Today, I would like to give some technical data about a separate chip microchip, the analog of Samsung Knox or TPM on motherboards. The chip belongs to a family of high-security cryptographic devices which combine world-class hardware-based key storage with hardware cryptographic accelerators to implement various authentication and encryption protocols. It is used to check the firmware, encrypt user data, check handshakes and signatures, generate random numbers. The chip features a vast array of defense mechanisms specially designed to prevent logical attacks on the data transmitted between the device and the system.
On a flash memory that can reach 128 MB in half, you can enable encryption, store digital certificates, signatures, and keys with maximum protection, and offline, making them easy to use on different devices.
Random private key generation is supported internally within the device to ensure that the private key can never be known outside of the device. The public key corresponding to a stored private key is always returned when the key is generated, and it may optionally be computed at a later time.
Real connoisseurs will like the following technical features of the chip:
• Cryptographic Coprocessor with Secure Hardware-Based Key Storage: – Protected storage for up to 16 keys, certificates, or data
• Hardware Support for Asymmetric Sign, Verify, Key Agreement: – ECDSA: FIPS186-3 Elliptic Curve Digital Signature – ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman – NIST Standard P256 Elliptic Curve Support
• Hardware Support for Symmetric Algorithms: – SHA-256 & HMAC Hash including off-chip context save/restore – AES-128: Encrypt/Decrypt, Galois Field Multiply for GCM
• Networking Key Management Support: – Turnkey PRF/HKDF calculation for TLS 1.2 & 1.3 – Ephemeral key generation and key agreement in SRAM – Small message encryption with keys entirely protected
• Secure Boot Support: – Full ECDSA code signature validation, optional stored digest/signature – Optional communication key disablement before secure boot – Encryption/Authentication for messages to prevent onboard attacks
• Internal High-Quality NIST SP 800-90A/B/C Random Number Generator (RNG)
• Two High-Endurance Monotonic Counters
• Unique 72-Bit Serial Number
Data security is the top priority in the IT sphere. That’s why we have decided to implement the following chip featuring a considerable amount of benefits, such as IoT network endpoint key management & exchange, encryption for small messages and PII data, secure boot, and protected download, ecosystem control, anti-cloning.
Get your own ClawsKeyboard and forget about data security issues once and for all.
コメント