Monday, September 20, 2004


One problem with the US patent system is that no matter how obvious your idea, once a patent is granted it becomes very difficult to overturn. Back in the days when only rich industrialists could hope to make any use of a patent this was a minor problem. Today, when jackasses are taking out software patents on obvious techniques, and the patents are being granted by idiots in the patent office who know nothing about software, it is a real problem. The difference is that these patents interfere with single amateur programmers. These guys can't afford to fight patent battles, no matter how dumb the patent is.

To help reduce this problem, someone once suggested that we should publish every programming idea we think of. You can't in general patent in idea that someone else has already published. The following is something I wrote back around 1994 with that idea in mind. I never published it back then so it didn't serve its purpose. Still, I think it has some interesting ideas.

Also, this isn't about software, but about a new kind of hardware device. Some of the ideas here have already been turned into products and marketed (not by me). That doesn't make me a genius who predicted the future: the point of this is that all the applications were fairly obvious. This only took me a couple of hours to write.

A kedat is a small device, about the size of a car key that fits on a key ring and is able to store information. It also contains a small processor with cryptographic features and is used to store security keys. With a processor inside, you do not have to give away your key to make a transaction.

Transactions are initiated by transaction devices: electronic devices that let you specify the nature and parameters of the transaction (amount to pay, etc.). A kedat is inserted into a transaction device for a transaction to take place. Transaction devices do not have to be full-scale computers or attached to full-scale computers.

A certified mint kedat is a kedat specially designed and built to allow trusted off-line transactions. The processor is certified to correctly delete amounts that have been transferred to another kedat. Certified mint kedats are designed to make forgery very hard. For example the casing may be bonded to the processor so that removal of the casing destroys the processor. Similarly, the casing might have a higher melting point than the processor to prevent removal of the casing by melting.

The kedat has several advantages over smartcards: it is more convenient to carry, it offers a better package for IC's, it has smaller, cheaper, more convenient readers, and it scales better. It is also more versatile.

Cards are not convenient to carry unless you already have a wallet. But the wallet should be made obsolete by advances in technology. Then you want a small device that can be clipped on a key ring or tossed in your pocket without worrying about bending it. Joggers can carry all their id and money in a single key-sized object. If the object is waterproof, swimmers can do the same.

The shape of kedats offers a relatively bulky package at one end that can be several times thicker than a smartcard. This provides better packaging opportunities for designers and allows more storage and more robustness.

The reader of a kedat is no more complicated than a serial connection (although a parallel connection might be better since it is simpler). In fact it might be a possible to simply use a USB connection directly, but that may not be mechanically rugged enough. Regardless of the sort of connection, the reader is only the size of a keyhole, not the size of a card. And no "swiping" is needed (with the frequent failures of that technique). Instead, you just insert. The size is important for certain applications. For example, you don't want something the size of a card reader on the steering column of your car to turn it on.

Kedats scale better for two reasons. The reading method is much faster, so more information can be read and written, and there is no fixed size. The only part of a kedat with a fixed size is the part that connects to the reader. You could have a kedat the size of a deck of cards with a little probe sticking out of one corner. Of course for some applications such as digital cameras you do want a fixed shape and size, so there should be a few different standard configurations for different uses.

More expensive kedats could also solve the untrusted reader problem. When you put your card through someone else's reader, you have to enter your password number into the reader's keypad. This is not secure because someone could wire a keypad to record your password. Although the same problem would exist with standard kedats, more expensive ones could have a tiny keypad like those found on calculator watches. You would enter your password on this keypad instead of on the keypad of the untrusted reader.

Alternatively, instead of just entering a fixed key, the kedat could present a queue, and the user could enter a function of the queue. This is probably too complicated for most users though.

The kedat interface would not have to be restricted to simple recording devices. The kedat with a calculator-watch keyboard could actually serve as a tiny calculator watch as well. In fact, it could actually be a watch. Or it could be larger, like a credit card sized electronic organizer. Such devices could act as kedats as well as transaction devices that let you plug in another kedat to engage in a transaction.


Use as a floppy disk in a large range of memory sizes with a large range of costs. As technology improves, higher-capacity kedats become available cheaper, and there is no need to change anything on the computer to handle the increased capacities. Useful for personal databases, sound recordings, digital cameras, someday possibly video cameras.

Use as a commercial way of selling recorded data such as software and music. When data density gets high enough, this may be a good media for personal music players to carry around with you.

Use as a login device. In order to log in, you just insert your kedat. In this application the kedat could also contain personal settings for the computer, so that you could log into any computer and have it act like your own computer would. Individual settings can be set up for different OS's on the same kedat. The kedat would also act as a personal encryption device as long as it was plugged in, so you would not have to leave sensitive encryption data on a hard drive.

Keys: a kedat would act as a universal key for home, office, car, etc. They can be electronically assigned by a transaction device and they can be revoked without the key being present. For example an employer could revoke an employee's access to the front door, office door, and company car all from a PC.

As car keys, they can send encrypted electronic signals to a starter buried in the engine compartment so cars are harder to hotwire.

Garage-door openers. Cars can have integrated garage-door openers that send an encrypted signal based on the kedat which is already in the ignition.

Used as a house key, the kedat could turn the burglar alarm off as well as open the door. It's not necessary to enter a code into a keypad.

Toll payment. A slightly more complicated transmitter could allow a car to electronically pay a toll as it drives through a toll booth without slowing down. The payment would be taken from the kedat in the ignition slot.

All security oriented applications can have an optional password, which can be easily changed by putting the kedat in any transaction device. You don't have to go to each place where you want the password changed.

Use at ATM's, phones, vending machines, cash registers etc. as cash. No need for separate phone cards. Also, a kedat can have different accounts on one card, say one for business and one for personal expenses. Accounts should be concealable by steganographic techniques.

Small electronic devices like mobile phones, calculators, daytimers, and handheld computers can have kedat readers and handle off-line transactions. These off-line transactions would probably need to be validated on-line at some later point.

Use a transaction device to transfer contact information. Use as an electronic business card.

Use for various governmental licenses, permits, ids. Instead of separate cards, a kedat would have license and permit information built in. It could have ID data like a picture, fingerprints, retina scans.

Use for tickets at events. That is, you go to a ticket seller (or find one on the internet) buy a couple of tickets, and they get downloaded into your kedat. You then present the kedat at the event.

Use as a customer-loyalty card.

Instead of newspaper coupons, download electronic coupons into a kedat, which gets presented at a store as a payment, a collection of coupons, and a customer loyalty card all at once. Payment is calculated and transacted instantly, with no human intervention.

Emergency medical information. Not just drug allergies and similar critical warnings, but also your personal physician, who to contact and other sorts of information.

Badges. Many organizations require people to wear badges on the premises to make unauthorized access more difficult. Ramcards could be used in place of or in addition to such badges with ramkey locks on all the doors, granting access on an individually controlled basis.

Interfaces: as memory sizes increase data transfer speeds must increase. Ideally even the first version could transfer 10MB in a second. However, many applications will have much smaller speed requirements, which could be met with much cheaper hardware. Ideally there would be both a fast and a slow interface.

Some current communication methods:
Telephone connection: too slow and mechanically too large. However, a very useful tool would be an adapter that goes between a phone and the phone line, allowing one to talk when no kedat is inserted, but then allowing someone with the right equipment at the other end to initiate a transaction when a kedat is inserted.
PCMCIA: mechanically too large and deep. But whatever interface is chosen should be small enough to make PCMCIA edge-of-card adapter.
USB: very convenient, already starting to appear on computers, but not fast enough.
Firewire: fast, but probably too expensive for many applications.
Ethernet: fast, but probably too expensive.

The main priority is to keep the kedat itself small and inexpensive. This suggests that the connection should consist of a simple parallel bus connecting directly to the memory just like it would inside a computer. The port would deliver a clock pulse, power, and address lines in addition to data lines. Adapters would be designed for PCMCIA and USB and possibly other communication devices like serial ports.

Kedats will have several types of memory, and a given kedat may have any combination of memory types. Types of memory include

Random Access Memory (RAM) - memory used by the internal processor that loses its data when power is removed (it may be more efficient and more secure to make this inaccessible to the reader).
Read-Only Memory (ROM) - memory that has its values set at the factory and cannot be changed.
Persistent RAM (PRAM) - RAM that does not lose data when the power is removed. This is the most versatile and most expensive type.
Programmable ROM (PROM) - Memory that can only be written to once, but it doesn't have to be done at the factory. PROM is useful for financial and other applications where non-erase provides a certain legal credibility.
Erasable PROM (EPROM) - Memory that can only be (erased and) written in large blocks (rather than in individual words like RAM and PRAM. EPROM can be used instead of PRAM. It is less expensive but also slower and less convenient.
Hidden memory - PRAM or EPROM that is only readable and writable by the processor.
Input registers - not necessarily memory, but memory addresses that are used to provide input to the processor. They can be written by the port but not read.

Kedats would need to have certain parameters placed in known memory locations. Important parameters include address ranges of different kinds of memory in the kedat, block size for erasable block of EPROM, type of file system being used (there may be several types for different applications), maximum clock speed of the memory and of the processor.

No comments: