iPower: The Card That Ate Your Privacy I got a "Technology Fact Sheet" on the National Semiconductor iPower (Tessera) card today. It's pretty grim. They have big plans for this little monster, which go way beyond just tapping the telephones of a few Mafiosi. It's too long to key in the whole thing - if you want one, call them at 1-800-272-9959. They are very helpful. Here are a few interesting excerpts: (cover page) DRAFT 1/3/94 National Semiconductor has developed a new concept in data security. iPower technology. Implemented in a personal, portable low-cost access card, iPower technology substantially increases the portability of high-security data applications across unsecured networks while dramatically lowering the cost. It provides the highest level of commercial security available for the exchange of information across digital networks - in a form that dist- ributes security down to the individual user. The technology also allows consumption based metering of digital products - software, database information and other intellectual property. It can be easily added to existing networks and applications or adapted to future systems. It is practical for network communications, electronic funds transfer, wireless data exchange, and systems for access, authoriz- ation, and identification. It is built on industry standards - PCMCIA, DES, RSA, PKCS, X509, Skipjack. Initially implemented in a PCMCIA card format - a personable portable hardware device called an access card or token, it incorporates state- of-the-art security capabilities and can hold information decryption keys, transaction records, credit and account information, your private key, and digital certificates. This new technology can guarantee that the information you send arrives unaltered and goes only to your intended recipients by providing authentication, verification, non-repudiation, and privacy. At the heart of the iPower access card is a new microchip called the Security Processing Unit (SPU). Dedicated to high-speed cryptographic processing, the SPU securely creates, stores, and deploys the secret keys and algorithms used to encrypt and decrypt information. Other portions of the chip firmware can be programmed to perform signaturing, verifi- cation, information metering and other application-specific functions. At the highest level of protected storage, the most critical information is stored in the SPU chip which provides bulletproof security for encrypt- ion algorithms, master keys, secret data, and RAM-based secret programs. The only place where sensitive information is ever in the clear is in non-volative on-chip SPU memory. Protected physically and electrically, the SPU cannot be made to divulge its information. iPower Technology is based on a new concept in security: securing the user not the network. The most secure environment for information is one where the encryption process and keys are housed in a portable hardware token that the user keeps in his possession - personally secured just like your wallet, keys, rings, and employee badge. The SPU microchip will meet Federal Information Processing Standard (FIPS) 140-1 Level 3.0 for data security and provides the highest level of security commercially available at the chip or card level. iPower technology is a manifestation of National Semiconductor's corporate vision: developing products for shaping and moving information. National's products drive industry standards by offering common-sense solutions to complex problems. iPower technology will become the new standard for access to the information superhighway, by providing the means for all types of electronic information to travel safely. Combined with National's leading position in the LAN market, iPower technology will enable National to offer innovative, comprehensive solutions to the world's evolving communications needs. (picture of iPower card on top of credit cards) (caption: The FUTURE is SECURE") ... marketing fluff deleted ... ... less than $100 per user ... contains a 32-bit microcomputer ... The PCMCIA Card PCMCIA cards are easily integrated with many computers and are already widely accepted. Many of the current laptop and notebook computers contain built-in support for PCMCIA cards, and low-cost adapters are available for amost all other computers. The United States government has chosen the PCMCIA-card format as its token standard for all future access to the data superhighway now being developed. The Federal PCMCIA token, dubbed the "Tessera" card, will eventually be used to secure electronic mail and classified information for federal government agencies and their contractors. Because it is designed to be transparent to the information highway, yet provides the highest security for data and transactions traveling on it, iPower technology is a natural choice for the Tessera card. ... Powerful security capabilities * Positive identification and reliable authentication of the card user * Message privacy through bulletproof hardware encryption capability, with support for the major cryptographic standards * Secure key exchange * Secure storage of private and secret keys, transaction records, algorithms, and biometric data * Positive verification of data and messages to prevent alteration * Secure authorization capabilities, including support for digital signatures * On-board transaction recording to improve security and enable off-line transactions and metering ... stuff deleted ... in the first iPower access card, a 20 MHz 32-bit Central Processing Unit (CPU) controls the chip's modules and processes. The CPU is isolated from all off-chip input and can only receive programmed commands from 32k bytes of on-board ROM or 4k bytes of on-board battery-backed RAM. Functional commands from off-chip are validated prior to execution by the CPU. Later implementations of iPower Technology will offer more powerful processors, increased storage, and enhanced versatility. ... stuff deleted ... iPower technology will be the catalyst for a host of new product capabilities including digital signatures, secure elect- ronic mail, and secure information metering, as well as secure identi- fication and data storage capabilities for credit cards, government entitlement programs, and access to the information superhighway. This technology will also fuel the expansion of a new information delivery system - desktop purchasing - where intellectual property and other digital products can be promoted and sold through encrypted multimedia CD-ROM presentations. ... stuff deleted ... Desktop Purchasing - a new way to market iPower Technology is creating a new delivery system for any kind of information product that can be contained in electronic memory (such as movies, software, and databases). Multimedia advertisements, tutorials, demos, documentation, and actual products can all be shipped on a single encrypted CD-ROM, offering dramatic cost-savings to the manufacturer and bringing product marketing and sales directly to the customer's desktop. Since the iPower SPU must be used to decrypt information, it can measure and record usage time and can record and download monetary transactions to a centralized billing service bureau, all with total security. These capabilities will allow any kind of digital information to be sold off- line and will permit users to try digital products before buying. For the first time, renting software and other intellectual property will be a viable, attractive option for consumers and suppliers both. By intro- ducing a pay-as-you go option, iPower technology will open up dynamic new markets for software rentals and database subscriptions. The iPower desktop purchasing system also ensures that sales are followed up with 100% user registration. And it completely prevents the piracy of software and information products. How DESKTOP PURCHASING Works The product manufacturer produces a high-volume, low-cost CD-ROM that is widely distributed to potential end-users. The CD-ROM can contain persuasive multimedia advertisements, demos of software products, databases, games, tutorials, product documentation, or any other form of digital product. Some items, such as demos, are available to the user at no charge. Items for sale or rental are encrypted and are not available to the consumer except by initiating a secured transaction process inside the SPU. After obtaining or determining credit for the user, the SPU allows only the appropriate information to be decrypted and transferred to a hard disk for immediate use. Unlike similar unlocking systems based in software, frequent phone communication with a centralized billing server is unnecessary because the SPU can safely record and store transaction data and decryption keys locally. This allows off-line vending of large infor- mation databases in a highly granular fashion. The user doesn't have to wait for phone authorization for each separate purchase, but is instead authorized to browse and purchase at will, subject only to a pre-deter- mined credit limits. Distributed, high-level financial transactions By adding bulletproof security to the process, iPower technology will allow electronic financial transactions of high value to migrate to the individual level. This will give consumers greater flexibility and convenience. And it will allow financiam institutions to safely offer a wider range of services. It is estimated that 0.5% of current credit card transactions are fraud- ulent, and another 5% are uncollectible, most of them repudiated trans- actions. Because digital signatures can't be duplicated and beacuse completing a transaction will require both the user's access card and PIN number, iPower cards will dramatically reduce fraud and repudiated transactions. iPower - the super card of the future Looking further ahead, iPower access-card technology has the potential to generate a host of new super-card applications. Affordable high security at the consumer level will drive new product concepts such as the electronic wallet. A single iPower card can securely hold a wealth of personal records such as your drivers license, passport, birth certificate, vehicle registration, medical records, social security card, credit card accounts, biometric identification such as your fingerprint or voiceprint, and even digital cash. Individuals may soon be able to conduct all their business and personal transactions with a tiny portable computer equipped with an iPower card slot. Nearly every industry will benefit from applications of electronic identification, authorization and access. In the medical industry, for example, iPower technology will streamline record keeping and insurance reimbursement. A consumer will use his iPower access card at the doctor's office to electronically enter medical history, insurance carriers, or other billing information. Pharmacies will se the same card to check for allergies or conflicting prescriptions. The patient will also be able to use the card to pay for both services electronically. Federal and state government agencies such as the IRS and the Department of Motor Vehicles, financial institutions such as banks, credit unions, and brokerage houses; and medical institutions such as hospitals, pharmacies, and health insurance companies will all enjoy more efficient and secure methods of information exchange and transaction accountability through the implementation of iPower technology. ... final page of marketing fluff mostly deleted ... ... iPower technology will become the new standard for access to the information superhighway, by providing the means for all types of electronic information to travel safely. ... Contact iPower Marketing Communications at 408-721-2448 or 408-721-7383. National Semiconductor