[14533] in cryptography@c2.net mail archive
Re: NCipher Takes Hardware Security To Network Level
daemon@ATHENA.MIT.EDU (R. A. Hettinga)
Mon Oct 6 14:55:54 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 6 Oct 2003 13:38:13 -0400
To: cryptography@metzdowd.com
From: "R. A. Hettinga" <rah@shipwright.com>
Cc: Clippable <rah@shipwright.com>
--- begin forwarded text
Status: U
Date: Mon, 06 Oct 2003 12:40:41 -0400
From: Somebody
To: "R. A. Hettinga" <rah@shipwright.com>
Subject: Re: NCipher Takes Hardware Security To Network Level
Don't identify me, since I'm not sure what parts of my NDA are still in
force now that they've announced it.
It's really pretty clever. All the expensive key-management is moved
off to their centralized server. As each low-cost HSM (the things that
go into your server) comes up, it sends its "card identity" to the
server. The server responds with the necessary keys, sent in 3DES
(maybe AES? I forget details). Their cards can now be fairly simple
accelerators, and need less key protection, less NVRAM, etc.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
