background image
Tech Note #110: Concept for a Secure Network Computer
2000 Bionic Buffalo Corporation; All Rights Reserved.
         Tuesday, 11 January 2000
Page 9 of 18
In general, the SNC requires an input device to acquire the additional information required by
the user’s identification token. The input device might be a keypad, fingerprint scanner, or
other such device, or may be some combination of these. In addition, the user must be
prompted during operation, so a display device (such as a liquid-crystal display) must also be
If the SNC is configured to offer a choice among enclaves for connection, then a keypad or
scanner may also be required for enclave selection. Thus the input and display device (or
devices) might serve several purposes.
A natural idea is to use the HC’s keyboard and display for these purposes. There are several
problems with this idea:
to allow a variety of off-the-shelf programs to run on the HC, it cannot be presumed that
such programs will be programmed to share their keyboard and display with other
malicious software on the HC might be programmed to steal a user’s secret password or
the required input and output devices may not be compatible with standard keyboards and
displays used in the HC
Although these are not insurmountable problems, the architecture presented here assumes that
a separate user i/o device is more practical and cost-effective than sharing the HC’s peripherals.
Of course, an implementation may decide to tackle these issues, and make a different design