The average damage cost of a ransomware breach in the United States was valued at $4.62 millions in 2021 by IBM Research. SEAL SQ provides solutions to protect Data at rest, in-use or in motion.
Protecting Data at Rest & In Motion
Whether it’s to comply with data protection legislation and standards such as GDPR, HIPAA, or PCI DSS or to ensure they preserve their competitive advantage, companies must protect their sensitive information from both malicious outsiders and careless insiders.
The technologies that are used to protect data in each of its states include identity authentication, access control, data encryption, data integrity and non-repudiation. SEALSQ develops vertical solutions that implement these mechanisms by combining secure semiconductors and trust services.
Tamper resistant microcontrollers prevent access to the data, firmware and keys stored at-rest in hardware of computers, IoT nodes and endpoints like sensors or devices.
SEALSQ products use NIST recommended algorithms to securely encrypt the data at rest or in motion.
SEALSQ secure elements enable the TLS protocol to secure data in transit, while asymmetric cryptography provides stronger protection with unique keys
SEALSQ Secure device identity provisioning (VaultITrust) and lifecycle management (INeS) prevents impersonation attempts and allows roles, devices and users management along the lifecycle from a zero-trust factory to EOL.
The challenge: Encrypting the data & protecting keys
Among the common attacks are stealing the data and holding it for ransom, publicly exposing the data, covertly using the data to attack the owner, corrupting the data, or crippling the products and/or services of the owner(especially in the case of IoT networks). Data encryption and safe encryption-key storage is the last-standing and most critical digital security layer.
Data can be efficiently encrypted/decrypted using SEALSQ secure platforms like MS600X series or the VaultIC secure elements family. They can safely store keys and encrypt data using NIST validated hardware algorithms like AES, ECC or RSA. They have built-in physical protection mechanisms designed to defend against external tamper, bypass physical attacks and more.
SEALSQ Data Encryption
Encryption is required to secure data at all stages. While VaultIC secure elements are ideal chips to be embedded in an IoT device to provide the required secure algorithms and keys to encrypt data on the field before storing or sharing it, it is also possible to use the MS600X secure platform family to create secure encrypted cold storage devices..
Wide range of NIST Certified encryption Algorithms
Symmetric algorithms like AES(256), and also asymmetric like RSA
Certified and compliant
Encryption keys are protected inside tamper resistant chips complying with latest hardware and firmware protection standards (CC EAL5+ and FIPS 140-3).
Encryption via TLS
The VaultIC Series supports TLS which includes encryption of the data before sharing it with other devices, cloud servers etc.
The challenge: Ensure Data exchange only occurs among legitimate user/devices/applications
Data is more exposed to threats when being transmitted or processed: it can be stolen, altered or substituted via spoofing and man-in-the-middle techniques. Ubiquitous IoT devices, sensors and actuators communicating among themselves and with a cloud or private network are often the target, but also data being exchanged between different internal parts of a device or closed system (PC, factories, cars).
The Solution: SEALSQ device identity framework
SEALSQ provides trusted Digital-IDs and SaaS services to provision them securely into devices to enable mutual authentication and secure protocols like TLS. SEALSQ also provides Certificate Lifetime Management software (INeS) so trusted device identities can be centrally and securely managed through time.
Key Features & Benefits
SEALSQ Trusted Device Identity framework
Swiss based Root-of-Trust
Publicly trusted Certificate Authority Recognized by Browsers, Smart Phones, etc.
Provisioning & personalization SaaS Services (VaultITrust)
Certificate and key pair generation and injection services under CC EAL5+ secure environment, or over the air for Zero Trust environments.
Managed PKI Saas Platform (INeS)
Fully fledged managed PKI SaaS Platform including IoT Nodes certificates (X509), lifecycle management tools and APIs with AWS and AZURE.
We did it for them
Drone images signature and encryption using VaultIC40X
When French military forces use Parrot Drones for field inspection, it is key to protect the images and videos captured and transmitted by the drone. The below white paper explains how the Parrot ANAFI AI professional Drone can sign and encrypt each picture leveraging the VaultIC40X capabilities.