Since its inception in 1992, SPYRUS has pioneered the development of high-assurance hardware-based data protection and client authentication products, and integrated identity management solutions. Our technology is so innovative and unique, we have received over 20 patents on our ideas.
SPYRUS worked as a partner with Microsoft, the U.S. Department of Defense, and leading-edge organizations to develop products that provide the next generation of advanced cryptographic support for long-term information assurance. SPYRUS products are designed for information sharing in the government sector and are ideal for commercial markets with long-term data protection requirements, such as financial services and health care.
Read on for descriptions of a few of the highlights of our technology.
SPYCOS® (SPYRUS Cryptographic Operating System)
SPYCOS is the firmware operating system incorporated into SPYRUS hardware devices such as theHydra PC Series II, Rosetta Series II Smart Card and USB, and LYNKS Series II Hardware Security Module. It supports more cryptographic algorithms than any other commercial product and dynamically allocates nonvolatile memory. A unique feature bounds the memory space dedicated to simultaneously running applications with a data “firewall” to ensure total isolation and security during processing. A sophisticated on-card key management system and advanced random number generation technology provide the strongest hardware-based encryption and security for application and personal identity keys in commercially available devices. Other features include:
- FIPS 140-1 and 140-2 Level 2 and Level 3 standards
- Algorithm agility
- Large key and certificate storage space supporta multiple applications, permissions, and identities simultaneously on a single client authentication device
- Anti-tearing mechanisms to ensure that a transaction completes even if interrupted
- Secure firmware upgrades for corrections, new features and functionality
SPYCOS uses SPYRUS patented intellectual property that permits a device’s cryptographic functionality to be changed at the higher application level under specified rights and conditions without changing the basic primitive mathematical operations. SPYCOS interacts with SPEX®®/2, the SPYRUS cryptographic application programming interface (API) software, as well as with commercial cryptographic APIs, PKCS #11, and Microsoft CAPI. These and other features make SPYCOS the most secure and reliable cryptographic operation system for applications with advanced security requirements.
SPYRUS security hardware products are designed, developed, and manufactured with the following characteristics:
- Tamper Resistant and Tamper Evident The products use secure microcontrollers that are Common Criteria certified and validated at FIPS 140-1 and 140-2 Level 2 and Level 3.
- Random Number Generator (RNG) All SPYRUS hardware products have an on-board, hardware-based FIPS-certified RNG to provide the highest quality keying material. The entropy derived from the hardware RNG is then used to seed approved deterministic random bit generators to guarantee the highest quality random keys.
- Chip Security Features Each crypto processor in SPYRUS client authentication tokens is equipped with hardware-enforced security features such as over-voltage/under-voltage detectors and over-frequency/under-frequency detectors that counter known crypto attacks.
- Hardware Crypto-Accelerators Hashing, signing, key exchange, and symmetric key operations are significantly accelerated through on-token crypto accelerators relative to a firmware-only approach. This augments the security benefits and performance during public key algorithm operations on the client authentication device.
SPYRUS Security Software
SPYRUS security software products integrate with most commercial applications with PKI token support. The software includes utilities to manage tokens, passwords or PINs, and digital certificates; view the contents of a token; request or generate certificates; migrate certificates to or delete them from the Windows certificate store; and import PKCS #12 PFX files.
SPYRUS PKI System Architecture
The SPYRUS PKI system is based on public key infrastructure architecture that integrates with and complements the overall security functionality of the Microsoft platform. Separate components of the system are responsible for servicing individual areas of functionality such as root authorities, policy approving authorities, policy creation authorities, organizational certificate authorities, and organizational registration authorities. The core of the architecture is built on industry standards and proven security technologies.
The flexibility of the architecture enables an organization to undertake pilot implementations with a minimal back-end infrastructure. Customers can then migrate to limited production and ultimately to full-scale deployment. The SPYRUS PKI system incorporates SPYRUS patented intellectual property that enables control of the operation and expansion of installed identity management systems. Built-in flexibility and customization features allow enterprises to tailor the identity management system to meet their individual requirements and business processes. These features provide a competitive advantage for SPYRUS products over other vendor offerings.