Actually, It's three factor authentication if you want to require a password. Then you've got "have", "know" and "are".
And yes, if you don't mind taking your hard drive with you everywhere you go, and it has PKI auth tokens not found elsewhere used to access back end services, then it is a possesion token for those services. Auto sign-on to such services is a perfect use for such a "toy".
While a keylogger / screen scraper could see what was going on (so could someone looking over your sholder) it will not get auth tokens (as the user doesn't have to type any in). That is why the device uses Biometrics (not to mention required possession of the device) to authenticate the user and as a trusted intermediary it can use strong PKI type tokens to authenticate to back end services on behalf of the user.
You've got the vision now. It already comes with exactly what you've suggested!
Blackdog deploys a userspace (read no admin priv) NATing tunnel on the host PC and runs a TUN driver itself. It can therefore see all networks visible to the PC, set up SSL and IPsec sessions, and the PC while routing the traffic cannot interpret it.
Because it's Debian based and has a QEMU based emulation environment you don't even have to cross compiler, just apt-get the source and build it in the emulator and then install it on Blackdog.
Blackdog pretends to be a USB CD long enough to launch its support software on the PC (which does include the X server and network Tunnel among other things).
After that it pretends to be a USB ethernet NIC. When the PC brings up that ethenet interface (DHCP) Blackdog hands the PC an address. For all the PC knows it is a real ethenet NIC with an ethernet cable and a server on the other end, but in reality it's a virtual LAN all put on by Blackdog.
Meanwhile the Blackdog Linux kernel is coded to see the PC on the other end as a network peer PC at the specific IP address it gave the PC.
Now any and every TCP/IP protocol can be used to communicate between Blackdog and the software it auto-deployed on the PC. Samba using CIFS makes files and printers available between them. Say goodbye to MSystem's lame patents on a FAT32 block device on a USB drive, a true network file system can actually outperfom and is more robust!
Apache makes HTTP services available on the PC from blackdog. X11 allows user interface projection from Blackdog of any and every Linux app you can think of. It'll even run Java apps that use AWT, Swing, SWT or whatever.
Blackdog deploys to the PC a user-space (read no admin needed) NATing TCP/IP tunnel. Blackdog uses a TUN driver and vioala, things running on Blackdog transparently see not just the PC, but all the networks visible to the host PC. What is nice about this is that the PC is generally already configured to talk on the internet and without any config Blackdog can now too.
Blackdog can connect to back-end services using SSL or even IPsec VPN sessions. With such a VPN a mobile user can be name-resolved and IP routable no matter where he is. And, while the PC is routing the traffic it cannot interpret what is being said. No only does blackdog become an ultra-portable VPN, but it can restrict access to that private network for just the apps it is running and not the PC itself. Of course if one wanted to the PC can be given access to the private network as well.
The elegance is in how in a matter of seconds and totally transparently one has their stuff available from any PC (even apps that run only on the PC, because blackdog can run those off of it CIFS file share). From an enterprise perspective, 10s of thousands of these can be deployed like cell phones to a mobile work force or a secure customer base without having to fight for administrative control of PCs and Laptops.
Then end user gets increased convienience while the IT department gets something designed to be remote administered and ultra secure.
It does show up as a network device, actual a USB ethernet NIC for which the PC already has drivers. When the PC brings up the interface it finds what it thinks is a network with another machine on it but actually its just BlackDog.
This is of course after getting control of the PC using the CDROM and autorun and deploying the X server and the user space NAT to give the device access to the networks that the PC can see.
It and the PC are then peers on their own IP routed ethernet over USB network. No need for silly FAT32. It uses Samba to export whatever you like to the PC.
It could also deploy VNC or any other terminal client if you like, but X11 is most direct. The apps themselves can be the ones it's running or ones that it automatically connects through to in the back.
It can open an IPsec VPN session that only it sees, the host PC only routing the traffic, but not able to interpret it. It can then get access to back-end services without exposing them to the PC's vulnerabilities.
Slashdot Mirror
The on-board flash is limited to 512MB, the MMC/SD expansion is in addition to that and has no limit.
Actually, It's three factor authentication if you want to require a password. Then you've got "have", "know" and "are".
And yes, if you don't mind taking your hard drive with you everywhere you go, and it has PKI auth tokens not found elsewhere used to access back end services, then it is a possesion token for those services. Auto sign-on to such services is a perfect use for such a "toy".
Not to disappoint, but the CPU doesn't have an FPU, so while building PVM for it is trivial it wouldn't have much computing power.
It does keep things straight when multiple devices are plugged in at once.
While a keylogger / screen scraper could see what was going on (so could someone looking over your sholder) it will not get auth tokens (as the user doesn't have to type any in). That is why the device uses Biometrics (not to mention required possession of the device) to authenticate the user and as a trusted intermediary it can use strong PKI type tokens to authenticate to back end services on behalf of the user.
Meant to say run the RTC
Yes, it has a battery precisely so that it can do a clean state save and to run the battery. The battery recharges when it's connected and running.
You've got the vision now. It already comes with exactly what you've suggested!
Blackdog deploys a userspace (read no admin priv) NATing tunnel on the host PC and runs a TUN driver itself. It can therefore see all networks visible to the PC, set up SSL and IPsec sessions, and the PC while routing the traffic cannot interpret it.
Because it's Debian based and has a QEMU based emulation environment you don't even have to cross compiler, just apt-get the source and build it in the emulator and then install it on Blackdog.
Blackdog pretends to be a USB CD long enough to launch its support software on the PC (which does include the X server and network Tunnel among other things).
After that it pretends to be a USB ethernet NIC. When the PC brings up that ethenet interface (DHCP) Blackdog hands the PC an address. For all the PC knows it is a real ethenet NIC with an ethernet cable and a server on the other end, but in reality it's a virtual LAN all put on by Blackdog.
Meanwhile the Blackdog Linux kernel is coded to see the PC on the other end as a network peer PC at the specific IP address it gave the PC.
Now any and every TCP/IP protocol can be used to communicate between Blackdog and the software it auto-deployed on the PC. Samba using CIFS makes files and printers available between them. Say goodbye to MSystem's lame patents on a FAT32 block device on a USB drive, a true network file system can actually outperfom and is more robust!
Apache makes HTTP services available on the PC from blackdog. X11 allows user interface projection from Blackdog of any and every Linux app you can think of. It'll even run Java apps that use AWT, Swing, SWT or whatever.
Blackdog deploys to the PC a user-space (read no admin needed) NATing TCP/IP tunnel. Blackdog uses a TUN driver and vioala, things running on Blackdog transparently see not just the PC, but all the networks visible to the host PC. What is nice about this is that the PC is generally already configured to talk on the internet and without any config Blackdog can now too.
Blackdog can connect to back-end services using SSL or even IPsec VPN sessions. With such a VPN a mobile user can be name-resolved and IP routable no matter where he is. And, while the PC is routing the traffic it cannot interpret what is being said. No only does blackdog become an ultra-portable VPN, but it can restrict access to that private network for just the apps it is running and not the PC itself. Of course if one wanted to the PC can be given access to the private network as well.
The elegance is in how in a matter of seconds and totally transparently one has their stuff available from any PC (even apps that run only on the PC, because blackdog can run those off of it CIFS file share). From an enterprise perspective, 10s of thousands of these can be deployed like cell phones to a mobile work force or a secure customer base without having to fight for administrative control of PCs and Laptops.
Then end user gets increased convienience while the IT department gets something designed to be remote administered and ultra secure.
It does have SD / MMC expansion for additional storage.
It launches an X11 server on the host and it runs the X clients on it own CPU. It communicates as a peer on a IP routed ethernet over USB network.
It can be used to provide the authentication tokens and connect to back end terminal servers (of any odd type).
It does show up as a network device, actual a USB ethernet NIC for which the PC already has drivers. When the PC brings up the interface it finds what it thinks is a network with another machine on it but actually its just BlackDog.
This is of course after getting control of the PC using the CDROM and autorun and deploying the X server and the user space NAT to give the device access to the networks that the PC can see.
It and the PC are then peers on their own IP routed ethernet over USB network. No need for silly FAT32. It uses Samba to export whatever you like to the PC.
It could also deploy VNC or any other terminal client if you like, but X11 is most direct. The apps themselves can be the ones it's running or ones that it automatically connects through to in the back.
It can open an IPsec VPN session that only it sees, the host PC only routing the traffic, but not able to interpret it. It can then get access to back-end services without exposing them to the PC's vulnerabilities.