Processing module operating methods, processing modules, and communications systems
What It Does (in plain English):
This invention describes a special microSD card that also contains a separate / isolated CPU & memory (like the smart chip in a contactless credit card) and a Near Field Communication (NFC) transceiver. The smart chip performs encryption / decryption functions in a memory space that is inaccessible to hackers or malware and the NFC chip communicates with contactless devices.
This architecture lets normally insecure mobile devices be easily retrofitted (by inserting the microSD) so that they can make secure mobile payments, decrypt protected content, store/retrieve authentication credentials (e.g., passwords) without the potential for compromise present in today’s mobile devices.
Patent Info:
Abstract A processing module operating method includes using a processing module physically connected to a wireless communications device, requesting that the wireless communications device retrieve encrypted code from a web site and receiving the encrypted code from the wireless communications device. The wireless communications device is unable to decrypt the encrypted code. The method further includes using the processing module, decrypting the encrypted code, executing the decrypted code, and preventing the wireless communications device from accessing the decrypted code. Another processing module operating method includes using a processing module physically connected to a host device, executing an application within the processing module, allowing the application to exchange user interaction data communicated using a user interface of the host device with the host device, and allowing the application to use the host device as a communications device for exchanging information with a remote device distinct from the host device. |
Images:
Claims:
Description:
The United States Government has certain rights in this invention pursuant to Contract No. DE-AC07-05-ID14517 between the United States Department of Energy and Battelle Energy Alliance, LLC. The present disclosure relates to processing module operating methods, processing modules, and communications systems. For many years, cellular telephones were designed primarily to provide wireless voice communications. With new advances in technology, however, additional functionality has been added to cellular telephones, which are sometimes referred to as personal wireless devices. For example, personal wireless devices including the functionality of a cellular phone, personal digital assistant, email client, media player, and a digital camera are now common. Due to the increased capabilities of these devices, many subscribers are using the devices to store or access sensitive information (e.g., financial account information) or to access private networks (e.g., corporate networks). At least some aspects of the disclosure may be beneficial to users of wireless devices including cellular communications devices. Preferred embodiments of the disclosure are described below with reference to the following accompanying drawings.
This disclosure of the invention is submitted in furtherance of the constitutional purposes of the U.S. Patent Laws “to promote the progress of science and useful arts.” (Article 1, Section 8). According to some embodiments of the disclosure, processing modules, processing module operating methods, and communications systems are described. In one embodiment, a processing module is physically connected to a host device such as a cellular wireless communications device. The processing module executes code in an environment that is separate and/or isolated from the cellular wireless communications device in one embodiment. In another embodiment, a processing module includes wireless communications circuitry (e.g., a transponder such as an RFID tag). Additional aspects of the disclosure are described in the illustrative embodiments below. Referring to Host device 104, in one embodiment, may be a wireless communications device. Host device 104 may communicate with base station 110 using a wireless channel 112, which may be a cellular wireless channel. In one embodiment, base station 110 may be a terrestrial cellular base station and host device 104 may be a cellular wireless communication device, such as a smart phone, blackberry, laptop computer, etc., configured to communicate with a terrestrial cellular base station. Base station 110 may communicate with network 108. In one embodiment, network 108 may be a communications network such as the Internet, the public switched telephone network, or any other arrangement for implementing communications. Processing module 102 may be physically connected to host device 104 in one embodiment. For example, processing module 102 may be a card configured to be inserted into host device 104. Although physically connected to host device 104, processing module 102 may execute code independently and/or isolated from host device 104 in one embodiment. For example, processing module 102 may execute code configured to display an electronic book, code configured to perform an online financial transaction, or code configured to encrypt financial information. Executing the code in isolation on processing module 102 rather than on host device 104 may protect data generated by the code against unauthorized access, for example, by malicious software installed on host device 104, by a user of host device 104, or by a device having connectivity to host device 104 through network 108 and base station 110. In one embodiment, processing module 102 may request that host device 104 retrieve the code from server 106 (e.g., a web server, Supervisory Control and Data Acquisition (SCADA) server, corporate network server, online banking server, or other server). Host device 104 may retrieve the code from server 106 via wireless channel 112, base station 110, and network 108 and then provide the code to processing module 102, which may then execute the code. In one embodiment, the code may be encrypted code. Server 106 may be configured to encrypt the code and processing module 102 may be configured to decrypt the code. In one embodiment, host device 104 is unable to decrypt the encrypted code. Accordingly, upon retrieving encrypted code from server 106, host device 104 may forward the encrypted code to processing module 102 without decrypting the code. Processing module 102 may additionally or alternatively request that host device 104 send code to server 106. For example, processing module 102 may encrypt financial information (e.g., an account number, a personal identification number, etc.), provide the encrypted information to host device 104, and instruct host device 104 to send the encrypted information to server 106. Since the information, in this example, is encrypted, host device 104 may be unable to decrypt the financial information. In one embodiment, processing module 102 may store sensitive information such as access credentials for a secure private network, financial information, or encryption information. In some cases, processing module 102 may be programmed with the sensitive information by an entity concerned with the sensitive information prior to connecting processing module 102 to host device 104. For example, a corporation having a secure private network may program processing module 102 to have access credentials used to gain access to the secure private network. Once processing module 102 has been programmed, the corporation may give processing module 102 to an employee who may then connect processing module 102 to a host device that may or may not be owned by the corporation. The employee may then use processing module 102 to gain access to the secure private network in order to access files, process email, and the like. Since the access credentials may be stored on processing module 102 prior to giving processing module 102 to the employee, the access credentials may be inaccessible to the employee. Accordingly, the use of processing module 102 may enable the corporation to contain knowledge of the access credentials to a relatively small number of people rather than directly providing the access credentials to employees needing access to the secure network. In one embodiment, processing module 102 may use functionality provided by host device 104. For example, host device 104 may include a user interface comprising a display 114 and a keypad 116. Since, in one embodiment, processing module 102 might not have a user interface, processing module 102 may provide user interaction data to be displayed on display 114 to host device 104 and instruct host device 104 to display the information on display 114. Similarly, processing module 102 may request that host device 104 provide processing module 102 with user interaction data entered by a user on keypad 116. By way of example, processing module 102 may execute an application for making an online credit card purchase. Processing module 102 may store information related to two different credit cards such as an account numbers, expiration dates, and security codes for the two credit cards. Prior to making an online purchase, processing module 102 may prompt a user to select one of the two credit cards for the purchase. Accordingly, processing module 102 may provide information identifying the first and second credit cards (e.g., a name such as “My Mastercard” or “My Visa card”) to host device 104 and request that host device 104 present the information to the user via display 114. Processing module 102 may then request that host device 104 monitor keypad 116 and return information entered on keypad 116 to processing module 102. In response to the user selecting “My Visa card” via keypad 116, host device 104 may provide processing module 102 with information conveying the keystrokes the user made to select “My Visa card.” Processing module 102 may then use the keystroke information provided by host 104 to complete the purchase, for example, as discussed below with respect to In one embodiment, processing module 102 might not be capable of communicating directly with base station 110, network 108, or server 106 because it may lack a network interface. Rather, processing module 102 may rely on host device 104 to communicate with base station 110, network 108, and server 106. Accordingly, host device 104 may receive information from processing module 102 and forward the information to server 106. Processing module 102 may encrypt the information sent to host device 104 using, for example, an encryption key to prevent host device 104 from accessing the information. Upon receiving the information, server 106, which may also have the encryption key, may decrypt the information. Host device 104 may also receive information from server 106 that is intended for processing module 102. Host device 104 may forward the information to processing module 102. Server 106 may encrypt information it sends to processing module 102 to prevent host device 104 from accessing the information. In one embodiment, processing module 102 may disregard information received from host device 104 that is not encrypted according to a particular encryption scheme. Disregarding information not encrypted according to the particular encryption may prevent host device 104 from interacting with processing module 102 other than to relay user interface information between a user interface of host device 104 and processing module 102 and to relay communications between server 106 and processing module 102. In one embodiment, the particular encryption scheme may be known by processing module 102 but not by host device 104. Referring to Of course, processing module 102 may have a form factor other than an SD form factor. For example, processing module 102 may have the physical characteristics (e.g., dimensions) of a TransFlash, miniSD, microSD, memory stick, compact flash, Multi Media Card (MMC), reduced size MMC, MMC micro, smart media, smart card, mini smart card, or xD memory card. Host device interface 202 may be substantially similar to a corresponding interface of one of the above-mentioned memory card formats. Any other suitable configurations are possible. Accordingly, processing module 102 may be compatible with a corresponding slot type of one of the above-mentioned memory card formats. Alternatively, host device interface 202 may be a Universal Serial Bus (USB) interface configured to be physically and electrically connected to a USB port of host device 104. Other physical configurations and host device interface formats that enable processing module 102 to be electrically and physically connected to host device 104 are also possible. Although the physical characteristics (e.g., dimensions) of processing module 102 and host device interface 202 may be similar to one of the above-mentioned memory card formats, processing module 102 may perform functionality beyond that performed by a memory card as was discussed above. Referring to Housing 204 houses and is provided about circuitry 206 and may allow a user to handle processing module 102 without damaging circuitry 206 by surrounding circuitry 206 so that circuitry 206 is not physically exposed to the user. In one embodiment, housing 204 may be different from and removable from a housing (e.g., housing 118 shown in Circuitry 206 may comprise one or more integrated circuits and may comprise one or more circuit boards. Circuitry 206 may be configured to perform the functionality of processing circuitry 102 as was described above in relation to Referring to A user may connect processing module 102 to host device 104 by inserting processing module 102 into a housing of host device 104 thereby physically and electrically connecting processing module 102 to host device 104. In one embodiment, processing module 102 may be inserted into a slot formed within the housing of host device 104. In one embodiment, processing module 102 may be used in more than one host device at different moments in time. For example, a user of processing module 102 may use processing module 102 in host device 104 and may then later use processing module 102 in a different host device. Referring to Referring to Processing circuitry 404 may comprise circuitry configured to implement desired programming provided by appropriate media in at least one embodiment. For example, processing circuitry 404 may be implemented as one or more of a processor and/or other structure configured to execute executable instructions including, for example, software and/or firmware instructions, and/or hardware circuitry. Exemplary embodiments of processing circuitry 404 include hardware logic, PGA, FPGA, ASIC, state machines, and/or other structures alone or in combination with a processor. These examples of processing circuitry 404 are for illustration and other configurations are possible. Storage circuitry 402 may be embodied in a number of different ways using electronic, magnetic, optical, electromagnetic, or other techniques for storing information. Some specific examples of storage circuitry include, but are not limited to, a portable magnetic computer diskette, such as a floppy diskette, zip disk, hard drive, random access memory, read only memory, flash memory, cache memory, and/or other configurations capable of storing programming, data, or other digital information. At least some embodiments or aspects described herein may be implemented using programming stored within appropriate processor-usable media and/or communicated via a network or other transmission media and configured to control appropriate processing circuitry. For example, programming may be provided via appropriate media including, for example, embodied within articles of manufacture, embodied within a data signal (e.g., modulated carrier wave, data packets, digital representations, etc.) communicated via an appropriate transmission medium, such as a communication network (e.g., the Internet and/or a private network), wired electrical connection, optical connection and/or electromagnetic energy, for example, via a communications interface, or provided using other appropriate communication structure or medium. Exemplary programming including processor-usable code may be communicated as a data signal embodied in a carrier wave in but one example. Interface 406 may be embodied as electronic circuitry. Interface 406 may include host device interface 202. Interface 406 may be configured to communicate with processing circuitry 404. In one embodiment, interface 406 might not be able to communicate with storage circuitry 402 except via permission and/or control of processing circuitry 404, thereby preventing direct communication between interface 406 (or a device connected to interface 406 such as host device 104) and storage circuitry 402 in one embodiment. In one embodiment, a miniature smart card may comprise storage circuitry 402 and processing circuitry 404. In this embodiment, interface 406 may include a smart card reader to which the smart card is connected as well as host device interface 202. The smart card reader may be physically and electrically connected to host device interface 202. Accordingly, in this embodiment, processing circuitry 404 may communicate with host device 104 via the smart card reader and host device interface 202. Referring to Processing circuitry 404 may control the operation of wireless transponder 452. For example, in one embodiment, processing circuitry 404 may determine the identifier that wireless transponder 452 transmits in response to wireless transponder 452 receiving an interrogation signal. Processing circuitry 404 may select the identifier from among a plurality of identifiers known to processing circuitry 404. In one embodiment, processing circuitry 404 may selectively enable or disable wireless transponder 452. Wireless transponder 452 may be configured to only communicate with a wireless interrogator when wireless transponder 452 is enabled. Referring to Similar to processing circuitry 404, processing circuitry 502 may comprise circuitry configured to implement desired programming provided by appropriate media in at least one embodiment. For example, processing circuitry 502 may be implemented as one or more of a processor and/or other structure configured to execute executable instructions including, for example, software and/or firmware instructions, and/or hardware circuitry. Exemplary embodiments of processing circuitry 502 include hardware logic, PGA, FPGA, ASIC, state machines, and/or other structures alone or in combination with a processor. These examples of processing circuitry 502 are for illustration and other configurations are possible. Processing circuitry 404 may operate using a first operating system, which may be stored in storage circuitry 402 and processing circuitry 502 may operate using a second operating system, which may be stored in storage circuitry 506. in one embodiment, the first operating system and the second operating system may execute independently. For example, the first operating system may be executed using processing circuitry 404 and might not be configured to control the operation of host device 104 other than to enable interface 406 to send signals to interface 508. Likewise, the second operating system may be executed using processing circuitry 502 and might not be configured to control the operation of processing module 102 other than to enable interface 508 to send signals to interface 406. In one embodiment, the first operating system may be a different operating system than the second operating system. For example, the first operating system may be V×Works and the second operating system may be Windows Mobile. In another embodiment, the first and second operating systems may be two different instances of the same operating system. For example, the first and second operating systems may both be Windows Mobile, but they may each be different instances of Windows Mobile. In other words, one copy of Windows Mobile may be used by processing module 102 and another copy of Windows Mobile may be used by host device 104. Storage circuitry 506 may be embodied in a number of different ways using electronic, magnetic, optical, electromagnetic, or other techniques for storing information. Some specific examples of storage circuitry include, but are not limited to, a portable magnetic computer diskette, such as a floppy diskette, zip disk, hard drive, random access memory, read only memory, flash memory, cache memory, and/or other configurations capable of storing programming, data, or other digital information. Power supply 504 may provide power to processing circuitry 502, storage circuitry 506, wireless communications circuitry 510, and user interface 512. In addition, power supply 504 may provide power to processing circuitry 404, wireless transponder 452, and storage circuitry 402 via interface 406 in one embodiment. Wireless communications circuitry 510 may be configured to communicate with base station 110 in one embodiment. For example, wireless communications circuitry may comprise a wireless transceiver and one or more antennas. User interface 512 may include display 114 and keypad 116, in one embodiment. Interface 508 may be embodied as electronic circuitry. In one embodiment, interface 508 may include a connector configured to receive interface 406 of processing module 102. Interface 406 and interface 508 may be electrically and physically connected. For example, processing module 102 may be inserted into a receptacle of host device 104 so that interface 406 physically contacts interface 508. Electrical contact may result from electrically conductive portions of interface 406 making physical contact with electrically conductive portions of interface 508. Processing circuitry 404 may request that processing circuitry 502 retrieve encrypted code from server 106. In response, processing circuitry 502 may send a message to server 106 via base station 110 and network 108 requesting the encrypted code. Upon receiving the encrypted code from server 106, processing circuitry 502 may send the encrypted code to processing circuitry 404. Processing circuitry 404 may decrypt the encrypted code using encryption information known to processing circuitry 404 and server 106, but not to processing circuitry 502. In one embodiment, the decrypted code may be an application that processing circuitry 404 may execute. As a result of executing the decrypted code, processing circuitry 404 may store data in storage circuitry 402. Processing circuitry 404 may prevent processing circuitry 502 from accessing the data stored in storage circuitry 402 by rejecting requests to access storage circuitry 402 made by processing circuitry 502. Processing circuitry 404 may, in one embodiment, send information to processing circuitry 502 and request that the information be displayed to a user via user interface 512. In response to receiving the information, processing circuitry 502 may display the information via user interface 512. Processing circuitry 404 may request that processing circuitry 502 provide user interaction data (e.g., keystrokes) acquired by user interface 512 to processing circuitry 404. In one embodiment, processing circuitry 404 may reject messages received from processing circuitry 502 other than messages containing user interaction data received from user interface 512 and messages containing encrypted data sent by server 106. Furthermore, in one embodiment, processing circuitry 404 may reject messages received from processing circuitry 502 in which processing circuitry 502 attempts to control wireless transponder 452. For example, processing circuitry 404 may allow processing circuitry 502 to make function calls using only intentionally exposed interface functions and may reject attempts by processing circuitry 502 to make function calls using unexposed interface functions. In one embodiment, driver software may be installed on host device 104 to enable processing circuitry 502 to communicate with processing circuitry 404 via interfaces 406 and 508. The driver software may present processing module 102 to processing circuitry 502 according to an established smart card interaction standard (e.g., PC/SC) in one embodiment. In this embodiment, processing circuitry 502 may interact with processing module 102 as if processing module 102 is a smart card using intentionally exposed interface functions. Since, in one embodiment, processing module 102 may operate using a separate operating system from host device 104, processing module 102 may be connected to host device 104 even if host device 104 uses a different operating system than processing module 102. In fact, in this embodiment, processing module 102 may execute code received from server 106 via host device 104 and execute the code even if the code is incompatible with an operating system running on host device 104. Furthermore, processing module 102 may executed the code without storing the code in storage circuitry 506 and without executing instructions of the code on processing circuitry 502. Referring to In one embodiment, host device 104 may communicate with base station 110 using wireless communications circuitry 510 and wireless channel 112 as was described above. Processing module 102 may be physically and electrically connected with host device 104 and may retrieve encrypted code from server 106 via host device 104, channel 112, and base station 110 as was described above. Processing module 102 may include wireless transponder 452 (discussed above in relation to In one embodiment, interrogator 602 may be a wireless point of sale payment terminal. By way of example, processing module 102 may execute an application for making a point of sale purchase involving interrogator 602. A user of processing module 102 may select an item for purchase in a store and take the item to a checkout station where interrogator 602 may be located. Rather than purchasing the item by physically providing a credit or debit card to a sales clerk, the user may place processing module 102 and connected host device 104 proximate to interrogator 602. Interrogator 602 may transmit an interrogation signal to which wireless transponder 452 responds by providing an identifier. The identifier may include, in one embodiment, credit or debit card account information (e.g., account number, PIN, expiration date, etc.). Interrogator 602 may receive the identifier and use the identifier to complete the purchase. In one embodiment, processing module 102 may store information related to two different credit or debit cards. The information may include account numbers, expiration dates, and security codes for the two cards. Prior to making a purchase, processing module 102 may prompt a user to select one of the two cards for the purchase. Accordingly, processing circuitry 404 may provide information identifying the first and second cards (e.g., a name such as “My Mastercard” or “My Visa card”) to processing circuitry 502 and request that processing circuitry 502 present the information to the user via user interface 512. Processing circuitry 404 may then request that processing circuitry 502 monitor user interface 512 and return information entered via keypad 116 to processing circuitry 404. In response to the user selecting “My Visa card” via keypad 116, processing circuitry 502 may provide processing circuitry 404 with information conveying the keystrokes the user made to select “My Visa card.” Processing circuitry 404 may then use the keystroke information to determine which card the user has selected. Processing circuitry 404 may then configure wireless transponder 452 so that wireless transponder 452 provides information associated with the selected card upon being interrogated by interrogator 602. Accordingly, processing circuitry 404 may configure transponder 452 to provide information associated with one of the cards for one purchase and information associated with a different one of the cards for a different purchase. This may allow a user of processing module 102 to make purchases without presenting the physical credit or debit card and without allowing a sales clerk to surreptitiously acquire account information while handling the physical credit or debit card. In one embodiment, the card information may be stored in storage circuitry 402 and processing circuitry 404 may prevent processing circuitry 502 from accessing the information without authorization. In one embodiment, processing module 102 may execute an application allowing a user of host device 104 to enable or disable transponder 452. When enabled, transponder 452 may reply to interrogation signals received from interrogator 602. However, when disabled, transponder may receive an interrogation signal from interrogator 602 but might not respond to the interrogation signal. Disabling transponder 452 may prevent someone using an interrogator from surreptitiously acquiring an identifier of transponder 452 by interrogating transponder 452 during periods of time when a user is not aware that transponder 452 is being interrogated. Furthermore, in one embodiment, processing module 102 may include an indicator 120 indicating whether transponder 452 is enabled or disabled. For example, the indicator may be an LED that is illuminated when transponder 452 is enabled and is not illuminated when transponder 452 is disabled. Alternatively, the indicator may be an audible indicator (e.g., a tone generated by a speaker) that makes an audible noise when transponder 452 is enabled and is silent when transponder 452 is disabled. In one embodiment, processing circuitry 502 may provide processing circuitry 404 with input acquired from user interface 512 indicating that transponder 452 should be either enabled or disabled. Upon receiving the input, processing circuitry 404 may respectively enable or disable transponder 452. In one embodiment, processing circuitry 404 may prevent processing circuitry 502 from enabling or disabling transponder 452 other than by providing input from user interface 512. In compliance with the statute, the invention has been described in language more or less specific as to structural and methodical features. It is to be understood, however, that the invention is not limited to the specific features shown and described, since the means herein disclosed comprise preferred forms of putting the invention into effect. The invention is, therefore, claimed in any of its forms or modifications within the proper scope of the appended claims appropriately interpreted in accordance with the doctrine of equivalents. Further, aspects herein have been presented for guidance in construction and/or operation of illustrative embodiments of the disclosure. Applicant(s) hereof consider these described illustrative embodiments to also include, disclose and describe further inventive aspects in addition to those explicitly disclosed. For example, the additional inventive aspects may include less, more and/or alternative features than those described in the illustrative embodiments. In more specific examples, Applicants consider the disclosure to include, disclose and describe methods which include less, more and/or alternative steps than those methods explicitly disclosed as well as apparatus which includes less, more and/or alternative structure than the explicitly disclosed structure. |