SPYRUS Security Products for

the Internet of Things

Securing the Internet of Things With Accredited and Certified

Hardware Roots of Trust

SPYRUS, Inc. Proprietary, Commercial-In-ConfidenceJanuary 2017

January 2017 SPYRUS Security Products for the Internet of Things

DOCUMENT NO: 412-326001-01

SPYRUS,Inc.Proprietary Pagei Commercial-In-Confidence

January 2017 SPYRUS Security Products for the Internet of Things

DOCUMENT NO: 412-326001-01

SPYRUS,Inc.Proprietary Pageii Commercial-In-Confidence

SPYRUS Product Design Information License Agreement

PLEASE READ THIS! This is a legal agreement between SPYRUS, Inc. (“SPYRUS”) and the

recipient of this document, whether an individual or an entity (“You”). BY ACCESSING, USING

OR PROVIDING FEEDBACK ON THE ATTACHED DOCUMENT (“this document”), YOU AGREE

TO BE BOUND BY THESE TERMS.

1. This document is SPYRUS confidential information under Your most recent Non-Disclosure Agreement with SPYRUS. However, Your only rights to use this document are as described in

Paragraph 2, below. You are being granted a non-transferrable, defeasible license to review the material

in this document only if You comply with the terms herein.

2. You may review the material in this document only (a) to provide feedback to SPYRUS; or (b) as a

reference to assist You in planning and designing Your product, service or technology (“Your Product”) to

interface with a SPYRUS product, technology or service (“SPYRUS Product”) as described in this

document. All other rights are retained by SPYRUS; You have no other rights to use the intellectual

property in this document. You may not (i) duplicate any part of this document, (ii) remove this

Agreement or any notices from this document, or (iii) give any part of this document, or assign or

otherwise provide Your rights under this Agreement, to anyone else.

3. You have no obligation to give SPYRUS any suggestions, comments, or other feedback. If You do give

SPYRUS feedback on any version of this specification, You agree that:

• SPYRUS may freely use, disclose, reproduce, license or otherwise distribute, and exploit Your

feedback in its products, services, technologies, specifications and other documentation (“SPYRUS

Offerings”), without any intellectual property restrictions, payments or other obligations;

©Copyright2017SPYRUS,Inc.Allrightsreserved.

Documentnumber412-326001-01

Thisdocument(andthesoftwaredescribedinit)isfurnishedunderaSPYRUSEndUserLicenseAgreement(EULA)andmaybeusedorcopiedonlyinaccordancewiththetermsandconditionsofsuchlicense.Thisdocumentisprovidedforinformationalpurposesonlyandissubjecttochangewithoutnotice.SPYRUS,Inc.assumesnoresponsibilityorliabilityforanyerrorsorinaccuraciesthatmayappearinthisdocument.Exceptaspermittedbysuchlicense,nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmitted,inanyformorbyanymeans,withoutthepriorwrittenpermissionofSPYRUS,Inc.

Patents

ThisproductisprotectedunderoneormoreoftheU.S.patentsfoundatthefollowingaddress:www.spyrus.com/company/patent-markings.html

Trademarks

SPYRUS,theSPYRUSlogos,LYNKS,SecurePocketDrive,SecuritytotheEdge,SuiteBOnBoard,SPEX/,SPYCOS,Multisession,HydraPrivacyCard,Rosetta,andRosettaMicroSDHCareeitherregisteredtrademarksortrademarksofSPYRUS,Inc.,intheUnitedStatesand/orothercountries.IndividualSPYRUSproductsmayembodytechnologyprotectedbyoneormorepatents:http://www.spyrus.com/patent-markings/

Allothertrademarksarethepropertyoftheirrespectiveowners.

January 2017 SPYRUS Security Products for the Internet of Things

DOCUMENT NO: 412-326001-01

SPYRUS,Inc.Proprietary Pageiii Commercial-In-Confidence

• You also grant SPYRUS’ customers and other third parties, without charge, any patent or other

rights necessary to use, and to enable their products, services or technologies to interface with, Your

feedback that has been incorporated into any SPYRUS Product; and

• You will not give SPYRUS any feedback (i) which You have reason to believe is subject to any patent,

copyright or other intellectual property claim or right of any third party; or (ii) which is subject to

license terms that seek to require any SPYRUS Offering incorporating or derived from such

feedback, or any SPYRUS intellectual property, to be licensed or otherwise shared with any third

party.

4. This document contains preliminary information that may change prior to release of any associated

SPYRUS Product, and is provided entirely “AS IS.” To the extent permitted by law, SPYRUS MAKES NO

WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND

SHALL HAVE NO LIABILITY TO YOU FOR ANY DAMAGES, IN CONNECTION WITH THIS DOCUMENT

OR ANY INTELLECTUAL PROPERTY IN IT.

5. If You are acquired, or if more than a 20% of Your ownership changes, this Agreement automatically

terminates and You must destroy this document.

6. This Agreement is governed by the laws of the State of California. Any dispute involving it must be

brought in the federal or state courts located in Santa Clara County, California, and You waive any

defenses allowing the dispute to be litigated elsewhere. If there is litigation, the losing party must pay

the other party’s reasonable attorneys’ fees, costs, and other expenses. If any part of this Agreement is

unenforceable, it will be considered modified to the extent necessary to make it enforceable, and the

remainder shall remain in effect. This Agreement is the entire agreement between You and SPYRUS

concerning this document; it may be changed only by a written document signed by both You and

SPYRUS.

January 2017 SPYRUS Security Products for the Internet of Things

DOCUMENT NO: 412-326001-01

SPYRUS,Inc.Proprietary Pageiv Commercial-In-Confidence

Table of Contents

SPYRUS Product Design Information License Agreement ...................................................................................... ii

Table of Contents .................................................................................................................................................. iv

Introduction ........................................................................................................................................................... 1

What is the Internet of Things? ............................................................................................................................... 1

Summary of Vulnerabilities of IoT Devices ............................................................................................................. 2

System-Specific Vulnerabilities .......................................................................................................................... 3

Cloud and Web-based Vulnerabilities ................................................................................................................. 3

Other Vulnerabilities .......................................................................................................................................... 4

Section 3 Securing the Internet of Things with Accredited and Certified Hardware Roots of Trust .......................... 5

The Cloud --- or “Cloud of Clouds” ...................................................................................................................... 5

The Importance of Strong Cryptography ............................................................................................................ 5

Rosetta Hardware Security Module – An Anchor of Trust ................................................................................... 5

Promoting Transparency across the Internet of Things ...................................................................................... 6

Section 4 Summary ................................................................................................................................................ 8

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 1 Commercial-In-Confidence

Introduction

In 1965, Gordon Moorei, co-founder of INTEL, proposed that the speed of computer chips would double

every 2 years yet their cost would, during the same period, half. His prediction has held true since it was

first raised. Some 4 years later, the first successful transportation of a human to the moon occurred on

July 20, 1969 and its central computer, known as the AGC (Apollo Guidance Computer). was a 16 bit

machine that was able to process 41.2 instructions per second. Much has changed since 1969. The

computing capacity of today’s modern machines and the communication speed are exponentially

advanced to that of 1969. Modern chip sets in most smartphones are able to process just over 3.5 billion

instructions per second. This increased processing power has expanded the functionality of modern

computers and mobile devices, extending their uses far afield, even to the point of emulating human

intelligence, and solving complex problems in a quick and direct manner. Furthermore, these same chips

are able to be programmed to allow modern society to communicate efficiently and to substantially

increase productivity. The impact of this communication efficiency and processing power has allowed for

the advent of the Internet of Things (IoT), which is predicted to encompass billions of devices to

interconnecting, communicating, and developing modes of autonomous and semi-autonomous activity

via machine to machine communications (M2M).For industrial automation, the IoT will assist in diagnostic

functionality, e.g. condition based maintenance rather than planned or periodic maintenance, leading to a

wholesale change in way enterprises are managed and otherwise supported.

What is the Internet of Things?

The base layer of the IoT environment is composed of smart things that capture raw data and can either

process the data internally or communicate the data to other more powerful devices or systems. This

layer is generally known as the “sensory swarm layer” because it comprises a heterogeneous myriad of

resource properties and communication technologies. The next layer comprises a vast range of mostly

unsecured communication and networking devicesii. These devices are already present in our daily life and

can be exploited, by the sensory swarm, as a bridge to the standard Internet and also to outsource data for

computational, storage, and analytical functions where the sensory swarm cannot manage the captured

data itself. The final layer is composed of data management and processing technology such as cloud

computing environments and large multifunctional systems that can process data into information and

knowledge for decision making purposes.

Security questions abound, not just from “hacking” to exfiltrate information, but also to the injection of

malware to create significant loss of material and even life through denial of service or false actions. Some

vital issues remain outstanding accelerating the need for security. For example:

a. How pervasive will the IoT ultimately become? Where does society draw the line at autonomous or

predictive control of vehicles?

b. Which industries are the most likely adopters of this technology? What are the limits?

c. With this extended interconnectivity what aspects will fall within critical infrastructure?

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 2 Commercial-In-Confidence

d. What new standards are required to ensure the resilient nature of the IoT in response to either

natural disaster or purposeful catastrophe?

e. If the IoT becomes a critical component for society’s needs, what is the best way to secure the

interdependent functionality of the holistic IoT environment?

f. What architectural design will better secure IoT both internally and externally; that is if an IoT

device becomes contaminated with some malware, how is it best to restrict the spread of the

computer contagion?

g. Due to the complexity of the interdependence of IoT devices, what is the best security framework

for IoT and, in particular, what can go wrong?

h. What about metrics for data provenance, trustworthiness of data?

i. Who will likely be held accountable for any system failures and how to compensate for economic

damages? How is liability attributed?

j. What policy issues should be considered before a massive failure arises? Do the issues differ from

industry to industry? Can the failure can be identified as part of critical infrastructure protection?

This paper will look at the security infrastructure of the Internet of Things, and although addressing each

of these issues is a monumental task in itself, we will provide some guidance as to possible solutions as

well as policy considerations.

Summary of Vulnerabilities of IoT Devices

Abuse of intelligent devices is a phenomenon that has been predicted by the mass media as well as

forward thinkers for decades. Types of attack include:

• Denial of Service,

• Spamming attacks,

• Unauthorized access of sensitive data at rest or in transmission, and privilege escalation,

• Erosion of privacy: PII harvesting, identity theft, privacy erosion, and

• Facilitator for cloud and web-based attacks.

These are very real concerns. For example, in January 2014, the security firm Proofpoint Inc. reported a

spam attack by a botnet consisting of compromised routers, multimedia centers, smart TVs and at least

one smart refrigerator1. In this instance, IoT lightbulbs and lighting systems, webcams, baby monitors,

and other apparently smart but innocent devices demonstrated their vulnerability to reprogramming or

firmware modification attacks similar in many ways to the well-known “Bad USB” attack. These areas of

exposure have multiple effects that combine sources of their vulnerabilities and different impacts to home

users versus industrial users.

1 See “Proofpoint Uncovers Internet of Things (IoT) Cyberattack”, https://www.proofpoint.com/us/proofpoint-uncovers-internet-things-iot-cyberattack

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 3 Commercial-In-Confidence

System-Specific Vulnerabilities

Vulnerabilities of the IoT abound, partly because of the following major areas of exposure:

• IoT surface technology is new and untested,

• Weak or non-existent authentication protection in IoT devices,

• IoT is built on the foundations of older insecure technology,

• IoT may lack secure storage of cryptographic keys and other critical security parameters,

and

• IoT may lack secure update mechanisms to replace old / insecure software and firmware.

Crowded spectrum allocation and prohibitive costs of new communication modalities make it infeasible to

deploy widespread secure and resilient communication networks for the IoT. In general, business and

industrial applications, energy distribution and control, natural resources and transportation, and critical

infrastructure sectors will be forced to employ the dominant data networks that have already serviced

these sectors for decades. In doing so, IoT applications may inherit and possibly magnify any vulnerability

that exists in the underlying communications and control layers.

Cloud and Web-based Vulnerabilities

A significant area of vulnerability relates to the integration of the IoT with Cloud-based web interfaces and

mobile interfaces. In many cases, password security is non-existent or set to too low a level of complexity

and length to provide sufficient protection. Compounding this vulnerability, many systems are reported to

lack the ability to lock accounts after a specified threshold of failed attempts has taken place. While other

technologies may have similar weaknesses, the impact of a successful IoT attack is often high and

detection capabilities are often low.

Cloud-based web interfaces have frequently enabled attackers to access protected services using the

above attacks, i.e., weak password policy and lack of account lockout, in conjunction with account

enumeration. The latter vulnerability holds if it is possible to collect a set of valid usernames by interacting

with the authentication mechanism of the application. Attackers who can manipulate web-based IoT

services to reveal when a username exists on the system can be used to build a list of users. This facilitates

brute force username / password attacks. While conventional home IoT systems are likewise vulnerable to

this attack family, unless strong password protection and account locking are in place, the general lack of

hardware key protection and data encryption in cloud services can render a cloud-based web interface a

much more open gateway to unauthorized access.

Other generic web user interface vulnerabilities have also been found to infest IoT devices and systems.

These include persistent cross-site scripting (XSS), poor session management, weak default credentials

and credentials transmitted in clear text. In one 2014 study2, Seventy percent of IoT devices with cloud

and mobile components were found to positively enable a potential attacker to determine valid user

accounts through account enumeration or the password reset feature. Other web vulnerability issues

2See:Hewlett-Packard,“HPStudyReveals70PercentofInternetofThingsDevicesVulnerabletoAttack”,http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V46A2RJnC60

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 4 Commercial-In-Confidence

include SQL injection, non-persistent XSS with request forgery, and the existence of known default

credentials.

Other Vulnerabilities

The vulnerabilities described here are by no means an exhaustive list, but have been selected to indicate in

general where and what type of vulnerability can be found in IoT devices and their underlying

communications networks and service delivery systems. A holistic view of the attack surface of the

system is essential as well as a depth analysis of underlying systems within or associated with the IoT

technology. Collections of vulnerabilities may have a multiplier effect, as has been mentioned, and the

high aggregations of these vulnerabilities in many current systems should be a cause for caution and

further study.

Inadequate software / firmware protection is another significant area of concern in IoT systems. This

protection is only partly addressed by physical security. IoT systems are particularly sensitive in the area of

update mechanisms and their security. Updates sent without encryption, or unsigned, are at risk of

unauthorized modification. In a recent HP study3, “60 percent of devices did not use encryption when

downloading software updates, an alarming number given that software powers the functionality of the

tested devices. Some downloads could even be intercepted, extracted and mounted as a file system in

Linux where the software could be viewed or modified.”

If the update location is writable, vulnerability to unauthorized malicious updates is present. Updates

must be verifiable as to their origin, and here signatures are invaluable, and authentication must be

required as well before an update can take place. In a technology like the IoT, it is necessary to actually

have an update process or at least a manual procedure as new and more secure versions of software and

firmware are developed. Devices that run out-of-date software/firmware are vulnerable to attack based on

known bugs or security flaws.

The list of IoT vulnerabilities goes on and will in all likelihood continue to grow. Device memory security is

critical, especially regarding the use of cleartext usernames, passwords and other credentials. Key storage

is critical and must follow standard security practices regarding encryption and integrity protection.

Device ID and serial number exposure must be controlled and protected. Device physical interfaces,

coatings, and enclosures must be secure and resist tamper and penetration attack, and sensors must be

resistant to damage or physical modification. Removal of storage media must be prevented or allowed

only under authenticated and authorized control.

Privilege escalation should be tightly controlled. Reset to insecure states must be disallowed and the

existence and accredited validation testing of the finite state machine or similar formal or semi-formal

model of the device behavior is a very big plus. The list of device mobile applications and their security

postures further expand the vulnerabilities that include many of the ones we have touched upon and will,

no doubt, grow.

3See:Hewlett-Packard,“HPStudyReveals70PercentofInternetofThingsDevicesVulnerabletoAttack”,http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V46A2RJnC60

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 5 Commercial-In-Confidence

Securing the Internet of Things with Accredited and Certified Hardware Roots of Trust

The Cloud --- or “Cloud of Clouds”

A recent White Paper by Forester4 performs a 25-criteria evaluation of internet of things (IoT) software

platform providers, identifying the 11 most significant ones including Amazon Web Services (AWS), Ayla

Networks, Cisco Jasper, Exosite, General Electric (GE), IBM, LogMeIn, Microsoft, PTC, SAP, and Zebra

Technologies. Regardless of the various methodologies of infrastructure integration, billing, and

stakeholder involvement, the family of platform providers share the same challenges with security as

depicted earlier. Moreover, the increasing dependence of commerce and industry on the Internet of

Things ecosystem has evolved into an interlinked set of hardware, software, and modalities of ubiquitous

connectivity which has created a myriad of new security challenges coupled with an exacerbation of

legacy security issues. These concerns have resulted in the generation of numerous security standards by

governmental organizations, most recently being the issuance of “Strategic Principles for Securing the

Internet of Things” by the Department of Homeland Security (DHS). In particular, the DHS document

highlights the following principles for securing the Internet of Things:

• Incorporate security at the design phase

• Advance security updates and vulnerability management

• Build on proven security practices

• Prioritize measures according to potential impact

• Promote transparency across the Internet of Things

• Connect carefully and deliberately

The Importance of Strong Cryptography

All SPYRUS products described in this White Paper incorporate military grade Suite B encryption including

elliptic curve, AES-256, and SHA-256, which is suitable for up to TOP SECRET based on Operational

Security Doctrine. High assurance elliptic curve algorithms such as ECC P-384, ECCP-521 are employed

for authentication, keywrap, device ID and related functions. The SPYRUS products are available in

multiple form factors including USB 3.0 and microSDHC, all with internal FIPS 140-2 Level 3 rated Suite B

PKI HSMs (Secure Elements), and are suitable for end user integration into embedded, sensor, wearable,

and legacy desktop and mobile devices. In most instances, the SPYRUS devices are ready for submission

to regulatory bodies for accreditation, particularly in light of their “Made in USA” supply chain for trusted

manufacturing environment and existing accreditation by NIST and other bodies.

Rosetta® Hardware Security Module – An Anchor of Trust

Enforcement within any strong security solution must be anchored in some point of trust. There must be

something you trust to hold up to and defend against the threat environment within which you are trying

to establish a secure solution. Within every Rosetta microSDHC™ there is a FIPS 140-2 Level 3 certified

Rosetta SPYCOS® (SPYRUS Cryptographic Operating System) security controller to which all security is

4 The Forrester Wave™: IoT Software Platforms, Q4 2016 “The 11 Providers That Matter Most And How They Stack Up”, Michele Pelino and Andrew Hewitt,

November 15, 2016

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 6 Commercial-In-Confidence

anchored. As a hardware trust anchor, this controller provides superior protection to any software trust

anchor that can be provided. The cryptographic security boundary of this controller is the die itself, so that

it can be embedded in other products for specialized applications. This is the trust anchor embedded in all

the various form factors of the Rosetta microSDHC product family.

The main advantage of hardware based security is its ability to implement robust, built-in counter

measures to address a variety of physical and logical attacks commonly leveled against security

applications and processes. Protecting these within a hardware security boundary provides an isolated

environment in which strong protection mechanisms can be employed. Many of these security features

within the Rosetta SPYCOS security controller are built into the processor chip on which SPYCOS runs.

This chip provides an enhanced level of on-chip security features to fulfill the strong security requirements

of a Common Criteria evaluation at an EAL-5 level. These countermeasures include a wide variety of

hardware tamper detection circuits and physical protection shields.

Promoting Transparency across the Internet of Things

Figure 1: SPYRUS components cover all aspects of the “chain of trust” between sensor data acquisition through secure transmission and storage of data, including protection against malware.

SPYRUS has been at the forefront of hardware based security products, espousing open standards as well

as a common interface across product platforms. Figure 1 is a high level overview of the SPYRUS

“Security in a Box®” concept for securing all aspects of an IoT application from raw data ingest through

storage and security for cloud based analysis and dissemination of results. Table 1 is a snapshot of the

salient features of SPYRUS products supporting IoT security functions across a wide range of applications

and venues. Figure 2 is a brief snapshot of the capabilities of the SPYRUS “IoT Stack” in supporting

development and deployment in cloud service provider platforms.

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 7 Commercial-In-Confidence

Table 1: Relevant SPYRUS® product families supporting hardware Root of Trust functions for the Internet of Things.

SPYRUS Product Description URL for more documentation

Rosetta® USB Series II and III/Rosetta Smart Card

FIPS 140-2 Level 3 certified, EAL5+ tamper proof USB miniature form factor or ISO 7810 Smart Card Approximately 32K of EEPROM available for X.509 certificates and data storage ECC/AES/SHA-2 and legacy RSA support

https://www.spyrus.com/wp-

content/downloads/400-100000-

17DSRosettaSeriesIISC_USB.pdf

Rosetta Micro Embedded HSM in QFN8 surface mount package FIPS140-2 Level 3 certified, EAL5+ tamper proof

http://www.spyrus.com/rosetta-hsm/

WorkSafe Pro™ USB 3.0 Windows To Go

USB 3.0 Windows To Go, Sizes 32 GB to 1 TB in compact USB form factor Built in SPYCOS® Suite B PKI FIPS 140-2 Level 3, EAL 5+ HSM for use in external authentication, VPN, secure login Supports Windows 10, also 8.1 on Windows and MacOS platforms Hardware XTS - AES-256 encryption, In FIPS 140-2 Level 3 certification MIL-810, IEC, ISO testing including immersion, shock, dust, radiation

http://www.spyrus.com/windows-to-go-live-drives/

Windows to Go Xtreme (WTG Xtreme™)

As above, supporting four user profiles and storage partitions cryptographically separated. Suitable for multi-domain use, support multiple users on same device

http://www.spyrus.com/windows-to-go-xtreme/

LINUX2Go™ and Linux2Go Xtreme

As per WorkSafe Pro and WTG Xtreme but with LINUX operating system

http://www.spyrus.com/windows-to-go-live-drives/

PocketVault™ P-3X USB 3.0 Storage

USB 3.0 interface with SSD quality storage to 1 TB Built in SPYCOS Suite B PKI HSM for use in external authentication, VPN, secure login Hardware XTS - AES-256 encryption, In FIPS 140-2 Level 3 certification, MIL-810, IEC, ISO testing including immersion, shock, dust, radiation

http://www.spyrus.com/secure-storage/

Rosetta microSDHC™ microSDHC form factor, internal SPYCOS Suite B PKI HSM with approved for classified RNG Sizes to 128 GB in Class 10 performance, Hardware AES-256 Encryption

http://www.spyrus.com/secure-storage/

SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 8 Commercial-In-Confidence

Figure 2: SPYRUS IoT stack as applied to Microsoft Azure and Amazon Web Services Pragma IoT

cloud platforms. Implementations with other service providers similar.

Section 4 Summary

There is a pressing requirement for ubiquitous security in the continued evolution of Internet of Things

applications, secure Machine to Machine (M2M) and related legacy IoT-friendly systems. As applications

evolve to a more “personal” level, where actual lifestyles are affected or public safety such as the control

or prediction of vehicular guidance is implemented, essential qualities that safeguard information assets

and mitigate risk become mandatory. Not the least of which are of safe passwords and credentials, strong

authentication services, hardware protection and high-assurance encrypted storage of keys and critical

security parameters, secure transport of critical information and software / firmware updates, and

regulation and third party security evaluation and certification of devices. The coupling and integration of

hardware roots of trust such as those in the SPYRUS ecosystem, coupled with the integration of HSM and

USB security tokens in legacy systems are important first steps in the process. The flexible nature of the

devices under test will dictate the progress of these architectures and test their effectiveness.

There is every reason to be hopeful that the IoT will become a security-enabling technology that can

protect sensitive information in home and industry against privacy, sensitive information disclosure and

monetary loss due to the factors considered above. The present state of affairs with the IoT is that it

provides industry, government and the public with asymmetric risk and uneven benefit, i.e. it adds more

exposure to attack surfaces that already have their fair share and the value of its services may not

compensate the impact of a serious attack. The road to a brighter picture is not necessarily long, but

RosettaSD RosettaUSB Rosettamicro

CCIDIFDDriver

ISO7816Driver

FileSystem

SmartIO

PCSCPCSCIFDDriver

PCSC-like

PKCS11

NcryptNshareSDK

Other…

PCSC PCSC-likeSPYRUS

OperatingSystem

EmbeddedSystem

PCSC-like

libUSB

Specifications subject to change without notice.

© Copyright 2013-2015 SPYRUS, Inc. All rights reserved. SPYRUS, the SPYRUS logos, Secured by SPYRUS, WorkSafe, Toughboot, SPYRUS Enterprise Management System, and Rosetta are either registered trademarks or trademarks of SPYRUS in the United States and/or other countries. All other trademarks are the property of their respective owners. Individual SPYRUS products are

protected by one or more of the following patents or patent applications: http://www.spyrus.com/patent-markings

Corporate Headquarters

1860 Hartog Drive

San Jose, CA 95131-2203

+1 (408) 392-9131 phone

+1 (408) 392-0319 fax

info@SPYRUS.com

Australia Office

Level 7, 333 Adelaide Street

Brisbane QLD 4000, Australia

+61 7 3220-1133 phone

+61 7 3220-2233 fax

www.spyrus.com.au

East Coast Office

+1 (732) 329-6006 phone

+1 (732) 832-0123 fax

UK Office

+44 (0) 113 8800494

Proudly designed, engineered,

and manufactured in the USA

For more information about SPYRUS products, visit www.spyrus.com or contact us by email or phone.

SPYRUS’s family of hardware roots of trust, encompassing embedded devices through Rosetta microSDHC and USB 3.0 devices and applications provide IoT developers and systems integrators with a complete operating environment and security functions that includes extensive FIPS 140-2 Level 3 rated authentication coupled with a variety of secure storage and sharing solutions for securing the various entities within an Internet of Things architecture. All Rosetta versions feature superior security defense of the operating system, documents, and identity credentials from tampering and theft with layered hardware and software encryption depending on the particular model.

The entire family of devices is intended to also maintain compatibility with the optional SPYRUS Enterprise Management System (SEMS™) in 2017 and beyond. Combining a public key with a smart card-enabled ecosystem and SPYRUS security applications extends a true end-to-end security approach for enterprise smart card and PKI infrastructure to mobile users for authentication to IoT applications and networks. Please visit the SPYRUS website at www.spyrus.com to find out more or contact a sales rep-resentative at info@spyrus.com or sales@spyrus.com .

Document number 412-326001-01

Moore, G., “Moore’s Law at 40”, In Brock, D. “Understanding Moore’s Law: Four Decades of Innovation” Chapter 7. http://www.chemheritage.org/Downloads/Publications/Books/Understanding-Moores-Law/Understanding-Moores-Law_Chapter-07.pdf <ACCESSED 4 July 2016>

Niyato, D., Lu, X., Wang, P., Kim, D., & Han, Z., “Economics of Internet of Things (IoT): An Information Market Approach.” http://arxiv.org/pdf/1510.06837.pdf <AC-CESSED 4 July 2016>