Rosetta USB

The SPYRUS Rosetta USB security device increase security by encrypting and storing your private key on the security device instead of on the computer. The SPYRUS Rosetta Series III USB is compact and requires no separate card reader. SPYRUS Rosetta USB security devices in the enterprise are perfect for multi-factor authentication, encryption, and message signing.

SDK

Basic

SDK Overview

Enhance the security of Azure IoT connected endpoints with the assurance that comes with hardware certified cryptography.

The Rosetta Azure IoT Basic SDK provides hardware certified key storage and cryptography in several convenient form factors.  The SDK consists of SPYRUS Rosetta HSM’s, example code and documentation that will illustrate how to raise the assurance of the authentication and communication with Microsoft’s Azure IoT Hub.  The Basic SDK includes support for all SPYRUS HSM’s without having to utilize the FIPS 140-2 L 3   encrypted secure channel between the embedded system and the Rosetta HSM.  The Basic SDK supports device registration with Azure IoT Hub as well as generating Shared Access Signatures (SAS) permitting authentication while avoiding sending keys or secrets over the wire/air. The secret key used for the HMAC algorithm can be maintained within the Rosetta HSM module and the operation used to generate the SAS token can be computed within the HSM for a higher level of assurance.  The examples and documentation describe how to add support for Rosetta HSM’s to the Microsoft Open Source IoT SDK found on Github with a few simple edits or patches.

In addition to support for generating SAS tokens, the Basic SDK also supports securing communications with Azure IoT Hub through OpenSSL integration for X.509 certificate based authentication and session encryption.  The device private keys can be generated and stored within the Rosetta HSM.  The Rosetta HSM can generate and verify digital signatures within a secure and trusted hardware platform.  This is the only way to guarantee proof of possession of the private key associated with the digital certificate.

Rosetta HSM modules also support many capabilities not supported by default with Azure IoT.  It is, however, possible to create custom device authentication token services and extend the authentication capabilities used by your Azure IoT service.  Other possibilities with Rosetta HSM devices include Elliptic Curve certificates, split key algorithms, AES challenge response, and more.

File structure

In the bin/ folder there is a binary application for creating the device Key to use to program your Rosetta device and the smartio_test application to verify that your microSDHC device is working properly.  There is a Linux version, a Windows version, and a Raspberry Pi version for each of these applications.

In the Device Setup Scripts/ folder there are all the scripts for programming your Rosetta device. There are seperate directories for each of the supported HSMs:

*SRS2_SC_SPYCOS2_4: this subdirectory contains the scripts for programming the Rosetta USB with SPYCOS 2.4.

*SRS3_MicroSDHC_SPYCOS3: this subdirectory contains the scripts for programming the Rosetta microSDHC with SPYCOS 3.0. This includes both the TrustedFlash and PKI only versions of this HSM.

*SRS3_USB_SPYCOS3: this subdirectory contains the scripts for programming the Rosetta USB with SPYCOS 3.0 on both Linux and Windows operating systems.

In the IOT SDK Rosetta Support/ folder you will find all the include files for integrating your Rosetta device with the Azure IoT SDK. We have seperated the files for using SASToken from the TLS/x509 files in the ‘SDK Modifications’ folder.

The SPYRUS_IOT_Install.zip file contains the RosettaSDLib2 libraries for the Rosetta microSD devices and the PKCS11 libraries for the TLS configuration. If you plan on using either of these options, you will need to extract this file to the correct install location for your system (see the 518-327001-02IntegrationOfRosettaIntoAzureIOTSDK Basic.pdf).

If you would like to get a SPYRUS HSM and download our SDKs, we will need you to register with our developer community:

Register with the SPYRUS developer community

Click on the links below to download a PDF of the product overview and technical specifications. All products are available in memory sizes ranging from 32GB up to 512 GB; and they all take advantage of SSD memory to provide high performance over a USB 3.0 interface

Rosetta USB Product Tech Sheet    View/Download

Rosetta Basic Security SDK PDF   View/Download

Azure IoT Quick Start Guide   View/Download

Enhanced

SDK Overview

Provide the additional level of assurance and meet your regulatory and compliance needs with the enhanced security that comes with SPYRUS FIPS 140-2 Level 3 certified HSM’s.  Simple to integrate with Azure IoT connected endpoints providing the extra level of assurance that comes with hardware certified cryptography.

The Rosetta Azure IoT Enhanced SDK provides hardware certified key storage and cryptography in several convenient form factors.  These devices have been FIPS 140-2 Level 3 certified by NIST.  In addition to getting cryptographic algorithm and security module certificates they have been rigorously evaluated and found to meet or exceed the tamper resistance requirements set by the United States Government.

The Rosetta Azure IoT Enhanced SDK consists of SPYRUS Rosetta HSM’s, example code and documentation that will illustrate how to raise the assurance of the authentication and communication with Microsoft’s Azure IoT Hub.  The Enhanced SDK includes support for all SPYRUS HSM’s including those that are FIPS 140-2 certified.  The required encrypted secure channel between the host device and the Rosetta HSM is done within the Enhanced SDK, relieving developers of having to implement any additional code for using FIPS 140-2 L3certified modules.  The Enhanced SDK supports device registration with Azure IoT Hub as well as generating Shared Access Signatures (SAS) permitting authentication while avoiding sending keys or secrets over the wire/air. The secret key used for the HMAC algorithm can be maintained within the Rosetta HSM module and the operation used to generate the SAS token can be computed within the HSM for a higher level of assurance.  The examples and documentation describe how to add support for Rosetta HSM’s to the Microsoft Open Source IoT SDK found on Github with a few simple edits or patches.

In addition to support for generating SAS tokens, the Enhanced SDK also supports securing communications with Azure IoT Hub through OpenSSL integration for X.509 certificate based authentication and session encryption.  The device private keys can be generated and stored within the Rosetta HSM.  The Rosetta HSM can generate and verify digital signatures within a secure and trusted hardware platform.  This is the only way to guarantee proof of possession of the private key associated with the digital certificate.

Rosetta HSM modules also support many capabilities not supported by default with Azure IoT.  It is, however, possible to create custom device authentication token services and extend the authentication capabilities used by your Azure IoT service.  Other possibilities with Rosetta HSM devices include Elliptic Curve certificates, split key algorithms, AES challenge response, and more.

File structure

In the bin/ folder there is a binary application for creating the device Key to use to program your Rosetta device and the smartio_test application to verify that your microSDHC device is working properly.  There is a Linux version, a Windows version, and a Raspberry Pi version for each of these applications.

In the Device Setup Scripts/ folder there are all the scripts for programming your Rosetta device. There are seperate directories for each of the supported HSMs:

*SRS2_SC_SPYCOS2_4: this subdirectory contains the scripts for programming the Rosetta USB with SPYCOS 2.4.

*SRS3_MicroSDHC_SPYCOS3: this subdirectory contains the scripts for programming the Rosetta microSDHC with SPYCOS 3.0. This includes both the TrustedFlash and PKI only versions of this HSM.

*SRS3_USB_SPYCOS3: this subdirectory contains the scripts for programming the Rosetta USB with SPYCOS 3.0 on both Linux and Windows operating systems.

In the IOT SDK Rosetta Support/ folder you will find all the include files for integrating your Rosetta device with the Azure IoT SDK. We have seperated the files for using SASToken from the TLS/x509 files in the ‘SDK Modifications’ folder.

The SPYRUS_IOT_Install.zip file contains the RosettaSDLib2 libraries for the Rosetta microSD devices and the PKCS11 libraries for the TLS configuration. If you plan on using either of these options, you will need to extract this file to the correct install location for your system (see the 518-328001-03IntegrationOfRosettaIntoAzureIOTSDK Enhanced.pdf).

If you would like to get a SPYRUS HSM and download our SDKs, we will need you to register with our developer community:

Register with the SPYRUS developer community

Click on the links below to download a PDF of the product overview and technical specifications. All products are available in memory sizes ranging from 32GB up to 512 GB; and they all take advantage of SSD memory to provide high performance over a USB 3.0 interface

Rosetta USB Product Tech Sheet    View/Download

Rosetta Enhanced Security SDK PDF   View/Download

Azure Enhanced Quick Start Guide   View/Download

Getting Started Guide   View/Download