Home | Corporate Profile Japanese | Corporate Profile-Simplified Chinese | Corporate Profile-Traditional Chinese | Corporate Profile-Korean | Contact Us | Newsletter | Search:
Integrated Security Platforms
Content Protection Applications
Middleware & Toolkits
Cryptographic Accelerators
Technology
Partners & Customers
Corporate
News & Events
Middleware & Toolkits
 
 

Middleware & Toolkits

   
 

Secure Storage

   

Features
OMA DRM v2.0
security services
 
Secure Storage of keys, rights and certificates
Mutual authentication
Certificate handling
Key wrapping
DCF decryption
XML digital signature verification

Corporate Secure Storage
 
Work force automation
Government and defense
Strict enforcement of access policy
Hierarchical access schemes
Remote administration

Healthcare
 
Support for multiple entities with different authorizations
Ensures data privacy and integrity of medical records

Personal Secure Storage
 
Password protection for private information
Information is stored encrypted

Financial Applications
 
Remote financial transactions
Digitally sign transactions for legally-binding non-repudiation purposes
Securely store cash balance

User Identification
 
Using securely stored credentials combined
with access control mechanism(s)

Multiple Operating Systems:
Symbian
Windows Mobile
Linux
Nucleus
OSE
APOXI
BREW

Multiple Business Models:
Purchasing
Renting
Subscription
Preview
Metering
Tracking
Superdistribution
 

Features
Common API for protecting keys, credentials, certificates and data objects
Remote server or remote administrator access using Challenge-Response
Multiple authorizations for a single data object
Same or different access rights using different credentials per object
Unblock key enables administrators to salvage valuable information
SST capacity limited only by device resources
Supports on-the-fly (USB 2.0 data-rate)
encryption/decryption

Configurations

SST is available in one of two modes:
Directly over hardware (in the absence of OS)
On top of real-time operating systems for mobile handsets such as:
 
Symbian
OSE
Nucleus
Micro-Itron

Strong Underlying Crypto

SST is built upon Discretix's cryptographic core hardware layer for the highest level of protection. A secure, software-only SST is also available.

 

Demand for Secure Storage

Handsets and storage devices utilize ever increasing non-volatile memory capacity of which a growing portion is used to store sensitive content, personal or corporate information.
DRM (Digital Rights Management) protect usage policy and sensitive keys. Enterprise secure storage protects multiple data objects that may relate to different entities with different access privileges. Authentication and financial applications are enabled by securely storing sensitive personal and financial credentials. Secure storage is an essential enabler for many new revenue generating applications.

What are the Threats?

For most applications the main threat is an attack initiated by an external entity that may employ logical or physical measures to extract sensitive information, including the the user's identity. Even when a sensitive device is momentarily unattended it may be subject to a physical or logical attack, let alone when the device is lost or stolen. Similarly the device is exposed through the web to malicious users or virus injection. In DRM applications, attackers may even be legitimate device users who try to hack their own devices in order to circumvent policies or to extract the digital content and use it freely. Another form of attack is 'reflash' attack in which a memory image is reused (e.g. to restore previous monetary balance in a "virtual electronic wallet" device).

To solve these threats, sensitive information must be secure enough so it cannot be read and illicit data alteration must be discovered immediately.

Examples:

  • In healthcare applications, a sophisticated access control mechanism allows various entities different levels of access. For example, the patient can access the medical information but may not alter it; the doctor may read or write medical information; and the insurance company may read or write administrative information. These transactions may be performed remotely after the SST authenticates the entity.
  • A securely stored private key enables users to authenticate themselves to an external server and to perform transactions and even digitally sign them for legally-binding non-repudiation purposes. That requires the private key to be highly protected to ensure that it cannot be tampered with or become compromised in any way.

Strong, Flexible, Security

The Secure Storage Toolkit ensures the strongest security for diverse scenarios employing different authorization mechanisms to protect different types of data. A cornerstone building block, the SST Secret CryptoKey, is hidden from all applications and is only accessible with Discretix's firmware, which in turn only uses it instantaneously for loading the symmetric encryption engines. The SST's flexible implementation enables diverse applications, such as enterprise applications and multi-user data applications. The SST supports strict enforcement of access policy, hierarchical access schemes and remote administration.

 

 

 

 

 

Double Layered Protection

  • Foundation layer, Credentials SST (CSST), stores a-symmetric and symmetric keys securely. As in the case of the Secret CryptoKey, these credentials and keys are only used internally by Discretix's firmware to encrypt or decrypt data. This sensitive information is stored encrypted and includes an integrity checksum to ensure that any tampering attempt will be immediately detected. An intricate access control mechanism ensures that only the legitimate user (a person or an application) will be able to use these credentials and keys, and only in accordance with the permissions granted.
  • Data Secure Storage layer (DSST) builds upon the underlying CSST. Various data objects, about which the DSST is completely agnostic, can be protected by a corresponding key with a set of access control rules and permissions

Flexible Authorization Mechanism

The authorization mechanism used in order to gain access rights to data objects, keys or credentials includes one or more of the following:

  • PIN (digits only)
  • Password (alpha-numeric characters)
  • Challenge response (C/R) based (using either asymmetric or symmetric keys)

State-of-the-art Protection

SST is capable of ensuring a legitimate image of the non-volatile memory it protects. Even when an old image is re-written, the SST is able to detect it and prevent a hacker from using the protected data.

Countermeasures
  • Fault Analysis
  • Timing Analysis
  • Simple Power Analysis
  • Differential Power Analysis

Supported algorithms:
  • RSA/DH
  • AES/AES MAC
  • DES/3DES
  • SHA1
  • Hardware based RNG

 

For additional information please refer to the Discretix SST white paper:
Securing New Revenues through Secure Storage (PDF)
 
Integrated Security Platforms | Content Protection | Middleware & Toolkits | Technology | Partners & Customers | Corporate | News | Careers | Contact Us