1. Field of the Invention
The present invention relates, generally, to electronic cryptographic module interfaces, and more particularly to cryptographic module interfaces, which enhance security through the use of non-physical contact interfaces.
2. Description of Related Art
Transactions involving electronic systems are becoming increasingly more commonplace. Transactions involving money transfers, automated teller machines, and purchases over the Internet, and all manner of data processing are becoming pervasive and commonplace. Because the volume of electronic transactions of every type are ever increasing, there is more opportunity for fraud and unauthorized transfers to occur, and so it has become increasingly important to protect electronic systems from unauthorized access. A popular method of preventing unauthorized access of data processing systems is to employ the use of cryptographic modules. Cryptographic modules are electronic subsystems that provide cryptographic services for data processing applications. These services include, but are not limited to, encryption, decryption, authentication, certificate storage, cash value storage, and access control operations. Cryptographic modules are commonly either embedded in a host system or interfaced externally to a host system. The host system being the system that controls and/or passes data to or from the cryptographic module. The host system may be a desktop computer, portable computer, server, or any other processing equipment.
There are several different forms of cryptographic modules of differing size, power, and weight. All forms of cryptographic modules perform cryptographic services, but may differ markedly in their physical hardware appearances and in the applications in which they are present.
One type of cryptographic module is sometimes referred to as a cryptographic token. Cryptographic tokens comprise cryptographic security devices, which provide client services for host applications. Cryptographic tokens are commonly personal devices that are carried by their owner. When required, connecting the token to a host system accesses the token's services. Examples of tokens include Smart Cards, PC Card tokens (such as those using PCMCIA and CardBus), and USB tokens. Cryptographic tokens commonly plug into connections on the host system and can be freely installed or removed from the host system, but may also be coupled to a host system by non contact methods such as radio frequency (RF) coupling.
Another type of cryptographic module is the cryptographic plug-in circuit card. Cryptographic plug-in cards are installed into a host system and provide cryptographic services for the host system. Cryptographic plug-in cards commonly interface to the system on its local (internal) interface bus and are normally installed in the host system where the host interface is not externally accessible. Examples of cryptographic plug-in cards include ISA interface bus cards and PCI interface bus plug-in cards. Cryptographic plug-in cards may contain other peripheral interface functions such as Ethernet, SCSI, ADSL, RS-232, fire-wire, and others. Plug-in cards, generally, are intended to remain in the system over its life cycle and often require some disassembly of the host system to replace it.
Yet another type of cryptographic module is the stand-alone cryptographic module. Stand-alone cryptographic modules are commonly externally connected to the host system. Examples of stand-alone cryptographic modules include peripheral communications devices such as analog modems, digital modems, ADSL, Ethernet, fire-wire, external storage devices, RS-232, satellite terminals, and other forms of cryptographic security equipment.
Still another type of cryptographic module is the embeddable cryptographic module. Embeddable cryptographic modules are commonly assemblies and/or microcircuits that are integrated directly into a host system by incorporating them on a printed wiring board (PWB) or by connecting the cryptographic module to a PWB or processor in the host system. Embeddable modules are usually not accessible from the outside of the host system and often require disassembly of the host system to replace the embeddable module.
Cryptographic modules have at least one interface to their host system. This interface may transfer encrypted and decrypted data, configuration/initialization information, application software, cryptographic software and keys, control and status information as well as other information.
For security purposes, many cryptographic systems provide a separate data interface for the transfer of cryptographic information into the cryptographic module. This type of interface may be referred to as a Cryptographic Load Interface (CFI). The CFI is primarily used to transfer cryptographic information (such as private keys, certificates, and cryptographic software) securely into a cryptographic module, but can be used to transfer any type of information (such as application software updates) into the cryptographic module. Commonly CFI interfaces are receive only and do not output any data. The cryptographic load interface can be a variety of different types of transmitting units, for example radio, optical and magnetic, which are suitable to transmit cryptographic data.
One problem exhibited by conventional cryptographic interface implementations is that of physical concealment. Conventional electrical designs often require a metallic, hardware connector (pins or receptacles) for a host interface and/or CFI. Such connectors may be visible from the outside of the cryptographic module and can reveal a possible physical entry point into the cryptographic boundary of the host system, which can expose an avenue for extracting and compromising private information within the module. Efforts have been made to reduce the accessibility of the connector through conventional means, such as compartment doors or covers. Such concealment efforts however only reduce the visibility of the data port but fail to completely conceal it.
A second problem exhibited by conventional cryptographic interface implementations is that of susceptibility to cryptographic monitoring by electronic eavesdropping means. Conventional Input/Output (I/O) ports have physical pins that can be monitored for conductive and/or electromagnetic radiation thereby giving rise to the possibility of monitoring and deciphering critical information. The susceptibility of an interface to data monitoring depends on several factors related to the physical and mechanical implementation of the interface such as, connector, and cable shielding. Furthermore, it may be possible to induce a stimulus at an I/O interface and cause an internal failure within the module. An internal failure within the module may cause a denial of cryptographic services and can be as problematic as the unauthorized extraction of information. There is also a possibility that the module, through error, internal failure or otherwise may inadvertently output protected information.
A third problem exhibited by conventional cryptographic interface implementations is that of susceptibility to interference. Conventional I/O ports can be susceptible to electromagnetic interference (EMI) or direct voltage induced into its connector and/or cabling. This may affect the modules' performance and may even defeat its security measures.
A fourth problem exhibited by conventional cryptographic interface implementations is that of susceptibility to the environment. Conventional I/O ports can be sensitive to extreme environmental conditions such as high temperature, radiation, and humidity that may damage or render the module's interface inoperable.
A fifth problem exhibited by conventional cryptographic interface implementations is that of cryptographic manufacturing requirements. Cryptographic security specifications may require complete physical tamper protection to be built around the module. The physical connectors often requires special designs that complicate and increase the cost of the installation and/or manufacturing of these tamper countermeasures.
A sixth problem exhibited by conventional cryptographic interface implementations is that of cryptographic field maintenance requirements. Cryptographic modules can require periodic maintenance based on their host system's security policy. At the end of a cryptographic period (which can range from days to years), the cryptographic module may need to be rekeyed to support further use. If a CFI is implemented, it may need to be accessible to load cryptographic parameters into the cryptographic module. If it is not accessible, then the host system may have to be disassembled to get to the CFI. Commonly, the cryptographic module is simply removed from the host and replaced. This replacement process can be inconvenient and can increase the overall life cycle costs of the system.