[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Tessera the PCMCIA Card
From Electronic Designs, April 4, 1994, by DAVE BURSKY
New Products, Digital ICs (approximately 1/2 page) P. 148
CRYPTO ENGINE EASES PUBLIC-KEY SECURITY
...
Developed by National Semiconductor, the iPower secure microcontroller
holds the encryption algorithms, secret data, and the central processing
unit that processes them. The chip was designed to remian secure from
electrical probes through the signal pins, as well as from analytical probes
that etch package and circuit layers. Any such penetration would cause the
stored data to be "zeroed" before it could be read out. The iPower SPU
consists of a 32-bit CPU core with on-chip ROM, a real-time clock, and a
interfaceto off-chip nonvolatile (battery-backed_ RAM that holds scrambled
data. The remaining blocks on the chip include the encryption engine,
some battery-backed RAM to hold secured data (master keys, algorithms, or
records) and a host-system bus interface. The SPU chip can be combined with
off-chip low-power RAM, a battery, and a PCMCIA interface to squeeze the
entire public-key token on a card that meets the PCMCIA's type-1 format.
The cards, dubbed Tessera after the token ancient Romans used as a ticket
or means of identification, can now be implemented at a relatively low cost
(less than $100 dollars per user for large orders) compared with previous
solutions. Nevertheless it provides the highest level of commercial
security (FIPS 140-1 level 3). Encrypted data could provide positive
identification of users, store private medical records, include authorization
codes, or even perform secure transaction processing.
...
----------
Tessera was an identifier for slaves.
FIPS 140-1 level 3 is not the highest commercial security level,
(per FIPS 140-1, January 11, 1994):
...
1.4 Security Level 4
Security Level 4 provides the highest level of security.
Although most existing products do not meet this level of
security, some products are commercially available which meet
many of the Level 4 requirements.
For the Tessera we know utitilizing CAPSTONE, Escrowed Encryption
is present. It would hardly qualify for performing secure transaction
processing for say money transactions when the U.S. government and/or
other law enforcement agencies have the ability to break open the
monetary instrument, by obtaining a warrant or through "other authorized
access". The degree of privacy afforded is not absolute, even to the
extent of the strength of the cryptographic algorithm (assuming transmission
of the Law Enforcement Access Field (LEAF)). Likewise those able to
obtain access have the ability to tamper with or spoof transactions.
Were it used to control access to facilities, it would certainly enable
"black bag jobs" both physical and virtual.
(Its a type-1 PCMCIA card)