May 23 02:38 [raw]
A persistent storage device like yubikey / usb drive with both a persistent storage rom and an ephemeral RAM chip that will hold data in memory temporarily and all data will be dumped and ephemeral memory wiped after inactivity or unplugging from USB port. Encryption, decryption, and signing keys are stored in encrypted format on the device, locked by a very large and complex symmetric key passphrase. A fingerprint / thumbprint scanner on the key. When the key device detects the correct biometric print: Encryption keys are decrypted into ephemeral memory. The firmware has no way to pass these decrypted keys off the device. Firmware can only process an input stream that returns an output stream using the key but can't send the key data. Data comes in through USB and is read into ephemeral memory, decrypted in ephemeral memory, then response sent back via USB. This way the crypto keys never leave the device and there is no way to read the crypto keys via USB. User can change the encrypted ROM keys with scan of thumbprint and index finger print and entry of password. Device can be reset, but will destroy all keys on the ROM. In alternative, have an option for device that can't be reset, that has keys hard coded at time of manufacture. Likely something like this can be manufactured for less than half the price of a smart phone.
|secure linux application containers||Dec 8 02:45||1|
|KASPERSKY INTERNET SECURITY 2019 - 366 DAYS (WINDOWS, MAC, ANDROID) ACTIVATION CODES SALE.||Dec 3 08:22||2|
|server admin question||Dec 2 08:04||1|
|Jesus Vs Buddha: 9 Major Differences||Nov 23 19:05||1|