The present invention relates to an improved communications device for allowing a host device to connect to a network and in particular a communications device that has improved security features.

Communications devices for allowing a host device, such as a computer, laptop, pda, smartphone, etc, to connect to a network are known. These are sometimes referred to as network adaptors. Typically these are used in conjunction with some form of security device that is able to authenticate the host. In this context, the security devices are typically tamper resistant modules or smartcards. Access to the network is selectively allowed based on the required authentication information being provided by the security device. Various examples of this type of arrangement are described in US5778071 and JP2000151677.

Figure 1 shows a typical example of a known arrangement. In this case, the host device has two input/output ports, one for a network adapter for allowing connection to the network and one for a separate smartcard for providing security information as part of an authentication process. Included in the host device is application software for interacting with the adapter and the smartcard. In use, the adapter and smartcard are connected to the appropriate input/output ports. When a network connection is to be made, the network causes the adapter to send a message to the application software requesting that the host device identifies itself. The application software then passes an appropriate message to the smartcard requesting authentication information. In response, the smartcard returns the authentication data to the network through the application software in the host device. In the event that the authentication data provided by the smartcard is identified by the network as being acceptable access is allowed.

Figure 2 shows another known arrangement. This has a combined communications/network adaptor and smartcard device, i.e. the adaptor and the smartcard are included in a single discrete device or unit. When the user wants to connect to the network, a connection process is initiated. This causes the adapter to send a message to the application software requesting that the host device identifies itself. The application software then passes an appropriate message to the smartcard requesting authentication information. In response, the smartcard returns the authentication data to the network through the host device, hi the event that the authentication data provided by the smartcard is identified by the network as being acceptable, access is allowed.

In each of the arrangements of Figures 1 and 2, authentication data is transported to the network through the host device. This is a problem, because the host device is an inherently insecure zone, which means that the information is vulnerable to attack.

According to one aspect of the present invention, there is provided a communications device for connecting a host device to a network, the communications device including a security module for providing security information, a communication module for allowing access to the network and a memory for storing security information, the communication module being operable to cause a request for security information to be sent from the network to the security module via the host device, and in response to that request the security module being operable to place security information in the memory, wherein the communication module is operable to access the security information in the memory and pass that information to the network.

By providing a single discrete device that is operable to communicate security information to a network adapter without having to pass that information through an insecure host, there is provided a secure mechanism for allowing authenticated connection to a network. This device can be used with existing host machines that are set up to pass information from a separate smartcard to an adaptor without requiring modification thereof.

The security module may be operable to send a response to the communication module via the host device, the communication module being operable to use that response and the security information derived from the memory to construct a message for sending to the network. The security module may comprise a smartcard. The memory and/or smartcard may be tamper resistant. The memory may be a temporary memory for example a temporary buffer.

The device may include means for clearing the security information from the memory after the security information is passed to the network.

According to another aspect of the present invention, there is provided a method for connecting a host device to a network using a communications device that has a security module for providing security information, a communications module for allowing access to the network and a memory, the method involving sending from the communication module a request for security information to the security module via the host device; in response to the request from the communication module placing security information in the memory; using the communications module to access the security information in the memory and passing the security information to the network.

The method may further comprise sending a response to the communication module via the host device, and using that response and the security information derived from the memory to construct a message for passing to the network.

The method may further comprise clearing the memory after the security information is passed to the network.

Various aspects of the invention will now be described by way of example only and with reference to the accompanying drawings, of which: Figure 3 is a schematic view of a communications device connected between a host device and a network, and Figure 4 is a more detailed view of the arrangement of Figure 3.

Figure 3 shows a communications device 10 for connecting a host device 12 to a network 14, for example the internet. This is a single discrete device 10 that has a combined network adaptor portion or module 16 and tamper resistant security portion or module 18, both portions having separate connectors or ports for allowing them to be connected to a host terminal, such as a laptop computer or pda. In Figure 3, the adaptor 16 is shown connected to a first port in the host device and the security module 18 is shown connected to another separate port, so that each 16 and 18 can independently communicate with the host 12. The adapter 16 is also connected to the network. This can be done using any suitable connection such as a modeπTόr a wireless interface. Typically the device 10 is releasable from its connection with the host 12 and the network 14, although this is not essential.

The network adaptor 16 has hardware and/or software for allowing messages to be passed between the host device 12 and the network 14. The security module 18 is typically implemented using sniartcard technology and includes hardware and/or software for authenticating the host device and thereby allowing it to be connected to the network. Also included in the communications device 10 is a tamper proof temporary memory 20 that is accessible by both the adaptor 16 and the smartcard 18. Tamper resistant smartcards and tamper resistant memory devices are well known in the art and so will not be described in detail.

In use the communications device 10 is connected to the host device so that both of the adaptor 16 and the smartcard 18 can communicate independently with application code 22 in the host 12. When the host 12 is to be connected to the network 14, a connection process is initiated. This is typically done by selection of an appropriate application 22 on the host device. Once the process is started, the network sends a signal to the adapter that includes authentication data. This is then passed to the application code 22 in the host. The application code 22 recognises this as a request for additional authentication information that can only be provided by the smartcard 18, and so passes the incoming data to the smartcard 18. The smartcard 18 then performs secret calculations on the data to generate calculated security information that can be used by the network to authenticate the host device. Typically this is done using an encryption key that is unique to the smartcard and so the user, the key being securely held within the smartcard 18. After the smartcard 18 has calculated the security information, this is stored temporarily in the memory 20. This is not visible outside the communications device 10. A reply is then created with "dummy" data and transmitted back to the application code 22 and subsequently to the adaptor 16, where it is stored. When the adaptor 16 is ready to send the authentication data back to the network 14, it first informs its internal hardware that the next packet to be written should contain the smartcard reply previously stored the temporary memory 20. This is then included in a message for sending back to the network. In this way, the appropriate authentication information is sent from the smartcard 18 to the network 14, without having to expose it in the host device 12, thereby avoiding the information being made vulnerable.

Figure 4 shows a more detailed implementation of an enhanced security device 10. Included in this is an adaptor 24, for example a WIFI adaptor, for allowing connection to the network 14 and an interface 26, for example a secure digital input/output (SDIO) interface, for connecting the adaptor 24 to the host device 12. Also provided is a tamper resistant extensible authentication protocol (EAP) smartcard module 28 that contains EAP-SMARTCARD application software for providing authentication information. This type of smartcard is well known and so will not be described in detail. To allow the smartcard module 28 to connect to the host 12 an interface 30, for example a TRM interface, is provided. Accessible by both of the smartcard module 28 and the WIFI adaptor 24 is a temporary buffer 32 in which authentication information can be stored. Authentication of the host device 12 is provided by the EAP-SMARTCARD. Techniques for conducting the actual authentication process are known and so will not be described in detail.

Inside the host device 10 are SDIO and TRM drivers 34 and 36 respectively for interfacing with the SDIO and TRM interfaces in the device 10 and network and smartcard drivers 38 and 40 respectively for allowing communication with the network adaptor and smartcard of the device 10. Also provided is a network stack 42 that is able to communicate with both the network driver 38 and the smartcard driver 40. This stack 42 is operable to capture all requests from the network adaptor 24 and send them to the smartcard 28. The stack 42 is also operable to receive responses from the smartcard 28 and pass them back to the network 14. In use when an application is selected on the host device 12 requesting connection to the network 14, a signal is sent from the host to the network 14 via the adaptor 24. Then, an authentication request command is sent from the network 14 to the adaptor 24. This passes the command to the network stack 42, which is operable to recognise it as an authentication request command, in this case an EAP-request command. This command includes information for use by the smartcard 28 in an authentication process. The EAP-request command is then sent by the network stack 42 to the smartcard 28. The smartcard 28 processes the EAP -Request command in a conventional manner to create an EAP-request command response. This includes authentication information that is generated using information provided in the EAP-request command and security information stored locally in the smartcard 28.

Once the EAP request command response is created, the smartcard 28 is adapted to store it in the temporary buffer 32. The smartcard 28 then transmits "dummy" data back to the network stack 42 instead of the genuine response. The network stack 42 then prepares to send back an EAP-Request command response to the network 14. Before it does so, it indicates to the network adaptor 24 that this is the case. This triggers a control mechanism in the adaptor 24, which ensures that the data next written by the network stack 42 is replaced by the real authentication data in the internal buffer 32. Data in the internal buffer 32 is then cleared and the control mechanism in the adaptor 24 reset. The EAP-request command response, including the real authentication information, is then forwarded to the network 14. In this way, the authentication information is passed to the network 14 without being exposed in the host device 12. For host devices that are set up to connect to a network and provide security information using the arrangements shown in Figures 1 or 2, this can be done without requiring any modification to the host device 12 or its application software 22 or how it interacts with the network 14 and/or the smartcard 28.

By providing a device that is connectable between a network and a host device and includes security means for providing security information, communication means for allowing access to a network and a memory for storing security information, security information can be stored for use in an authentication process without passing it through the host. In this way, the authentication data can effectively be used by or on behalf of a host device without the need for application software in that device to read the data. Because authentication data never appears in the host device this means that system is inherently more secure. In this way, it can be ensured that no critical security calculations are vulnerable to an attacker.

A skilled person will appreciate that variations of the disclosed arrangements are possible without departing from the invention. For example, whilst the invention has been described primarily with reference to a discrete device that can be selectively connected to a host device, it will be appreciated that the device could equally form an integral or permanent part of the host. Accordingly, the above description of the specific embodiment is made by way of example only and not for the purposes of limitation. It will be clear to the skilled person that minor modifications may be made without significant changes to the operation described.