M-Shield mobile security technology

Size: px
Start display at page:

Download "M-Shield mobile security technology"

Transcription

1 Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a multitude of services that satisfy their business, organizational and entertainment needs. Wireless operators have started to increase value-added services such as multimedia services, e-wallet functionality enabling financial transactions, gaming and messaging. Operators will also benefit from the increased pipe bandwidth of 3G by performing over-the-air services, applications provisioning and bug fixes, thus significantly reducing operational and support costs. The increased value and availability of the content and benefits of higher bandwidth dictate increased levels of handset security. As people start using mobile phones to tap into computer networks and to serve as payment devices, the potential damage could become severe as viruses spread from the mobile handset to the enterprise network. W H I T E P A P E R By Jay Srage Marketing Manager for Cellular Systems Jérôme Azema Security CTO for Cellular Systems Current security solutions are software-based and have proven to be vulnerable through hacking, viruses and other malicious attacks. This lack of adequate security affects the trust of content, service and financial providers as well as consumers. Financial service providers, banks and consumers alike will not feel comfortable with over-the-air processing and handset storage of payment credentials unless they are offered a high degree of security. Likewise, few content providers will deploy music, videos or games unless they can trust the terms and conditions of the content purchase and download are not violated. Another factor driving the need for wireless security technologies is an operator s desire to decrease operational and support costs with the ability to deploy over-the-air bug fixes and software patches, as well as flashing and application provisioning at purchase instead of production. Solving the security problem is essential for growth of 3G systems. The increased value and availability of the content and benefits of higher bandwidth are dictating increased security of the handset without violating the constraints of performance and power.

2 2 M-Shield mobile security technology solution Texas Instruments (TI s) M-Shield mobile security technology solution provides the highest level of terminal and content security in the industry as well as setting the benchmark for the level of security needed to allow financial applications. TI s M-Shield technology is a system-level approach that intimately interleaves hardware and software and provides several benefits over current software solutions, including: Much higher performance and security level for protection, detection and reaction against tampering through several hardware-based security mechanisms and hardware-accelerated cryptography A more difficult and expensive process to reverse-engineer and hack A more challenging phone cloning process Power optimization Transparent usage from the end-user M-Shield technology is the key security element of the widely used OMAP platform and recently announced OMAP-Vox family of scalable wireless solutions. The OMAP platform is a family of high-performance, low power consumption applications processors featuring an open, flexible architecture that is driving innovative solutions across the wireless industry. TI s new OMAP-Vox solutions are built on the industry-leading OMAP architecture. By integrating modem and application processing, OMAP-Vox solutions are optimized to efficiently run a dynamic mixture of applications and communications functions on the same hardware. Complete chipsets will also include analog components, power management and RF devices. M-Shield technology features in TI wireless chipsets Hardware Feature Set Secure Control of Platform Debug, Test and Trace Capabilities Secure Flashing/Booting Support Cryptographic Accelerators DES/3DES AES SHA-1 & MD5 PKA FIPS Compliant True Hardware RNG Secure On-Chip Keys Root Public Key Hash (RSA Authentication) Random Key (Binding, Secure Storage) Customer Key (OEM-Specific Use) Secure Environment Hardware Secure DMA Channels ROM Code Feature Set Secure Flashing Secure Booting Secure Environment Software Secure Environment entry and exit mechanism Secure Environment interrup handling Load manager to load and verify protected applications in Secure RAM prior to execution Storage manager to encrypt and store sensitive data belonging to protected applications in NoVo memory Secure run-time services for protected applications, including cryptographic libraries Expanded feature support in future generations, including ARM TrustZone support Secure Chip-Interconnect Expanded feature support in future generations, including ARM TrustZone support

3 3 M-Shield solution s infrastructure TI s M-Shield technology solution s infrastructure includes: Public-Key Infrastructure with secure on-chip keys (E-fuse) On-chip control of secure flashing and secure booting Secure Environment with hardware countermeasures against attacks for safe execution of sensitive authorized applications (called protected applications) and secure storage of their sensitive data Secure chip-interconnect Secure Direct Memory Access (DMA) Hardware cryptographic accelerators and Random Number Generator (RNG) This infrastructure allows M-Shield technology to offer a hardwareenforced Secure Environment. M-Shield technology also offers: Authentication of flashing and booting software 100+ services accessible by protected applications Accelerated cryptography Hardware-based protection against software attacks and cloning Secure access/restriction to all chip peripherals and memories Secure control of debug, test and trace capabilities M-Shield solution s infrastructure provides the highest level of security to reduce the unauthorized use of handsets and fraud while enabling the deployment of value-added secure services. M-Shield hardware implementation in TI wireless chipsets Products OMAP16xx OMAP17xx OMAP33x OMAP75x OMAP85x OMAPV1030 OMAP2420 Future OMAP and OMAP-Vox Devices True RNG DES/3DES, SHA-1/MD5 AES Public-Keys Accelerator (PKA) Secure Control of Platform Debug, Test and Trace Capabilities Secure Flashing/Booting Run-Time Secure Services (Secure ROM) Secure Environment (Secure ROM/RAM/SSM) Secure Chip-Interconnect Secure DMA ARM TrustZone Support

4 4 Secure environment TI s M-Shield technology s Secure Environment provides hardware countermeasures against attacks and is the industry s first hardware-based environment for secure execution and storage. The Secure Environment provides: Security via on-chip public key verification Secure execution of user-defined protected applications Secure storage (authenticated, encrypted data stored externally) Internal/external memory and peripheral access control due to secure chip-interconnect programming Privacy of data transfer on the platform due to Secure DMA programming Secure run-time services, including cryptographic libraries Access from/to the operating system through the Secure Environment driver Debug, test and trace secure control Secure watchdog timer The Secure Environment is built of three main components: the hardware Secure State Machine, the Secure ROM and the Secure RAM. The Secure State Machine applies and guarantees the security policy rules while entering, executing and exiting from the Secure Environment. Secure ROM embeds: Drivers for the hardware cryptography blocks Secure Environment manager to handle the entry, exit and interruption of the Secure Environment Load manager to load and verify the protected applications prior to execution Secure storage manager to handle the storage of data belonging to the protected application Remote procedure call to communicate with the operating system through the Secure Environment driver Secure run-time services, including cryptographic libraries Secure RAM is used for: Authentication and execution of protected applications Safe working space for execution of secure run-time services Key material generation Dynamic keys storage Certificate signature and verification Public-key infrastructure Secure on-chip keys (E-Fuse) are OEM-specific one-time programmable keys accessible only from inside the Secure Environment for authentication and encryption and include: Root public key for authentication Random key for binding and secure storage Customer key for OEM-specific use

5 5 Secure chip-interconnect and Secure DMA Hardware cryptographic accelerators TI s M-Shield technology provides the capability of the Secure Environment to qualify (DMA) transfers as secure to protect the confidentiality of sensitive high-value data, such as Digital Rights Management (DRM)-protected contents, during their processing and transfer throughout the platform. To further ensure protection against attacks, a secure chip-interconnect allows peripherals and memories to be accessible only by the Secure Environment and/or by the Secure DMA channels so that sensitive information confidentiality can be guaranteed in the entire data path, from origin to destination. Examples of peripherals and memories of the device that might be disabled include: MMI peripherals such as keyboard, LCD, fingerprint sensor Smartcard physical interface Crypto processors Serial interfaces involved in multimedia content rendering Internal memories External flashes and SDRAMs TI s M-Shield technology includes a Public-Key Infrastructure that along with the Secure Environment provides complete security. Cryptographic accelerators and a FIPS compliant are key elements of the Public-Key Infrastructure. The M-Shield security solution provides a hardware-based AES accelerator and Public-Key Accelerator (PKA), as well as DES/3DES, SHA-1 and MD5 hardware accelerators. By providing fast client authentication and signing, as well as fast content decryption and integrity checking, M-Shield technology accelerators save critical time and enhance the user experience by offsetting the degradation of software-based solutions. M-Shield secure environment use case User Application File System Secure Storage Secure Environment API Secure Environment Device Driver User Mode Kernel Mode SSM secret data Secure ROM Code Secure RAM Protected Application Root Public Key Random Key RNG SHA-1/MD5 DES/3DES AES PKA Secure Mode Secure DMA Secure Chip-Interconnect Other Security Features M-Shield mobile security technology

6 6 ARM TrustZone technology support TI will extend the scope of M-Shield technology in the future to support ARM s TrustZone technology. The resulting combination provides even higher performance and security levels to applications running in the Secure Environment. M-Shield software solution Conclusion For more information In addition to M-Shield mobile security solution s hardware, TI also offers a flexible software solution that includes device drivers as well as security software libraries and APIs to support third-party middleware software and applications. M-Shield solution s flexible API supports a wide range of cryptography functions and allows the cryptography engine to interface with higher levels of the system, such as operating systems, industrystandard security protocols (SSL, TLS, IPSec) and interfaces such as Public Key Cryptography Standards (PKCS). Third-party applications like DRM agents, VPN clients, anti-virus programs, firewalls and software filters are dictated by the requirements of 3G applications and are available from a wide variety of TI partners. For high-value services deployment to be successful, end-users, content providers and service providers must be confident the handset offers the right level of security. As the value and complexity of the applications and high-value content increases, the security level must also increase. Only a system-level solution can provide the highest level of security. With TI s M-Shield mobile security technology solution, along with an ecosystem of partnerships, 3G secure-sensitive applications will be successfully deployed. Statements contained in this white paper regarding the growth of the 3G handset market, TI market penetration and qualification of TI products and other statements of management's beliefs, goals and expectations may be considered forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995, and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied by these statements. The following factors and the factors discussed in TI's most recent Form 10-K could cause actual results to differ materially from the statements contained in this white paper: actual market demand for 3G products in general and TI semiconductor products specifically, and actual certification test results relating to TI products. TI disclaims any intention or obligation to update any forward-looking statements as a result of developments occurring after the date of this white paper. Technology for Innovators, the black/red banner, M-Shield, OMAP and OMAP-Vox are trademarks of Texas Instruments. All other trademarks are the property of their respective owners Texas Instruments Incorporated Printed in the U.S.A. Printed on recycled paper. SWPY014A

M-Shield Mobile Security Technology: making wireless secure

M-Shield Mobile Security Technology: making wireless secure WHITE PAPER Jerome Azema Distinquished Member of Technical Staff WTBU Chief Technology Office - Security Texas Instruments Gilles Fayad Worldwide Strategic Marketing Manager, Mobile Platform Security and

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

OMAP platform security features

OMAP platform security features SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Embedded Java & Secure Element for high security in IoT systems

Embedded Java & Secure Element for high security in IoT systems Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Side Channel Analysis and Embedded Systems Impact and Countermeasures Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel

More information

Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems

Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems driving trust Author, INSIDE Secure As more utility companies install smart electric and other types of utility meters

More information

BroadSAFE Enhanced IP Phone Networks

BroadSAFE Enhanced IP Phone Networks White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls

More information

How mobile operators can monetize 3G investments through an effective applications platform

How mobile operators can monetize 3G investments through an effective applications platform Technology for Innovators TM How mobile operators can monetize 3G investments through an effective applications platform By Mike Yonker mikey@ti.com Director of Technology Strategy, Wireless Terminals

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

High-Performance, Highly Secure Networking for Industrial and IoT Applications

High-Performance, Highly Secure Networking for Industrial and IoT Applications High-Performance, Highly Secure Networking for Industrial and IoT Applications Table of Contents 2 Introduction 2 Communication Accelerators 3 Enterprise Network Lineage Features 5 Example applications

More information

Trusted Platforms for Homeland Security

Trusted Platforms for Homeland Security Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

StorePass PKI USB Token

StorePass PKI USB Token StorePass PKI USB Token A PKI product with an onboard Flash drive OVERVIEW StorePass PKI USB Token by FEITIAN is a hybrid device which combines Flash memory with Public Token Infrastructure technology.

More information

epassauto PKI USB Token

epassauto PKI USB Token epassauto PKI USB Token An easy-to-use "Plug&Play" PKI product OVERVIEW FEITIAN epassauto PKI USB Token is a complete "Plug & Play" solution. The device can hold all necessary software programs, such as

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014 Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution

More information

epass PKI USB Token A stable and secure PKI product OVERVIEW

epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token is the world's foremost cryptographic identity verification module. epass by FEITIAN provides a host of indispensable protective

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Virtual Private Networks (VPN) Connectivity and Management Policy

Virtual Private Networks (VPN) Connectivity and Management Policy Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections

More information

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life Confidentio : An integrated security processing unit

More information

Texas Instruments OMAP platform optimized for Microsoft Windows Mobile -based devices

Texas Instruments OMAP platform optimized for Microsoft Windows Mobile -based devices Technology for Innovators TM Texas Instruments OMAP platform optimized for Microsoft Windows Mobile -based devices Texas Instruments (TI) OMAP platform delivers a comprehensive family of reference designs,

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Security in ST : From Company to Products

Security in ST : From Company to Products Security in ST : From Company to Products July 2015 Thierry FENSCH Innovation, Collaboration and Efficiency Director Grenoble Site A global semiconductor leader 2014 revenues of $7.40B Who we are 2 Approximately

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms Solution Brief Intel Xeon Processors Lanner Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms Internet usage continues to rapidly expand and evolve, and with it network

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM Qi Wenhua, Zhang Qishan, Liu Hailong School of Electronics and Information Engineering BeiHang University, P. R. China 100083 ABSTRACT Security hardware based

More information

Achieving DRM Robustness. securing the device from the silicon up to the application

Achieving DRM Robustness. securing the device from the silicon up to the application Achieving DRM Robustness securing the device from the silicon up to the application A Certicom White Paper November 2005 Introduction Digital Rights Management (DRM) is a critical business enabler for

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Security Technology for Smartphones

Security Technology for Smartphones Security Technology for Smartphones Yasuhiko Abe Hitoshi Ikeda Masafumi Emura Service functions are implemented on smartphones by storing on them personal information, network-operator information, corporate

More information

Certification Report

Certification Report Certification Report McAfee Network Security Platform v7.1 (M-series sensors) Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

Freescale Security Backgrounder Page 1

Freescale Security Backgrounder Page 1 Freescale Security Backgrounder Page 1 Freescale Security Backgrounder Page 2 Table of Contents 1. Secure Internet Traffic: A Market Imperative 2. Overview of Network Security Technologies 3. Differences

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

i.mx Trust Architecture Protects assets of multiple stakeholders Guards against sophisticated attacks Assures software measures TM 2

i.mx Trust Architecture Protects assets of multiple stakeholders Guards against sophisticated attacks Assures software measures TM 2 September 2013 i.mx-based products Rich, mobile, end-user, connected platforms Increasingly valuable assets: end-user data, licensed content, access credentials, intellectual property Increasingly threatened:

More information

FIPS 140-2 Security Policy 3Com Embedded Firewall PCI Cards

FIPS 140-2 Security Policy 3Com Embedded Firewall PCI Cards FIPS 140-2 Security Policy 3Com Embedded Firewall PCI Cards 3Com Corporation 5403 Betsy Ross Drive Santa Clara, CA 95054 USA February 24, 2006 Revision Version 0.4 Page 1 of 15 1. Introduction The following

More information

Entrust TruePass Applet Cryptographic Module

Entrust TruePass Applet Cryptographic Module Entrust TruePass Applet Cryptographic Module FIPS 140-2 Validation Security Policy Document Issue: 4.0 Issue Date: February 2006 Abstract: This document describes the Entrust TruePass Applet Cryptographic

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1

More information

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical

More information

Wireless Security: from the inside out. building security into the OMAP platform. ATechnology and Business Review from Certicom and Texas Instruments

Wireless Security: from the inside out. building security into the OMAP platform. ATechnology and Business Review from Certicom and Texas Instruments Wireless Security: from the inside out building security into the OMAP platform ATechnology and Business Review from Certicom and Teas Instruments January 2003 Over the net few years, more than 50 percent

More information

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module

More information

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage

More information

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the AIM-VPN/SSL Module Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for

More information

Credit Card Security

Credit Card Security Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary

More information

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...

More information

Applying Cryptography as a Service to Mobile Applications

Applying Cryptography as a Service to Mobile Applications Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

TI Linux and Open Source Initiative Backgrounder

TI Linux and Open Source Initiative Backgrounder TI Linux and Open Source Initiative Backgrounder Texas Instruments Incorporated (TI) has supported the use of embedded real-time operating systems in digital signal processing (DSP) for many years with

More information

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses,

More information

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents

More information

Can you trust me now? The Current State of Mobile Security

Can you trust me now? The Current State of Mobile Security Can you trust me now? The Current State of Mobile Security Black Hat USA August 2016 Atredis Partners Overview Bene Diagnoscitur, Bene Curatur That which is well diagnosed is well cured. Research Driven

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

White Paper: An Overview of the Samsung KNOX TM 2.0 Platform

White Paper: An Overview of the Samsung KNOX TM 2.0 Platform : An Overview of the Samsung KNOX TM 2.0 Platform March 2014 Enterprise Mobility Solutions Samsung Electronics Co., Ltd. Contents Acronyms Introducing the Samsung KNOX 2.0 Platform What's New in the KNOX

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Managed Portable Security Devices

Managed Portable Security Devices Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of

More information

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Solution Recipe: Improve Networked PC Security with Intel vpro Technology Solution Recipe: Improve Networked PC Security with Intel vpro Technology Preface Intel has developed a series of unique Solution Recipes designed for channel members interested in providing complete solutions

More information

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12. Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON

More information

SkyRecon Cryptographic Module (SCM)

SkyRecon Cryptographic Module (SCM) SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.

More information

Protecting the BlackBerry device platform against malware. BlackBerry Enterprise Server Version 4.0 and later

Protecting the BlackBerry device platform against malware. BlackBerry Enterprise Server Version 4.0 and later Protecting the BlackBerry device platform against malware BlackBerry Enterprise Server Version 4.0 and later Contents BlackBerry device application platform default behavior... 3 Adding third-party applications

More information

IBM Crypto Server Management General Information Manual

IBM Crypto Server Management General Information Manual CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.

More information

Certification Report

Certification Report Certification Report EAL 2 Evaluation of with Gateway and Key Management v2.9 running on Fedora Core 6 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

LBSEC. http://www.liveboxcloud.com

LBSEC. http://www.liveboxcloud.com 2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee

More information

Entrust Smartcard & USB Authentication

Entrust Smartcard & USB Authentication Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

STM32 F-2 series High-performance Cortex-M3 MCUs

STM32 F-2 series High-performance Cortex-M3 MCUs STM32 F-2 series High-performance Cortex-M3 MCUs STMicroelectronics 32-bit microcontrollers, 120 MHz/150 DMIPS with ART Accelerator TM and advanced peripherals www.st.com/mcu STM32 F-2 series The STM32

More information