Products

iBaffle Eagle Card Mercury EyeZ N(i)² SPx

The Eagle Card is an all American FIPS-201 approved smart card with a starting memory size of 360K and separate processors for the contact and contactless operations, offering increased security. The enhanced version includes fast Secure Biometric Match on Card and a secure multiple user, multiple application system that provides secure remote update capabilities, fine-grained secure memory allocation (using SILOS™ technology), and on-card CKM capabilities.

show larger image

The Eagle Card

The TecSec Eagle card is a hybrid of an Identity card and a Key Transport/Key generation device used to protect data in transit and at rest. As such it is used to perform a multitude of tasks. Many of the tasks may require different security strengths in different environments. To support this diversity of usage and uses the card must have a level of configurability as well as an overall security strength that is at least equal to the highest required strength. Otherwise the high strength keys can be compromisable at the lower strength and therefore would be considered weakened to that lower strength.

No smart card is used to establish identity. They are used however to authenticate that the user matches the identity that was used when the card was issued. The US federal government has created the Personal Identity Verification (PIV) program (FIPS-201) and has created NIST special publications that dictate the allowable data objects, keys and authentication. These are in the [SP-800-73-2] series of documents.

The TecSec Eagle card is used for the following security related tasks:
•  Identity authentication/verification
•  Physical Access Control
•  Short term logical access control
•  Short term data protection (normally data in transit situations)
•  Long term data protection

The first four items in the list are short term events (possibly limited to real time). This means that the expected life of the data can be measured in minutes to at most a few years. This allows us to use the established guidance in the NIST [SP-800-57] documents as to the key life and data life. Using this information it is possible to map the required strength to the 112 bit level as established in SP-800-57 as this security level is good until around 2030. This is seen in Table 4 (page 66) and is further supported in [SP-800-78-1].

The last bullet point above (Long term data protection) is a much harder problem. There are users of the system that have 150 year data retention requirements. The currently published data strength tables do not extend to that time period. Conventional key management and conventional public key systems are recognized as inadequate to meet these needs without periodic rekeying and re-encryption of the data. To help reduce this burden the TecSec Eagle card offers Constructive Key Management (CKM) to simplify the key management overhead though the construction of dynamic keys combined with rekeying system inherent in the CKM design. The card is also taking the posture that we must use the strongest keys available so that there is a chance of the eliminating the re-encryption of the data as that task is problematic and very expensive.

This leads to a CKM design that is engineered for 256 bit strength. Also this design is contained in physical hardware that has been evaluated at FIPS-140-2 Level 4 (the highest level currently available).

 
  Home | About Us | Capabilities | Customers | Products | Partners | Services | Solutions | Contact Us | Site Map