CypheRix

Evidence Recording Control Systems

The Control System is partitioned into two parts viz: a System Master and a Local User. The control system is common to all our Electronic Evidence Enrolment devices.

The System Master is the owner of the Certified Audio Recorder. The System Master is able to assign the recorder to specific Local Users. Once a Certified Audio Recorder has been re-assigned to a new Local User the previous Local User can no longer control the Certified Audio Recorder. This gives maximal operational flexibility as the System Master can create small User groups for sensitive cases or simple assign a Certified Audio Recorder to different departments (or geographic regions) as operation requirements change. The System Master can also decrypt all encrypted audio files.

Overview Of the Control of Audio Recorders

The Local User controls the daily operation of the Certified Audio Recorder.

The Local User maintains a database of all Certified Audio Recorder processing actions. This enables the Local User to keep track of all RSA keys in the Certificate Hierarchy in its database.

The Local User is able to upload the audio recordings from the Certified Audio Recorder using the USB port. The certified audio file is in a proprietary format. In order to listen to the recording on a PC the application can convert the proprietary certified audio format to a separate WAV file. Please note that the storage of the actual certified audio recording and the optional WAV file is done externally to the Local application due to the size of the files.

Should the USB Security tokens be present the Local User can also decrypt the audio recording and periodically update keys in the Certified Audio Recorder. This is to ensure that earlier recordings are not compromised in any manner should the Recorder be subsequently lost.

USB Security Tokens

As cryptographic keys are used to control the recorder and to decrypt the audio files USB-based security tokens are required to access the keys and to perform certain cryptographic operations.

The keys in the Data Bases are encrypted using a symmetric Super Master Key (SMK). The SMK is split into shares and stored on three, security modules. These three USB tokens are locked together and are referred to a 'triple'. At least two of the three USB security tokens are required in order to reconstitute the SMK. The SMK is held in SRAM and is erased when triggered by intrusion detectors or on loss of power.

All RSA cryptographic functionality takes place in the USB Security token to protect the secret exponents. The USB security tokens are able to perform many additional asymmetric and symmetric cryptographic functions and can be tailored for specific requirements. Please ask us for more information.