Abstract: A computer including a microprocessor, a memory system, a bus system, and a single point indicator. The memory system includes an operating system stored therein. The bus system couples the memory system to the microprocessor. The single point indicator is coupled to the microprocessor and is capable of emitting a single point of light of substantially any wavelength in a visible spectrum. The computer also includes logic that determines a level of a selected operational parameter of the computer and logic that generates a corresponding wavelength of light emitted from the single point indicator. The corresponding wavelength of light corresponds to the level of the selected operational parameter. A method for indicating a level of a selected operational parameter of a computer is also disclosed.

Abstract: A method for selecting at least one smart card reader from a list of smart card readers includes receiving a parameter indicative of a reader selection criteria, setting an environment variable that specifies a reader filtering library, executing an application that uses a smart card access library, and interposing the reader filtering library between the application and the smart card access library.

Abstract: A tandem interposer-logger approach exploits the interface of a DLL routine that is exposed to client software modules that interoperate with each other through the DLL routine. The DLL routine may also be used to interact with other resources on a computer, including hardware resources. The interposer routine exposes the same interface as the DLL routine. Transparently to the client software, an interposer routine is substituted for the DLL routine such that the client software modules call the interposer routine instead of the DLL routine. When a client software module calls an interface function, the interposer's respective function is called, which collects tracing information to transmit to a daemon process referred to as a logger. The logger process stores the tracing information in a log. Tracing information can then be viewed by human users. The logger process is also used to manage operation of the interposer routine.

Abstract: A system and method for accessing storage devices attached to a stateless client. In one embodiment, the system may include a server configured to execute an application and a stateless client coupled to the server, whereby a user interacts with the application. The system may further include a storage device locally coupled to the stateless client, where the storage device is accessible by the user via the server. In various specific implementations of the system, the storage device may be a solid-state mass storage device or a mass storage device employing magnetic or optical media. In another specific implementation of the system, the storage device may be locally coupled to the stateless client via an interface such as Universal Serial Bus (USB) or IEEE 1394 (e.g. FireWire).

Abstract: A method for selecting at least one smart card reader from a list of smart card readers includes receiving a parameter indicative of a reader selection criteria, setting an environment variable that specifies a reader filtering library, executing an application that uses a smart card access library, and interposing the reader filtering library between the application and the smart card access library.

Abstract: The present invention is directed toward dynamic downloading of keyboard keycode data to a networked client. According to one or more embodiments of the present invention, a user logs into a networked client by presenting a smart card to a card reader attached to the client (or by some other authentication mechanism) and enters a PIN into the keyboard. The keycodes entered by the user logging into the client are obtained, translated into ASCII characters, and presented to the smart card. If the PIN is correct, the user is able to log in, otherwise the log in fails. In one embodiment, when the user enters the PIN, a translation table is downloaded from the server into the client. The client uses the translation table to convert the keycodes to ASCII text and presents the ASCII text to the smart card for authentication.

Abstract: The present invention provides for token based signing of an unsigned binary which may be a stream of bits (e.g., 0's and 1's). The unsigned binary is signed using a secret key which resides in a token (e.g., a smart card), which makes the secret key available to the token holder. The unsigned binary is downloaded and verified for authenticity by the token coupled to a computing device. In one embodiment, the downloaded unsigned binary is encrypted. If the unsigned binary is authentic, it may be used to replace the prior firmware on that computing device.

Abstract: The present invention relates to a system which allows third-party smart cards to be recognized by computing devices configured to receive smart cards. According to one or more embodiments of the present invention, a smart card is presented to a computing device. One or more token IDs are extracted from the smart card. Thereafter, a token type is obtained. In one embodiment, a probe order file is consulted first when the smart card is presented to the computing device. The probe order file is configured to direct a computing device to consult the correct configuration files in the correct order. Using the probe order file, the device inspects each configuration file specified in order. The probing is halted after a configuration file successfully returns a usable identification and card type. If the probing goes through every configuration file and there is no match then the smart card cannot be utilized.

Abstract: The present invention is directed toward using patterns in APDU to perform identification data substitution. According to one or more embodiments of the present invention, a user inserts a smart card into a card reader connected to a client computing device. Then, the user enters a PIN. The PIN is embedded into an APDU which is sent to the card reader and is presented to the smart card. The APDU contains special patterns that specify to the card reader where and in what format the PIN should be embedded into a prototype APDU that is constructed in the card reader and presented to the card for verification.

Abstract: The present invention is directed toward dynamic downloading of keyboard keycode data to a networked client. According to one or more embodiments of the present invention, a user logs into a networked client by presenting a smart card to a card reader attached to the client (or by some other authentication mechanism) and enters a PIN into the keyboard. The keycodes entered by the user logging into the client are obtained, translated into ASCII characters, and presented to the smart card. If the PIN is correct, the user is able to log in, otherwise the log in fails. In one embodiment, when the user enters the PIN, a translation table is downloaded from the server into the client. The client uses the translation table to convert the keycodes to ASCII text and presents the ASCII text to the smart card for authentication.

Abstract: The present invention relates to secure PIN entry in a distributed network. According to one or more embodiments of the present invention, a client connected to a server contains logic that is used to keep the PIN within the network computer and not send it over the network. In one embodiment, the server sends an instruction to the networked computing device telling it to capture a PIN locally. This instruction causes the networked computer to enter a secure PIN entry mode which logically disconnects the keyboard from the server. Upon receipt of the instruction from the server, one embodiment of the present invention receives keyboard entries on the client computer and places them into a local buffer. The client continues buffering the keyboard entries until an indication that the process is complete. Upon completion of the keyboard entries, they are translated into ASCII characters by the client and sent from the local client buffer to the smart card where the PIN may be verified.

Abstract: A system and method is provided for non-invasive testing of smart cards. In a preferred embodiment, a host computer is connected to a controller, which is then connected, through a switch, to at least one computing device and at least one testing device. The testing device further includes a card terminal and a probe. Each probe includes a motor that is coupled to a cylindrical tube. The motor-tube configuration is used to actuate a card detect sensor in the card terminal. In response to a command provided by the host computer, the controller initiates a particular test. In one test, for example, the motor-tube configuration is used to simulate repeated insertions and removals of smart cards.

Abstract: The present invention provides for token based signing of an unsigned binary which may be a stream of bits (e.g., 0's and 1's). The unsigned binary is signed using a secret key which resides in a token (e.g., a smart card), which makes the secret key available to the token holder. The unsigned binary is downloaded and verified for authenticity by the token coupled to a computing device. In one embodiment, the downloaded unsigned binary is encrypted. If the unsigned binary is authentic, it may be used to replace the prior firmware on that computing device.

Abstract: The present invention relates to secure PIN entry in a distributed network. According to one or more embodiments of the present invention, a client connected to a server contains logic that is used to keep the PIN within the network computer and not send it over the network. In one embodiment, the server sends an instruction to the networked computing device telling it to capture a PIN locally. This instruction causes the networked computer to enter a secure PIN entry mode which logically disconnects the keyboard from the server. Upon receipt of the instruction from the server, one embodiment of the present invention receives keyboard entries on the client computer and places them into a local buffer. The client continues buffering the keyboard entries until an indication that the process is complete. Upon completion of the keyboard entries, they are translated into ASCII characters by the client and sent from the local client buffer to the smart card where the PIN may be verified.

Abstract: The present invention is directed toward using patterns in APDU to perform identification data substitution. According to one or more embodiments of the present invention, a user inserts a smart card into a card reader connected to a client computing device. Then, the user enters a PIN. The PIN is embedded into an APDU which is sent to the card reader and is presented to the smart card. The APDU contains special patterns that specify to the card reader where and in what format the PIN should be embedded into a prototype APDU that is constructed in the card reader and presented to the card for verification.

Abstract: The present invention is directed toward dynamic downloading of keyboard keycode data to a networked client. According to one or more embodiments of the present invention, a user logs into a networked client by presenting a smart card to a card reader attached to the client (or by some other authentication mechanism) and enters a PIN into the keyboard. The keycodes entered by the user logging into the client are obtained, translated into ASCII characters, and presented to the smart card. If the PIN is correct, the user is able to log in, otherwise the log in fails. In one embodiment, when the user enters the PIN, a translation table is downloaded from the server into the client. The client uses the translation table to convert the keycodes to ASCII text and presents the ASCII text to the smart card for authentication.

Abstract: The present invention relates to a system which allows third-party smart cards to be recognized by computing devices configured to receive smart cards. According to one or more embodiments of the present invention, a smart card is presented to a computing device. One or more token IDs are extracted from the smart card. Thereafter, a token type is obtained. In one embodiment, a probe order file is consulted first when the smart card is presented to the computing device. The probe order file is configured to direct a computing device to consult the correct configuration files in the correct order. Using the probe order file, the device inspects each configuration file specified in order. The probing is halted after a configuration file successfully returns a usable identification and card type. If the probing goes through every configuration file and there is no match then the smart card cannot be utilized.

Abstract: A distributed budgeting and accounting system is designed to operate with secure token devices. The secure token devices serve both as electronic currency purses and as secure vehicles for authorization. The distributed budgeting and accounting system allows a budget to be defined for an organization. The budget is implemented via the secure token devices by transferring electronic currency tokens representing portions of the budgets to secure token devices associated with different portions of the organization. The funds may be transferred down a hierarchical organization by transferring funds between respective pairs of secure token devices. Once the budget has been fully distributed, members of the organization may spend electronic currency tokens on their secure token devices to cover the cost of using resources. Each card holder of the secure token device may only spend up to the amount provided on the associated secure token device.

Abstract: A secure token device, such as a smart card or an ibutton, provides a user with a vehicle for accessing services that are provided by an Internet Service Provider (ISP). The user places the secure token device in communication with a reader that is coupled to a computer system. The computer system includes a web browser for accessing the services provided by the ISP. The secure token device may perform an authentication protocol to authenticate itself to the ISP. The ISP may also be required to authenticate itself. The secure token device may hold an electronic currency token for payment of services rendered by the ISP. The secure token device may contain stored personal information about the user. The user may stipulate what portions of this personal information are provided to the ISP upon request. Contextual information regarding sessions with the ISP may also be stored on the secure token device and used to restore a context of a previous session during a subsequent session.

Abstract: A portable PCMCIA interface for a host computer having a system bus. In one embodiment, the host computer is a SPARC based computer having an SBus and running the UNIX operating system. The PCMCIA interface provides a user application with access to a PCMCIA card. In this embodiment, the PCMCIA interface includes software and hardware components. The software component includes a hardware-independent portion and a hardware-dependent portion. By implementing the software in a suitable high level language such as "C", the software can be easily ported to other hardware platforms by merely adapting the hardware-dependent portion. The hardware component includes an ASIC coupled between the system bus and a couple of PCMCIA sockets. In some embodiments, the hardware also includes a 5 volt to 12 volt DC--DC converter between the system bus and the PCMCIA sockets.