+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

ESS-07: Virtual Security Module

Software developers dealing with keys and other secrets often rely on basic protection of these values through simplistic mechanisms such as folder permissions. This leaves these credentials open to an easy hack. In some cases, secrets may have enough value (such as an RSA or ECC private key for e-commerce) that an expensive hardware security module (HSM) needs to be employed. For many applications however, a well-constructed software system designed to hide keys and secrets can be a cost-effective solution. Elliptic offers this capability through the ESS-07: Virtual Security Module (VSM).

Ellipsys-VSM is part of the Ellipsys Trust Framework which is Elliptic’s solution to help device manufactures and system providers protect their product from tampering, cloning, and other threats.

Ellipsys-VSM is a Virtual Security Module (VSM) that offers software based cryptographic services, similar to a Hardware Security Module (HSM), to support a range of solutions for digital identity and transactional security applications. It is a “software smart card” used to secure embedded secrets in software systems and has the capability to manage and protect sensitive information such as keys and credentials for system applications executing on embedded platforms.

Ellipsys-VSM supports a wide range of protected key management services such as secure key generation, storage, archiving, cloning, and secure migration of key material. The solution optionally provides acceleration for public-key operations via Elliptic (CLP-300: Public Key Accelerator) or third party hardware offload engines.


Ellipsys-VSM can work as a standalone solution or in tandem with other Ellipsys Trust Framework companions, such as Ellipsys-Secure Boot (SB) and Ellipsys-Certification Authority (CA).

 

Features

  • Management and protection of sensitive information like keys and certificates
  • Secure generation, storage , archiving, cloning and migration of key material
  • Highly configurable and flexible architecture
  • Supports industry standards and protocols
  • Support for hardware acceleration and CPU offload
  • Linux and ANSI-C based Builds on generic ARM, PPC, X86 platforms

 

Benefits

  • Highly configurable, flexible and reliable
  • NIST CAVP Certified
  • Optimized for size and performance
  • GPL-Free Code
  • Platform/OS agnostic
  • Significantly reduces development cycles
  • Optional support for hardware acceleration and offload for embedded processors

Applications

  • Anti-cloning and anti-counterfeiting
  • Anti-tampering
  • Key exchange (IPsec IKE)

Downloads

Public Key Accelerator

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.