Issued on October 02, 2014 is the final "Guidance for Industry and FDA Staff. Please see attached. Pay attention to page five.
Integra Systems, Inc., has over the past year been worked with a provider of patented technology which is configured in the credit card form factor that enables the keys of securing the mobile device, the person and content...."the full stream of mobile security". We have enabled copyrights and a close working relationship with this technology provider and see this next requirement for secure healthcare end to end authentication especially in light of the recent announcements in the financial transaction industry and the roll-out of Bluetooth Low Energy (4.0).
This architecture utilizes the "Personal Mobile Cloud" the secure user ID and content to HIPPA standards. It includes 6GB flash, a low power Ineda processor, BLE/NFC interface, and a rechargeable battery.
The card contains the following security features:
Tamper-detection circuitry, which zeroizes crucial cryptographic keys whenever a tampering attempt on any element within the physical security boundary of the card is detected. These circuits include monitoring sensors to defend against probing attacks that attempt to vary operating temperatures or voltages.
Tamper-resistant coating/shield, to mitigate physical attacks on the security perimeter of the card.
Memory Protection Unit (MPU), to ensure each program/application that executes from the card’s main processor has its own memory space that cannot be violated by other programs.
Hardware based random number generator (RNG), for producing highly random numbers – a feature that is often required in many security applications.
Symmetric encryption algorithms: DES (up to 192 bits) – to support many legacy payment applications, or AES (up to 256 bits) – to support many existing as well as new security applications. For applications that require high throughput AES encryption, an AES hardware accelerator will be incorporated.
Note that the symmetric encryption provided by the card is independent of the encryption provided by the Bluetooth protocol. That is, an application can use 256 bit AES keys, referred to as the AES session keys, to encrypt and protect data transmitted between the card and a mobile device. This will enable many high security applications to use stronger keys to protect transmitted data instead of the 128-bit AES keys often provided in many Bluetooth devices.
The 256-bit AES session key is generated randomly by the card using the RNG mentioned above. It is different each time the card establishes a connection with the same mobile device or a different mobile device. Thus, even if an eave-dropper is able to intercepts the wireless Bluetooth signal transmitted between the card and a mobile device, without the knowledge of the AES session key, the eave-dropper will not be able to discern any meaningful information. Also, since the AES session key is different for every communication session, the eave-dropper will not be able to acquire an amount of encrypted data sufficient for brute-force analysis of the key or the clear data.
Public-key/asymmetric cryptographic co-processor. This coprocessor provides fast calculations for many public key-based algorithms, including RSA, El-Gamal/DSA, Diffie-Hellman, and Elliptic curve.
SPA/DPA/SEMA/DEMA-resistant. The cryptographic algorithms that are implemented on the card’s main processor and cryptographic coprocessor, especially those algorithms that involve secret/private keys, will be resistant against the following side-channel attacks: Simple Power Analysis (SPA), Differential Power Analysis (DPA), Simple Electromagnetic Analysis (SEMA), and Differential Electromagnetic Analysis (DEMA).
Selective Bluetooth pairing/connecting. Unlike some classes of Bluetooth devices such as headsets, mice, and keyboards, the card does not promiscuously connect to another Bluetooth device. The former either operates in the “Just Connect” mode or requires a common PIN code, such as “0000”, to make it easy for, say, a smart phone, to connect to. The card will connect and exchange data with a mobile Bluetooth device only if both of the following conditions are met:
− The card and the mobile device has successfully authenticated each other via a PKI-based challenge- response process. This process includes the verification on the public key certificate of the mobile device by the card, to ensure that the mobile device has been authorized by the card issuer to participate in an application.
− The cardholder has successfully authenticated himself to the card via multi-factor biometric authentication. The above conditions ensure that there’s no way for an ill-intended person to use a mobile device – be it the card’s holder stolen smart phone or a hacking device—to try to connect to the card and retrieve private information stored on it while the card sits unattended in the cardholder’s wallet, unless the cardholder authorizes it via a biometric authentication.
Please additionally find some background regarding the migration of magnetic strip technology to smart chip technology. (As you can see not only is our financial system in major transformation), but we also see an major move for the need for better authentication in the healthcare and medical device industry.
Download 1825
Download PKC, IBE and CLAE
Download October 2015: The End of the Swipe-and-Sign Credit Card - Corporate Intelligence - WSJ
