Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Similar documents
Software Hardware Binding with Quiddikey

PUF Physical Unclonable Functions

Industry 4.0: Cyber-Security Challenges on the Horizon

Trusted Platforms for Homeland Security

OMAP platform security features

M-Shield mobile security technology

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Software Piracy Overview of Anti-Tampering Technologies. Scott Baeder Sr. Architect Cadence Design Systems

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Anti-Counterfeiting with Hardware Intrinsic Security

SecureD Technical Overview

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

CHASE Survey on 6 Most Important Topics in Hardware Security

Embedded Java & Secure Element for high security in IoT systems

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Introducing etoken. What is etoken?

MOBILE SMARTPHONES AS SECURE SIGNATURE-CREATION DEVICES

SecureDoc Disk Encryption Cryptographic Engine

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

How Drive Encryption Works

ACER ProShield. Table of Contents

Windows Embedded Security and Surveillance Solutions

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

FPGAs for Trusted Cloud Computing

BroadSAFE Enhanced IP Phone Networks

RoverPal - A Mobile Payment Application

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

TPM. (Trusted Platform Module) Installation Guide V2.1

IoT Security Concerns and Renesas Synergy Solutions

BBM Protected Secure mobile

Secure Network Communications FIPS Non Proprietary Security Policy

Delivering Analytics that Scale

BUSINESS INTELLIGENCE ANALYTICS

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

Middleware- Driven Mobile Applications

PRIME IDENTITY MANAGEMENT CORE

Cisco Trust Anchor Technologies

Security Policy for FIPS Validation

VasonaLink TM Product Introduction

The Convergence of IT Security and Physical Access Control

Management of VMware ESXi. on HP ProLiant Servers

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Executive Summary P 1. ActivIdentity

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

A10 ADC Return On Investment

How Endpoint Encryption Works

Horst Görtz Institute for IT-Security

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

White Paper: Whole Disk Encryption

Key & Data Storage on Mobile Devices

CryptoFirewall Technology Introduction

Hardware Security Modules for Protecting Embedded Systems

Programación de Sistemas Empotrados y Móviles (PSEM)

The VMware Reference Architecture for Stateless Virtual Desktops with VMware View 4.5

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

Reviving smart card analysis

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

TestScape. On-line, test data management and root cause analysis system. On-line Visibility. Ease of Use. Modular and Scalable.

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

SHE Secure Hardware Extension

How To Use Cmk On An Ipa (Intralinks) On A Pc Or Mac Mac (Apple) On An Iphone Or Ipa On A Mac Or Ipad (Apple Mac) On Pc Or Ipat (Apple

IoT Security Platform

YubiKey Integration for Full Disk Encryption

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P:

Logically Reconfigurable PUFs: Memory-Based Secure Key Storage

Internet of Things. Opportunities for device differentiation

Intel Identity Protection Technology with PKI (Intel IPT with PKI)

Deriving a Trusted Mobile Identity from an Existing Credential

Entrust Smartcard & USB Authentication

Applying Cryptography as a Service to Mobile Applications

Managed Portable Security Devices

Digital identity: Toward more convenient, more secure online authentication

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets

Getting Started with Apple Pay on the Authorize.Net Platform

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Secure Hardware PV018 Masaryk University Faculty of Informatics

ARE AGENTS NECESSARY FOR ACCURATE MONITORING?

Intel Identity Protection Technology (IPT)

How To Use A Vmware View For A Patient Care System

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

Technical Paper. Moving SAS Applications from a Physical to a Virtual VMware Environment

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

Using RFID Technology to Stop Counterfeiting

How Secure is Authentication?

Data Protection: From PKI to Virtualization & Cloud

The Convergence of IT Security and Physical Access Control

Android pay. Frequently asked questions

Sharpen your document and data security HP Security solutions for imaging and printing

Transcription:

Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life

Confidentio : An integrated security processing unit offering a key management module, encryption engine and a random number generator. The tremendous growth in the use of mobile devices and internet connectivity gives rise to a whole new range of possibilities such as mobile payments, internet-based provisioning of media and software apps and cloud storage facilities to keep all our digital data at hand, everywhere and anytime. But security remains a concern: people s identities get stolen and abused, credit card data is tampered with and the piracy of media content and software apps is skyrocketing. To address these problems a strong security solution is required that is based on secret key storage and crypto functionality that can easily be deployed on mobile devices. Building such security solutions poses many challenges: How can secret keys be stored in a way that they cannot be tampered with, so that cloning of systems is prevented? How can one control the programming of secret keys in the field without relying on a chip or system manufacturer? How can one achieve an efficient and secure integration of key storage functionality with cryptographic functions like encryption/decryption, random number generation, etc.? How can one avoid a significant increase in the cost of devices by adding security? How can one retrofit existing embedded systems, phones, tablets, PCs with top-level security without spending long cycles in a hardware re-spin?

Confidentio is an integrated securityprocessing unit that serves as a root of trust in mobile applications such as: mobile payment, media content provisioning and securing the cloud. Confidentio comprises a hardware IP core that targets secure element implementations in: SIM/smartcard, Secure SDCard and embedded secure elements in mobile devices. It supports PPC, Intel, ARM, MIPS and other popular CPU architectures (custom or proprietary) and it provides a natural fit as root of trust in a GlobalPlatform compliant Trusted Execution Environment (TEE). Furthermore, Confidentio comprises a software module that connects to the hardware IP core and provides a high level API for easy integration with other software applications. Confidentio comes with an out-of-the-box support for the Intrinsic-ID s Saturnus Security Framework SDK that enables developers to take full advantage of the enhanced security in their apps. Secure your digital life

What is Confidentio? Confidentio is an integrated and optimized IP solution that offers superior security at a smaller silicon and/or software footprint compared with alternative solutions based on key storage in secure non-volatile memory and individual crypto cores. It combines: 1. Intrinsic-ID s flagship product Quiddikey for secret key storage 2. Intrinsic-ID s random number generator irng for generating strong cryptographic keys 3. An AES encryption/decryption engine Confidentio is the world s first and only encryption module that has a built-in key storage functionality without requiring embedded non-volatile memory, making Confidentio -SC the corner stone of a Secure Element solution. Confidentio is used for: content protection, secure transactions, secure boot and secure file storage in the cloud using the device unique fingerprint originating from deep submicron manufacturing process variations. Its flexible key management is designed to enable usage of multiple cryptographic keys, providing secure storage of personal keys and content keys for secure file storage and other applications. Confidentio integrates seamlessly into existing customer platforms. Hardware Intrinsic Security Instead of storing keys in non-volatile memory (typically secure EEPROM or E-fuses), Confidentio TM -SC allows for secure key extraction and programming from unique physical properties of the underlying hardware. This patented approach is called Hardware Intrinsic Security (HIS) and makes use of Physical Unclonable Functions (PUFs). The principle can best be described as biometrics for electronic devices and uses the device unique start-up values of an uninitialized SRAM block.

How does Confidentio work? Confidentio consists of two components: 1. a software security library with a fixed interface to the Confidentio hardware core i.e., a software driver for Confidentio TM 2. the Confidentio hardware core itself The Hardware Intrinsic Security (HIS) functionality can be implemented both in hardware (into the chip) or software/firmware (run as executable on an embedded CPU). In both cases it will use the start-up values of an SRAM memory to protect data on systems and in the cloud. It binds data with the hardware of a particular device. The only hardware component needed to be able to use HIS is a small block of SRAM. Customers and OEMs can build their own secure applications on top of Confidentio, directly accessing the Confidentio TM API. Each application can program its own secret keys. Furthermore, on most mobile and desktop platforms, developers can leverage can leverage the Saturnus Security Framework SDK (separate product). This is a software library that enables access to Confidentio TM, adding enhanced security functions and supporting e.g., authentication, secure cloud access, mobile payment. It is available for popular mobile platforms and provides backwards-compatibility to devices that do not have Confidentio TM. Figure 1: Confidentio TM components

An application can generate its device unique cryptographic master key by running the enrollment procedure. This is a one-time step in which SRAM PUF data are read out and a non-sensitive Activation Code (AC) is output. The application can store this AC in its private memory space. Random content keys can then be generated and stored in encrypted form on the device. These encrypted keys can be used by Confidentio to encrypt and decrypt content. Hence no key data needs to be stored in plain on the device. Figure 2: Confidentio TM HW core Cloning and counterfeit protection Copying the Activation Code to another device results in a non-functional device, since that device s SRAM PUF data does not match with this activation and key code. Even a physical clone of another device together with all the data stored on the device will not create a new functional product. This protects the system against cloning and counterfeiting.

Unique features Superior anti-tamper and anti-cloning protection based on HIS. Integrated security processing unit with secret key storage, AES encryption and decryption engine and random number generator Targets secure element implementations Supports PPC, Intel, ARM, MIPS and other popular CPU architectures including custom and/or proprietary CPUs Root of trust for media content provisioning and securing the cloud Natural fit as root of trust in a GlobalPlatform compliant Trusted Execution Environment (TEE). Flexible and secure key programming of multiple, cryptographically separated keys without requiring non-volatile memory on the target device. Out-of-the-box support for the Intrinsic- ID s Saturnus Security Framework SDK. Benefits Uses only a small block of standard SRAM applicable in all process nodes. Easy and fast integration in hardware - pure digital logic hardware component. Fast-track implementations in software. Cost efficient small silicon area and/or software footprint. Enables killer differentiating applications: secure cloud, payments, content protection, etc.. Based on best-in-class and industryproven Physical Unclonable Function technology.

Wish to learn more about Confidentio TM? Contact or visit us High Tech Campus 9 5656 AE Eindhoven The Netherlands Tel: +31 40 851 90 20 sales@intrinsic-id.com www.intrinsic-id.com Intrinsic-ID is the world-wide leader in security IP cores and applications based on Hardware Intrinsic Security, also referred to as Physical Unclonable Function (PUF). HIS enables a total protection of electronic data in the cloud and on other electronic systems. It prevents counterfeiting and cloning of systems, piracy of media content and software apps, theft of identity, and software reverse engineering. and financial losses by securing mobile payments. Intrinsic-ID was founded in 2008 as a spin-out of Royal Philips Electronics and has its headquarters in The Netherlands. Sales offices are located in: USA, Japan and Korea. Copyright 2014 Intrinsic-ID B.V. Intrinsic-ID, Quiddikey, Quiddicard, Saturnus, irng and other designated brands included herein are trademarks of Intrinsic-ID. All other trademarks are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information