With SecuSmart chip, German officials free to talk and type securely on BlackBerry Z10

The German government has selected a micro-SD format smartcard from SecuSmart to secure its mobile voice and data communications

German government officials including Chancellor Angela Merkel could soon be communicating about classified matters using BlackBerry Z10 smartphones equipped with a new micro-SD card from SecuSmart.

The German Federal Office for Information Security and the government procurement office have selected the combination of phone and card for protecting classified communications, according to SecuSmart, which is showing the SecuSuite card at the Cebit trade show in Hanover, Germany this week.

SecuSuite encrypts voice and data, unlike previous SecuSmart mobile encryption products, which could only encrypt voice. They, however, worked with several smartphone platforms, while SecuSuite is only available for the Z10, because it builds on the security of the BlackBerry Balance feature separating personal apps and documents from work ones.

The card contains 4GB of flash memory for storing encrypted documents, and the smartcard chip that performs the encryption. The security keys are stored in the smartcard, and protected by a PIN, much like a mobile phone SIM.

The card can encrypt a voice bitstream of around 10kbps (kilobits per second), according to SecuSmart CEO Hans-Christoph Quelle. As long as the phone is connected to an EDGE mobile network, there is no perceptible difference in call quality or latency between encrypted and unencrypted calls, he said.

At 10kbps, it would take too long to decrypt the card's 4GB of storage, so for data SecuSmart takes another approach: The chip secures the keys used by the BlackBerry 10 OS to encrypt the phone's "business" partition. If the SecuSuite card is removed from the phone, the keys are no longer available and the "business" apps and documents can no longer be accessed. In the "personal" partition, details of previously visible business appointments are hidden, with the time marked simply as busy.

The encryption keys in the card are associated with a public key infrastructure (PKI). For commercial customers, the PKI will be SecuSmart itself, while the German government will run its own key infrastructure, said Quelle. Calls can be encrypted end to end for any two phones associated with the same PKI, Quelle said. A call can also be encrypted between a mobile and a SIP gateway associated with the same PKI, so that it can be routed to landlines.

German government approval puts SecuSmart a step closer to landing other government contracts, Quelle said. If another European security certification agency approves the card, then it will automatically be approved for communications at "EU Restricted" level, he said.

Such security doesn't come cheap: The German government has agreed to pay ¬2,500 (US$3,252) for phones equipped with the chip.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationcebitSecuSmartsecuritymobile securityAccess control and authenticationmobiledata protectionprivacy

More about BlackBerryEUIDGQuelle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place