German government officials including Chancellor Angela Merkel could soon be communicating about classified matters using BlackBerry Z10 smartphones equipped with a new micro-SD card from SecuSmart.
The German Federal Office for Information Security and the government procurement office have selected the combination of phone and card for protecting classified communications, according to SecuSmart, which is showing the SecuSuite card at the Cebit trade show in Hanover, Germany this week.
SecuSuite encrypts voice and data, unlike previous SecuSmart mobile encryption products, which could only encrypt voice. They, however, worked with several smartphone platforms, while SecuSuite is only available for the Z10, because it builds on the security of the BlackBerry Balance feature separating personal apps and documents from work ones.
The card contains 4GB of flash memory for storing encrypted documents, and the smartcard chip that performs the encryption. The security keys are stored in the smartcard, and protected by a PIN, much like a mobile phone SIM.
The card can encrypt a voice bitstream of around 10kbps (kilobits per second), according to SecuSmart CEO Hans-Christoph Quelle. As long as the phone is connected to an EDGE mobile network, there is no perceptible difference in call quality or latency between encrypted and unencrypted calls, he said.
At 10kbps, it would take too long to decrypt the card's 4GB of storage, so for data SecuSmart takes another approach: The chip secures the keys used by the BlackBerry 10 OS to encrypt the phone's "business" partition. If the SecuSuite card is removed from the phone, the keys are no longer available and the "business" apps and documents can no longer be accessed. In the "personal" partition, details of previously visible business appointments are hidden, with the time marked simply as busy.
The encryption keys in the card are associated with a public key infrastructure (PKI). For commercial customers, the PKI will be SecuSmart itself, while the German government will run its own key infrastructure, said Quelle. Calls can be encrypted end to end for any two phones associated with the same PKI, Quelle said. A call can also be encrypted between a mobile and a SIP gateway associated with the same PKI, so that it can be routed to landlines.
German government approval puts SecuSmart a step closer to landing other government contracts, Quelle said. If another European security certification agency approves the card, then it will automatically be approved for communications at "EU Restricted" level, he said.
Such security doesn't come cheap: The German government has agreed to pay ¬2,500 (US$3,252) for phones equipped with the chip.
Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.