SPYRUS products meet the security requirements of any configuration, from the home user to an enterprise network, from a small business to a government agency.

SPYRUS products support the strongest cryptographic algorithms commercially available, including Elliptic Curve Cryptography (ECC), Advanced Encryption Standard (AES), and Secure Hash Algorithm 2 (SHA-2). Algorithms and key sizes meet or exceed the U.S. National Security Agency Suite B standards for use with classified and unclassified data.

The Talisman/DS data security solutions suite integrates secure encryption with strong two-factor or advanced three-factor authentication for a layered, defense-in-depth approach to complete data security.

The Talisman/DS data security solutions suite includes:

• SecureDoc full-disk encryption system by our partner WinMagic, Inc.
• Hydra Privacy Card Series II (Hydra PC) hardware-based encryption and authentication devices
• Rosetta Series II Smart Card and USB security devices

Rosetta SD/miniSD/microSD Series II provide high-assurance hardware security devices in SD, miniSD, and microSD form factors.

Rosetta Micro is a high-assurance micro hardware security module for embedded applications.

En-Sign software offers a user-friendly interface to managing Rosetta Series II security devices, LYNKS Series II HSMs, and PIV/CAC devices.

LYNKS Series II HSM, available in PC card and stackable USB versions, delivers a cost-effective solution for certificate authority and registration authority key operations, digital signatures, and key recovery functions.

Security In A Box provides a complete digital identity management and file encryption solution for a single Microsoft Windows PC. Small businesses, home users, and large enterprises can all take advantage of the same security protection.

SPYRUS Identity Management and Public Key Infrastructure (PKI) products include:

• MySafeID Certification Authority (CA) is a self-contained hardware-based CA for enterprise communities. It provides a hardware-based chain of trust to ensure the security of encryption, digital signatures, and authentication in closed communities where a defined chain of trust is required but global certificate revocation status validation is not mandatory.
• Signal Identity Manager implements a policy-based, auditable workflow for security devices, certificates, and biometrics images integrated with Windows Server 2003 Certificate Services, database services, and Active Directory.
• The SPYRUS Public Key Infrastructure (PKI) System is a ready-to-install, configurable, business-rules-based digital certificate solution for Microsoft Windows environments.

The Talisman/DS® Data Security Suite integrates SPYRUS authentication and encryption products with SecureDoc full-disk encryption by our partner WinMagic Inc. to offer the most comprehensive commercially available selection of high-assurance encryption with advanced authentication solutions.

Talisman/DS solutions protect data at rest (DAR) on PC hard drives, external drives, portable drives such as USB flash memory drives, and removable media such as CDs and DVDs. Solutions include strong full-disk encryption with SecureDoc, secure hardware-based authentication and private key storage with a SPYRUS Rosetta security device, and high-assurance portable encryption on the high-capacity Hydra Privacy Card® Series II. Talisman/DS solutions offer an unprecedented combination of hardware and software encryption products to provide complete security against data compromise from intruders as well as lost or stolen laptops and portable storage drives.

SPYRUS components of the Talisman/DS suite support Suite B, a set of advanced, unclassified cryptographic algorithms approved by the National Security Agency (NSA) to protect U. S. Government classified and unclassified data. Suite B algorithms include Elliptic Curve Cryptography (ECC) with NIST prime elliptic curves, Advanced Encryption Standard, and the SHA-2 series of hash functions, as defined by the National Security Agency. The Hydra PC and Rosetta security devices also include support for ECC with P-521 keys and SHA-512 that exceeds Suite B standards.

Solutions are available to suit configurations of all sizes up to the global enterprise and for U.S. Government agencies handling classified information.

The Talisman/DS suite includes the following products:

• Hydra Privacy Card® (Hydra PC™) Series II

The Hydra PC is a compact, portable USB authentication device with hardware-based encryption and storage on a removable miniSD memory card. Hydra PC and SecureDoc together provide a complete encryption solution for data on laptops, and high-assurance encryption on a small, portable USB storage drive. Hydra PC supports a third authentication factor that limits its use to a specific host PC or set of PCs, making it especially useful in high-security facilities.

• Rosetta Smart Card and USB Series II

Rosetta Series II Smart Card and readerless USB security devices offer cost-effective two-factor authentication even at the critical pre-boot stage for systems using SecureDoc for encryption.

• WinMagic SecureDoc Full Disk Encryption

SecureDoc offers entire disk encryption including pre-boot authentication that ensures complete security for sensitive data on internal and external disks and storage devices. Entire disk encryption secures even temporary and swap files that can remain vulnerable with other encryption methods and transparently ensures that every file is protected by advanced encryption technology. Private keys are encrypted and stored on a SPYRUS security device completely off the computer for total security against brute-force attack.

SPYRUS software development kits (SDKs) support security-aware applications such as secure messaging, Secure Sockets Layer (SSL)/Transport Layer Security (TLS), file encryption, certificate authority implementations, Defense Message System (DMS) applications, and remote access solutions. Developers can use SPYRUS SDKs to retain maximum flexibility in security options without writing applications from scratch.

LYNKS and Rosetta SDKs

LYNKS and Rosetta SDKs provide a common set of development tools for all SPYRUS security devices, including the LYNKS Series II HSMs and FORTEZZA security devices, and the Rosetta Series II Smart Cards and Rosetta USB security devices.

The core of these kits is the SPYRUS Extensions to the Cryptographic Interface Library (SPEX/2), a C language library of easy-to-integrate cryptographic, digital signature, and card management functions.

SSL/TLS SDKs

The DeviceSSL v1.0 embedded SSL SDK and TLS Platinum SDK provide developers with tested, ready-to-use implementations of SSL and TLS.

SPYRUS Crypto Toolbox

The SPYRUS Crypto Toolbox makes it easy to develop cryptographic applications for LYNKS Series II HSMs, Rosetta Series II security devices, or Hydra Privacy Card Series II using Microsoft Visual Studio integrated development environments.

Security In A Box protects the sensitive data on your PC with the strongest security technology commercially available. It integrates easily with security-aware email applications, Web browsers, and Microsoft Windows secure logon capabilities. Installing and using Security In A Box is easy, making it the perfect solution for home, small office, or enterprise.

Your Windows logon password and the digital certificate you use to sign and encrypt email are securely stored on the included Rosetta Series II smart card or USB security device, accessible only with a Personal Identification Number (PIN). The computer screen locks when you remove the Rosetta security device, and it unlocks only when you replace the security device and enter the PIN.

You never need to type your password. If you forget your PIN, you can recover it from a password-protected PIN backup file.

The Rosetta File Encryptor feature encrypts individual files to any location on your computer's hard drive.

Import a P12 or PFX digital certificate file or, with the optional MySafeID Generator, issue your own digital certificate. Security In A Box also integrates with a Microsoft standalone Certification Authority (CA) to generate certificates for enterprises with existing Public Key Infrastructure (PKI) systems.

Features

• Rosetta smart card or Rosetta USB security device included
• Two-factor authentication (Rosetta security device and PIN) for logon, digital signature, and file encryption
• Self-instructing wizards walk you through most operations
• Simple taskbar menu access to wizards and documentation
• Rosetta File Encryptor handles files up to 100 MB
• Digital certificate verifies security keys
• PIN block after 10 incorrect entries
• Password-protected recovery restores blocked or forgotten PIN
• On-device key generation and RSA-1024 or RSA-2048 options
• Full integration with Microsoft security applications

The SPYRUS Rosetta Series II smart card and USB security devices and smart card readers provide strong encryption with authentication, non-repudiation, and auditing capabilities in a compact form factor. Now available with enhanced algorithm support, the Rosetta Series II security device provides the strongest, most economical, future-proof protection available anywhere for sensitive data.

Rosetta Series II Smart Card		Rosetta Series II USB
The Rosetta Series II Smart Card is an ISO 7816-compliant public key, multi-application smart card. It features high-assurance security techniques to properly separate applications from crypto data, public key cryptographic techniques for industry-standard sign/verify operations, and advanced operating system and chip features.		Rosetta Series II USB is a reader-less smart card that can store authentication information, data, digital identity keys, and certificates. Rosetta USB has plug-and-play capability and moves with the user, providing a secure and encrypted vault for security information such as private keys, passwords and biometric templates.

A History of Proven Performance

The Rosetta Series II draws on over a decade of proven performance to provide the strongest possible security for such security-critical capabilities as PKI-based identity management, data security, data integrity, and non-repudiation - all in a compact, rugged, tamper-evident hardware case. When used with the companion Rosetta CSI software, Rosetta Series II security devices provide support for standard application interfaces that use the Microsoft® Windows® Cryptographic API (CAPI) Cryptographic Service Provider (CSP), the Windows PC/SC smart card logon protocol, and the standard PKCS #11 interface used by some Web applications. Windows WHQL-certified drivers are available for Windows 2000, Windows Server 2003, Windows XP, and Windows Vista.

Algorithm Support for the Future

SPYRUS is committed to keeping the Rosetta Series II smart card and USB security devices well ahead of the rest of the industry as cryptographic requirements change and evolve. As our customers require new algorithms and increased key lengths, SPYRUS now supports algorithms to include 2048-bit RSA, AES-128/192/256, and SHA-1/224/256/384/512 key lengths advocated by industry and the U.S. Government.

The Rosetta Series II is designed to support elliptic curve cryptography (ECC) using the high-strength P-256, P-384, and P-521 curves defined for use by the U.S. Government. The ECDSA digital signature standard and the ECMQV and EC Diffie-Hellman key establishment schemes are supported in accordance with NIST SP 800-56 Key Establishment Guidelines.

Enhanced Random Number and Key Generation Security

The Rosetta Series II smart card and USB use the latest approaches to random number and key generation as recommended by the U. S. Government. A true hardware-based RNG is extensively filtered, tested, and then used to seed an approved high-strength, hash-based algorithm. RSA keys are generated in accordance with the latest X9.31 specification, as required for FIPS 140-2 Level 3 certification. Particular care is taken with ECC operations to avoid possible side-channel attacks.

SPYRUS Card Operating System (SPYCOS®)

SPYCOS is a SPYRUS-developed secure operating system featuring high-assurance security techniques to properly isolate applications and application data, public key cryptographic techniques for industry standard sign/verify operations, and advanced operating system and chip features. SPYCOS design advantages include ISO 7816-1, 2, 3, 4 compliance and full support for the T=0 protocols. The SPYCOS file system is based on a flexible kernel-based EEPROM memory manager that provides dynamic non-volatile memory allocation. This feature allows the deletion of applications and the reuse of space, which significantly affects life cycle costs and application planning through the extensibility and flexibility of the application space.

Tamper-Proof Security

The Rosetta Series II family features a highly tamper-resistant and tamper-evident design. The cryptographic boundary is the chip itself, so that it can be embedded in other products for specialized applications. Rosetta Series II smart card and USB security devices never store the PIN on the device. The PIN is used to derive a decryption key used for validation. All private data on the card, including the keys, is stored in encrypted form using a variation of the PIN.

Applications

The design of the Rosetta Series II smart card and USB security devices provides a high-assurance security platform for application development and support:

• Secure Document Transmission and Retention: Including high-strength encryption and digital signatures for applications such as secure e-mail.
• Non-repudiation applications: Digital signature private keys, once generated or loaded onto a Rosetta Series II smart card or USB, can never be exported or extracted from that device. Unique PINs can be assigned for non-repudiation use, as opposed to encryption or authentication keys, to prevent confusion. Encryption keys can be securely archived onto another physical token or onto a virtual token that uses secret-sharing techniques for adequate key backup.
• Electronic Notary: Digitally sign legal documents, including forensic evidence and audit logs, for uses such as Sarbanes-Oxley compliance.
• Single Sign-On: Using Windows smart card logon, sign on to the network, Active Directory, and legacy applications. VPN and SSL/TLS mutual authentication applications are supported.
• Secure Master Key Storage: Supports applications that use software encryption for file/disk encryption and high-speed streaming media while maintaining the master keys in a secure token. This provides cost-effective, high-security protection against the theft or surreptitious cloning of the entire file system of a client or server, including backup files and archives. SSL and EFS private keys can also be protected.
• Code Signing: Supports digitally signed executable code, macros, and other assemblies. Compatible with Windows .NET Security Framework applications.
• Microsoft Windows Compatibility: Rosetta Series II smart card and USB security devices, when used in combination with the Rosetta Common Services Interface (Rosetta CSI) software, provide a flexible, highly secure interface with Microsoft Windows applications. The Rosetta Series II security devices are fully supported by the SPYRUS Signal Identity Manager (Signal IM), which complements the Microsoft Windows Server 2003 Certificate Services with extended Registration Authority capabilities.
• Security In A Box®: Rosetta Series II smart card and USB security devices are also available packaged with Security In A Box software, providing an easy-to-use, self-administered system for using cryptographic tokens in the small office or home environment. Security In A Box enhances smart card logon by protecting the logon password on the Rosetta Series II security device with a Personal Identification Number (PIN) required for access. A file encryption utility provides file encryption using AES-256 encryption on the Rosetta Series II security device for the private keys. SSL mutual authentication is supported for user name and password authentication to banking and other important Web applications.

Cryptographic Functions

Rosetta Series II smart card and USB security devices are based on a versatile, algorithm-agile platform that supports secure storage of private keys and certificates and the following cryptographic functions on the device:

• Anti-Tearing File Management: This feature prevents inappropriate termination of a transaction on the card due to early removal from the reader or power loss. Upon the next use of the card the transaction is completed. This can be viewed as a "fail-safe" mechanism.
• Data Firewalling: This provides the ability to separate one user's data from another.
• Dynamic Memory Allocation: The SPYCOS File Allocation Table file system ensures that data files do not need contiguous sectors and that deleted file space can be reclaimed and reallocated as needed. This provides the ability to add and remove multiple certificates as required. High Storage Capacity: Designed to hold over 20+ of X.509 version 3 certificates, depending upon certificate size and EEPROM.
• Secure PIN-Based Key Protection: Multiple-level PIN protection for keys and data stored on the card.
• Secure Firmware Update: This allows additional features to be added to the token, or conversely, features to be removed from the token. The firmware update is validated by the security device prior to acceptance.

Biometric Authentication

Rosetta Series II security devices support applications for biometric authentication to individual keys or classes of keys. The use of multiple and/or alternate fingers is also supported. Adding a biometric authentication factor is a powerful way to enforce non-repudiation.

•    

   
  

  Place an ORDER	Request Evaluation Unit
  CLICK HERE	CLICK HERE

  ***Update:

   

  Department of Defense modifies 14-month ban on use of removable flash media for approved devices. Secured By SPYRUS™ devices are approved.

  What Secured by SPYRUS™ means to you:

  • FIPS 140-2 Level 2 or Level 3 validated epoxy-sealed crypto boundary protects vital security functions
  • Cryptographic implementation meets FIPS 140-2/FIPS PUB 197, and NIST SP 800-38E
  • Hardware-based AES 256-bit encryption in XTS, CBC, and/or CTR modes
  • Random number generator meets NIST SP 800-90 and FIPS 140-2 standards
  • Passwords can be configured to require minimum length and a mix of uppercase, lowercase, numeric, and special characters
  • All suite B algorithms are supported, over and above AES 256
  • Firmware updates are digitally signed using Suite B SHA-384 and ECDSA P-384

   

  Additional Resources: Check out the features of Secured by SPYRUS™ USB encryption devices - Compare Here For More Information on Autonomic's GSA SmartBUY DAR BPA, go to - DAR ESI-SmartBUY BPA Overview SPYRUS® devices safe against recent hacks - SPYRUS USB Encryption Drives Invulnerable to Hacks Circulated in Recent Reports

   

  Autonomic Resources DARTT Approved USB Flash Devices and Media for the Joint Task Force - Global Network Operations (USCYBERCOM) CTO

   

  Autonomic Resources has teamed with SPYRUS® to offer a high-quality selection of DARTT approved USB flash drives. The SPYRUS® Hydra Privacy Card® (Hydra PC™) Series II of flash drives are multifunctional security devices that combine the features of a USB security token and portable storage drive with hardware-based encryption using the strongest cryptographic algorithms and key lengths commercially available today.

  Algorithms used exceed the Suite B standards approved by the U.S. Government to protect both unclassified and classified information through the TOP SECRET level. Supported algorithms include:

  • AES 128/192/256
  • ECC p-256/384/521
  • SHA-224/256/384/512
  • 3DES
  • SHA-1
  • RSA

   

  We currently offer the following DAR USCYBERCOM approved products:

  Kingston Digital DataTraveler 5000 - DT5000

  The DataTraveler 5000 utilizes patented Secured by SPYRUS™ technology which supports hardware-based 256-bit XTS-AES data encryption and Suite B elliptic curve cryptography. The National Security Agency (NSA) Suite B algorithms were specifically selected and approved by the U.S. government and the Department of Defense (DoD) for use in multinational data sharing environments including both classified and unclassified applications. XTS-AES is a block cipher encryption mode that is much stronger than the more common CBC and ECB cipher modes used to secure data on other USB Flash drives. The DataTraveler 5000 uses patented technologies for key management and key encryption operations to shield cryptographic processing from electronic eavesdropping.

  
  

  	Product	Quantity to 999
  Kingston Data Traveler 5000 USB Flash Drive	DT5000/2GB	$  80.40
  	DT5000/4GB	$  98.78
  	DT5000/8GB	$121.75
  	DT5000/16GB	$212.49

  
  

  Hydra PC Digital Attaché 

  The Hydra Privacy Card® (Hydra PC™) Series II Digital Attaché introduces the first portable hardware-based device with full disk encryption for removable media, encrypted media sharing, and flexible storage options. These new features enhance the functionality of the popular Hydra PC Enterprise Edition to take secure data protection to the edge, and beyond. Hydra PC Digital Attaché provides hardware-based, sector-by-sector full disk encryption to the removeable miniSD/microSD or miniSDHC/microSDHC memory card. This means that all data on the card, including file names and other metadata, are encrypted at all times. Files can also be encrypted on a file-by-file basis by the Hydra PC Digital Attaché and then stored on the full disk encryption protected memory card for a double layer of hardware-based encryption protection.

  Product	Order Quantity		SmartBUY Price
  Hydra Privacy Card (Hydra PC) Digital Attaché© Model Number: HPC331F	1	4,999	$148.22
  	5,000	and up	$140.21

  **These are our standard DAR prices. Custom order levels and promotions exist from time to time and will be communicated with customers as appropriate.**

  Hydra PC Digital Attaché /w McAfee Virus Protection

  Hydra PC ViP combines the hardware-based encryption protection of the Hydra PC Digital Attaché with the powerful McAfee antivirus protection provided by Hydra PC Sentry A-V software. Now the strongest USB encryption drives commercially available also offer the security of malware and spyware protection. Hydra PC Sentry A-V scans each Hydra PC file-by-file encryption and decryption operation for known viruses. Virus definition libraries are frequently updated, so even if a file is contaminated by a new virus when encrypted, the virus is likely to be known and detected when the file is decrypted. Users can configure options for updating malware definition files and for handling any viruses, malware, or spyware detected.

  Product	Order Quantity		SmartBUY Price
  Hydra Privacy Card (Hydra PC) Digital Attaché© with McAfee Virus Protection Model Number: HSA2331F	1	4,999	$164.25
  	5,000	and up	$156.24

  **These are our standard DAR prices. Custom order levels and promotions exist from time to time and will be communicated with customers as appropriate.**

  Hydra PC Recovery Agent

  The Hydra PC  Recovery Agent can decrypt files even if the encrypting Hydra PC is lost, stolen, or destroyed.

  Product	Order Quantity		SmartBUY Price
  Hydra Privacy Card Recovery Agent© Model Number: HPC221	1	and up	$165.97

  **These are our standard DAR prices. Custom order levels and promotions exist from time to time and will be communicated with customers as appropriate.**

  Hydra PC Personal Encryption Device

  The Hydra Privacy Card® (Hydra PC™) Series II Personal Encryption Device is a FIPS 140-2 Level 3-validated multifunctional security device that combines the features of a USB security token and portable storage drive with the strongest encryption technology commercially available. Secure hardware-based encryption sets Hydra PC apart from other file encryption solutions. The on-board file encryptor uses algorithms specified in the U. S. Government's Suite B standard, including AES, ECC, and SHA-2. The Hydra PC Personal Encryption Device stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. You can also store encrypted files on your computer's hard drive or any portable storage drive. Hydra Personal Encryption Device HPC311F                                                                                                      

  Is Approved to protect Tactical Data at the SECRET Level and below when used with the approved operational security doctrine.

  Product	Order Quantity		SmartBUY Price
  Hydra PC Personal Encryption Device w/microSD memory: HPC311F	1	4,999	$220.33
  	5,000	and up	$184.28

  **These are our standard DAR prices. Custom order levels and promotions exist from time to time and will be communicated with customers as appropriate.**

  Hydra PC Personal Encryption Device ViP anti-virus package

  Hydra PC Personal Encryption Drive ViP combines the hardware-based encryption protection of the Hydra PC Personal Encryption Drive with the powerful McAfee antivirus protection provided by Hydra PC Sentry A-V software. Now the strongest USB encryption drives commercially available also offer the security of malware and spyware protection. Hydra PC Sentry A-V scans each Hydra PC file-by-file encryption and decryption operation for known viruses. Virus definition libraries are frequently updated, so even if a file is contaminated by a new virus when encrypted, the virus is likely to be known and detected when the file is decrypted. Users can configure options for updating malware definition files and for handling any viruses, malware, or spyware detected.                                                                                                  

  Is Approved to protect Tactical Data at the SECRET Level and below when used with the approved operational security doctrine.

  Product	Order Quantity		SmartBUY Price
  Hydra PC Personal Encryption Device w/microSD memory and ViP anti-virus package: HSA2111F	1	4,999	$236.36
  	5,000	and up	$200.30

  **These are our standard DAR prices. Custom order levels and promotions exist from time to time and will be communicated with customers as appropriate.**

  Ordering and Pricing

  • DAR BPA Ordering Guide - Terms and Conditions
    
  • DAR BPA Ordering Guide - Licensing
  • DAR BPA Pricing Information  

  
   
  

  Place an ORDER	Request Evaluation Unit
  CLICK HERE	CLICK HERE

  
  

   

UPDATE - SPYRUS USB Encryption Drives Invulnerable to Hacks Circulated in Recent Reports

The Hydra Privacy Card® (Hydra PC™) Series II is a unique, multifunctional security device that combines the features of a USB security token and portable storage drive with hardware-based encryption using the strongest cryptographic algorithms and key lengths commercially available today. Algorithms used exceed the Suite B standards approved by the U.S. Government to protect both unclassified and classified information through the TOP SECRET level. Supported algorithms include AES 128/192/256, ECC p-256/384/521, and SHA-224/256/384/512, as well as 3DES, SHA-1, and RSA legacy algorithms.

Secure hardware-based encryption sets Hydra PC apart from other file encryption solutions.

Hydra Privacy Card Series II (Hydra PC) is available in in three versions:

Hydra PC Digital Attache

The Hydra PC Digital Attaché© introduces the first portable hardware-based device with full disk encryption for removable media, encrypted media sharing, and flexible storage options. Hydra PC Digital Attache© also includes all features of the Hydra PC Enterprise Edition.

Hydra PC Digital Attaché© is also available in a Hydra PC Virus Protected ViP Package, which includes antivirus protection.

Hydra PC Enterprise Edition

Hydra PC Enterprise Edition contains features supporting large organizations, such as encrypted file sharing, enterprise-wide software installation, and central device management. It is the only hardware-based USB encryption device approved under the U.S. Department of Defense/GSA SmartBUY Data at Rest Program.

Hydra PC Enterprise Edition is also available in a Hydra PC Virus Protected ViP Package, which includes antivirus protection.

Hydra PC Personal Encryption Device

The Hydra PC Personal Encryption Device is a cost-effective solution for smaller organizations that do not require encrypted file sharing and enterprise network management features. It is also an excellent choice for controlled environments requiring extra data security.

Hydra PC Personal Encryption Device is also available in a Hydra PC Virus Protected ViP Package, which includes antivirus protection.

SPYRUS offers a variety of ID management and public key infrastructure (PKI) products tailored to your organization's requirements, size, and budget. All solutions include support for the latest cryptographic algorithms.

MySafeID Certification Authority (CA)

MySafeID CA is a cost-effective, high-assurance certification authority for small to medium size enterprises. It provides a hardware-based chain of trust for encryption, digital signatures, and authentication in closed communities where a defined chain of trust is required but global certification revocation status validation is not mandatory. Includes a LYNKS Series II HSM.

Signal Identity Manager

Signal Identity Manager provides a complete range of identity management, security policy, and security device management functions for enterprises of all sizes. It is fully integrated with Microsoft Windows Server 2003 Certificate Services and Active Directory.

SPYRUS PKI System

SPYRUS PKI System is a complete public key infrastructure solution for managing the digital certificate lifecycle. It is fully customizable to fit the security policy and business rules of your organization and can be scaled for large or small enterprises.

The LYNKS Series II Hardware Security Module (HSM) family offers a high security solution for client, server and embedded security applications. The LYNKS Series II HSM, with upgraded flash memory and FPGA capabilities, supports the new, stronger, and faster Suite B algorithms, including elliptic curve cryptography with ECMQV key establishment, AES, and the SHA-2 algorithms. Available with either PCMCIA or stackable USB interfaces, the new LYNKS Series II HSM provides the strongest, most economical, future-proof protection for valuable data available anywhere.

The LYNKS Series II HSM draws on a legacy of proven performance with the SPYRUS FORTEZZA Crypto Card to provide security-critical capabilities for PKI-based identity management, data security, data integrity and non-repudiation. When used in conjunction with SPYRUS Rosetta CSI Software, the LYNKS HSM provides support for standard cryptographic application interfaces such as the Microsoft® Windows® Cryptographic API and the PKCS #11 interface. Custom application integration is enabled through the SPYRUS developer toolkits.

The LYNKS Series II HSM incorporates the very latest in cryptographic algorithms. SPYRUS has received the first patent license for elliptic curve cryptography to be issued by the National Security Agency (NSA) under the terms of the NSA Field of Use patent license. The license covers a total of 26 individual U.S., Canadian, and European patents and patent applications. The Field of Use includes elliptic curve cryptography in the prime field GF(p), using 256-bit or longer keys in implementations that are FIPS 140-2 certified, among other requirements. The typical applications are those that involve federal, state, and local governments, including interoperation with foreign governments.

SPYRUS is the first company under this license to incorporate this patented technology in all of its product lines, including the LYNKS Series II HSM, the Rosetta Series II smart card and USB token, Rosetta CSI Software, Security In A Box, and the Signal Identity Manager.

The LYNKS Series II HSM goes beyond the Suite B algorithms, and includes elliptic curve cryptography (ECC) using the highest-strength P-256, P-384, and P-521 curves defined for use by the U.S. Government. The P-521 keys are equivalent to a 15,360-bit RSA key in strength, but the ECC operations are much faster than RSA. The ECDSA digital signature standard and the ECMQV and EC Diffie-Hellman key establishment schemes will be supported in accordance with NIST SP 800-56 Key Establishment Guidelines. The AES-128/194/256 symmetric key algorithms are supported, along with the SHA-224/256/384/512 hash functions. In addition, the LYNKS Series II HSM supports the complete FORTEZZA suite of algorithms, along with RSA-1024/2048 and triple-DES. The RSA key generation complies with the stringent X9.31 specification.

Features and Benefits

• Tamper-Proof Security - The LYNKS HSM features either an ultrasonically welded or an over molded case for tamper evidence.
• Future-Proof Design - The LYNKS Series II HSM is designed to be extensible and future-proof. High-speed FPGAs are used to maximize performance, and custom algorithms and/or features, potentially including classified algorithms, can be added through a trusted firmware update process.

Applications

• Certificate and Registration Authorities - The LYNKS CA HSM provides secure off-line storage of a Root Certificate Authority private key, including Microsoft Windows Certificate Services in Windows 2000 and Windows Server 2003 Enterprise Edition. The LYNKS CA HSM uses the unique master key stored in the cryptographic engine to encrypt private data and private keys, making it almost impossible to attack. The LYNKS RA HSM fully supports the SPYRUS Signal Identity Manager - which complements the Windows Server 2003 Certificate Services by adding Registration Authority (RA) support, secure key generation, HSM-based key archiving and recovery, token management and auditing capabilities.
• Secure Document Retention - High-strength encryption and digital signatures for technical non-repudiation.
• Electronic Notary - Digitally sign legal documents, including forensic evidence.
• Code Signing - For executable code and macros. Is compatible with Windows .NET Security Framework.
• Secure Master Key Storage - Supports applications that use software encryption for high-speed file encryption and streaming media, while still maintaining the master keys in a secure HSM. This can protect against the theft or surreptitious cloning of a server file system, including backup or archived files. In this way, SSL private keys and secure disk encryption applications can also be protected.
• Trusted, Auditable Time Stamp (custom option) - Documents and transactions can be securely time stamped using the on-board time-of-epoch clock and a trusted timestamp key used only for this purpose. The time-of-epoch clock within the cryptographic enclosure can never be altered, but it allows calibration against primary standards, with the digitally signed results recorded for a precise, auditable UTC time.

Specifications

Cryptographic Algorithms	ECDSA 256, 384, 521 key generation, sign and verify operations ECMQV 256,384,521 key establishment methods EC Diffie-Hellman 256,384,521 key establishment methods SA 1024/2048 X9.31 key generation; 512/1024/2048 sign & decrypt R SHA-1 and SHA-224/256/394/512 hash algorithms AES-128/192/256 ECB, CBC, Counter mode, and AES key wrap DES, two & three-key triple-DES with ECB, CBC DSA 1024 KEA key exchange: 1024-bit exchanges with 80-bit SKIPJACK keys SKIPJACK 80-bit key
Interfaces	PCMCIA 2.1 Compliant USB 1.1 Compliant & USB 2.0 Compatible
Security Certifications	Designed for FIPS 140-2 Level 3 validation
Electrical	Operating voltage: Vcc = 5VDC ± 5% Power consumption: <1 W average Lithium battery Environmental Operating temperature: 0°C to 55°C Storage temperature: -20°C to 65°C Humidity: 90%, non-condensing PCMCIA 2.1 specifications for vibration, shock, bending, torque & drop
Standards Compliance	Microsoft WHQL certified drivers Microsoft CryptoAPI, PKCS #11 Interoperability FIPS PUB 186 Digital Signature Standard, FIPS PUB 185 SKIPJACK, FIPS PUB 180-2 Secure Hash Algorithm, FIPS PUB 46 DES Standard, FIPS PUB 197 AES standard FCC part 15, subpart J, class B certified

Model Numbers

As a leader in smart card reader development and deployment, SPYRUS delivers a smart card reader family offering high performance at a low cost. The SPYRUS Personal Access Reader 2 (PAR 2) is a unique, portable smart card reader with patented designs that provides secure conditional access to applications while connected to a PC or as a battery-operated, standalone device. This unique smart card reader is programmable and supports multiple applications using patent-pending technology. The PAR 2 can be programmed to support VISA Cash, Proton, Mondex, and other electronic-cash payment applications, as well as loyalty and security applications such as challenge response, one-time password, and electronic voting applications. It can be reloaded with new standalone mode applications at any time, and is upgraded easily and cost-effectively. It includes a built-in real-time clock function to support time-based applications. Customers can quickly develop their own applications for the PAR 2 with the PAR 2 software development kit.

The PAR MiniUSB is a convenient, portable reader that uses standard CCID drivers. Its high-speed USB 2.0 interface is USB 1.1 compliant. The PAR MiniUSB reader can be used with standard smart cards or PIV/CAC cards, and there is an optional adapter for SIM/SAM cards.

Click one of the following images for more details:

PAR MiniUSB Reader		Personal Access Reader 2
The PAR MiniUSB reader is a compact, high-speed reader for all smart cards, including Subscriber Identity Module (SIM) cards, Personal Identification Verification (PIV) cards, and Common Access Cards (CAC).		The PAR 2 is a compact, portable smart card reader that can be used both in standalone mode and in PC/SC mode connected to a personal computer. Only slightly larger than a smart card itself, the unique reader fits easily into a purse or pocket for standalone uses such as e-cash balance checking and calculator.

(Replaces Rosetta CSI)

En-Sign utilities manage security devices and digital certificates. It integrates the Hydra Privacy Card® (Hydra PC™), Rosetta^® Smart Card and USB, LYNKS Series II Hardware Security Module (HSM), and the Department of Defense Common Access Card (CAC) security devices with certificate-enabled applications such as smart card logon, e-mail digital signature and encryption, Virtual Private Network, and SSL authentication.

You can install En-Sign directly on a single PC or use Group Policy to install it remotely to an entire enterprise. The console-based interface is user friendly and includes built-in help. Users can perform many simple management tasks without assistance from system administrators. Organizations of any size can easily manage digital certificates and security device Personal Identification Numbers (PINs).

The En-Sign Configuration Console makes security device PIN and certificate management quick and easy.
Features

• Easy local or remote installation.
• Simple console interface manages security device PIN, certificates, local policies, and device connections.
• Supports high-assurance cryptographic algorithms for Advanced Encryption Service (AES), Secure Hash Algorithm-2 (SHA-2), and Elliptic Curve Cryptography (ECC), including the U.S. Government Suite B standard.
• Implements two-factor (PIN and security device) authentication for certificate access.
• Compatible with Microsoft Outlook, Outlook Express, and Internet Explorer. A PKCS #11 plug-in is included to support Mozilla and Firefox browsers, Thunderbird and other email applications.
• Supported for Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows 2000, Windows XP, and Windows Vista.
• Versions supporting Personal ID Verification (PIV) cards and U.S. Dept. of Defense Common Access Card (CAC) are available.

Cryptographic Security Package for Embedded Applications

Uniquely designed for embedded cryptographic applications, the Rosetta Micro Series II supports the strongest commercially available cryptographic algorithms, including elliptic curve cryptography with AES, SHA-2 algorithms, and EC Diffie-Hellman and ECMQV key establishment. Legacy algorithms such as RSA and SHA-1 are also fully supported.

Rosetta Micro Series II is ideal for custom applications, and its compact size makes it the perfect choice for small devices such as computers, cell phones, PDAs, wired and wireless routers, point-of-sale and gaming terminals, set-top boxes, and industrial control devices.

The Rosetta Micro Series II package is only 5 mm by 6 mm. A U.S. dime looks huge in comparison.

Features

• Secure, standards-based random number and key generation technology.
• Capabilities such as anti-cloning can be added to meet specific requirements.
• Enables PKI-based digital certificate functionality such as smart card logon, e-mail digital signature and encryption, and authenticated Web browsing.
• Designed for FIPS 140-2 Level 2 and Level 3 validation.
• Compatible with Microsoft Windows 2000, XP, and Vista operating systems.

High-Assurance Micro Hardware Security Module in Secure Digital Media

The unique design of Rosetta SD/miniSD/microSD Series II combines Secure Digital (SD) technology with Public Key Infrastructure (PKI) technology in a standard SD, miniSD, or microSD form factor. Rosetta SD/miniSD/microSD Series II is well suited for both embedded solutions and enterprise solutions. Rosetta SD/miniSD/microSD supports the strongest cryptographic algorithms and key lengths commercially available, exceeding the Suite B algorithms and key length recommendations approved by the U.S. Government to protect both unclassified information and classified information though the TOP SECRET level.

Rosetta SD/miniSD/microSD Series II is ideally suited for both custom and mass-market products, including computers, cell phones, and PDAs that require small size, low power, and high security. It can be released and exported under license exception ENC.

High Assurance by Design

The Rosetta SD/miniSD/microSD Series II uses the Infineon SLE66CX642P security controller chip running the SPYRUS Card Operating System (SPYCOS®). The chip and SPYCOS operating system are the same as those embedded in the SPYRUS Rosetta Series II Smart Card and USB security devices and the SPYRUS Hydra Privacy Card® Series II.

Rosetta SD/miniSD/microSD Series II provides extensive protection against active and passive attacks. The multi-layer chip design includes an active shield and randomized memory layout to prevent physical tampering. Rosetta SD/miniSD/microSD Series II includes hardware countermeasures against side-channel attacks such as timing analysis, simple and differential power analyses, and differential fault analysis. SPYCOS provides additional algorithmic defenses against side-channel attacks. Rosetta SD/miniSD/microSD Series II is invulnerable to Branch Prediction Analysis attacks that can affect PC-based software cryptography.

When any health or status indicator (such as light, voltage, or glitch sensors) is triggered, Rosetta SD/miniSD/microSD Series II zeroizes RAM and requires a hard chip reset. As a safety measure against accidental triggers, keys and variables stored in EEPROM remain intact in these cases.

Private keys and critical security parameters are encrypted and stored on the chip, well protected against exotic chip-peeling and electron microscope attacks.

Hardware-enforced delays and key zeroizing prevent PIN-guessing attacks. Rosetta SD/miniSD/microSD Series II encrypts all elements stored in EEPROM during user logoff and power-down, protecting against the most sophisticated probing-type attacks.

SPYRUS has specialized in high-assurance, cost-effective security processors for over a decade, and all of this experience is packaged in a ready-to-roll form for integrators and OEMs.

High Assurance in Use

SPYCOS takes full advantage of the native hardware capabilities of the security controller chip to provide a high-assurance architecture and implementation suitable for the most sensitive applications.

The Rosetta SD/miniSD/microSD Series II includes a hardware random number generator, which SPYCOS uses to seed a high-entropy Deterministic Random Bit Generator (DRBG) that is suitable for even the strongest ECC P 521 keys.

Enhanced Encryption Support

Rosetta SD/miniSD/microSD Series II supports cryptographic algorithms that exceed the U.S. Government's Suite B standard for protecting classified information through the TOP SECRET level. These high-strength algorithms ensure data security for decades. Rosetta SD/miniSD/microSD Series II also supports legacy algorithms for backward compatibility with many existing applications. Rosetta SD/miniSD/microSD Series II enables legacy and advanced PKI-based digital certificate functionality such as smart card logon, e-mail digital signatures and encryption, and authenticated Web browsing. See the technical specifications for a complete list of supported cryptographic algorithms.

Advanced Features

• High-assurance protection for keys, digital IDs, and sensitive data.
• Strongest cryptographic algorithm support commercially available.
• Uses enhanced 8051 instruction set.
• Supports SD/IO interface standard.
• Unique serial number for each Rosetta SD/miniSD/microSD module.
• Approximately 32K of EEPROM available for X.509 certificates and data storage.
• Includes a hardware memory management and protection unit.
• Advanced random-number generation technology.
• Supports anti-cloning techniques
• Supports OATH algorithm for One Time Password (OTP) generation.
• Tamper-resistant design protects against physical attacks and reverse engineering of on-board applications and data.
•  Designed to support certification at FIPS 140-2 Level 2, Level 3, and even Level 4, depending on application requirements.
•  Compatible with Microsoft CryptoAPI and Cryptographic API: Next Generation, including support for Windows Vista; and with PKCS #11.