BACKGROUND OF THE INVENTION Providing computer security has become increasingly important as computers are increasingly used to facilitate both work tasks and personal life.

Computer security includes application security, data security, theft security, and network security. Application security is a term which describes devices or methods which prevent the unauthorized use of a software product. Data security is a term which describes devices or methods which prevent an unauthorized person from extracting data stored on a computer disk. Theft security is a term which describes devices or methods which reduce the likelihood of computer theft. Network security describes devices or methods which prevent an unauthorized person from accessing a local area network.

While there are several prior art technologies used to provide computer security, each prior art technology has drawbacks. One prior art technology is the use of passwords. Although passwords are widely used, one drawback encountered is the possibility that user may choose an easy to remember, but insecure, password or may forget the chosen password. Another drawback to using passwords is that many users dislike typing long passwords.

Another prior art technology for computer security is printer port dongles.

These devices are attached to the parallel port of a computer and respond with a password sequence when queried by appropriate software. An example of this type of device is the "HASP" key, manufactured by Aladdin Knowledge Systems Ltd. A second example is the "WIBU-BOX" manufactured by WIBU- systems AG. A third example is disclosed in United States Patent No.

5,386,369, issued to Christiano. These devices have several drawbacks. One drawback is that these dongles typically are inconveniently large for use on a

notebook computer. Another drawback is that it is difficult to attach and remove a dongle, so users typically leave the dongle connected to the computer. As can readily be appreciated, this practice renders the dongle useless for data or theft security.

A further prior art technology for computer security is the use of electronic keys. An electronic key uses a portable electronic device which is attached to the computer to provide a password to the computer system.

These electronic devices are attached to the computer systems through a parallel port, a serial port, or a SCSI bus. An example of this type of device is the "iButton" manufactured by Dallas Semiconductor and disclosed in United States Patent No. 5,587,955, issued to Lee et al. Another example is disclosed in United States Patent No. 4,529,870, issued to Chaum. A further example is disclosed in United States Patent No. 5,606,615, issued to Lapointe et al. One drawback in using these electronic keys is the necessity of having special hardware in the computer to read the password transmitted by the portable electronic device.

Touchpads have recently been incorporated into computer systems. A touchpad is a computer input device which senses the position of the user's finger or stylus and allows the user to operate within the computer system environment in a way similar to that of a conventional computer mouse.

Touchpads can either be built into portable computers, or be built into computer keyboards so the touchpad is flat and external to the computer. One example of a touchpad is the touchpad manufactured by Synaptics corporation. Although the present invention is described with respect to the operating parameters of the Synaptics touchpad, the present invention is applicable to a variety of other touchpads which operate in a fashion similar to the Synaptics touchpad.

OBJECTS OF THE INVENTION It is an object of the present invention to provide a touchpad security device which overcomes the drawbacks of the prior art.

It is another object of the present invention to provide a touchpad security device which prevents the unauthorized use of a software product by

requiring that a physical key be present in order for the software product to be used.

It is yet another object of the present invention to provide a touchpad security device which prevents an unauthorized person from extracting data stored on a computer disk by encrypting the data on the disk and only allowing decryption with use of a physical key.

It is another object of the invention to provide a touchpad security device which prevents unauthorized access to a computer network by requiring that a physical key be present in order to access the computer network.

It is a further object of the invention to provide a touchpad security device which reduces the likelihood of a computer being stolen by rendering the computer nonfunctional, and therefore less valuable, if it is stolen.

These and other objects of the present invention will become apparent to one skilled in the art in view of the figures and the description of the figures given below.

SUMMARY OF THE INVENTION The invention comprises an electronic key which allows a bit pattern to be input to a computer through a touchpad, and software which resides in the computer to decode the signals from the touchpad. The bit pattern would be used as a security key. The key could be used to enable operation of a notebook computer for use as a theft prevention device, to encrypt files on the computer disk as a data security device, or to serve as a dongle for application security or network security. The preferred embodiment of this invention is capable of transmitting at approximately 25 bits per second.

The touchpad measures the position of an applied object or finger.

Touchpads can measure the location of an applied object by measuring capacitance as a function of position. The location of an applied object is found by locating a peak or center-of-mass of the capacitance of the applied object.

As is known by those skilled in the art, various algorithms can be used to determine the position of the applied object from the measured capacitance.

Hereinafter, a "location of capacitance" will refer to the result of an algorithm, such as the peak detection or center-of-mass detection algorithm, applied to the capacitance as a function of position on the touchpad. The invention contains one or more conductive pads arranged on a planar surface which is placed against the touchpad sensing surface. An electronic circuit of the invention grounds or disconnects these pads in a sequence to provide a time varying location and/or total capacitance signal. The location signal is composed of an X-axis signal and a Y-axis signal. Software in the computer decodes location and/or total capacitance signal to extract a digital signal. For notebook computer theft security, the security software must reside in the system BIOS.

For software, data and network security applications the security software can run as either a "driver" or standard application program.

Briefly stated, this invention uses an electronic key and security software to provide security for a computer that is coupled to a touchpad. The computer security includes application security, data security, and computer theft security and network security. In a preferred embodiment the electronic key generates a security signal, containing a security code, on the touchpad. The security software then receives the security signal and converts it to a binary signal.

The security code is extracted from the binary signal. The validity of the security code is verified. If the security code is valid a computer security operation is enabled.

A feature of the invention includes a security system for a computer that is coupled to a touchpad, the security system having an electronic key for transmitting a security signal containing a security code to the touchpad, and a security program installed in the computer and interfaced with the touchpad such that the security program decodes the security signal and enables a computer operation upon verification of a validity of the security code.

Another feature of the invention includes a security system installed in a computer that is coupled to a touchpad, the security system having means for generating a security signal carrying a security code on the touchpad, means for collecting the security signal from the touchpad, means for generating a binary signal responsive to the security code carried by the security signal, means for scanning the binary signal to locate a starting point of the binary signal, means for extracting the security code from the binary signal, means for

verifying validity of the security code, and means for enabling a computer function in the computer responsive to verification of the validity of the security code.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart illustrating a preferred method for computer security.

FIG. 2(a) is a top plan view of a first embodiment of the present invention.

FIG. 2(b) is a side elevational view of the first embodiment of the present invention shown in FIG. 2(a).

FIG. 3(a) is a top plan view of a second embodiment of the present invention.

FIG. 3(b) is a side elevational view of the second embodiment of the present invention shown in FIG. 3(a).

FIG. 4(a) is a top view of a third embodiment of the present invention.

FIG. 4(b) is a side elevational view of the third embodiment of the present invention shown in FIG. 4(a).

FIG. 5 is a block diagram illustrating the electronic system used in the first embodiment of the present invention shown in FIGS. 2(a) and 2(b).

FIG. 6 is a diagram illustrating the data format used by the first embodiment of the present invention.

FIG. 7 illustrates a typical signal outputted by the electrical key and measured by the touchpad.

FIG. 8 is a flowchart illustrating the software component of the first embodiment of the present invention.

FIG. 9 is a flowchart illustrating the data threshold function of the software component of the first embodiment of the present invention.

FIG. 10 is a flowchart illustrating the header detection function of the software component of the first embodiment of the present invention.

FIG. 11 is a flowchart illustrating the key sequence extraction function of the software component of the first embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to FIG. 1, a method for computer security utilizing the hardware and software components of the present invention is illustrated. For theft security, the software component is added to the non-rewritable portion of the BIOS program which is started when the computer is turned on. For application security, the software component is called by the application program when the application program starts. For data security, the software component is called by the operating system when an attempt is made to access a protected file.

For network security, the software component is called by the network client software when an attempt is made to access a computer network.

To execute the software component of the present invention the security software is started 1001. For theft security, the security software will be automatically started when the computer is turned on. For application security, the application program will start the security software when the application program is started. For data security, the operating system will start the security software when an attempt is made to access a protected file. For network security, the operating system will start the security software when an attempt is made to access a computer network. After the security software is started, the user is instructed to place the electronic key (the hardware component of the present invention) on the touchpad of the computer 1002.

After the user places the electronic key on the touchpad, the electronic key begins to continuously transmit a security code to the computer through the touchpad. Next, the security software records and decodes the security code sent by the electronic key 1003. After the security software has completed the data acquisition and decoding 1004, the security software instructs the user to remove the electronic key from the touchpad 1005. Removing the electronic key from the touchpad prevents the electronic device from causing unintended cursor motion after security software terminates. Optionally, the touchpad driver software can constantly monitor for the characteristic security signal and repress unwanted cursor motion while the security signal is detected. The security software then verifies the validity of security code recorded from the electronic key 1006. This verification may be performed by comparing the transmitted security code with a stored security code stored locally on the computer. For some applications, a more complex system uses a "trapdoor" algorithm which eliminates the need for the stored security code. "Trapdoor"

algorithms are well known by those skilled in the art. If the security code transmitted by the electronic key is determined to be valid 1007, the software will allow the protected operation to occur. For theft security, the software will allow the computer to start or operate normally. For application security, the software will allow the protected software to execute. For data security, the software will allow the data file to be read. For network security, the software will allow access to the computer network. If the code transmitted by the electronic key is determined to be invalid 1008, the software will not allow the protected operation to occur and will inform the user of an error.

Referring now to Figs. 2(a) and 2(b), the hardware component of the present invention, i.e., the electronic key 100, is illustrated. The electronic key 100 is sized to be slightly smaller than the active surface of the touchpad 201 on which it is placed. For example, a typical Synaptics touchpad has an active surface area of about 60 mm X 40 mm. Therefore, the electronic key used with this touchpad would be sized to have external dimensions of 58 mm X 38 mm.

Maintaining this dimensional relationship between the touchpad 201 and the electronic key 100 ensures that the electronic key 100 is aligned with the touchpad 201 within a range of approximately 10 degrees.

The electronic key 100 contains four electrical contacts 101 arranged in a rectangular formation on the lower surface of the electronic key 100. A surface area of the electrical contacts 101 must be able to be placed flat against the surface of the touchpad 201. The surface area of each contact 101 is approximately lOmm X 10mm to ensure that a capacitance provided to the touchpad 201 by each contact 101 is similar to that of a finger. The surface area of the contacts 101 may be bare metal, stiff conductive rubber, or may be covered with a thin protective insulating coat. If the thin protective coating is used it must be sufficiently thin to not substantially reduce the capacitance from the contact 101 to the touchpad 201. Typically, an insulating coating of less than 0.03 mm does not substantially reduce the capacitance.

The electronic key 100 also contains a micro controller 102 which is electrically connected to the electrical contacts 101. The micro controller 102 is pre-programmed to ground or isolate the electrical contacts 101 in a pre- determined sequence. A PIC16C54 micro controller, manufactured by Microchip, can be used to perform this function. The PlCl6C54 micro

controller provides low power operation, one time programmable memory, and tri-state outputs which can directly drive the electrical contacts 101. Those of ordinary skill in the art will recognize that a wide variety of circuits can perform the sequencing function. Selection of the circuit to be used will be based on the specific application requirements of the subject electronic key such as power consumption, re-programmability, and cost.

Referring now to Fig. 5, a block diagram illustrating the electronic system of the electronic key 100 is shown. The micro controller 102 is normally left un-powered to conserve battery power supplied by a battery 103. When the electronic key 100 is placed on the touchpad (not shown), the operator depresses a switch or button 104. This completes the electrical circuit between the battery 103 and the microprocessor 102, and provides a connection between the system ground 105 and the operator's finger. The preprogrammed micro controller 102 then grounds or disconnects the electrical contacts 101 in a continuous predetermined sequence.

Referring now to Fig. 6, a data pattern produced by the electronic key 100 on the touchpad 201 is shown. As explained in the description of Fig. 5, the electrical contacts 101 are grounded in a predetermined pattern. This predetermined pattern, in turn, causes the X and Y location of the capacitance of the electrical contacts 101 to move. This movement of the location of the capacitance produces a data pattern 300 on the X axis signal of the touchpad 201 and a data pattern 302 on the Y axis signal of the touchpad 201. The X and Y axis data 300 and 302 is restricted to a maximum run length (number of identical bits in sequence) of 4 bits (note that this slightly reduces the number of effective bits in the code since a larger run length would permit additional bits). The X axis data includes a "header" pulse 304 which is an 8 bit long logic "1" , with a logic "0" bit 306 and a logic "1" bit 308 appended to each end.

The "header" pulse 304 allows the security software in the computer to synchronize to the data pattern produced by the electronic key 100. In a typical operation, the header pulse 304, and a 40 bit security data 310 and 312 is transmitted from the electronic key 100 to the security program through the touchpad 201 in approximately 1 second, at a 25Hz bit rate. Since the data transmission from the electronic key 100 is asynchronous with the data acquisition of the touchpad, data must be collected over a sufficient time period to ensure the acquisition of the complete header 304 and security data

sequence 310 and 312. In practice, a collection time period of approximately 2 seconds is required.

Referring now to Fig. 7, a typical capacitance signal received by the security software through the touchpad 201 from the electronic key 100 is illustrated. This figure is included to clarify the description of the algorithm used by the security software to covert the preprogrammed sequence of grounds transmitted by the electronic key 100 into a security code which can be checked for validity by the security software. In the preferred embodiment, the touchpad 201 records data at an 80Hz bit rate and the electronic key 100 transmits data at an approximately 25Hz bit rate.

The security software must recognize the bit pattern transmitted by the electronic key, and verify the electronic key's authenticity by checking the validity of the bit pattern. The form of the security software will depend on the intended security application. For application security, the security software can run as a program that is called by the secured application. For network security, the security software can be part of the network client software. For data security, the security software should be installed as a driver to allow encryption and decryption of data as it is written to and read from the disk. For theft security, the security software must reside in the computer's non- reprogrammable BIOS so the entire computer is disabled if the proper security code or bit pattern is not provided.

A number of techniques can be used to recognize and decode the signal transmitted by the electronic key. The primary requirements for the security software are that the security software be able to synchronize to the data stream from the electronic key, and that the security software be able to recognize the start and end of the data stream. Additionally, the decoding algorithm must be immune to the level of input noise in the data stream from the key. In the preferred embodiment of the invention, the security software contains several functions which process the data stream from the touchpad in series. As shown by the flowchart in Fig. 8, these functions are data acquisition 2100, data thresholding 2200, header detection 2300, key sequence extraction 2400, and key verification 2500.

During the data acquisition function 2100 the security software must read the X and Y data produced by the touchpad 201 in response to the sequence of grounds transmitted by the electronic key 100. In the Synaptics touchpad, the X and Y data is available to the security software through a set of software interface routines. The data acquisition function 2100 records the X and Y data from the touchpad for a fixed time interval such as 2 seconds.

The data acquisition function also checks the X and Y data to ensure that all the values that are recorded are within reasonable ranges.

As shown in Fig. 8, the data thresholding function 2200 of the security software converts the data recorded by the data acquisition function 2100 into a binary bit pattern. The data thresholding function 2200 does this conversion by operating independently on the X data and Y data.

Referring now to Fig. 9, operating independently on the X and Y data, the data thresholding function 2200 calculates the change in the data on each 80 Hz sample (see Fig. 7) and then looks for the maximum positive going change. The maximum change is then divided by a fixed factor (a factor 5 in the preferred embodiment) to obtain a data threshold (2201).

The data thresholding function 2200 then loops through all of the data points in each sample (2202) to convert the detected changes in the data into binary logic "0" and "1". During each loop 2202 the change in data in the current sample is calculated and compared to the data threshold (2203). If the change in data in the current sample is smaller than the data threshold, the binary data output is set to the same value as the previous binary data output (2205), and the loop 2202 continues to the next sample. If the change in data in the current sample is larger than the data threshold, the security software compares the change in the current sample with the change calculated in the next sample (2204). If the change in data in the current sample is smaller than the change calculated in the next sample, the binary data output is set to the same value as the previous binary data output (2205) and the loop 2202 continues to the next sample. If the change in data in the current sample is larger than the change calculated in the next sample, the data thresholding function 2200 checks to see if the change was positive or negative (2206). If the change is positive (2207), the binary data output is set to "1", and the loop 2202 continues to the next sample. If the change is negative (2208), the binary

data output data is set to "0", and the loop 2202 continues to the next sample.

Referring again to Fig. 8, the header detection function 2300 analyzes the binary data output produced by the data thresholding function 2200 to locate the position and length of the "header" pulse in the X data.

Referring now to Fig. 10, the header detection function 2300 scans through the binary output data to locate the longest positive pulse (2301). This pulse is then assumed to be the 8 cycle long header. The header detection function then records the starting position of the header pulse (2302). The length of the header pulse is divided by the header length (preferably 8 bits as discussed above) to calculate the "reference length" for the recorded data. The length of the pulse is checked to ensure that it is within the expected range (2303). If the length of the pulse is not within the expected range, the header detection function 2300 returns an error signal (2304). The header detection function 2300 also calculates the length of the "0" pulse following the header pulse to check that the "0" pulse is 1 cycle long (2305). This prevents the security software from identifying an incorrect positive-going pulse as a header if the integration time is too short. If no errors have occurred, the header detection function 2300 returns the starting position and header pulse length to the security program (2306). Note that the header and time base information from the X data are used to synchronize the decoding of both X data and Y data. This allows the Y axis to be used to transmit data during the header transmission on the X axis.

Referring again to Fig. 8, the key sequence extraction function 2400 analyzes the data produced by the data thresholding function 2300, and, with the use of the reference length and header start position calculated by the header detection function 2400, calculates the bit stream transmitted by the electronic key. The key sequence extraction function 2400 operates independently on the X data and the Y data.

Referring now to Fig. 11, the key sequence extraction function 2400 starts at the data point corresponding to the start of the header (2401). The function loops through all of the data until the end of the input data is reached (2402). During each loop 2402, the function records the number of sequential

pulses without a change in data value to record an input pulse length (2403).

The input length is divided by the "reference length" recorded by the header detection function (see Fig. 10), to obtain an output pulse length (2404). A number of "1 "s, or "0"s corresponding to the output pulse length is set in the output data pattern. These bits are set in sequence from the beginning of the output data pattern. A 1" or "O" is chosen based on whether the input pulse was composed of "1" or "0" (2405). The output data pattern is checked to see if all of the bits in the output data pattern have been set (2406). If all of the bits in the output data pattern have been set, the recorded output data is returned (2407) by the key sequence extraction function 2400 to the key verification function 2500 as shown in Fig. 8. If all the bits in the output data pattern have not been set, the key sequence extraction function 2400 continues to loop through the input data (2402).

If the input data loop 2402 reaches the end of the input data, the function returns to the "header start" position in the input data (2408). The key sequence extraction function then loops backwards through the input data, starting at the "header start" position (2409). The number of sequential input pulses without a change in data value are recorded to determine the input pulse length (2411). The input pulse length is then divided by the "reference length" to obtain the output pulse length (2412). A number of bits in the output data pattern are set equal to output pulse length (2413). The bits are set starting from the end of the output bit pattern towards the start of the output bit pattern. If all of the output bits have been set (2414), the output bit pattern is returned (2407) to the key verification function 2500, as shown in Fig. 8.

Otherwise, the key extraction function continues to scan backwards through the input data (2409). If the start of the input data is reached before all of the bits in the output bit pattern have been set, the key extraction function 2400 returns an error (2410) to the electronic key. This error indicates that the input data pattern was not long enough to contain a complete key sequence.

Referring again to Fig. 8, the key verification function 2500 checks the output bit pattern from the key sequence extraction function 2400 to see if the output bit pattern is valid. The most direct method to check the validity is to directly compare the output bit pattern recorded by the key sequence extraction function with a master bit pattern stored in the computer. For some

applications, it is desirable that the master bit pattern be stored in the computer in an encrypted format which cannot be read, even by an authorized user.

Those of ordinary skill in the art will recognize that there are a variety of known methods to achieve this result. The choice of an encryption method will be based on the specific requirements of the computer application.

Referring now to Figs. 3(a) and 3(b), a second embodiment of the electronic key 100 is shown. In the second embodiment, only two electrical contacts 101 are used instead of the four electrical contacts used in the first embodiment of the invention. In the second embodiment, the location of capacitance is controlled in only a single direction X or Y, instead of the pair of directions X and Y used in the first embodiment. An advantage of the second embodiment over the first embodiment is that the second embodiment of the invention is physically smaller since an electronic key having only two pads requires a surface area of 56mm X 12mm. However, the second embodiment has a disadvantage since the maximum data rate of the second embodiment is approximately Y2 the data rate of the first embodiment.

The construction of the electronic key 100 in the second embodiment is nearly identical to the construction of the electronic key in the first embodiment, except that only two electrical contacts 101 are used. However, the control circuitry (illustrated in Fig. 5) remains the same. The software component of the electronic key in the second embodiment of the invention is nearly identical to the software component of the first embodiment except that only a single axis of data X is produced. Therefore, the portions of the security software which operate on the Y data in the first embodiment are removed from the security software in the second embodiment.

Referring now to Figs. 4(a) and 4(b), a third embodiment of the invention is shown. The electronic key 100 is nearly identical to that of the second embodiment, except that a single electrical contact 101 is used. In this arrangement, the micro controller 102 alternately grounds and disconnects the electrical contact 101. This produces a time varying total capacitance signal which can be read by the touchpad 201. The advantage of the third embodiment of the invention over the second embodiment is that the electronic key 100 in the third embodiment is smaller since an electronic key having one electrical contact only requires a surface area of 12mm X 12mm. However, a

disadvantage is that the touchpad 201 has a higher probability of producing an incorrect total capacitance reading than it does of producing an incorrect capacitance location reading. This results in a less reliable data transmission in the third embodiment than in the first and second embodiments.

In the third embodiment of the invention the security software will measure the total capacitance Z data from the touchpad. In the third embodiment of the invention, the data processing for the Z data will be identical to the data processing for the X data in the second embodiment.

A general description of the device and method of using the present invention, as well as the preferred embodiments of the present invention, has been set forth above. One skilled in the art will recognize and be able to practice many changes in many aspects of the device and method described above, including variations which fall within the teachings of the present invention. The spirit and scope of the invention should be limited only as set forth in the claims which follow.