The Rosetta® HSM genesis dates back to 1996 as one of the first, if not the very first, RSA-based smartcard device that has become a universal standard that can be used with a wide variety of applications used in desktop and embedded environments:
ECDH-AES Secure Channel
The secured channel is based on using the ECDH shared secret algorithm along with the KDF function to derive a AES session key for encrypting and decrypting supports of the APDU command and response between the host and the Rosetta FIPS module. The ECDH-KDF operation would take in ECC keys from each ends (the host and the Rosetta FIPS module) along with a random nonce data generating from the SPYCOS® to generate an AES256 encryption key. The same key is generated in both ends to support the encryption of the security data being transmitted between the host and the Rosetta FIPS module.
- Protect access to your desktop infrastructure by using the Rosetta HSM as the “something you have” form with the “something you know” password to authenticate to Windows accounts using smartcard logon.
- The unique “K of N” feature designed into Rosetta can provide extensions of this concept to logon not only to a defined set of computing platforms, but also to networks.
Secure Web Authentication and Login
- Increase the security assurance to access data on website by using the Rosetta HSM FIPS 140-2 Level 3 secure channel operations with TLS/SSL that will always protect critical security parameters such as passwords from the end point to the website.
E-Mail S/MIME Encryption
- Secure your communications using Office Outlook by using the Rosetta HSM with the MiniDriver (available from Windows Update) or Thunderbird and Firefox by using SPYRUS PKCS#11 driver to encrypt and sign your e-mail.
File Signing and Encryption
- Use Rosetta HSM’s military grade security with the SPYRUS NcryptNshare™ file sharing applications to not only to provide data confidentiality but uniquely file validation and verification of authentication WITHOUT having to first decrypt the file.
- Rosetta NcryptNshare (RES) applications include RES4Office™, RES Pro™, and RESDisk™ virtual vault that were each created using the SPYRUS RES SDK.
- KeyWitness® Mode provides non-repudiation of data shared between parties.
- Protect your Cisco, Juniper, or DirectAccess VPN network keys for remote access to your corporate network using the Rosetta HSM. Support a multitude of other VPN products using the industry standard’s based SPYRUS PKCS#11 driver.
- You can also deploy defense in depth remote access solutions by using the Rosetta HSM’s algorithm agility a VPN using RSA and a second VPN using the military standard elliptic curve cryptography.
- The Rosetta NcryptNshare (RES) Disk application provides a hardware-based key management solution to safeguard all your files and folders on a single or multiple vaults with the Rosetta HSM. Create your own RES Disk application by using the RES SDK.
- A Rosetta HSM is located on the WorkSafe™ and WorkSafe Pro™ live drives used to boot Windows or Linux operating environments from a USB 3.0 SSD. When you provision the industry standard solutions such as EJBCA, XCA, or even Windows Server CA, you have an integrated CA in a Box® solution that is very affordable.
Electronically Sign Documents
- Electronic document workflows require electronic signatures to prove who created or approved a document, and more importantly, proving that the document has not been altered during transit from the originator to the receiver.
- Use the Rosetta HSM KeyWitness Mode to not only digitally sign documents, but also verify the sender and validate the document was not altered providing non-repudiation.
- Why not use the world’s first hardware code signing HSM! The Rosetta HSM CSP was developed in partnership with Microsoft to support Authenticode and PKCS#11 to support Netscape. Always safeguard your code signing keys on the Rosetta HSM and lock it away when not in use.
- Better yet, use a WorkSafe or WorkSafe Pro for development of the code and the embedded Rosetta HSM to sign the code when you are ready to sign the code!
- TEXT TO COME