The Axis security system uses a trusted hardware based security device, in the form of a removable, changeable Smart Card, and the encryption/decryption engine inside the Heber Security Device (HSD) to perform a security check. The security check is managed by the CPU, but because the CPU is untrusted it must not be able to see the information being passed between the HSD and the Smart Card.
The CPU initiates the security check in a timely manner and must regularly perform a security check. An encrypted security key is stored within the program code. The security key must be provided to the HSD. The HSD then produces a random number that is encrypted using the provided security key. This key is stored in the application program code in an encrypted form.
The HSD will decrypt the key and use the real key to encrypt the random number produced by itself and return this data to the CPU so that it can be sent to the Smart Card. The Smart Card will receive the data and using its own copy of the security key to decrypt the data sent from the HSD and perform a known operation on this random number. The result is then encrypted and send back to the HSD via the CPU. The CPU only has a copy of the encrypted data, the encrypted security key and this information is of no use to it without the HSD and Smart Card security device pair. The HSD will decrypt the result and confirm that the operation occurred successfully. If the result occurred successfully then the HSD will allow I/O operations to occur for another time period.
Heber provides a Smart Card security device. The Smart Card contains a security key and a session key that must be protected by the game producer because the Smart Card will issue these keys for security authentication. A security key is a key that can be used to unlock the Axis specific I/O and should be used for no other purposes.
This security key is provided in two formats:
This security key is then compiled into the developer's game application and is provided to the Heber Security Device at each step of the security authentication. This Smart Card is used by the game developer to produce an application specific unlocking mechanism.
A session key is a key that is stored in the game specific Smart Card that can be used by the game to encrypt or decrypt a block of data using the hardware encryption engine. These session keys are stored in the Smart Card and requested by the game application to decrypt or encrypt application information.