ESS-07: Virtual Security Module
Software developers dealing with keys and other secrets often rely on basic protection of these values through simplistic mechanisms such as folder permissions. This leaves these credentials open to an easy hack. In some cases, secrets may have enough value (such as an RSA or ECC private key for e-commerce) that an expensive hardware security module (HSM) needs to be employed. For many applications however, a well-constructed software system designed to hide keys and secrets can be a cost-effective solution. Elliptic offers this capability through the ESS-07: Virtual Security Module (VSM).
Ellipsys-VSM is part of the Ellipsys Trust Framework which is Elliptic’s solution to help device manufactures and system providers protect their product from tampering, cloning, and other threats.
Ellipsys-VSM is a Virtual Security Module (VSM) that offers software based cryptographic services, similar to a Hardware Security Module (HSM), to support a range of solutions for digital identity and transactional security applications. It is a “software smart card” used to secure embedded secrets in software systems and has the capability to manage and protect sensitive information such as keys and credentials for system applications executing on embedded platforms.
Ellipsys-VSM supports a wide range of protected key management services such as secure key generation, storage, archiving, cloning, and secure migration of key material. The solution optionally provides acceleration for public-key operations via Elliptic (CLP-300: Public Key Accelerator) or third party hardware offload engines.
- Management and protection of sensitive information like keys and certificates
- Secure generation, storage , archiving, cloning and migration of key material
- Highly configurable and flexible architecture
- Supports industry standards and protocols
- Support for hardware acceleration and CPU offload
- Linux and ANSI-C based Builds on generic ARM, PPC, X86 platforms
- Highly configurable, flexible and reliable
- NIST CAVP Certified
- Optimized for size and performance
- GPL-Free Code
- Platform/OS agnostic
- Significantly reduces development cycles
- Optional support for hardware acceleration and offload for embedded processors
- Anti-cloning and anti-counterfeiting
- Key exchange (IPsec IKE)
- Product Brief: ESS-07 Virtual Security Module
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.