Re: add-on crypto hardware

Thu, 18 Mar 1999 11:32:19 -0500 


--- begin forwarded text


Date: Wed, 17 Mar 1999 15:44:33 -0500
To: [EMAIL PROTECTED]
From: "Steven R. Taylor" <[EMAIL PROTECTED]>
Subject: Re: add-on crypto hardware
Cc: [EMAIL PROTECTED] (Dale R. Worley), [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: "Steven R. Taylor" <[EMAIL PROTECTED]>

At 12:01 PM -0500 3/16/99, Dale R. Worley wrote:
....snip....
>
>This led me to recall seeing an article back in the 1970's in an IBM
>journal about an add-on crypto hardware module for the IBM 360.  Its
>essential value was that all crypto keys would be held in the module,
>and data would be passed to the module for processing.  (Keys would be
>delivered to the module encrypted under a master key that the module
>knew, but not the OS.)
>
>I suspect that this is a problem that has been thought about a lot in
>the intelligence community.

You're right. I don't know of the IBM module to which you refer, but BBN
worked with various security agencies in the past to create a "signer"
whose keys never leave the box.  It was originally done to support secure
mail in the defense environment.  It was designed for exactly the situation
you describe - a place where you can't trust the OS nor the path through
the OS for a PIN.  Everything is done in the box.  You can see more detail
at:

http://www.bbn.com/groups/cybertrust/solutions/safekeyper/index.htm

It's currently being used in the echeck pilot at the US Treasury as well as
other interesting places.  The signing of individual checks is done with
smart card technology, but the signatures for bank credentials and other
important parts of the system are done inside the SafeKeyper.

You can see more about the system at:

http://www.echeck.org

The keys themselves are generated inside the box - they literally can't get
out in any usable form.  They can be backed up for disaster recovery but it
is done is such a way as to require the user's physical interaction to
reload, etc.

The box and it's code, etc get vetted by whatever security organization is
involved.  The most public is FIPS 140-1 Level 3 certification.

Steve



For help on using this list (especially unsubscribing), send a message to
"[EMAIL PROTECTED]" with one line of text: "help".

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Reply via email to