Cryptographic iButton^™ Overview

Making Life More Convenient and Secure
A physically secure co-processor to a terminal, PC, workstation, or server, the Crypto iButton opens up a whole new world of convenience. It connects to the 250 million existing computers with a $15 Blue Dot receptor. By simply pressing your Blue Dot with your iButton, you can:

• Be granted access privileges to sensitive information on a conditionally accessed Web page using challenge/response authentication.
• Sign documents so the recipient can be certain of their origin. For example, you can write and sign an expense report. Or you can author a newspaper story, sign it at your vacation home and email it to the publisher.
• Encrypt and decrypt messages, securing email for the intended eyes only.
• Conduct hassle-free monetary transactions-print your own electronic postage stamps (beta tests underway at the US Postal Service) or print, write, and sign your own electronic checks (coming soon to the network economy).

A Portable, Wearable Computer
What makes it even more secure is the fact that you wear it on a closely guarded accessory-a watch, a key chain, a wallet, a ring. Should you choose to add a PIN, you have the same two-factor security scheme (Bring Something, Know Something) used by Automatic Teller Machines to dispense cash.

The whole idea is that you wear your credential on a carefully guarded accessory. You can wear your iButton on a ring, a key chain, a badge, a wallet, a watch-something you've spent your entire life practicing how not to lose.

Here are a few more reasons why you might want to wear the Crypto iButton on the accessory that best fits your lifestyle:

• It's a safe place to keep the private keys you need to conduct transactions
• It overcomes the deficiencies of secret passwords
• You eliminate keystrokes with a quick, intentional press of the Blue Dot
• You use the computer at hand versus lugging yours everywhere you roam
• You become part of the network economy

The iButton was made to stand up to the hard knocks of everyday wear. Try to bend it; you can't. Drop it on the floor. Step on it. Forget to take it off while you go swimming. No problem. The sturdy button signet has been wear-tested for 10-year durability and 1 million hot contacts to a Blue Dot. While cards are fine for playing poker, they're not a safe place to keep a fragile chip that defines your digital identity.

The Crypto iButton's Extraordinary Security
You don't have to take our word for how secure this Crypto iButton really is. The National Institute of Standards (NIST) and the Canadian Security Establishment (CSE) have validated a version of the Crypto iButton for protection of sensitive, unclassified information. FIPS 140-1 validation assures government agencies that the products provide a trusted, physically secure module to properly protect secure information.

As a starting point for the iButton's extraordinary security, the stainless steel case of the device provides clear visual evidence of tampering. The 6K of SRAM included on the monolithic chip has been specially designed so that it will rapidly erase its contents as a tamper response to an intrusion. Rapid erasing of the SRAM memory is known as zeroization. Any attempts to uncover the private keys within the SRAM are thwarted because attackers have to both penetrate the iButton's barriers and read its contents in less than the time it takes to erase its private keys.

Specific intrusions that result in zeroization include:

• Opening the case
• Removing the chip's metallurgically bonded substrate barricade
• Micro-probing the chip
• Subjecting the chip to temperature extremes

In addition, if excessive voltage is encountered, the sole I/O pin is designed to fuse and render the chip inoperable.

As a further security measure, the Cryptographic iButton contains a True Time Clock that is a tamper-evident real-time clock. "True Time" differs from real time in that it is set by a reputable agent and its time cannot be reset and is forever increasing. This clock can be used to time stamp transactions. It can also be used to impose expiration dates for inspection intervals, whereby the iButton is required to periodically check in with a host.

The Crypto iButton is among the least counterfeitable devices ever made by man. In response to tampering, the Crypto iButton would rather erase the key than reveal its secrets. Would-be thieves cannot copy what they do not know-the private key.

The Java™ Connection
The Crypto iButton with Java has a Java virtual machine (VM) that is Java Card 2.0-compliant so you can tap into a powerful development tools to get your application up and running quickly.

The consumer does not want a pocket full of cards or buttons. The Java platform is the architecture that empowers one iButton to work with multiple independent service providers. With the ability to execute Java applets authored by different developers, many service provides can share the same iButton. The Crypto iButton allows dynamic applets to be downloaded; as a result, the iButton can be updated and revised after it is issued. Services not even envisioned today can be added to the button in the future by downloading applets.

While the iButton with Java can readily store the information that is on credit cards, its greatest promise lies in its capacity to interact with Internet applications to support strong remote authentication and remotely authorized financial transactions. The use of Java promotes compatibility with these applications by providing a common language for all applications.

Additional features of the iButton with Java include:

• 1024-Bit Math Accelerator: Performs public key cryptography in less than 1 second.

• Large Stacks: With 6Kbytes of existing NV RAM and the potential to expand to as much as 128Kbytes, the Crypto iButton can execute Java with a relatively large Java stack situated in NV RAM. This memory acts as conventional, high-speed RAM when the processor is executing, and the lithium preserves the complete state of the machine and the True Time Clock while the iButton is disconnected from the Blue Dot. There is therefore no requirement to deal with persistent objects in a special way; objects persist or not depending on their scope so the programmer has complete control.

• Garbage Collector: Just as in standard Java, the Crypto iButton contains a garbage collector that collects any objects that are out of scope and recycles the memory for future use. Applets can be loaded and unloaded from the iButton as often as needed.