<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial>
<DIV><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>This is Robert Wann and I am representing Enova
Technology. I'd like to respond to your published article about the so called
"False Sense of Security" for balanced review.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>My comments follow my signature line and I look
forward to your publishing of our comments (Vendor Comments) to the same
sites to balance the view and to give us an opportunity defending ourselves.
Thank you and I look forward to hearing from you.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2>Robert Wann</FONT></DIV>
<DIV><FONT face=Arial size=2>CTO</FONT></DIV>
<DIV><FONT face=Arial size=2>Enova Technology</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="">http://www.enovatech.com</A></FONT></DIV>
<DIV><FONT face=Arial size=2>Office +886 3 577 2767</FONT></DIV>
<DIV><FONT face=Arial size=2>Fax +886 3 577 2770</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<DIV><FONT face=Arial
size=2>--------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>Here Enova Technology comments</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt">Speaking of
X-Wall not being able to hold the secret of the secret key, it is actually an
intended engineering design and has been praised by many well known
cryptographers. As X-Wall does not equip with any none-volatile memory and
all the secret keys reside in the volatile memory, the security of data-at-rest
is guaranteed as long as the power is shut down or the computer goes into
hibernation state. The design was meant for the authentication part to hold the
secret value as it makes sense that secret key will only be released upon
correct authentication. Advantage in this design also guarantee there won’t be a
risk of secret been extracted going through sophisticated semiconductor layer
extraction method.<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-FAMILY: 新細明體; mso-font-kerning: 0pt; mso-bidi-font-family: 新細明體"> <o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt">Speaking of
the Enova key fob, there is a reverse diode that safeguards the accidental
insertion of the key fob into a real 1394 (firewire) port that carries voltage
more than 18 Volts. As a result, damage to the key fob due to mismatch of the
firewire port can be avoided.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt">We would
agree that a capable engineer would be able to apply electrical wire onto
the serial bus and snoop the protocol to get to the secret key. But this is
our simplest and basic design which was engineered to educate/show most of our
customers how the X-Wall will be actually functioning. To show the exact
opposite, we also engineered a sophisticated FIPS certified smartcard
authenticated X-Wall design (to view more details, visit our website at <A
href=""><FONT
color=#800080>http://www.enovatech.net/products/reference/secureusb_pro.htm</FONT></A>).
Being said, to snoop an electrical protocol maybe still a bit tougher than
simply installing a key logger or camera for the password entry. Anyway, to
conduct such hot plug electrical protocol attack, the attacker needs to get hold
of the key fob as well as the circuit board and X-Walled hard drive.
<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt">To prevent
serial bus sniffing, apply the harden epoxy on the X-Wall such that it
creates chemical effect with the molding compound of the X-Wall to
effectively avoid such attack as the attempts to use special dissolvent
would effectively destroy the molding compound of the X-Wall thus destroy the
circuitry. Alternatively, use the FIPS certified authentication mechanism
to hold the secret key, which can only be released upon correct
authentication.</SPAN></P>
<P class=MsoNormal
style="MARGIN: 0cm 0cm 0pt; mso-pagination: widow-orphan"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-font-kerning: 0pt">------------------------------</SPAN></P></DIV></DIV></FONT></DIV></FONT></DIV></BODY></HTML>