Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. RoT contains highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. Roots of trust provide a firm foundation from which to build security and trust. Because cryptographic security is dependent on keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures, RoT schemes generally include a hardened hardware module. A principal example is the hardware security module (HSM) which generates and protects keys and performs cryptographic functions within its secure environment.
An electronic transaction can be considered secure if one or several of the following criteria
can be met:
- Authenticity: We can assure the origin of the transaction (e.g. the person that signed an electronic document).
- Integrity: We can ensure that the transaction has not been tampered (e.g. the electronic signature)
Because an HSM is for all intents and purposes inaccessible outside the computer ecosystem, that ecosystem can trust the keys and other cryptographic information it receives from the root of trust module to be authentic and authorized. This is particularly important as the Internet of Things (IoT) proliferates, because to avoid being hacked, components of computing ecosystems need a way to determine information they receive is authentic. The RoT safeguards the security of data and applications and helps to build trust in the overall ecosystem.
Roots of Trust is a critical component of any Public-Key Infrastructure (PKI) to generate and protect Trust Anchor (Certificate Authority) and Certificate Authority keys; CodeSigning to ensure software remains secure, unaltered and authentic; and creating certificates for credentialing and authenticating proprietary devices and other network deployments.
PKI uses cryptographic techniques based in public/private key pairs—two keys with a unique mathematical relationship. Public-key cryptography works in such a way that a message encrypted with the public key can only be decrypted with the private key, and, conversely, a message signed with a private key can be verified with the public key. This technology is the foundation to build the four pillars of transaction security: confidentiality, authentication, integrity, and nonrepudiation.
Related Products
Related Articles
Yubico Launches YubiHSM 2: The World’s Smallest and Best Price/Performance Hardware Security Module, Providing Root of Trust for Servers and Computing Devices
PALO ALTO, CA – October 31, 2017 – Yubico, the leading provider of authentication and encryption hardware devices for the modern web, today launched the YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways. The
SPYRUS, Inc. Security Products to Meet DFARS 252.204-7012 Deadline for the Protection of Controlled Unclassified Information (CUI)
SAN JOSE, CA--(Marketwired - Oct 16, 2017) - SPYRUS, Inc. today announced the immediate availability of SPYRUS® security products supporting the December 31, 2017 DFARS Clause 252.204-7012 deadline for "Safeguarding Covered Defense Information and Cyber Incident Reporting." Recent guidance from
Converged Credentials: Understanding the Decision Points
Converged Credentials, or multi-application smart cards, are built on card architecture designs that perform multiple tasks across various ecosystems and domains. Their construction requires a thorough understanding of the issues facing security, utility, conflicts, and costs. This paper highlights
SPYRUS collaborates with Microsoft to accelerate secure Internet of Things solutions
San Jose, CA – September 25, 2017, SPYRUS, Inc. today announced it has joined Microsoft Azure Certified for Internet of Things (IoT), ensuring customers get secure IoT solutions up and running quickly with hardware and software
Versasec, a Leader in Smart Card Management Systems Unveils Latest Version of vSEC:CMS S-Series
New York, NY, August 04, 2017 -- Versasec, the leader in smart card management systems, today introduced version 4.9 of its vSEC:CMS S-Series identity and access management solution. This updated version of the company's flagship product includes a variety
Versasec, PrimeKey Formalize Working Relationship
Versasec, the leader in smart card management systems (CMS), and PrimeKey Solutions AB, a Swedish based world leading provider of advanced, open source public key infrastructure (PKI) solutions, announced today they have formalized their working relationship to benefit the