|
|
 |
 |
Rosetta SD/microSD
High-Assurance Micro Hardware Security Module in Secure Digital Media
The unique design of Rosetta SD/microSD combines Secure Digital (SD) technology with Public Key Infrastructure (PKI) technology in a standard SD or microSD form factor. Rosetta SD/microSD is well suited for both embedded solutions and enterprise solutions. Rosetta SD/microSD supports the strongest cryptographic algorithms and key lengths commercially available, exceeding the Suite B algorithms and key length recommendations approved by the U.S. Government to protect both unclassified information and classified information though the TOP SECRET level.
Rosetta SD/microSD is ideally suited for both custom and mass-market products, including computers, cell phones, and PDAs that require small size, low power, and high security. It can be released and exported under license exception ENC. |
|
|
|
|
|
High Assurance by Design
The Rosetta SD/microSD uses the Infineon SLE66CX642P security controller chip running the SPYRUS Cryptographic Operating System (SPYCOS®). The chip and SPYCOS operating system are the same as those embedded in the Rosetta Series II Smart Card and USB security devices and the Hydra Privacy Card® Series II USB encryption drives.
Rosetta SD/microSD provides extensive protection against active and passive attacks. The multi-layer chip design includes an active shield and randomized memory layout to prevent physical tampering. Rosetta SD/microSD includes hardware countermeasures against side-channel attacks such as timing analysis, simple and differential power analyses, and differential fault analysis. SPYCOS provides additional algorithmic defenses against side-channel attacks. Rosetta SD/microSD is invulnerable to Branch Prediction Analysis attacks that can affect PC-based software cryptography.
|
|
|
When any health or status indicator (such as light, voltage, or glitch sensors) is triggered, Rosetta SD/microSD zeroizes RAM and requires a hard chip reset. As a safety measure against accidental triggers, keys and variables stored in EEPROM remain intact in these cases.
Private keys and critical security parameters are encrypted and stored on the chip, well protected against exotic chip-peeling and electron microscope attacks. Hardware-enforced delays and key zeroizing prevent PIN-guessing attacks.
Rosetta SD/microSD encrypts all elements stored in EEPROM during user logoff and power-down, protecting against the most sophisticated probing-type attacks.
SPYRUS has specialized in high-assurance, cost-effective security processors for over a decade, and all of this experience is packaged in a ready-to-roll form for integrators and OEMs.
High Assurance in Use
SPYCOS takes full advantage of the native hardware capabilities of the security controller chip to provide a high-assurance architecture and implementation suitable for the most sensitive applications.
The Rosetta SD/microSD includes a hardware random number generator, which SPYCOS uses to seed a high-entropy Deterministic Random Bit Generator (DRBG) that is suitable for even the strongest ECC P 521 keys.
Enhanced Encryption Support
Rosetta SD/microSD supports cryptographic algorithms that exceed the U.S. Government’s Suite B standard for protecting classified information through the TOP SECRET level. These high-strength algorithms ensure data security for decades. Rosetta SD/microSD also supports legacy algorithms for backward compatibility with many existing applications. Rosetta SD/microSD enables legacy and advanced PKI-based digital certificate functionality such as smart card logon, e-mail digital signatures and encryption, and authenticated Web browsing. See the technical specifications for a complete list of supported cryptographic algorithms.
Advanced Features
- High-assurance protection for keys, digital IDs, and sensitive data.
- Strongest cryptographic algorithm support commercially available.
- Uses enhanced 8051 instruction set.
- Supports SD/IO interface standard.
- Unique serial number for each Rosetta SD/microSD module.
- Approximately 32K of EEPROM available for X.509 certificates and data storage.
- Includes a hardware memory management and protection unit.
- Advanced random-number generation technology.
- Supports anti-cloning techniques.
- Supports OATH algorithm for one-time password (OTP) generation.
- Tamper-resistant design protects against physical attacks and reverse engineering of on-board applications and data.
- Designed to support certification at FIPS 140-2 Level 2, Level 3, and even Level 4, depending on application requirements.
- Compatible with PKCS #11 and with Microsoft CryptoAPI and Cryptographic API: Next Generation, including support for Windows Vista.
|
|
