[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iPower card info from NatSemi



iPower: The Card That Ate Your Privacy

I got a "Technology Fact Sheet" on the National Semiconductor iPower
(Tessera) card today. It's pretty grim. They have big plans for this
little monster, which go way beyond just tapping the telephones of a
few Mafiosi. It's too long to key in the whole thing - if you want one,
call them at 1-800-272-9959. They are very helpful. Here are a few
interesting excerpts:

(cover page) DRAFT 1/3/94

National Semiconductor has developed a new concept in data security.
iPower technology. Implemented in a personal, portable low-cost access
card, iPower technology substantially increases the portability of
high-security data applications across unsecured networks while
dramatically lowering the cost.

It provides the highest level of commercial security available for the
exchange of information across digital networks - in a form that dist-
ributes security down to the individual user. The technology also allows
consumption based metering of digital products - software, database
information and other intellectual property.

It can be easily added to existing networks and applications or adapted
to future systems. It is practical for network communications, electronic
funds transfer, wireless data exchange, and systems for access, authoriz-
ation, and identification. It is built on industry standards - PCMCIA,
DES, RSA, PKCS, X509, Skipjack.

Initially implemented in a PCMCIA card format - a personable portable
hardware device called an access card or token, it incorporates state-
of-the-art security capabilities and can hold information decryption
keys, transaction records, credit and account information, your private
key, and digital certificates. This new technology can guarantee that
the information you send arrives unaltered and goes only to your intended
recipients by providing authentication, verification, non-repudiation,
and privacy.

At the heart of the iPower access card is a new microchip called the
Security Processing Unit (SPU). Dedicated to high-speed cryptographic
processing, the SPU securely creates, stores, and deploys the secret keys
and algorithms used to encrypt and decrypt information. Other portions
of the chip firmware can be programmed to perform signaturing, verifi-
cation, information metering and other application-specific functions.

At the highest level of protected storage, the most critical information
is stored in the SPU chip which provides bulletproof security for encrypt-
ion algorithms, master keys, secret data, and RAM-based secret programs.
The only place where sensitive information is ever in the clear is in
non-volative on-chip SPU memory. Protected physically and electrically,
the SPU cannot be made to divulge its information.

iPower Technology is based on a new concept in security: securing the user
not the network. The most secure environment for information is one where
the encryption process and keys are housed in a portable hardware token
that the user keeps in his possession - personally secured just like your
wallet, keys, rings, and employee badge.

The SPU microchip will meet Federal Information Processing Standard (FIPS)
140-1 Level 3.0 for data security and provides the highest level of
security commercially available at the chip or card level.

iPower technology is a manifestation of National Semiconductor's corporate
vision: developing products for shaping and moving information. National's
products drive industry standards by offering common-sense solutions to
complex problems. iPower technology will become the new standard for access
to the information superhighway, by providing the means for all types of
electronic information to travel safely. Combined with National's leading
position in the LAN market, iPower technology will enable National to offer
innovative, comprehensive solutions to the world's evolving communications
needs.

(picture of iPower card on top of credit cards)
(caption: The FUTURE is SECURE")

... marketing fluff deleted ...

... less than $100 per user ... contains a 32-bit microcomputer ...

The PCMCIA Card

PCMCIA cards are easily integrated with many computers and are already
widely accepted. Many of the current laptop and notebook computers
contain built-in support for PCMCIA cards, and low-cost adapters are
available for amost all other computers. The United States government
has chosen the PCMCIA-card format as its token standard for all future
access to the data superhighway now being developed.

The Federal PCMCIA token, dubbed the "Tessera" card, will eventually be
used to secure electronic mail and classified information for federal
government agencies and their contractors. Because it is designed to be
transparent to the information highway, yet provides the highest security
for data and transactions traveling on it, iPower technology is a natural
choice for the Tessera card.

... Powerful security capabilities

* Positive identification and reliable authentication of the card user
* Message privacy through bulletproof hardware encryption capability,
  with support for the major cryptographic standards
* Secure key exchange
* Secure storage of private and secret keys, transaction records,
  algorithms, and biometric data
* Positive verification of data and messages to prevent alteration
* Secure authorization capabilities, including support for digital
  signatures
* On-board transaction recording to improve security and enable off-line
  transactions and metering

... stuff deleted ... in the first iPower access card, a 20 MHz 32-bit
Central Processing Unit (CPU) controls the chip's modules and processes.
The CPU is isolated from all off-chip input and can only receive
programmed commands from 32k bytes of on-board ROM or 4k bytes of on-board
battery-backed RAM. Functional commands from off-chip are validated prior
to execution by the CPU. Later implementations of iPower Technology will
offer more powerful processors, increased storage, and enhanced
versatility.

... stuff deleted ... iPower technology will be the catalyst for a host
of new product capabilities including digital signatures, secure elect-
ronic mail, and secure information metering, as well as secure identi-
fication and data storage capabilities for credit cards, government
entitlement programs, and access to the information superhighway. This
technology will also fuel the expansion of a new information delivery
system - desktop purchasing - where intellectual property and other
digital products can be promoted and sold through encrypted multimedia
CD-ROM presentations.

... stuff deleted ... Desktop Purchasing - a new way to market

iPower Technology is creating a new delivery system for any kind of
information product that can be contained in electronic memory (such as
movies, software, and databases). Multimedia advertisements, tutorials,
demos, documentation, and actual products can all be shipped on a single
encrypted CD-ROM, offering dramatic cost-savings to the manufacturer and
bringing product marketing and sales directly to the customer's desktop.

Since the iPower SPU must be used to decrypt information, it can measure
and record usage time and can record and download monetary transactions
to a centralized billing service bureau, all with total security. These
capabilities will allow any kind of digital information to be sold off-
line and will permit users to try digital products before buying. For the
first time, renting software and other intellectual property will be a
viable, attractive option for consumers and suppliers both. By intro-
ducing a pay-as-you go option, iPower technology will open up dynamic
new markets for software rentals and database subscriptions. The iPower
desktop purchasing system also ensures that sales are followed up with
100% user registration. And it completely prevents the piracy of software
and information products.

How DESKTOP PURCHASING Works

The product manufacturer produces a high-volume, low-cost CD-ROM that
is widely distributed to potential end-users. The CD-ROM can contain
persuasive multimedia advertisements, demos of software products,
databases, games, tutorials, product documentation, or any other form of
digital product. Some items, such as demos, are available to the user at
no charge. Items for sale or rental are encrypted and are not available
to the consumer except by initiating a secured transaction process
inside the SPU.

After obtaining or determining credit for the user, the SPU allows only
the appropriate information to be decrypted and transferred to a hard disk
for immediate use. Unlike similar unlocking systems based in software,
frequent phone communication with a centralized billing server is
unnecessary because the SPU can safely record and store transaction data
and decryption keys locally. This allows off-line vending of large infor-
mation databases in a highly granular fashion. The user doesn't have to
wait for phone authorization for each separate purchase, but is instead
authorized to browse and purchase at will, subject only to a pre-deter-
mined credit limits.

Distributed, high-level financial transactions

By adding bulletproof security to the process, iPower technology will
allow electronic financial transactions of high value to migrate to the
individual level. This will give consumers greater flexibility and
convenience. And it will allow financiam institutions to safely offer a
wider range of services. 

It is estimated that 0.5% of current credit card transactions are fraud-
ulent, and another 5% are uncollectible, most of them repudiated trans-
actions. Because digital signatures can't be duplicated and beacuse
completing a transaction will require both the user's access card and PIN
number, iPower cards will dramatically reduce fraud and repudiated
transactions.

iPower - the super card of the future

Looking further ahead, iPower access-card technology has the potential to
generate a host of new super-card applications. Affordable high security
at the consumer level will drive new product concepts such as the
electronic wallet. A single iPower card can securely hold a wealth of
personal records such as your drivers license, passport, birth certificate,
vehicle registration, medical records, social security card, credit card
accounts, biometric identification such as your fingerprint or voiceprint,
and even digital cash. Individuals may soon be able to conduct all their
business and personal transactions with a tiny portable computer equipped
with an iPower card slot.

Nearly every industry will benefit from applications of electronic
identification, authorization and access. In the medical industry, for
example, iPower technology will streamline record keeping and insurance
reimbursement. A consumer will use his iPower access card at the doctor's
office to electronically enter medical history, insurance carriers, or
other billing information. Pharmacies will se the same card to check for
allergies or conflicting prescriptions. The patient will also be able to
use the card to pay for both services electronically.

Federal and state government agencies such as the IRS and the Department
of Motor Vehicles, financial institutions such as banks, credit unions,
and brokerage houses; and medical institutions such as hospitals,
pharmacies, and health insurance companies will all enjoy more efficient
and secure methods of information exchange and transaction accountability
through the implementation of iPower technology.

... final page of marketing fluff mostly deleted ...

... iPower technology will become the new standard for access to the
information superhighway, by providing the means for all types of
electronic information to travel safely. ...

Contact iPower Marketing Communications at 408-721-2448 or 408-721-7383.

                                                 National
                                               Semiconductor