Replies to post #61693 on Wave Systems Corp. (fka WAVXQ)

[awk]

go-kitesurf: The Applet Developers Kit...


EMBASSY Applet Developers Kit

http://www.wave.com/technology/dev_faq.html


What is the EMBASSY Applet Developers Kit?

Wave's applet developer kit provides the software and hardware tools to create applications for the EMBASSY System. These applications can be applets that run within the EMBASSY or more likely a combination of an applet within the EMBASSY and a host application on the PC.


What is an Applet?

A small authenticated application that executes in a hidden and protected fashion within an EMBASSY device. When loaded into an EMBASSY device, it may utilize the secure memory, resources, and interfaces available. The applet in conjunction with software running on the host PC, can perform a multitude of tasks. Providing a whole host of system management, encryption/decryption, and authentication tasks.


How does developing applications using the EMBASSY differ from other security toolkits available?

There is a vast difference between developing applications utilizing the EMBASSY Toolkit and utilizing an API from a crypto or certificate company. The issue of secure processing vs hidden secrets makes the EMBASSY System unique. Most API's use a combination of standard system API's and shared secrets to insure the integrity of their security - all of which are exposed to the OS or Processor. The EMBASSY System uses an embedded EMBASSY chip to conduct the secure processing, storage of 'secrets', PKI processing and encrypted file storage. Utilizing the EMBASSY for these functions adds significant value to the application by insuring the OS and potential security holes are unaware of these functions being conducted. The EMBASSY chip can also carry out tasks on the PC platform without any help from the OS or host processor, such as pre-boot authorization.


What does the developer's kit include?

The developer's kit includes:
1. EMBASSY Applet development board with full I/O capabilities (Serial, Pinpad, Secure Display, USB, ISO7816) for applet execution and software debugging.
2. An ARM SDT 2.5.1 Development Suite
3. EMBASSY Host API
4. Sample applets
5. EMBASSY Server emulator
6. EMBASSY Applet creation wizard
7. Printed & Electronic Documentation



I don't know that much about programming for the ARM processor or much about security - how can I enable my application to work with EMBASSY?

Wave provides a special CSP (Cryptographic Service Provider) toolkit to allow application developers with little security knowledge to harden the security of their applications. Utilizing CryptoAPI, aka MSCAPI, developers can access the libraries of the EMBASSY to perform signing, hashing, and secure storage using simple calls. Information on CryptoAPI can be found on Microsoft's website here:


What does the EMBASSY CSP Kit include?

A special developer's kit for CryptoAPI contains:

1. EMBASSY Applet development board with full I/O capabilities (Serial, Pinpad, Secure Display, USB, ISO7816) for applet execution and software debugging.
2. A signed CryptoAPI CSP for the EMBASSY
3. Test implementations


How much do the Developer Kits cost?

For further ADK pricing information, please email developer@wavesys.com, or click here to enroll. The CSP Kit will be available in the first half of 2001.


What libraries are available in the EMBASSY Developers kits?

There are many different implementations of EMBASSY Devices, and each has its own unique set of resources that are made available to the Applets. During Applet Installation time, the resource requirements in the Applet header are validated against (a) the resources on the device, and (b) the Crypto vPAT established during registration

In V1.0, over 113 libraries are available, among these are:

RNG Memory Management
RSA - (up to 2048) Secure Time
SHA-1 Secure Storage Management
DES (ECB, CBC) Secure Input
3DES (ECB, CBC Inner, CBC Outer)
Secure LCD (2x16)



What language are applets written in?

Applets are developed utilizing ANSI C with an ARM C/C++ Compiler. The current version of the ADK supports the ARM SDT v2.51. Future versions of the Developer's kit may include support for other programming languages.

[rachelelise]

Go-kite

That memo was extremely well written. I'm trying to have it reviewed since it is one of the seminal pieces of the puzzle. When wave was developing all of this years ago, I was boith amazed and a little confused about all the pieces that needed to be made. A large portion of Wave's money went into building this but up till now its taken a back seat. Thus it looks like they wasted a lot of money on a chip which can become outdated quickly.

In fact last year Wave needed to push to even get the concept of an optional trust server in any PR because the other companies didn't want to make it seem complicated to potential customers. But that obscurity also probably helped keep out any competition. Suyr ethere will be lots of competition on the easy stuff but Wave's lead in these key areas may be far larrger than anyone realizes.

[awk]

go-kitesurf: Excellent post and to the point! /e

[Doma]

Kitesurf....this would have to be Embassy Trust System
tech...."Trustlets"......it's also the same Dr.Aaron
Ferguson as pointed out by Countryboy....

"Much of the research is funded by the National Security Agency (NSA) under the direction of the NSA Visiting Professor, Dr. Aaron J. Ferguson"

"We are very excited about this project and we believe it will give our cadets a first hand appreciation for the challenge of getting information securely into, out of, and across the Department of Defense's Global Information Grid," said Dr. Aaron Ferguson, Department of Defense Visiting Professor, Department of Electrical Engineering and Computer Science, United States Military Academy.

"The software and hardware provided by Wave supports the Department of Defense funded cadet Capstone project for secure information sharing," he said. "This software and hardware should allow the cadet team to develop a secure, smart card-enabled network enterprise prototype on a 'trusted' platform."

The USMA was recently re-designated by the National Security Agency as a Center of Academic Excellence in Information Assurance Education.

"The project prototype involves strongly authenticating authorized users of MSOffice(R) documents and data applications, allowing those users to process the documents using digital signatures and allowing users to access specific documents or portions of documents based on cryptographically-based role-based access controls," said Dr. Ferguson. "Cadets will be using the technology from Wave and TecSec to demonstrate interoperability with the U.S. government's Common Access Card. There is potential for broad application of these technologies in the existing military data security environment."

"Wave has invested heavily in Trusted Computing and Identity Management hardware and software solutions," said Brian Berger, Wave's executive vice president, marketing and sales. "We believe these technologies could play an important role in making government personal computers more trusted and secure while making the PC applications more secure and easy to manage. We look forward to participation in the project at West Point."

"The use of the Wave technology combined with TecSec's CKM products provide the project with powerful tools to accomplish their objectives," said John Petty, TecSec's Chairman and CEO.

CKM, short for Constructive Key Management, provides enforced access control and data management allowing users to control anything that can be named, from a character, page, image or sound in a document or form to a field in a database.

The approach of differentially encrypting data based on the need-to-know or need-to-share principle allows secure communication among groups of individuals with a variety of roles. Those individuals who have a legitimate need to view information have access to it, while others don't. More information on TecSec's CKM products and technology is available at www.tecsec.com.