Skip navigation

Processor adds encryption to a PC

-- EDN, 11/23/2000

Wave Systems claims that you can implement its new Embassy processor at "negative cost," given the interest of e-commerce sponsors, in much the same manner that Internet-service providers absorb the cost of a PC's modem. That claim aside, however, figure on adding $12 to the bottom line when you implement the processor on a motherboard. The processor has on-chip resources, such as nonvolatile storage, unique IDs, flexible I/O, a real-time clock with an elapsed-time counter, and cryptography accelerators supporting DES (Data Encryption Standard) and 3DES (Triple DES) to act as a coprocessor for a host processor.

Wave Systems loads each processor before shipment with a unique triplet of DES keys in the cryptographic module. Although you can load keys into the unit and use them to cipher data and keys, no facility exists to read keys out. The cryptographic module can cipher as much as 10 Mbytes of data/sec, although the bus that accesses the hardware constrains actual decryption performance. Versions of the processor target motherboards, set-top boxes, and other peripherals, and Wave Systems hopes to provide a "hardened" environment for storing sensitive information, executing secure applications, performing electronic transactions, and enabling protected communications.

The device's hard drive encrypts and stores secure applications, such as secure booting, authentication, set-top access, usage measurement of digital content, and e-commerce transactions, for loading into the Embassy processor. You can also securely store data inside the processor, allowing it to emulate most Smart Cards, and provide security that is independent of the operating system, main processor, and platform.

The company used WaveNet, a service that maintains the key infrastructure for authorizing a service to run on a requesting processor, enabling the processor to "know" that it's loading a secure executable instead of a "spoofed," or compromised, function that spits out all the private keys in storage. WaveNet includes a transaction gateway, which conducts all conversations with an Embassy processor, and an information clearinghouse, which collects information on the registrations and activity of processors when required for billing purposes. Other software includes the WAF (Wave-application-framework) API (application-processing interface) for interacting with an Embassy service and the Embassy Manager, which presents a graphical user interface for basic administrative tasks, including initial registration, an interface into the transaction engine, and a view of all currently registered Embassy services. WAF mediates all communications between the processor and WaveNet by communicating through a WaveNet transaction gateway to register a processor or to fetch keys.

Processors must be registered to establish their identities for subsequent authorization to load a service or conduct some other transaction. Security applications communicate through WAF to a service loaded on the processor. A standard CSP (crypto-service provider) provides basic cryptography functions and includes an Embassy service that implements the crypto algorithms to be run on the processor and a software component that presents the crypto services according to a standard API, such as CDSA or MS-CAPI. Applications that have special noncrypto uses for the processor, such as hiding the execution of sensitive code and ensuring the persistence and integrity of specific information, can load their own Embassy service and interact with it directly through WAF.

WaveNet supplies the key hierarchy that ensures the security and integrity of an Embassy service. Secure-service providers compile Embassy services and encrypt them for deployment using the Embassy service-development kit, which is distributed with application software in a "service envoy." The application software registers the service with the client Embassy during its own installation. Registration entails fetching decryption keys from a WaveNet transaction gateway and locking the service to the client Embassy. Once registered, the service is loaded into the processor whenever the application software requests. Wave Systems has created the applet-development kit, which includes an ARM SDT (software-development tool kit) 2.51 Development Suite, an applet-development board with full I/O capabilities, and an Envoy device with an Embassy processor. Unrestricted distribution of the ADKs began this month. Details of the ADK are available at www.wave.com/developer.

Wave Systems, 1-408-517-6666, www.wave.com.

at www.rscahners.ims.ca/ednmag/.

-by Nicholas Cravotta
ADVERTISEMENT
ADVERTISEMENT

Feedback Loop


Post a CommentPost a Comment

There are no comments posted for this article.

By This Author

There are no additional articles written by this author.


ADVERTISEMENT

Newsletters

EDN on Embedded Processing: Interfaces, serial and otherwise; optimizing architectures; more... 3/8/2006

EDN on Embedded Processing: Linux in consumer electronics; reference designs; more... 2/22/2006

EDN on Embedded Processing: Processing options; 802.11 progress; more... 1/25/2006

Sign UpSign Up

Knowledge Center

Technology Quick Links

EDN Marketplace

About Us   |   Contact Us   |   Free Email Newsletters   |   Free Magazine Subscription  |   Advertising   |   RSSRSS   

©1997-2008 Reed Business Information, a division of Reed Elsevier Inc. All rights reserved.
Use of this Web site is subject to its Terms of Use | Privacy Policy

Please visit these other Reed Business sites
SKIP THIS AD >>
ADVERTISEMENT
You will be redirected to your destination in few seconds.