Secure peripheral cards

Roop Mukherjee bmukherj at shoshin.uwaterloo.ca
Fri Mar 22 09:45:04 EST 2002 

I was posing this question with some client based transaction system in
mind such as the proposed digital rights management (DRM) system, as
opposed to secure access to servers.

There are several companies that are touting that they have solutions for
DRM. Microsoft's story is that they have a secure kernel that will only
load secure drivers and their secure DRM app can playback stuff without
the user copying the pain-text data. It is probably plain to see why the
kernel, the driver or the application  that the user can insert and delete
instructions from should not be considered secure.

Wave.com touts this security system called Embassy. It is supposed to be
made up of everything from a secure chip, secure applets running on them,
secure OS secure trust network of such deives etc. They talk of deploying
this in everything from a keyboard to speakers. Even after looking for
weeks I only have a sketchy view of the working of the suystem. If someone
here knows more about it please let me know.

What I was seeking waas some concrete examples of the use and/or
deployment of the secure chips, applets etc. to create DRM or secure
client systems, as opposed to servers that can process loads of secure
transactions.

Cheers,
-- Roop
_______________________________________________________
On Fri, 22 Mar 2002, Greg Rose wrote:

> At 12:06 AM 3/22/2002 +0000, Adam Back wrote:
> >I'm not sure NCipher gear is the #1 for acceleration, I think they're
> >probably more focussed and used for secure key management.  For
> >example they quote [1] an nForce can do up to 400 new SSL connections
> >per second.  So that's CRT RSA, not sure if 1024 bit or 512 bit (it
> >does say "up to").  openSSL on a PIII-633Mhz can do 265 512 bit CRT
> >RSA per second, or 50 1024 bit CRT RSA per second.  So wether it will
> >even speed up current entry-level systems depends on the correct
> >interpretation of the product sheet.
>
> But don't forget that your pentium can't do anything *else* while it's
> doing those RSAs... whereas the machine with the nForce can be actually
> servicing the requests.
>
> Greg.
>
>
> >And the economics of course depends on how expensive they are relative
> >to general purpose CPUs, plus the added complexity of using embedded
> >hardware and drivers and getting to play with your web server.
> >General purpose CPUs are _really_ fast and cheap right now.
> >
> >But for the application at hand -- secure key-management, perhaps an
> >NCipher card is ok -- I haven't compared feature sets so can't really
> >comment.
> >
> >Adam
> >
> >[1] http://www.ncipher.com/products/rscs/datasheets/nFast.pdf
> >
> >---------------------------------------------------------------------
> >The Cryptography Mailing List
> >Unsubscribe by sending "unsubscribe cryptography" to
> >majordomo at wasabisystems.com
>
>
> Greg Rose                                       INTERNET: ggr at qualcomm.com
> Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
> Level 3, 230 Victoria Road,                http://people.qualcomm.com/ggr/
> Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
>




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list