Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Usb Devices 4 Reg

USB devices – a form factor worth plugging

Jon Collins, December 2003

I have recently been experimenting with these USB flash memory devices that seem to be proliferating at the moment. Natty little things, they hold anything from 16Mb of data and the plug and play with recent versions of Windows and Linux, meaning that the information they contain can be accessed on any current computer with a spare USB port. For older machines, drivers are normally supplied – for some reason every manufacturer seems to have a different device driver, which is a shame, but not the end of the world. They’re handy for backups, neat for file transfer, a good little floppy disk replacement. My personal favourite is from Corega, not least because it is bright yellow and easy to find, and also it’s a bit more robust than some of them. Of this, more later – what’s apparent is that the potential for the dod-of-plastic-with-USB form factor is yet to be fully exploited.

The basic USB storage “dongle” does indeed have a number of obvious uses. Some uses are less obvious however – I have an email application that I can run from the device. It’s called nPOPq, and the beauty of it is that it is self-contained - it doesn’t use the Windows registry or any external files or directories to run. This means, I can plug my dongle into any Internet-connected computer and check email across all my email accounts, without having to specify them one by one and without relying on an email service provider. I can send email and have it saved to refer to later, and I can copy myself in so that I can save the email properly when I return to the mother ship. This package also provides an address book, it can work with attachments, and so on. So, when I travel, I can rely on the fact that I can perform a minimal service even if I have left my computer at home. No doubt there is an IM client, an editor and a basic spreadsheet I could squeeze on, if I really needed, and what about a Java VM… but perhaps that’s taking things too far. Perhaps not – see later!

Since I started using one of these devices, I’ve been noticing a whole genus of the things springing up. Because of the limitations of the form factor and the early stage of evolution, these tend to be quite restricted in their function. According to Tim Mattox, VP of Client Marketing at Dell, a key feature requested by their customers before such devices could replace floppies is the ability to boot from the device. Dell are also looking to include Bluetooth functionality on a USB storage dongle, to consolidate functionality and to increase the take-up of Bluetooth, though the success of this latter plan remains to be seen. For myself, I have been road testing a couple of USB-based security tokens, notably the eToken from Aladdin and RSA’s SecurID 6100. These devices look the same as a storage device, but hold a database rather than files, which comes with strong encryption built in. There is a basic application included with each device designed to store Web usernames and passwords. Each has certain benefits over the other – the RSA capture approach is more intuitive and easier to use, and can manage network logons, whereas the Aladdin device allows editing of the resulting information and copes with more complex Web forms. With a bit of thought, the Aladdin token can also be used to store PIN numbers and other personal information. Given that it is impossible to manage all the bits of data that are thrown at us without some place to write them down, these devices give several orders of magnitude more security than post-it notes or password-protected Excel spreadsheets. The encryption on the little muckers means that it would take a supercomputer three years to decrypt, which is good enough for me!

These security tokens can do a great deal more than store username/password combinations, but to do so they require a bit more infrastructure. For example, they can serve as a user’s unique access key to the corporate network (note, they do require an additional password of their own!), and form there they can be used as the basis for signing and encrypting documents. They are even seen as providing sufficient security to meet the legal standards for electronic signatures, in certain countries – the key phrase, apparently, is that they provide a “cryptographically safe location” for a user’s private key. There are even devices from companies such as WISeKey (www.wisekey.ch) that incorporate a fingerprint scanner on the key itself, so biometric information can be incorporated into the authentication process – however, this is another indication of where we are in the evolution: the WISeKey device is a secure storage device, not an encryption key. Biometrics is another thing that requires infrastructure support for corporate use, for example using biometric authentication software from companies such as ISL (www.isl-secure.com).

Back with storage dongles, I said I’d explain what happened to my previous device before the robust Corega took its place. It’s a cautionary tale, so listen carefully. It must have been only a couple of days after I first started waxing lyrical about USB devices to my colleagues, indeed I was postulating that one day they might replace the entire user-specific part of the computer, leaving the latter to do what it does best – display and data entry. Indeed, I have since discovered that such technology already exists – devices are available such as the Xkey from Key Computing (www.key-computing.com) which incorporates the same internal processor as the Palm PDA, and which can be bundled with a number of applications such as a remote client for Microsoft Exchange (in this case, from Seaside Software) and it could, indeed, run a Java VM. But I digress – all would be wonderful about these devices if it wasn’t for one, tiny flaw. USB ports on computers tend to leave whatever is connected to them sticking out from the front, leaving them rather vulnerable from being removed inadvertently, or, in my case, snapped in half by the vacuum cleaner. You can imagine my chagrin when my original carry-anywhere email configuration remained inside the plastic, while the plug stayed steadfastly in the computer, the twain never again to be joined. The lesson we can all remember is that even these little, quasi-disposable devices should be subject to the same kinds of service requirements as the rest of the infrastructure. Fortunately, both the Corega and the Aladdin devices are a good deal more robust by design than my previous Pen Drive, and the RSA token in fact a smartcard inside a USB-based reader, so if the plug breaks, it can be replaced without losing the data.

Judging by my own behaviour, loss is perhaps an even higher risk than breakage. I confess also to have lost more than one of the little bleeders, and the Aladdin and RSA devices are both to remain resolutely attached to my key ring. Perhaps, over time this is where they should all end up, and they pose less of an encumbrance than I would have imagined – for a start, they are reasonably light and unobtrusive.

One thing’s for sure – this is a form factor we’re going to be seeing plenty more of. New device types are starting to appear – there are USB storage devices that are also MP3 players, for example, from the likes of Creative (www.creative.com). If you want to see what’s coming next, you only have to check on eBay, as enterprising Korean manufacturers have discovered it is an efficient way of missing out the middle man and shipping direct. Cameras will follow, no doubt, and anything else that can be squeezed into a device the size of a thumb. It is not unreasonable to expect a device which is storage, camera, voice recorder and music player in one (not to mention mobile phone): indeed, it’s probably a matter of months away.