• No results found

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

                     

Confidentio™

Integrated security processing unit

Including key management module,

encryption engine and random number

generator

(2)

Confidentio™:

An integrated security

processing unit offering a key

management module,

encryption engine and a

random number generator.

The tremendous growth in the use of mobile devices and internet connectivity gives rise to a whole new range of possibilities such as

mobile payments, internet-based provisioning

of media and software apps and cloud storage facilities to keep all our digital data at hand, everywhere and anytime.

But security remains a concern: people’s identities get stolen and abused, credit card data is tampered with and the piracy of media content and software apps is skyrocketing. To address these problems a strong security solution is required that is based on secret key storage and crypto functionality that can easily be deployed on mobile devices.

Building such security solutions poses many challenges:

§ How can secret keys be stored in a way that they cannot be tampered with, so that cloning of systems is prevented?

§ How can one control the programming of secret keys in the field without relying on a chip or system manufacturer?

§ How can one achieve an efficient and secure integration of key storage functionality with cryptographic functions like encryption/decryption, random number generation, etc.? § How can one avoid a significant increase in the cost of devices by adding security?

§ How can one retrofit existing embedded systems, phones, tablets, PCs with top-level security without spending long cycles in a hardware re-spin?

(3)

Confidentio™ is an integrated

security-processing unit that serves as a root of trust in mobile applications such as: mobile payment, media content provisioning and securing the cloud.

Confidentio™ comprises a hardware IP core that targets secure element implementations in: SIM/smartcard, Secure SDCard and embedded secure elements in mobile devices.

It supports PPC, Intel, ARM, MIPS and other popular CPU architectures (custom or proprietary) and it provides a natural fit as ‘root of trust’ in a GlobalPlatform compliant Trusted Execution Environment (TEE).

Furthermore, Confidentio™ comprises a software module that connects to the hardware IP core and provides a high level API for easy integration with other software applications.

Confidentio™ comes with an ‘out-of-the-box’ support for the Intrinsic-ID’s Saturnus® Security Framework SDK that enables developers to take full advantage of the enhanced security in their apps.

Secure your digital life™

(4)

What is Confidentio™ ?

Confidentio™ is an integrated and optimized IP solution that offers superior security at a smaller silicon and/or software footprint compared with alternative solutions based on key storage in secure non-volatile memory and individual crypto cores. It combines:

1. Intrinsic-ID’s flagship product Quiddikey® for secret key storage

2. Intrinsic-ID’s random number generator iRNG for generating strong cryptographic keys 3. An AES encryption/decryption engine

Confidentio™ is the world’s first and only encryption module that has a built-in key storage

functionality without requiring embedded non-volatile memory, making Confidentio™-SC the corner stone of a Secure Element solution.

Confidentio™ is used for: content protection, secure transactions, secure boot and secure file storage in the cloud using the device unique fingerprint originating from deep submicron manufacturing process variations. Its flexible key management is designed to enable usage of multiple cryptographic keys, providing secure storage of personal keys and content keys for secure file storage and other applications.

Confidentio™ integrates seamlessly into existing customer platforms.

Hardware Intrinsic Security™

Instead of storing keys in non-volatile memory (typically secure EEPROM or E-fuses),

ConfidentioTM-SC allows for secure key extraction and programming from unique physical properties of the underlying hardware. This patented approach is called Hardware Intrinsic Security™ (HIS) and makes use of Physical Unclonable Functions (PUFs). The principle can best be described as “biometrics for electronic devices” and uses the device unique start-up values of an uninitialized SRAM block.

(5)

How does Confidentio™ work?

Confidentio™ consists of two components:

1. a software security library with a fixed interface to the Confidentio™ hardware core i.e., a software driver for ConfidentioTM

2. the Confidentio™ hardware core itself

The Hardware Intrinsic Security™ (HIS) functionality can be implemented both in hardware (into the chip) or software/firmware (run as executable on an embedded CPU). In both cases it will use the start-up values of an SRAM memory to protect data on systems and in the cloud. It binds data with the hardware of a particular device. The only hardware component needed to be able to use HIS is a small block of SRAM.

Customers and OEMs can build their own secure applications on top of Confidentio™, directly accessing the ConfidentioTM API. Each application can program its own secret keys.

Furthermore, on most mobile and desktop platforms, developers can leverage can leverage the Saturnus® Security Framework SDK (separate product). This is a software library that enables access to ConfidentioTM, adding enhanced security functions and supporting e.g., authentication, secure cloud access, mobile payment. It is available for popular mobile platforms and provides backwards-compatibility to devices that do not have ConfidentioTM.

     

(6)

An application can generate its device unique cryptographic master key by running the enrollment procedure. This is a one-time step in which SRAM PUF data are read out and a non-sensitive Activation Code (AC) is output. The application can store this AC in its private memory space. Random content keys can then be generated and stored in encrypted form on the device. These encrypted keys can be used by Confidentio™ to encrypt and decrypt content. Hence no key data needs to be stored in plain on the device.

   

Cloning and counterfeit protection

Copying the Activation Code to another device results in a non-functional device, since that device’s SRAM PUF data does not match with this activation and key code.

Even a physical clone of another device together with all the data stored on the device will not create a new functional product. This protects the system against cloning and counterfeiting.

(7)

Unique features

§ Superior anti-tamper and anti-cloning protection based on HIS.

§ Integrated security processing unit with secret key storage, AES encryption and decryption engine and random number generator

§ Targets secure element implementations § Supports PPC, Intel, ARM, MIPS and

other popular CPU architectures including custom and/or proprietary CPUs

§ Root of trust for media content provisioning and securing the cloud § Natural fit as ‘root of trust’ in a

GlobalPlatform compliant Trusted Execution Environment (TEE).

§ Flexible and secure key programming of multiple, cryptographically separated keys without requiring non-volatile memory on the target device.

§ ‘Out-of-the-box’ support for the Intrinsic-ID’s Saturnus® Security Framework SDK.

Benefits

§ Uses only a small block of standard SRAM – applicable in all process nodes.

§ Easy and fast integration in hardware - pure digital logic hardware component. § Fast-track implementations in software. § Cost efficient – small silicon area and/or

software footprint.

§ Enables ‘killer’ differentiating applications: secure cloud, payments, content

protection, etc..

§ Based on best-in-class and industry-proven Physical Unclonable Function technology.

(8)

Wish to learn more about

Confidentio

TM

?

Contact or visit us High Tech Campus 9 5656 AE Eindhoven The Netherlands Tel: +31 40 851 90 20 [email protected] www.intrinsic-id.com

Intrinsic-ID is the world-wide leader in security IP cores and applications based on Hardware

Intrinsic Security™, also referred to as Physical Unclonable Function (PUF).

HIS enables a total protection of electronic data in the cloud and on other electronic systems. It prevents counterfeiting and cloning of systems, piracy of media content and software apps, theft of identity, and software reverse engineering. and financial losses by securing mobile payments. Intrinsic-ID was founded in 2008 as a spin-out of Royal Philips Electronics and has its headquarters in The Netherlands. Sales offices are located in: USA, Japan and Korea.

                  © Copyright 2014 Intrinsic-ID B.V.

Intrinsic-ID, Quiddikey, Quiddicard, Saturnus, iRNG and other designated brands included herein are trademarks of Intrinsic-ID. All other

References

Download now ( PDF - 8 Page - 2.45 MB )

Related documents

Current Methodologies for Incorporating Ground Motion Incoherency in SSI Analysis using SASSI

The new TF-Summation Method is similar to TF-SRSS except, after solving for each significant mode of the coherency matrix with a phase angle of zero, the contribution of the effects

Böhm, Ramona (2013): Kombination der Rekombinationssysteme Cre/loxP und Dre/rox für den genetischen rescue in knockout-Mausmodellen am Beispiel der mitochondrialen Thioredoxinreduktase. Dissertation, LMU München: Tierärztliche Fakultät

Der knockout wurde durch Kreuzung einer unter dem Einfluß des pankreasspezifischen Ptf1a-Promotors stehenden Cre-transgenen Mauslinie mit einer von loxP-Sequenzen flankierten

MultiSourcDSim: an integrated approach for exploring disease similarity

The degree distribution of disease similarity networks We adopt gene-disease associations, GO biological process-disease associations and symptom-disease asso- ciations as the

Theuerkauf_unc_0153D_16050.pdf

Storms appear to be the primary drivers of rapid transitions from a barrier island site functioning as a carbon sink to carbon source because they induce large amounts of carbon

Residents’ Perception in the Impact of Tourism Support Services on Poverty Alleviation in Calabar, Cross River State, Nigeria

The research findings shows that the existing tourism support services have tremendously contributed to the socio- economic development of Calabar as evidenced in the

UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT. No EMRETTA HINMAN; WILLIAM HINMAN,

We are thus satisfied that the District Judge did not abuse his discretion in denying the motion to recuse because a reasonable person with knowledge of these facts would not

A Survey on Query based Automatic Text Summarization

International Journal of Scientific Research in Computer Science, Engineering and Information Technology CSEIT1833539 | Received 01 April 2018 | Accepted 10 April 2018 | March April 2018

Collaborative Consumption and the Consumer

The collaborative consumption movement 5 Source: kokonsum.org Source: collaborativeconsumption.com Source: http://ouishare.net/ Source: www.thepeoplewhoshare.com