SlingSecure, is proud to offer our one-of-a-kind device for data protection and for sending encrypted e-mail for the following reasons:
The encryption for the protection is done entirely via hardware and not via the usual software you are running on your computer (in an unprotected environment).
The coding system is attack proof and saves the data on a removable MicroSD memory card.
The device comes in the form of a normal USB stick which can be inserted into any computer / OS (e.g. Windows XP, Vista, 7, GNU Linux, Apple MAC OS X) without requiring drivers thus leaving no trace of use or footprints.
SLINGSECURE USB can protect as many MicroSD cards as the user desires and has two levels of authentication; the first is the password to use SLINGSECURE USB and the second to access each MicroSD.
2. SlingSecure
S.r.l.
SlingSecure
S.r.l.
concentrates
its
activity
on
the
development
of
hardware
and
software
platforms
designed
to
support
integration
and
custom
developments
for
Mobile
and
Fixed
networks
Security
OEM
3. SlingSecure
Secure
Environment
SlingSecure
Secure
Environment
product range is based
on a proven security architecture designed to
deliver high-end performances to integrators
and developers
4. SlingSecure
Secure
Environment
SlingSecure
range
ü ESE
-‐
Embedded
Secure
Engine
ü mSE
-‐
Micro
Secure
Environment
ü UST
-‐
USB
Security
Token
5. E
S
E
Embedded
Secure
Engine
Technical
Features
ü Cryptographic
Libraries
-‐
AES
(128,192,256)
-‐
DES/3DES
User Application
-‐
IMAC/HMAC/CMAC
NIST
800-‐38B
-‐
SHA1,
SHA256
-‐
AES/DES
variaCons
and
Custom
Algorithms
on
demand
-‐
ü
ü
ü
ü
ü
ü
ü
Up
to
4
concurrent
cryptographic
sessions
Physical
Random
Noise
Generator
FIPS
140-‐2
Unique
Serial
Number/ID
Local/Remote/Auto/Manual
ZEROIZE
Keys
Secure
Repository
Keys
GeneraCon
&
Management
Administrator/User
profiles
Encrypted
CommunicaCon
APIs
ESE Communication Library
Encrypted Communication
Channel
Crypto Core
Policies
Over Ciphered
Keys Data Base
Custom Algorithms
(up to 6 Variants)
Unique ID
Serial Number
EMBEDDED SECURE ENGINE
6. E
S
E
Easy
HW/SW
IntegraCon
ü
ANSI
C
SoVware
Library
-‐
Micro
Controller
Independent
Oscillator
PCysicaJ
RNG
-‐
Several
Compilers/IDE
supported
UAAT
(Rx/Tx)
Syste
m
ü Serial
Com
Channel
(RX/TX
up
to
450
Kb/s)
ü USB
Channel
(up
to
11
Mb/s)
ü Power
Management
-‐
Frequency
management
-‐
Three
power
modes
supported:
-‐
50mA
(3V)
@
58.924MHz
-‐
12mA
(3V)
@
14.7456MHz
-‐
2mA
(3
V)
@
Idle
state
ü Small
Package
(9x9x0.85mm)
ü Single
Power
Supply
(2.9V-‐5V)
ü
Physical
Random
Noise
Generator
FIPS
140-‐2
SP1
SO Card
or SP1
Ftash
USB
interface
ready
7. m
S
E
micro
Secure
Environment
All
the
SlingSecure
features
in
a
MicroSD
ü
ü
ü
ü
ü
ü
HW
crypto
engine
Standard
and
custom
algorithms
SD
card
interface
(up
to
450Mb/s)
Integrated
memory
(up
to
4
GB)
Internal
keys
database
Suitable
for
Mobile
Applica3ons
ASIC
512KByte
FLASH
2xUART
96KByte
RAM
32bit MCU
♦6xDMA+lnt
Ctrl
SD
Ctrl
SE Engine
2xUSB HS
2xSP
I
Ext
BUS
SPI or BUS
NAND
Flash
Available 2Q 2011
8. UST
USB
Secure
Environment
USB
security
adapter
for
ü microSD card encryption
ü secure mass storage
Authentication
and Encryption
ü security operations
-‐
file encryp3on
- strong authen3ca3on
- digital signature
MicroSD
- running secured
OS
- running secured
applica3ons
vs**?'
NO
drivers
NO
soKware
installed
on
PC
9. UST
Typical
USE
ü MicroSD
EncrypCon
•
Secure
and
hide
enPre
parPPons
on
microSD
cards
ü
Host
•
EncrypCon
data
(files,
documents,
etc.)
stored
on
PCs
or
Servers
Secure
any
using
one
or
more
access
passwords
ü Secure
Data
Sharing
(or
sending)
•
Encrypt
data
and
share
(e-‐mail,
file
sharing,
Vp,
etc.)
•
Based
on
symmetric
access
keys,
PKI
can
be
supported
ü Physical
Data
Shipment
•
Encrypt
the
enPre
microSD
using
a
shared
access
key
and
ship
the
card
(the
microSD
will
only
show
the
clear
parPPon
to
unauthenPcated
accesses)
ü Running
secured
applicaCons
and
•
OS
oot
and
run
complete
OS
or
specific
applicaPons
from
the
UST
B
memory
•
Run
Secure
Virtual
Machines
10. One
UST
adapter
...
mulCple
SD
cards
Many
microSD
cards
One
UST
Adapter
ü Several
microSD
cards*
can
be
plugged
and
encrypted
with
a
single
UST
adapter
one
at
a
time
*
ü Two
authenCcaCon
levels
available
•
UST
adapter
access
password
•
MicroSD
access
password
ü Switch
from
an
encrypted
card
to
another
by
simply
using
the
access
password
of
each
microSD
MicroSD cards
11. UST
USB
Secure
Environment
ü Hidden
secure
microSD
parCCon
ü Hardware
format
and
zeroize
ü Fully
compaCble
with
•
MicrosoV
Windows
XP/Vista
•
Apple
Mac
OS
X
•
GNU
Linux
Authentication
MicroSD
12. UST
OperaCng
Modes
The
UST
adapter shows different partitions according to the
operating mode
ü Clear
ParCCon
(default)
•
AutomaCcally
shown
aVer
USB
inserCon
•
Contains
User
applicaCon
and
Admin
(if required)
ü Secure
ParCCon
•
AcCve
only
aVer
successful
authenCcaCon
ü Only
one
ac3ve
par33on
at
a
3me
13. UST
EncrypCon
Technique
The
microSD
secure
parCCon
is
fully
encrypted
v Standard
or
custom
encrypCon
algorithm
or
v OFB
mode
256
bit
key,
128
bit
Init
Vector
v Both
file
allocaCon
table
and
data
sectors
are
encrypted
v
IniCal
Vectors
(IV)
are
generated
separately
for
each
microSD
sector
•
IV
stored
in
special/unaccessible
area
microSD
Sectors
1
sector
contains
32
IVs
v UST
exclusive
security
features
14. UST
Smart
Card
Extension
ü UST
device
supports
plug-‐in
Smart
Cards
Smart Card
UST Device
ü High
Level
HW
and
SW
security
(up
to
EAL5+
CC)
ü Dynamic
UST
device
customizaCon
ü AddiConal
encrypCon
algorithms
and
funcCons
ü Extended
UST
Libraries
to
export
Smart
Card
funcConaliCes
for
host-‐side
secure
applicaCons
MicroSD
Authentication
NO
PC/SC
drivers
on
PC
PKI
Infrastructure
enabled
Mul3
Factor
Authen3ca3on
15. UST
USB
Secure
Environment
UST
interface
main
elements
1.
Display
2.
microSD slot
3.
Trackball
4.
Smart Card slot
5.
Zeroize button
16. UST
Hardware
Architecture
ü SlingSecure
•
micro
controller
centric
architecture
internal
microSD
Read Only
ü FPGA
Display
•
scalable
for
specific
requirement
and
customisaPon
•
standard
250.000
gates
•
up
to
1.000.000
gates
trackball
ü microSD
-‐
Read
Only
•
for
applicaPons
and
OEM
SW
•
Extended
internal
keys
database
•
standard
size
2GB
SS
Micro
ü microSD
-‐
removable
•
Clear
+
Secure
parPPon
•
standard
size
4GB
ü Smart
Card
•
ISO7816
interface
•
plugin
form
factor
ü Display
&
trackball
•
for
direct
password
inserPon
Smart Card
removable
microSD
17. HOST
Libraries
Custom
ApplicaCons
Crypto
Library
CommunicaCon
Library
HOST
Drivers
UST
Firmware
UST
Hardware
UST
Secure
Drive
Secure
MicroSD
Library
UST
Secure
Document
USE
PC
Test
U S E R N G
Evaluator
Card
Access
Library
S m a r t
C a r d
APDU
Library
Card
Access
Library
AdministraCon
Library
Smart
Card
APDU
Library
Standard
USB
Mass
Storage
Drivers
STD
Crypto
Library
MicroCTRL
RNG
Library
Physical
RNG
SlingSecure
provided
Coprocessor
Library
Custom
HW
(FPGA)
Hardware
Peripherals
User
Interface
Library
Display
&
Trackball
MicroSD
HOST
OS
provided
Smart
Card
USR
provided
CORE
SDK
HOST
Apps
HOST
SDK
BASIC
APPS
UST
SDK
&
Development
Libraries
18. UST
Crypto
Libraries
UST
based
Secure
ApplicaCons
can
be
easily
developed
using
libraries
•
Host
Libraries
- Provide
UST
device Communication
- Export internal
UST
secure capabilities
•
Core
Libraries
-
-
-
-
-
-
Encryption/Decryption Management
Key Management
microSD Secure Management
Users Management
Anti tampering Management
Custom Secure Functions & Algorithms
PC/
Host
Host Secure Application
Host Libraries
Core Libraries
UST
19. UST
Security
Key
s
•
Master
Key
(Km)
-‐
internally
generated
-‐
one
for
each
device
-‐
using
USE
RNG
•
SD
Key
(Ksd):
generated
when
microSD
is
formaled
•
Admin
Key
(Ka):
Customer
generated
used
inside
admin
soVware
•
Remote
Management
Keys
(Ke,
Ks):
generated
by
key
management
system
Encryption Algorithms
•
Customer
developed
encrypCon
algorithms
•
AES256
(with
custom
SBOX1)
used
to
encrypt
microSD
FAT
and
Data
•
CMAC
with
AES256
(with
custom
SBOX2)
used
for
authenCcaCon
•
AES256
(with
custom
SBOX2)
used
to
cipher
communicaCon
protocol
•
SHA256
used
for
digest
funcCons
Algorithm
structure
can
be
fully
customised
on
request
20. UST
Key
Repositories
Any
USE
device
supports
two
key
repositories
•
Manual
Keys
•
Can
be
added/deleted
by
the
user
•
Can
be
imported/exported
•
Can
be
generated
using
USE
internal
RNG
Keys are encrypted by
means of an unique
Over-Ciphering Key
Manual
Keys
•
Remotely
Managed
Keys
Managed
Keys
•
Can
be
generated
exclusively
by
Key
Remote
Management
system
•
Can
be
imported
only
to
the
designated
USE
device
•
Cannot
be
exported
by
the
user
Key
Repositories
Key ID (4 bytes)
Attributes/Policies
Encrypted Key Value (16 Bytes)
IN
Over-Ciphering Key
AES
256
OUT
Clear Key Value (16 Bytes)
UST
2
21. UST
-‐
Manual
Keys
Manual
keys
are
managed
by
the
User
•
Enabled only if defined in the USE device policies
•
Can be exported/imported (manual backup, manual transfer)
•
Can be generated manually or by means of the USE physical RNG
•
Under the User responsibility
UST
1
Export
Encrypted Key
Export/Import
process
Signature
Import
• To export one or more manual keys the public identifier (public key)
of the destination USE device is required
•
•
The exported key is encrypted and signed using a public key
algorithm
A family key can be used to limit the manual key export process
UST
2
(closed group)
• The process can be used for manual key backup (export to itself)
Export/Import
Process
22. UST
Backup
Keys are encrypted by
means of an unique
Over-Ciphering Key
UST
can
produce
encrypted
backups
readable
by
ü same
UST
ü "rescue"
UST
Full Data and Manual Key Backup
•
Manual
Keys
only
•
Public
and
Private
data
•
KRM
managed
keys
backup
up
on
KRM
server
UST
Backup
data
Encrypted Keys and Data
Signature
Backup
DataBase
Backup
microSD
Backup
CD
23. UST
KRM
-‐
Keys
Remote
Management
UST
devices
can
be
remotely
managed
if
two
special
keys
are
provided
at
IniCalizaCon
Time
•
KRM
AuthenWcaWon
Key
Managed
•
KRM
EncrypWon
Key
The
keys
above
are
univocally
generated
by
the
Key
Remote
Management
(KRM)
Server
•
One
KRM
pair
per
UST
device
•
The
KRM
pairs
are
stored
both
in
the
UST
device
and
in
the
KRM
server
UST
M a n a g e d
Win/Linux
K
e
y
M a c O S
Database
Server
Key
Remote
Management
(KRM)
Server
The
KRM
Server
generates
operaConal
keys
for
any
UST
device
•
Every
operaWonal
key
is
encrypted
and
signed
for
the
specific
UST
device
•
The
generated
key
is
imported
by
the
user
and
stored
in
the
internal
UST
Remote
Managed
Key
repository
GeneraCon
Encrypted Key
Import
Remotely
Managed
Keys
cannot
be
exported
UST
Signature
24. KRM
Security
KRM
Security
Engine
• KRM Key generation
• KRM Authentication and Encryption
• Administrator Authentication
KRM
System
scalability
Managed
Keys
W i n / L i n u x
MacOS
Server
Key
Remote
Management
(KRM)
Server
• One UST adminsupports
UST
network
Growth
• 1MB memory manages over 1500
UST
devices
Managed
Key
Database
GeneraCon
Encrypted Key
Import
UST
Signature
25. UST
Firmware
Update
UST
Firmware
updates
are
OEM
ü Encrypted
for
each
single
device
ü
Signed
by
the
OEM
*
J
^ USEpro FW Update
SN:
none
-‐
APP:
none
-‐
Firmware
Update
A d m i
Password
Admin
Login
n
Upload
New
Firmware
WaiPng
for
device..,
UST
Administrator
Login
is
required
for
firmware
update
Encrypted Firmware
Firmware
1
Signature
Encrypted Firmware
Signature
Firmware
2...N
26. UST
Standard
ApplicaCons
Standard
UST
comes
with
a
simple
and
effecCve
soVware
simple
and
effecPve
soVware
that
allows
ü access
to
the
private
secure
area
of
the
memory
card
ü file
and
folders
encrypCon
with
simple
drag and drop
ü basic
key
management
funcCons
Professional
soVware
tools
include
ü UST
Test
Toolkit
ü RNG
Test
tool
ü Custom
developed
tools
and
SW
for
specific
requirement
27. UST Security
Suite Suite is the simple and effective software that allows
UST Security
ü access to the private secure area of the memory
card
ü file and folders encryption with simple drag and drop
ü basic key management functions
28. UST
Off-‐line
EncrypCon/DecrypCon
•
Drag
and
Drop
your
files
•
Secure
Documents
will
recognize
the
crypto
acPon
automaPcally
•
Select
the
encrypPon
key
from
your
internal
UST
Keys
Database
•
Your
keys
will
never
come
out
of
your
UST
device
•
Auto
Key
generaPon
using
FIPS
140-‐2
random
noise
generator
Off-‐line
crypto
opera3ons
allow
you
to
protect
any
files
stored
on
internal
or
external
media
29. UST
Test
Toolkit
UST
Test
Tool
kit
allows
professional
users
and
developers
to
test
and
verify
internal
HW
funcPons.
30. UST
RNG
Test
Tool
RNG
Test
Tool
allows
professional
users
and
developers
to
test
and
verify
internal
Random
Noise
Generator
performances
and
FIPS
compliance.
Random
stream
export
funcCon
for
external
test
or
use
within
custom
applicaCons.
31. SlingSecure
Custom
tools
and
SW
SlingSecure cryptographic functions can be exported to the
Host
Custom
Algorithms
and
FuncCons
ü Tool
Suite
for
custom
algorithms
and
funcCons
design
Off-‐line
EncrypCon/DecrypCon
ü SlingSecure
devices
can
be
used
as
a
secure
engine
to
encrypt/decrypt
files
and
documents
on
the
Host
System
Crypto
Libraries
ü Internal
security
funcCons
can
be
exported
and
used
on
the
Host
System
by
means
of
specific
crypto
libraries
32. SlingSecure
Service
&
Support
SlingSecure
products
are
backed
up
by
the
support
of
the
engineering
and
design
team
for
ü Cost
effecCveness
ü Smooth
system
integraCon
ü Timely
soluCon
delivery
The
high
level
service
&
support
for
all
SlingSecure
View
products
allows
the
Customer
to
reach
the
desired
result
with
the
best
cost
to
performance
raPo