Secure Wireless Application Platform

Size: px
Start display at page:

Download "Secure Wireless Application Platform"

Transcription

1 Texas Instruments Secure Wireless Application Platform

2 New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, , Bluetooth OTA Distribution, Delivery Management, Billing, Roaming SECURITY is key! Limited resources Size, Bandwidth, Storage, Battery Life Content Personalization Mobility, Ability to Customize Security Device Security, Rights Mgmt, Privacy

3 Complexity Increases Security Risks Micro-browsers (XML, WML, chtml & XHTML) Digital Imaging (GIFS, JPEG) Open S/W (Java) Multimedia (MP3, MPEG-4) Entertainment (Gaming) Location (GPS) Messaging (Instant, media-rich)

4 1 Electronic Transactions (Banks) 3 Mobile New Services to Support 2 Banking Brokering Ticketing Shopping Make a financial transaction to pay a service/product directly with your mobile phone Local Billing (Operators) Mobile Billing Pay the received content according to the Quality of Service profile Content Protection (Content Providers) Office Mobile Multimedia Entertainment Insure confidentiality of: Resident firmware Downloaded application code Downloaded media with digital rights Personal data 4 Firmware and Handset Integrity (Operators - Manufacturers) Insure the authenticity and integrity of: Resident Firmware IMEI SIM Lock

5 Definition Texas Instruments proposed solution for m-commercem Software + Hardware components combination Offers the capabilities to transform the Digital Base Band or the Application Platform in a Secure Open Framework Provides services, storage and processing performances for applications requiring security Secure Boot Secure Execution and Storage Environment HW-accelerated Cryptography and Security Protocols Secure Application Layer

6 Architecture SECURE NETWORK SOLUTIONS M-Commerce; Network Updates; Content Management Crypto Engine Secure Execution Secure Boot Crypto Engine Crypto Service Provider Secure Execution Secure Boot ON CHIP HARDWARE SECURITY OMAP33x, 73x, 161x, TCS2200 OMAP73x, 161x, TCS2200

7 Secure Boot What it does: How it works: Benefits: Authenticates and verifies the integrity of the flash programmer code before flash programming Authenticates and verifies the integrity of the OEM firmware code upon reset or upon request This is accomplished through embedding a public key, provided by the OEM, into the device and checking signed boot strap code against this key during the flashing and booting processes Guarantees the authenticity and the integrity of the boot strap code prior to delivering processor control to the OS

8 Secure Execution and Storage Environment What it does: How it works: Benefits: Creates a partitioned HW-assisted Secure Mode where CPU can operate as a separate virtual security processor while executing security operations Loads and verifies protected applications in secure environment Provides secure services (crypto & key mgmt) for protected application Loads and Stores sensitive data belonging to protected applications between secure to non-secure environments Comprehensive suite of hardware and software components, including separate Secure RAM, Secure ROM, and a Security State Machine Sensitive information are securely protected from access or tampering by un-trusted software

9 HW-based Components (1/2) On-chip Secure ROM Secure Boot software Secure Services Drivers for the HW crypto blocks Secure Mode Manager for the Secure Mode entry, exit and interrupt management Load Manager for loading and authenticating protected applications to Secure RAM for execution Secure Storage Manager, available only to protected applications, for securely storing digitally signed and encrypted data in permanent non-secure memory Remote Procedure Call interface, available only to protected applications to access services in the non-secure side Crypto library (optional), available only to protected applications, for performing a large number of established cryptographic operations

10 HW-based Components (2/2) On-chip Secure RAM Authentication and execution of protected applications, such as cryptographic algorithms, value-added services Key material generation Dynamic keys storage Safe working space for execution of Secure ROM services Certificate signature and verification (during boot and in run-time for protected applications) Non-volatile key store Hash of the root public key. It is the foundation of the public key infrastructure Randomly generated symmetric key, which is different on each device Additional fuses for device personalization Cryptographic Accelerators (DES/3DES, SHA-1/MD5, True RNG) Secure Watchdog Timer

11 SW Components (1/2) Cryptographic Library Symmetric Key (Data Confidentiality) DES, 3DES, ARC4, RC5, AES Public Key (Authentication and Key Management) RSA, ECC DH, ECDH Digital Signature (Authentication, Non Repudiation) RSA, DSA, ECDSA One-way Hash (Integrity) SHA-1 (160Bits), MD5 (128Bits) HMAC Others Biometry

12 SW Components (2/2) Application Manager Download of new applications on the terminal Installation Initialization Registration Security Manager Checks the dynamic access to the device resources against the access rights Access Manager Dynamic allocation of the resources and peripherals of the device Arbitrates the conflicts when the following situations occur: Several applications require the same resources An application requires too many resources Secure Java Framework Allows secure execution of downloaded applets Allows development and safe use of Secure Value Added Services (payment, DRM, OTA database management, etc.)

13 Compliance to Standards Adhere to established standards and methodologies Standard API STIP, PKCS Security standards relying on PKI SSL/TLS, WTLS, IPSec, S/MIME Open Mobile Standards OMA Adhere to cryptographic standard validation criteria FIPS PUB (US NIST) Common Criteria (ISO 15408) Compatible with Compatible with SIM/WIM

14 Benefits OMAP1612 OMAP1611 OMAP1610 TCS2200 TCS2600 OMAP730 TCS2620 OMAP732 More secure and faster than software More power efficient than software Development time savings Digital rights management Trust terminal origin: IMEI protection Hardware Security Benefits OEM Benefits Operator Benefits Complements software security Virtually transparent to the user Development cost savings Additional revenue from users running secure applications Network updates Secure m-commerce Secure financial transactions Secure content delivery End User Benefits Secure access Confidentiality Protection against viruses

M-Shield mobile security technology

M-Shield mobile security technology Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a

More information

OMAP platform security features

OMAP platform security features SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces

More information

M-Shield Mobile Security Technology: making wireless secure

M-Shield Mobile Security Technology: making wireless secure WHITE PAPER Jerome Azema Distinquished Member of Technical Staff WTBU Chief Technology Office - Security Texas Instruments Gilles Fayad Worldwide Strategic Marketing Manager, Mobile Platform Security and

More information

application layer security Contents

application layer security Contents application layer security Tim Wright Communications Security and Advanced Development Group Vodafone Limited Contents Introduction to public key cryptography WAP security MExE and MExE security Introduction

More information

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel

More information

Expert 64. The Java -based smart card

Expert 64. The Java -based smart card Sm@rtCafé Expert 64 The Java -based smart card Cost-effective and flexible through Java The Sm@rtCafé Expert 64 from Giesecke & Devrient (G&D) offers a future-proof concept. Due to the Java Card operating

More information

Trusted Input Devices Distributed Strong Authentication

Trusted Input Devices Distributed Strong Authentication Input Devices Distributed Strong States Security Research Workshop Carnegie Mellon University March 28, 2002 Lark M. Allen / Wave Systems Lallen@wavesys.com Challenges Personal computers are untrusted

More information

BL01A - Java & Global Platform Applet Development

BL01A - Java & Global Platform Applet Development BL01A - Java & Global Platform Applet Development Mikhail Friedland - jnet Technology, Inc. Class ID: BL01A Renesas Electronics America Inc. Mikhail Friedland Concise Biography President of jnet Technology

More information

RSA BSAFE TLS-J MICRO EDITION

RSA BSAFE TLS-J MICRO EDITION RSA BSAFE TLS-J MICRO EDITION Cryptographic security toolkit helps enable established, state-of-the-art and memory-efficient cryptographic algorithms for resource-constrained devices. AT A GLANCE Designed

More information

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM Qi Wenhua, Zhang Qishan, Liu Hailong School of Electronics and Information Engineering BeiHang University, P. R. China 100083 ABSTRACT Security hardware based

More information

epassauto PKI USB Token

epassauto PKI USB Token epassauto PKI USB Token An easy-to-use "Plug&Play" PKI product OVERVIEW FEITIAN epassauto PKI USB Token is a complete "Plug & Play" solution. The device can hold all necessary software programs, such as

More information

StorePass PKI USB Token

StorePass PKI USB Token StorePass PKI USB Token A PKI product with an onboard Flash drive OVERVIEW StorePass PKI USB Token by FEITIAN is a hybrid device which combines Flash memory with Public Token Infrastructure technology.

More information

Smart Card Solution: Highly secured Java Card Technology

Smart Card Solution: Highly secured Java Card Technology Smart Card Solution: Highly secured Java Card Technology Surender Reddy Adavalli Department of Computer Science, University of Auckland sada027@ec.auckland.ac.nz Abstract Smart card is a tiny personal

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

Port Scanning Services, Inc.

Port Scanning Services, Inc. PSS will provide a secure and reliable connection to its customers using what is known as a Virtual Private Network or VPN. The VPN software allows customers, clients and consultants a means to establish

More information

Secure boot Secure software update

Secure boot Secure software update Secure boot Secure software update 2016 Tokyo Yannick Gicquel SW Engineer yannick.gicquel@iot.bzh Iot.bzh Specialized on Embedded & IoT Contributing to AGL Project for Renesas Expertise domains: System

More information

RSA Solution Brief RSA BSAFE. Security Tools for C/C++ Developers

RSA Solution Brief RSA BSAFE. Security Tools for C/C++ Developers RSA BSAFE Security Tools for C/C++ Developers Introduction Built on more than 20 years of expertise in delivering high-quality products for implementing strong security controls in software and networked

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

IOT SECURITY CONCERNS

IOT SECURITY CONCERNS IOT SECURITY CONCERNS RENESAS SYNERGY PLATFORM SECURITY ROADMAP WITH ARMV8-M ARCHITECTURE SYBD, Renesas Electronics Corporation ARM Tech Symposia 2016 India Dec, 2016 Presented by: Haydn Povey (Renesas

More information

FIPS Compliance of Industry Protocols in Edward Morris September 25, 2013

FIPS Compliance of Industry Protocols in Edward Morris September 25, 2013 FIPS 140-2 Compliance of Industry Protocols in 2014 Edward Morris September 25, 2013 Topics Background DES SP 800-57 SP 800-131 2014 The Protocols Recommendations 2 International Cryptographic Module Conference

More information

User. Role. Privilege. Environment. Checkpoint. System

User. Role. Privilege. Environment. Checkpoint. System 8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially

More information

Public-Key Infrastructure

Public-Key Infrastructure Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards

More information

CipherNET Software Developer s Kit (CDSA)

CipherNET Software Developer s Kit (CDSA) Software Developer s Kit (CDSA) Sri Myneni July 21, 1998 MOTOROLA and CipherNet are registered trademarks of Motorola, Inc. Introduction Why Motorola-ISD chose CDSA? CipherNet product offering Motorola-ISD

More information

IDentity Suite a multi-purpose smart e-id, PKI platform

IDentity Suite a multi-purpose smart e-id, PKI platform 2015 All rights reserved. Specifications subject to change without notice IDentity is Global Platform smart card solution for a wide area of e-services following the relevant EU and worldwide standards.

More information

Java Card TM Open Platform for Smart Cards

Java Card TM Open Platform for Smart Cards Java Card TM Open Platform for Smart Cards Wolfgang Effing Giesecke & Devrient GmbH C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1 What happened in the past? Every company created

More information

IAIK/Stiftung SIC IAIK-JCE

IAIK/Stiftung SIC  IAIK-JCE IAIK-JCE IAIK-JCE is a set of APIs and implementations of cryptographic functions including digest, signature, message authentication code, key agreement, symmetric, asymmetric, stream and block encryption

More information

Mobile Platform Security: OS Hardening and Trusted Execution Environment. Onur Zengin Lead Security TRUSTONIC

Mobile Platform Security: OS Hardening and Trusted Execution Environment. Onur Zengin Lead Security TRUSTONIC Mobile Platform Security: OS Hardening and Trusted Execution Environment Onur Zengin Lead Security Engineer @ TRUSTONIC Agenda Attack Types on a Platform Platform Security Components Operating System Security

More information

AUTOSAR Security Modules

AUTOSAR Security Modules AUTOSAR Security Modules Current Status V1.00 2015-05-27 Agenda 1. AUTOSAR 2. CAL & CSM 3. SecOC 2/40 AUTOSAR Introduction Automotive Open System Architecture Software for electronic control units (ECU)

More information

System Security. Protecting Systems from Hacking and Cloning. July, Rudan Bettelheim Building Control Segment Marketing Manager

System Security. Protecting Systems from Hacking and Cloning. July, Rudan Bettelheim Building Control Segment Marketing Manager July, 2009 System Security Protecting Systems from Hacking and Cloning Rudan Bettelheim Building Control Segment Marketing Manager service names are the property of their respective owners. Freescale Semiconductor,

More information

AGAINST OUTSIDE THREATS

AGAINST OUTSIDE THREATS SECURING CONTROL NETWORKS AGAINST OUTSIDE THREATS MARK BUCKLAND MAY 2015 2015 Echelon Corporation IzoT PLATFORM PILLARS Full Monitoring and Control over IP Legacy Co-Existence and Evolution Industrial-strength

More information

Cyber- & HW- security in IoT World NTB Buchs

Cyber- & HW- security in IoT World NTB Buchs Cyber- & HW- security in IoT World NTB Buchs Security Solutions by Avnet Silica - DACH Costica Dima . And the growth of the IoT is... From the Internet of Devices to the Internet of Everyday Things. 2

More information

Key & Data Storage on Mobile Devices

Key & Data Storage on Mobile Devices Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Securing Cryptographic Keys

Securing Cryptographic Keys White Paper Securing Cryptographic Keys A Sophisticated Implementation of White-Box Cryptography Using Arxan s TransformIT Solution Version 1.0 Securing Cryptographic Keys with White-Box Cryptography 2

More information

Wireless Network Security

Wireless Network Security Wireless Network Security WAP Slide from 2 nd book 1 802.11i Protected Data Transfer Phase IEEE 802.11i defines two schemes for protecting 802.11 MPDU data 1. message integrity : using the Temporal Key

More information

Information Security in a Wireless World

Information Security in a Wireless World Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security

More information

Global Standards Jeff Stapleton. OASIS February 9, 2012

Global Standards Jeff Stapleton. OASIS February 9, 2012 Global Standards Jeff Stapleton OASIS February 9, 2012 Agenda International and Domestic Organizations ISO, CEN, ANSI, NIST, PCI, IETF, others Standards Consensus Process NWIP, CD, WD, Draft Standard,

More information

Java Card Data Sheet. Feitian Techologies Co.Ltd

Java Card Data Sheet. Feitian Techologies Co.Ltd Java Card Data Sheet Feitian Techologies Co.Ltd Feitian Technologies Co. Ltd. Worldwide Security Services Specializing in the Provision of the Industry s Most Stable Foundational Java Card Platform Standards

More information

epass PKI USB Token A stable and secure PKI product OVERVIEW

epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token is the world's foremost cryptographic identity verification module. epass by FEITIAN provides a host of indispensable protective

More information

Smart Card Technology Capabilities

Smart Card Technology Capabilities Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards

More information

Lecture 13. Security Protocols. Cryptographic Standards. Cost of cryptography in the layer model of the Internet

Lecture 13. Security Protocols. Cryptographic Standards. Cost of cryptography in the layer model of the Internet Lecture 13 Security Protocols Cryptographic Standards 1 Secure Communication Systems (e.g., Defense Message System) Security protocols (e.g., S-MIME, SSL, IPSec) Non-cryptographic component (communications,

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

TPM 2.0. Introduction to Next Generation of Trusted Platform Module

TPM 2.0. Introduction to Next Generation of Trusted Platform Module TPM 2.0 Introduction to Next Generation of Trusted Platform Module What is a TPM? Stands for Trusted Platform Module Holds tamper-resistant values that are used to help establish trust in a platform Traditionally,

More information

Trusted Mobile Devices: Requirements for a Mobile Trusted Platform Module

Trusted Mobile Devices: Requirements for a Mobile Trusted Platform Module Trusted Mobile Devices: Requirements for a Mobile Trusted Platform Module Kathleen N. McGill n recent years, mobile devices have replaced desktop PCs as the computing platform of choice for many users.

More information

Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms

Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms SOLUTION BRIEF Intel QuickAssist Technology Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms High performance, scalability, and ease of use allow network device manufacturers

More information

VMware, Inc. VMware NSS Cryptographic Module

VMware, Inc. VMware NSS Cryptographic Module VMware, Inc. VMware NSS Cryptographic Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy F I P S S E C U R I T Y L E V E L 1 D O C U M E N T V E R S I O N : 1.1 Table of Contents 1

More information

Securing the data. Authentication: The message comes from whom it states HMAC(Hash-based Message Authentication Code)

Securing the data. Authentication: The message comes from whom it states HMAC(Hash-based Message Authentication Code) Securing the data A network infrastructure can be secured through device hardening, AAA access control, firewall features, and IPS implementations But how is network traffic protected when traversing the

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

PrivateServer TM Hardware Security Module (HSM)

PrivateServer TM Hardware Security Module (HSM) PrivateServer TM Hardware Security Module (HSM) ARX PrivateServer TM is a high-performance cryptographic device that offers solutions to a wide range of industries, including financial, commercial, and

More information

Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication. SafeNet Authenticators - Family Brochure 1

Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication. SafeNet Authenticators - Family Brochure 1 Gemalto Authenticators Diverse Form Factors for Convenient Strong Authenticators - Family Brochure 1 Diverse Form Factors for Convenient Strong. Offering the broadest range of authentication methods and

More information

Embedded TCP/IP-Security

Embedded TCP/IP-Security Embedded TCP/IP-Security Agenda What is security? A look into a security data sheet Symmetric vs. asymmetric cryptography TCP/IP security SSL/TLS CB ussl SSH CB ussh Demo Summary Page 2 What is security?

More information

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses,

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Entrust TruePass Applet Cryptographic Module

Entrust TruePass Applet Cryptographic Module Entrust TruePass Applet Cryptographic Module FIPS 140-2 Validation Security Policy Document Issue: 4.0 Issue Date: February 2006 Abstract: This document describes the Entrust TruePass Applet Cryptographic

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

CHAPTER 6 CRYPTOGRAPHY

CHAPTER 6 CRYPTOGRAPHY CHAPTER 6 CRYPTOGRAPHY 6.1 GIVEN A SCENARIO, UTILIZE GENERAL CRYPTOGRAPHY CONCEPTS. Symmetric vs. asymmetric With symmetric key cryptography the sender and receiver of a message share a single common key.

More information

Security Products in E-Commerce. Anjali Shende

Security Products in E-Commerce. Anjali Shende Security Products in E-Commerce Anjali Shende Introduction What is E-commerce? Process of buying, selling or interacting with customers via Internet, smart cards, or other computer networks E-commerce

More information

Security Architecture (ASA)

Security Architecture (ASA) AppleÕs Security Architecture (ASA) Aram PŽrez Chief Security Architect aram@.com Apple Data Security Group Overview Apple Data Security Group Why provide a security architecture? Requirements Building

More information

Advances of USB Strong Authentication Tokens

Advances of USB Strong Authentication Tokens Giesecke & Devrient Advances of USB Strong Authentication Tokens Michael Poitner Director New Business CTST 2009 New Orleans, May 5 th, 2009 Table of Contents Secure USB Token A new smart card form factor

More information

Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 07 JavaCard

Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 07 JavaCard Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 07 JavaCard Oxford University Press 2007. All rights reserved. 1 Java Card Has CPU with limited processing command and low clock frequency

More information

GlobalPlatform TEE* & ARM TrustZone technology: Building security into your platform

GlobalPlatform TEE* & ARM TrustZone technology: Building security into your platform GlobalPlatform TEE* & ARM TrustZone technology: Building security into your platform Rob Coombs Security Marketing Director Simon Moore Security Technical Marketing Director * Trusted Execution Environment

More information

Protecting Information Assets - Week 12 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Protecting Information Assets - Week 12 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets Protecting Information Assets - Week 12 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 12 Cryptography, Public Key Encryption and Digital Signatures Team Presentations Team 3

More information

Virtual Private Networks powered by Elliptic Curve Cryptography

Virtual Private Networks powered by Elliptic Curve Cryptography Virtual Private Networks powered by Elliptic Curve Cryptography Eugen Petac Tudor Udrescu ** This article studies the impact of the implementation of Elliptic Curve Cryptography (ECC) into open-source

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

Future SIM Functionality Virtual MegaSIM Storage Solutions for Content and Service Delivery. ATC Conference Oslo-Norway June 23 rd 2008

Future SIM Functionality Virtual MegaSIM Storage Solutions for Content and Service Delivery. ATC Conference Oslo-Norway June 23 rd 2008 Future SIM Functionality Virtual MegaSIM Storage Solutions for Content and Service Delivery ATC Conference Oslo-rway June 23 rd 2008 Smart Storage Platforms for Service Delivery SanDisk provides MNOs with

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

VMware Inc. ACE Encryption Engine (Software Version: 1.0) FIPS Non-Proprietary Security Policy

VMware Inc. ACE Encryption Engine (Software Version: 1.0) FIPS Non-Proprietary Security Policy VMware Inc. ACE Encryption Engine (Software Version: 1.0) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Document Version 0.4 Prepared for: Prepared by: VMware Inc. Corsec Security, Inc.

More information

the analog PSTN. digital subscriber line (ISDN).

the analog PSTN. digital subscriber line (ISDN). General System Features Architecture and Network Fax Encryption Appliance Analog Line Connectivity (PSTN) Digital Line Connectivity (ISDN) (optional) IP Network Connectivity (optional) Key Management Server

More information

Security needs in embedded systems

Security needs in embedded systems Anoop MS Tata Elxsi Ltd. India anoopms@tataelxsi.co.in Abstract: The paper discusses the hardware and software security requirements in an embedded device that are involved in the transfer of secure digital

More information

System SSL and Crypto on System z. Greg Boyd

System SSL and Crypto on System z. Greg Boyd System SSL and Crypto on System z Greg Boyd gregboyd@mainframecrypto.com Copyrights... Presentation based on material copyrighted by IBM, and developed by myself, as well as many others that I worked with

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

The SIM. Dr. Klaus Vedder. Chairman ETSI TC SCP. Lemesos, Cyprus March GSM younger than ever

The SIM. Dr. Klaus Vedder. Chairman ETSI TC SCP. Lemesos, Cyprus March GSM younger than ever The SIM Dr. Klaus Vedder Chairman ETSI TC SCP GSM younger than ever Lemesos, Cyprus 15 16 March 2007 Footer text (edit in View : Header and Footer) World Class Standards ETSI TC SCP, the Smart Card Committee

More information

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods

More information

How System SSL Uses Crypto on System z

How System SSL Uses Crypto on System z How System SSL Uses Crypto on System z Greg Boyd gregboyd@mainframecrypto.com Share 15660 August 2014 Copyrights and Trademarks Presentation based on material copyrighted by IBM, and developed by myself,

More information

Cisco VPN Internal Service Module for Cisco ISR G2

Cisco VPN Internal Service Module for Cisco ISR G2 Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

NFC Application Security. Sandeep Tamrakar Aalto University,

NFC Application Security. Sandeep Tamrakar Aalto University, NFC Application Security Sandeep Tamrakar Aalto University, 2012-11-20 NFC Short-range, high frequency Radio Frequency Identity (RFID) technology Operating distance: 4 cm to 10 cm Operating Frequency:

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Sun Microsystems Sun Crypto Accelerator 6000

Sun Microsystems Sun Crypto Accelerator 6000 Sun Microsystems Sun Crypto Accelerator 6000 Firmware Version 1.0.7 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation Copyright 2007 SUN MICROSYSTEMS Table of Contents 1 INTRODUCTION... 3 1.1

More information

Vins Fong Certizen Limited 17 April 2015

Vins Fong Certizen Limited 17 April 2015 Vins Fong Certizen Limited 17 April 2015 Topics to share Network Security Threats Protection by SSL/TLS HTTPS and Lock Icon SSL Certificate Certification Authority Good Practice More Protection 17 April

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Intro to z/os Crypto and ICSF

Intro to z/os Crypto and ICSF Intro to z/os Crypto and ICSF Ross Cooper, CISSP IBM Corporation March 2nd, 2015 Session: 16777 Topics: Intro to Cryptography: Asymmetric & Symmetric Cryptography Hashing, Digital Signatures Digital Certificates

More information

Administration Guide. Wireless software upgrades

Administration Guide. Wireless software upgrades Administration Guide Wireless software upgrades SWDT207654-207654-0727045705-001 Contents Upgrading the BlackBerry Device Software over the wireless network... 3 Wireless software upgrades... 3 Sources

More information

Java / ActiveX Security. David Gristwood Senior Consultant Microsoft Ltd

Java / ActiveX Security. David Gristwood Senior Consultant Microsoft Ltd Java / ActiveX Security David Gristwood Senior Consultant Microsoft Ltd Security Issues Covers many areas: Transact business securely Ensure privacy of conversations Authenticate users in communications

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

UM0586 User manual. STM32 Cryptographic Library. Introduction

UM0586 User manual. STM32 Cryptographic Library. Introduction User manual STM32 Cryptographic Library Introduction This manual describes the API of the STM32 cryptographic library (STM32-CRYP-LIB) that supports the following cryptographic algorithms: AES-128, AES-192,

More information

Java Appliances. Jim Mitchell Vice President Technology and Architecture

Java Appliances. Jim Mitchell Vice President Technology and Architecture Java Appliances Jim Mitchell Vice President Technology and Architecture Java Is Appearing Everywhere Java will power a wide variety of devices Network Computers TM & Java A new range of electronic appliances

More information

Fundamentals of HW-based Security

Fundamentals of HW-based Security Fundamentals of HW-based Security I-Wei Lin FAE, ARM ARM Tech Forum 2016 Taipei July 1 st, 2016 What is system security design? Every system design will require a different set of security properties,

More information

Security. is one of the most widely used and regarded network services currently message contents are not secure

Security.  is one of the most widely used and regarded network services currently message contents are not secure 6 Email Security Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by suitably privileged

More information

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

IronKey S300/D300 IronKey, Inc. Security Policy. (Document Version 1.0) December 10, 2010

IronKey S300/D300 IronKey, Inc. Security Policy. (Document Version 1.0) December 10, 2010 IronKey S300/D300 IronKey, Inc. Security Policy (Document Version 1.0) December 10, 2010 Copyright IronKey, Inc. 2010. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS

More information

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing

More information

Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems

Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems driving trust Author, INSIDE Secure As more utility companies install smart electric and other types of utility meters

More information