Anti-tamper security solution for embedded devices Ubiquitous Securus Use secure hardware to prevent data leakage and tampering
Main functions
Encryption / decryption function
AES encryption and decryption function using a common key, and RSA encryption and decryption function using a public key. If the hardware has the corresponding function, use the hardware function. For hardware that does not have this function, use a software processing engine.
Hash function
Hash calculation function.
Message Authentication function
Hash-based message authentication function and Crypto-based message authentication function.
Signature generation / verification function
Signature generation / verification function using public key. If the hardware has the corresponding function, use the hardware function. In an environment that does not have the corresponding function, a software processing engine is used.
Secure Storage function
This function stores and uses confidential data such as device-specific digital certificates and encryption keys in a secure and appropriate encrypted form using secure hardware.
Content Protection function (Optional)
A function to securely local-encrypt stream data such as content data and continuously acquired sensor data. This locally encrypted data will be stored securely, so it is impossible to use it illegally even if it is leaked or wiretapped.
Key Pair Generation function
This function generates RSA key pairs and EC key pairs.
RSA key pairs support key lengths of 1024, 2048, 3072, and 4096 bits.
EC key pairs are compatible with NIST Curve P-192, P224, P-256, P384, P521.
EncryptKey function
A function that can designate key information that has been concealed (encrypted) in advance as key information to be used in a cryptographic function.
KeyBox function
A function that uses cryptographic key information that has been specified in the KeyBox and stored securely in advance in the cryptographic processing function. The encryption / decryption function can be used without the user application touching the actual data of the key. Encryption key information is specified by the name in the key box. It is also possible to specify a KeyBox as the key storage destination of the Key Pair Generation function.
Channel function
A function that allows the user of the cryptographic function to specify whether the processing of the cryptographic function is performed only by software, or if hardware is available, the hardware is given priority.
Supported cryptographic function
Public Key Cryptography | Signature | ECDSA | ○ |
RSASSA-PKCS#1-v1.5 (Sign) | ○ | ||
RSASSA-PKCS#1-v1.5 (Verify) | ○ | ||
RSASSA-PSS (Sign) | ○ | ||
RSASSA-PSS (Verify) | ○ | ||
Confidentiality | RSAES-OAEP | ○ | |
Common Key Cryptography | Block Cipher | AES [128,192,256] | ○ |
Crypt Usage Mode | CBC | ○ | |
CTR | ○ | ||
ECB | ○ | ||
Authenticated Cipher | GCM [128,192,256] | ○ | |
CCM [128,192,256] | ○ | ||
Hash | Hash Function | SHA-1 | ○ |
SHA-224 | ○ | ||
SHA-256 | ○ | ||
SHA-384 | ○ | ||
SHA-512 | ○ | ||
MD5 | ○ | ||
Message Authentication | Hash-based | HMAC_SHA1 | ○* |
HMAC-SHA224 | ○* | ||
HMAC_SHA256 | ○ | ||
HMAC-SHA384 | ○* | ||
HMAC-SHA512 | ○* | ||
HMAC_MD5 | ○* | ||
Crypto-based | CMAC [128,192,256] | ○ |
* : It will be supported in a future release.