微軟採用nCipher的硬體安全模組(HSM)與時戳(Time Stamping)技術以保護及鑑識其所發行之軟體 (2007/8/6)
微軟(Microsoft)公司已採用nCipher的HSM 與 Time Stamping技術來保護其商業發行的軟體. 微軟的Authenticode協訂是用來為軟體程式碼做數位簽章, 以證明軟體來源及確保軟體沒有被篡改過. nCipher的HSM與電子時戳硬體設備就是用來實現Authenticode 的重要元件.
nCipher's hardware security modules and time stamping technology deployed by Microsoft to authenticate software
nCipher technology used to publish Microsoft software products and as part of the Microsoft Authenticode
August 6, 2007
nCipher plc (LSE: NCH), a global leader in protecting critical enterprise data, announces that Microsoft Corporation is using nCipher’s hardware security modules (HSMs) and time stamping technology to help protect its commercially published software. nCipher’s HSMs and time stamping hardware are important components in securing the underlying cryptography and time stamps used as part of the Microsoft Authenticode protocol for digitally signing software in order to prove its authenticity and determine that the software has not been modified, potentially for malicious purposes.
Authenticode code signing is at the heart of a broad initiative championed by Microsoft to identify software authored by commercial and corporate application developers, helping to assure users of the code’s origin and that the code has not been tampered with since its publication as it executes on Microsoft platforms. The recent launch of Windows Vista makes it more evident to the user whether or not they are downloading an application that has not been signed.
“Authenticode is a critical technology for helping to build confidence and trust in computing,” says David B. Cross, director of Program Management for Windows Security at Microsoft. “nCipher’s technology is a vital component and a critical part of the signing process for Microsoft software.”
Microsoft Authenticode is a technology provided by Microsoft to its developer community to enable the signing and time stamping of code that is to be published and shared with others. Digital signatures provide a proven way to establish the software’s authenticity and expose any attempt to tamper with the code. However, the security provided by a digital signature is directly related to the measures taken to protect the cryptographic keys on which they are based. Furthermore, digital signatures have a finite life and can expire long before the code itself becomes obsolete. For this reason the additional use of a time-stamp is required to ensure that the original signature can always be validated even after the original certificate has expired.?
“There is no doubt that the use of Authenticode will become even more prevalent and valuable as software providers increasingly distribute software online rather than as a pre-packaged shrink-wrapped product,” says Richard Moulds, vice president marketing at nCipher. “Microsoft’s decision to use our time stamping technology and hardware security modules as the backbone of its own Authenticode deployment upholds the well established best practice of performing sensitive cryptographic functions and the associated key management tasks within a trusted hardware device. nCipher is working with the Microsoft developer community to adopt the same high standards as Microsoft as the best way to protect their brand and deliver tangible security benefits to their customers”.
nCipher's Time Stamp Server (TSS) is an easily deployed and cost effective time stamping solution that supports the Authenticode protocol in a convenient appliance package. It allows software developers to utilize secure digital signatures and auditable time stamping functionality as part of the software publishing process. nCipher’s TSS is fundamental to an Authenticode implementation by removing the traditional reliance on the host computer’s system clock, which is vulnerable to tampering. The TSS appliance provides an accurate and verifiable time-stamp, produced within the tamper-resistant boundary of an embedded nCipher HSM and can be calibrated and synchronized to independently provided calibration and audit services, such as the service maintained by NIST.
nCipher 台灣地區代理商: 玉山科技股份有限公司 http://www.asiapeak.com
玉山科技 版權所有 © Copyright AsiaPeak 2006, All Rights Reserved