From Electronic Designs, April 4, 1994, by DAVE BURSKY
New Products, Digital ICs (approximately 1/2 page) P. 148 CRYPTO ENGINE EASES PUBLIC-KEY SECURITY ... Developed by National Semiconductor, the iPower secure microcontroller holds the encryption algorithms, secret data, and the central processing unit that processes them. The chip was designed to remian secure from electrical probes through the signal pins, as well as from analytical probes that etch package and circuit layers. Any such penetration would cause the stored data to be "zeroed" before it could be read out. The iPower SPU consists of a 32-bit CPU core with on-chip ROM, a real-time clock, and a interfaceto off-chip nonvolatile (battery-backed_ RAM that holds scrambled data. The remaining blocks on the chip include the encryption engine, some battery-backed RAM to hold secured data (master keys, algorithms, or records) and a host-system bus interface. The SPU chip can be combined with off-chip low-power RAM, a battery, and a PCMCIA interface to squeeze the entire public-key token on a card that meets the PCMCIA's type-1 format. The cards, dubbed Tessera after the token ancient Romans used as a ticket or means of identification, can now be implemented at a relatively low cost (less than $100 dollars per user for large orders) compared with previous solutions. Nevertheless it provides the highest level of commercial security (FIPS 140-1 level 3). Encrypted data could provide positive identification of users, store private medical records, include authorization codes, or even perform secure transaction processing. ... ---------- Tessera was an identifier for slaves. FIPS 140-1 level 3 is not the highest commercial security level, (per FIPS 140-1, January 11, 1994): ... 1.4 Security Level 4 Security Level 4 provides the highest level of security. Although most existing products do not meet this level of security, some products are commercially available which meet many of the Level 4 requirements. For the Tessera we know utitilizing CAPSTONE, Escrowed Encryption is present. It would hardly qualify for performing secure transaction processing for say money transactions when the U.S. government and/or other law enforcement agencies have the ability to break open the monetary instrument, by obtaining a warrant or through "other authorized access". The degree of privacy afforded is not absolute, even to the extent of the strength of the cryptographic algorithm (assuming transmission of the Law Enforcement Access Field (LEAF)). Likewise those able to obtain access have the ability to tamper with or spoof transactions. Were it used to control access to facilities, it would certainly enable "black bag jobs" both physical and virtual. (Its a type-1 PCMCIA card)