Rosetta® Series II Smart Cards and USB Security Devices

The SPYRUS Rosetta Series II Smart Cards and USB Security Devices were a line of security products that provided strong encryption, authentication, non-repudiation, and auditing capabilities. They were available in two form factors: a smart card and a USB device.

Disclaimer: This is an archive of Spyrus Inc.’s legacy products. The Rosetta® Series II Smart Cards and USB Security Devices are no longer available; these resources are provided for informational purposes only.

About Spyrus

Spyrus specializes in comprehensive cybersecurity solutions, providing businesses with everything from in-depth audits and continuous monitoring to proactive penetration testing and rapid ransomware recovery. Our around-the-clock SOC services and targeted training programs empower your team to defend against and quickly respond to cyber threats, ensuring your operations remain secure and resilient.

About Product

The Rosetta Series II Smart Card was an ISO 7816-compliant public key, multi-application smart card. It features high-assurance security techniques to properly separate applications from crypto data, public key cryptographic techniques for industry-standard sign/verify operations, and advanced operating system and chip features.

Rosetta Series II USB was a reader-less smart card that can store authentication information, data, digital identity keys, and certificates. Rosetta USB has plug-and-play capability and moves with the user, providing a secure and encrypted vault for security information such as private keys, passwords and biometric templates.

A History of Proven Performance

The Rosetta Series II draws on over a decade of proven performance to provide the strongest possible security for such security-critical capabilities as PKI-based identity management, data security, data integrity, and non-repudiation—all in a compact, rugged, tamper-evident hardware case. When used with the companion En-Sign or SPYRUS Minidriver software, Rosetta Series II security devices provide support for standard application interfaces that use the Microsoft® Windows® Cryptographic API (CAPI) Cryptographic Service Provider (CSP), the Windows PC/SC smart card logon protocol, and the standard PKCS #11 interface used by some Web applications. Windows WHQL-certified drivers are available for Windows 2000, Windows Server 2003, Windows XP, Windows Server 2008, Windows Vista, Windows 7, and Windows 8.

Algorithm Support for the Future

SPYRUS is committed to keeping the Rosetta Series II smart card and USB security devices well ahead of the rest of the industry as cryptographic requirements change and evolve. As our customers require new algorithms and increased key lengths, SPYRUS now supports algorithms to include 2048-bit RSA, AES-128/192/256, and SHA-1/224/256/384/512 key lengths advocated by industry and the U.S. Government.

The Rosetta Series II is designed to support elliptic curve cryptography (ECC) using the high-strength P-256, P-384, and P-521 curves that meet or exceed U.S. Government Suite B standards. The ECDSA digital signature standard and the EC Diffie-Hellman key establishment schemes are supported in accordance with NIST SP 800-56 Key Establishment Guidelines.

Enhanced Random Number and Key Generation Security

The Rosetta Series II smart card and USB use the latest approaches to random number and key generation as recommended by the U. S. Government. A true hardware-based random-number generator (RNG) is extensively filtered, tested, and then used to seed an approved high-strength, hash-based algorithm. RSA keys are generated in accordance with the latest X9.31 specification, as required for FIPS 140-2 Level 3 certification. Particular care is taken with ECC operations to avoid possible side-channel attacks.

SPYRUS Cryptographic Operating System (SPYCOS®)

SPYCOS is a SPYRUS-developed secure operating system featuring high-assurance security techniques to properly isolate applications and application data, public key cryptographic techniques for industry standard sign/verify operations, and advanced operating system and chip features. SPYCOS design advantages include ISO 7816-1, 2, 3, 4 compliance and full support for the T=0 protocols. The SPYCOS file system is based on a flexible kernel-based EEPROM memory manager that provides dynamic non-volatile memory allocation. This feature allows the deletion of applications and the reuse of space, which significantly affects life cycle costs and application planning through the extensibility and flexibility of the application space.

Tamper-Proof Security

The Rosetta Series II family features a highly tamper-resistant and tamper-evident design. The cryptographic boundary is the chip itself, so that it can be embedded in other products for specialized applications. Rosetta Series II smart card and USB security devices never store the PIN on the device. The PIN is used to derive a decryption key used for validation. All private data on the card, including the keys, is stored in encrypted form using a variation of the PIN.


The design of the Rosetta Series II smart card and USB security devices provides a high-assurance security platform for application development and support:

  • Secure Document Transmission and Retention: Including high-strength encryption and digital signatures for applications such as secure e-mail.
  • Nonrepudiation applications: Digital signature private keys, once generated or loaded onto a Rosetta Series II smart card or USB, can never be exported or extracted from that device. Unique PINs can be assigned for nonrepudiation use, as opposed to encryption or authentication keys, to prevent confusion. Encryption keys can be securely archived onto another physical token or onto a virtual token that uses secret-sharing techniques for adequate key backup.
  • Electronic Notary: Digitally sign legal documents, including forensic evidence and audit logs, for uses such as Sarbanes-Oxley compliance.
  • Single Sign-On: Using Windows smart card logon, sign on to the network, Active Directory, and legacy applications. VPN and SSL/TLS mutual authentication applications are supported.
  • Secure Master Key Storage: Supports applications that use software encryption for file/disk encryption and high-speed streaming media while maintaining the master keys in a secure token. This provides cost-effective, high-security protection against the theft or surreptitious cloning of the entire file system of a client or server, including backup files and archives. SSL and EFS private keys can also be protected.
  • Code Signing: Supports digitally signed executable code, macros, and other assemblies. Compatible with Windows .NET Security Framework applications.
  • Microsoft Windows Compatibility: Rosetta Series II smart card and USB security devices, when used in combination with En-Sign software, provide a flexible, highly secure interface with Microsoft Windows applications. The Rosetta Series II security devices are fully supported by the SPYRUS Signal Identity Manager (Signal IM), which complements the Microsoft Windows Server 2003 Certificate Services with extended Registration Authority capabilities.

Cryptographic Functions

Rosetta Series II smart card and USB security devices are based on a versatile, algorithm-agile platform that supports secure storage of private keys and certificates and the following cryptographic functions on the device:

  • Anti-Tearing File Management: This feature prevents inappropriate termination of a transaction on the card due to early removal from the reader or power loss. Upon the next use of the card the transaction is completed. This can be viewed as a “fail-safe” mechanism.
  • Data Firewalling: This provides the ability to separate one user’s data from another.
  • Dynamic Memory Allocation: The SPYCOS File Allocation Table file system ensures that data files do not need contiguous sectors and that deleted file space can be reclaimed and reallocated as needed. This provides the ability to add and remove multiple certificates as required.
  • High Storage Capacity: Designed to hold over 20+ of X.509 version 3 certificates, depending upon certificate size and EEPROM.
  • Secure PIN-Based Key Protection: Multiple-level PIN protection for keys and data stored on the card.
  • Secure Firmware Update: This allows additional features to be added to the token, or conversely, features to be removed from the token. The firmware update is validated by the security device prior to acceptance.

Biometric Authentication

Rosetta Series II security devices support applications for biometric authentication to individual keys or classes of keys. The use of multiple and/or alternate fingers is also supported. Adding a biometric authentication factor is a powerful way to enforce nonrepudiation.

Our Services

We safeguard your systems and data so you can focus on your mission. We have security services for the following:

Contact Us

Reach out to us to strengthen your cybersecurity defenses. Our team is ready to assist with audits, penetration testing, and customized security solutions. Get in touch for a free consultation.

The Spyrus Security Insights Blog

Stay ahead of evolving cyber threats. Explore our blog for expert insights, best practices, and the latest news on cybersecurity trends affecting your business.