date: 2005-Dec-07
Document File: 5 page(s) / 7M

Publishing Venue

The IP.com Prior Art Database

Related People

David B. Cross: INVENTOR [+2]

Abstract

An electronic identity plug-and-play (PnP) process can be used to automatically and seamlessly locate and install software required to enable a system to use a particular electronic identity (eID) device for cryptographic, authentication, or other related purposes. Use of an eID PnP process reduces software deployment costs, reduces complexity of eID device usage, and enhances reliability of eID device usage.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 41% of the total text.

ELECTRONIC IDENTITY PLUG-AND-PLAY

            Electronic identity (eID) devices are becoming an increasingly important means of authenticating users before granting them access to system resources.  eID devices include any personal authentication devices, and are commonly two-factor authentication devices such as smart cards, USB tokens, one-time-password (OTP) hardware authentication devices, ISO 7816 smart cards, contactless smart cards, wireless devices such as SIM cards in mobile phones and PDAs, and other hardware authentication devices that communicate with a system via wires or a wireless connection.

            Like other hardware devices, eID devices require that supporting software be installed before a system can use them.  Unlike other hardware, however, eID devices require installation of software packages that are more complex than the device drivers typically required for conventional hardware.  The required supporting software can be card modules, middleware, cryptographic service providers (CSPs), dynamic link libraries (DLLs), or other software required by the system to interact with the particular eID device.  Currently, end-users or IT professionals must locate the appropriate supporting software and install it before an eID can be used to authenticate users to applications, web sites, and other system resources.  And, eID hardware vendors may make this software available in a variety of manners and locations such as on a web site, CD-ROM, or other computer-readable media.  A seamless and automatic means is needed to locate and configure eID-supporting software.

            Conventional plug-and-play (PnP) functionality is able to locate, install, and configure the supporting software, such as kernel mode device drivers, for conventional hardware devices such as printers, cameras, and external storage media.  However, conventional PnP is not capable of performing this function for atypical hardware devices, such as eID devices, which require supporting software that interacts with the cryptographic subsystem of the operating system.

            An eID PnP mechanism enables the automatic and seamless identification, location, retrieval, installation, and configuration of the appropriate supporting software for eID devices.  Figure 1 below provides a high-level illustration of an eID PnP process.

Figure 1.  High-level diagram of a possible eID plug-and-play process.

            An eID PnP process can have, for example, two logical components:  a detection component that detects the eID and a retrieval component that locates, installs, and deploys the necessary software.  As illustrated in Figure 1, when the end user inserts his or her eID device into an eID reader, the eID resource manager service receives the answer-to-reset (ATR) for the particular eID.  The ATR is a specific byte sequence that identifies the make and model of the eID.  The eID resource ma...