Some things are worth remembering

The security of data has never had a higher profile than it does at present. Factors such as lost and stolen public data, a sudden increase in malware attacking the IT infrastructure of many manufacturers and data theft overtaking physical theft is the biggest crime problem for global business* all means that security is a bigger design issue than ever. But how do you ensure security in a non networked environment? Security in portable memory comes down to three factors. These are; the security achieved using the onboard capacity of the medium, the security offered by the physical form factor of the memory device and the security provided by restrictions on the supply of the device of itself.

Onboard security is exemplified by password protection or encryption. It’s possible to add this to any kind of memory device using security software to protect the drive itself. However, if anything this is even easier to achieve with industrial memory. One further advantage of industrial memory is that certain Datakey memory devices can be supplied with a guaranteed unique embedded serial number that cannot be changed. This helps facilitate duplication-proof data storage and discourages theft of the memory device itself. There are also inherent benefits here for the asset management of data. These are particularly pertinent for applications where data will be stored on portable memory devices rather than on networked machines.

For even more highly secure applications, Datakey’s CryptoMemory keys and tokens incorporate highly secure symmetric, dynamic, mutual authentication protocol integrated circuits. This adds security through the use of encrypted passwords, mutual authentication, data encryption, and encrypted checksums.

Form factor, or the physical shape of a device, plays a huge part in the security of an industrial memory device as well. The crux of the issue here is that an industrial memory key or token can only be read by the mating receptacle with which it is matched. As a result, staff can’t simply bring into work a token they use at home, which is riddled with viruses, and plug it into the OEMs device, as they could with a USB.

Of course, as well as securing a machine from the intentional or unintentional transmission of viruses, Trojans and other malware, form factor also makes it very difficult to steal data from an application. This latter risk is a huge concern for many manufacturers who are very conscious that they don’t want to see next year’s designs being leaked before they are ready.

Security of supply is perhaps the most important element of secure memory. When a customer buys a key or token from Datakey they will then only sell those keys or tokens to that customer. As a result, there is no grey market for the company’s keys and tokens in the same way that there is for consumer memory. Another option for OEMs is to physically brand their keys and tokens at the moulding stage, again reducing the likelihood of physical theft.

Clearly, if one chooses to integrate a single source item into a project, then you have to be certain that the item is going to be available for the long term. This is particularly true with regard to changing memory standards. There is a good chance that a consumer memory ‘standard’ incorporated into a project now may no longer be a ‘standard’ in a few years time. One only has to reference the move from SD cards to SDHC cards, which wasn’t backwards compatible, meaning that everyone who had built SD cards into a device had to re-engineer their project to fit the new memory ‘standard’.

This isn’t a problem with specialist industrial memory as the vast majority of products manufactured by Datakey are available for the long term life of the OEM’s product.

When building secure memory into an application, designers should consider the ease of interface, the ease of communication with the portable memory medium and the support provided to the OEM by the manufacturer. If the drivers, manuals and background data are all available in the form of an easy to use development kit, it will make things substantially easier when sitting at the drawing board.

In terms of programming languages, the company’s memory products will work with anything that is chosen to be put on the device and the source code can be used on any platform from XP downwards.

Intellectual property is amongst the most valuable assets in the electronics industry and it is regarded as no less important by the customers of most OEMS, both industrial and consumer. So, next time you are designing a product with built in portable memory, take a moment to consider the security implications. In order to avoid the kinds of data losses the UK public sector has encountered recently it may well prove beneficial to invest in specialist memory and avoid the pitfalls of over the counter consumer style devices.