The Security Architecture OmniCrypt™

All Omnisec's security products are based on our unique and highly innovative security architecture OmniCrypt™.

Cryptography

Together with the secret Master Keys, the Omnisec encryption algorithms offer an unsurpassed measure of security. We rely on our stream ciphers for connection-oriented encryption and use our block cipher algorithms for the protocol- oriented encryption. Moreover, every Omnisec customer has the option of modifying these encryption algorithms, so that they – and only they – possess the full knowledge of their specific structure.

Key Management

Customer-specific Master Keys are automatically generated by the Security Module Programmer, a tamper-proof peripheral device, based on random white noise from a physical noise source on a computer without an external connection. These keys are securely stored in Security Modules (SMs). The SMs are inserted into the encryption devices by the customer. Once installed, the long-lived secret Master Keys generate short- lived Session Keys that are used only once. The proprietary AKA (Authenticated Key Agreement) procedure or secure online key updates enable network extensions without the physical distribution of additional Master Keys. The security procedures deployed make the reconstruction of Master Keys impossible.

Hardware

An encryption device forms the critical boundary between the secure “black” zone and the “red” zone in which sensitive information is available. This is why Omnisec designs hardware that prevents crosstalk between conductors bearing plain data and those with encrypted data . Additionally, tests in our own laboratories ensure that no plaindata can ever leave our devices through other paths, e.g. as radiation.

Operational Security

All functions and processes – the generation and renewal of keys as well as the permanent monitoring to prevent unprotected transmissions – occur automatically in the background. OmniCrypt excludes the human element as a factor of uncertainty. The relevant keys are never visible to any user of OmniCrypt-based devices and systems; no one is ever confronted with the responsibility for secret codes. So no Omnisec user can ever be blackmailed. The system guarantees this.

OmniCrypt Assurance

Security mechanisms only offer protection if they are correctly implemented. Omnisec enables its customers' own experts to verify the implementation of the cryptology in their products and systems.