W hite Pa p er
CmPrivate
The USB stick model also includes the CmPrivate partition for use with sensitive data. It only becomes
visible after entering a password or enabling it via the API. The data is stored in AES encrypted form,
making it uninteresting for hackers even when they overcome the considerable access restrictions. The
partition can also be set as read-only.
CmCdRom
The USB stick model comes with an additional CmCdRom partition which the host system recognizes as a
CD drive to write to. However, it cannot delete or overwrite any data in the partition, where applications
are typically stored. Mobile applications are launched in a secure environment that leaves no traces on
the host system. This is an important property not only for IT forensics specialists but for technicians on
maintenance calls who can use diagnostic applications that cannot be used in normal operations. The
partition can host a mobile lab or store important documents like user manuals or specifications for ready
access without Internet connections.
Applications
Gambling Machines
Gambling machines are exposed to a variety of potential threats as games must not be
copied or used in cloned machines. The machines themselves must not be tampered
with for illicit gains. Only licensed software from an authorized source must be used on
them. The software must be easy to replace without compromising security. A secure
storage medium fulfills all of these requirements.
Security-relevant Tasks:
Software integrity
Secure boot
Tamper-proofing
Licensing
Protection against reverse engineering
Advantages of the Combination Product:
Standard smart card format
CmCdRom partition for game code
CmSecure partition for licenses and log files
CodeMeter integrated for all security functions
Service Technicians and ATMs
Automatic bank teller machines are particularly at risk during maintenance. Their
security is protected only when authorized personnel get access to the relevant parts
for a limited time and predefined tasks. At the same time, service technicians need to
have all documents, testing applications, and relevant licenses for functions not yet
released with them on site. The ideal solution would have the entire set of user rights,
keys, and testing software in a small, handy, and easy-to-use package, while ensuring
that its loss or theft represents no major security risk. This is where the CmDongle
with flash memory storage in e.g. a USB stick form factor can apply all of its benefits.
Requirements:
8
Two-factor authentication with password and dongle
Ease of use
A single password for all protected applications
Individual passwords for each CmDongle and user
Mixed systems
Mobile use without network or Internet access
Time-bound licenses