With SecuSmart chip, German officials free to talk and type securely on BlackBerry Z10

The German government has selected a micro-SD format smartcard from SecuSmart to secure its mobile voice and data communications
  • Peter Sayer (IDG News Service)
  • — 08 March, 2013 16:59

German government officials including Chancellor Angela Merkel could soon be communicating about classified matters using BlackBerry Z10 smartphones equipped with a new micro-SD card from SecuSmart.

The German Federal Office for Information Security and the government procurement office have selected the combination of phone and card for protecting classified communications, according to SecuSmart, which is showing the SecuSuite card at the Cebit trade show in Hanover, Germany this week.

SecuSuite encrypts voice and data, unlike previous SecuSmart mobile encryption products, which could only encrypt voice. They, however, worked with several smartphone platforms, while SecuSuite is only available for the Z10, because it builds on the security of the BlackBerry Balance feature separating personal apps and documents from work ones.

The card contains 4GB of flash memory for storing encrypted documents, and the smartcard chip that performs the encryption. The security keys are stored in the smartcard, and protected by a PIN, much like a mobile phone SIM.

The card can encrypt a voice bitstream of around 10kbps (kilobits per second), according to SecuSmart CEO Hans-Christoph Quelle. As long as the phone is connected to an EDGE mobile network, there is no perceptible difference in call quality or latency between encrypted and unencrypted calls, he said.

At 10kbps, it would take too long to decrypt the card's 4GB of storage, so for data SecuSmart takes another approach: The chip secures the keys used by the BlackBerry 10 OS to encrypt the phone's "business" partition. If the SecuSuite card is removed from the phone, the keys are no longer available and the "business" apps and documents can no longer be accessed. In the "personal" partition, details of previously visible business appointments are hidden, with the time marked simply as busy.

The encryption keys in the card are associated with a public key infrastructure (PKI). For commercial customers, the PKI will be SecuSmart itself, while the German government will run its own key infrastructure, said Quelle. Calls can be encrypted end to end for any two phones associated with the same PKI, Quelle said. A call can also be encrypted between a mobile and a SIP gateway associated with the same PKI, so that it can be routed to landlines.

German government approval puts SecuSmart a step closer to landing other government contracts, Quelle said. If another European security certification agency approves the card, then it will automatically be approved for communications at "EU Restricted" level, he said.

Such security doesn't come cheap: The German government has agreed to pay ¬2,500 (US$3,252) for phones equipped with the chip.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Tags: SecuSmart, cebit, telecommunication, security, Access control and authentication, mobile security, data protection, mobile, privacy

Espionage outpacing financial crime as better reporting improves security picture: Verizon

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Data Loss Prevention

Comprehensive Data Loss Prevention Lowers Cost and Complexity

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.