Fortezza is an
information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
system that uses the Fortezza Crypto Card, a
PC Card
In computing, PC Card is a configuration for computer parallel communication peripheral interface, designed for laptop computers. Originally introduced as PCMCIA, the PC Card standard as well as its successors like CardBus were defined and devel ...
-based
security token
A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
. It was developed for the U.S. government's
Clipper chip
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, ...
project and has been used by the U.S. Government in various applications.
Each individual who is authorized to see protected information is issued a ''Fortezza card'' that stores
private keys and other data needed to gain access. It contains an NSA approved security microprocessor called ''
Capstone
CAPSTONE (Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment) is a lunar orbiter that will test and verify the calculated orbital stability planned for the Lunar Gateway space station. The spacecraft is a 12- ...
'' (
MYK-80) that implements the
Skipjack encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
algorithm.
The original Fortezza card (KOV-8) is a
Type 2 product which means it cannot be used for
classified information
Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...
. The most widely used
Type 1 encryption The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define ...
card is the KOV-12 Fortezza card which is used extensively for the
Defense Message System
The Defense Message System or Defense Messaging System (DMS) is a deployment of secure electronic mail and directory services in the United States Department of Defense. DMS was intended to replace the AUTODIN network, and is based on implementati ...
(DMS). The KOV-12 is cleared up to TOP SECRET/SCI. A later version, called
KOV-14
The KOV-14 Fortezza Plus is a US National Security Agency-approved PC card which provides encryption functions and key storage to the Secure Terminal Equipment and other devices. It is a tamper-resistant module based on the Mykotronx Krypton chip ...
or Fortezza Plus, uses a
Krypton microprocessor
Krypton (from grc, κρυπτός, translit=kryptos 'the hidden one') is a chemical element with the symbol Kr and atomic number 36. It is a colorless, odorless, tasteless noble gas that occurs in trace amounts in the atmosphere and is often ...
that implements stronger,
Type 1 encryption The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define ...
and may be used for information
classified up to TOP SECRET/SCI. It, in turn, is being replaced by the newer
KSV-21
The KSV-21 Enhanced Crypto Card is a US National Security Agency-approved PC card that provides Type 1 encryption functions and key storage to the STE secure telephones and other devices.
The KSV-21 was originally built by SafeNet but has since ...
PC card with more modern algorithms and additional capabilities.
The cards are interchangeable within the many types of equipment that support Fortezza and can be rekeyed and reprogrammed by the owners, making them easy to issue and reuse. This simplifies the process of rekeying equipment for crypto changes: instead of requiring an expensive
fill device
A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.
Older mechanical encryption systems, such as rotor machin ...
, a technician is able to put a new Fortezza card in the device's PCMCIA slot.
The Fortezza Plus card and its successors are used with NSA's
Secure Terminal Equipment
Secure Terminal Equipment (STE) is the U.S. government's current (), encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128 kbit/s ...
voice and data encryption systems that are replacing the
STU-III
STU-III (Secure Telephone Unit - third generation) is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephone ...
. It is manufactured by the
Mykotronx
SafeNet, Inc. was an information security company based in Belcamp, Maryland, United States, which was acquired in August 2014 by the French security company Gemalto. Gemalto was, in turn, acquired by Thales Group in 2019. The former SafeNet's ...
Corporation and by
Spyrus. Each card costs about $240 and they are commonly used with card readers sold by
Litronic Corporation.
The Fortezza card has been used in government, military, and banking applications to protect sensitive data.
References
*
*
*
*
*
*{{cite book, author=Peter Gutmann, title=Cryptographic security architecture: design and verification, chapter-url=https://books.google.com/books?id=MKcaOgrUYoMC&pg=PA236, accessdate=16 February 2012, year=2004, publisher=Springer, location=New York, isbn=978-0-387-95387-8, pages=236–237, chapter=The Capstone/Fortezza Generator
External links
SafeNet web site (Mykotronx is a division of SafeNet)Spyrus web siteLitronic web site
National Security Agency encryption devices