TrustChips authenticate without key exchange. In this way an encrypted session is established without exposing anything of value. All authentication is bi-directional so that trust can be established end-to-end. TrustGroups are at the core of the authentication process. Through a double-blind operation, a large key store unique to a TrustGroup
is used to dynamically authenticate users and to compute AES encryption keys. It’s important to note that none of the keys associated with a TrustGroup are ever used in user data encryption and are only used indirectly during the authentication process. All of these operations are performed entirely within the protected TrustChip
hardware. With TrustGroups there is no need for an elaborate PKI and certificate management system.
KoolSpan provides users Advanced Encryption Standard (AES) 256-bit encryption
. AES encryption is a symmetric-key based encryption standard accepted worldwide. For maximum encryption strength, KoolSpan uses a strong per-packet keying algorithm to further mitigate any potential hacking threat. In addition to TrustGroup-based session multi-factor authentication, each encrypted packet is also individually authenticated, eliminating the likelihood of illicit packet injection. KoolSpan supports this through the use of FIPS-197 validated AES-GCM or Galois Counter Mode encryption or a FIPS 180-3 validated SHA256 secure hash.
The TrustChip provides a variety of key management services including secure key storage, generation and processing. Designed with an on-chip key server and deterministic random bit generator (DRBG), the TrustChip provides an insulated and hardware-protected environment for these critical security operations. AES encription is only as strong as the protection of its keys. If the keys are exposed, an AES session can be easily decrypted. With TrustChip
key management, users benefit from a truly secured AES session.
To find out more details about our encryption software solution, call (240) 880-4403 or contact us