SECURITY ENCLAVE IP

WITH INTEGRATED

WORLD'S LEADING 

PUF

Cryptographic keys are at the heart of any security architecture and need to be protected from attackers to ensure device security. That is why Silex Insight and Intrinsic ID join forces to deliver a security solution for the IoT. It enables hardware-based key storage, key provisioning and cryptographic operations within a security enclave / Root of Trust – even for IoT chip vendors for which security is not a core competency. Together we have pre-integrated and pre-validated a hardware IP solution suitable for any IoT chip that handles provisioning and storing cryptographic keys securely.

Silex Insight & Intrinsic ID Join Forces

As the integration of the Intrinsic ID’s SRAM PUF technology in our eSecure module has already been successful for custom security developments, we are sure that this collaboration will result in added value for our security products and our mutual customers.

Pieter Willems

VP of Global Sales

and Marketing

Our Combined Solution

This unique solution combines hardware security engines from Silex Insight with high performance accelerators for symmetric and asymmetric cryptography together with the patented Intrinsic ID SRAM PUF technology for key generation and military-grade secure storage.

Security Solution For The IoT

Enables inclusion of hardware-based key storage, key provisioning and cryptographic operations within a security enclave.

Provides The Strongest Security Architecture

Any IoT chip manufacturer can now provide a security architecture that ensures its customers have the strongest possible foundation to create the secure devices that the IoT so desperately requires.

Our partnership with  Silex Insight yields a more tightly integrated approach that will make it easier for our mutual customers to implement advanced security solutions for IoT devices, as well as other critical applications such as securing payments.

Vincent van der Leest

Director Product 

Marketing

Can Be Added In Hardware To Any IoT Chip

We have pre-integrated and pre-validated a solution that can be used for provisioning and storing cryptographic keys securely.

eSecure - Security Enclave

The eSecure IP is a single subsystem for SoC/ASIC/FPGA to address key security challenges, playing the role of Root-of-Trust. The module is highly flexible and fits all applications of the heterogeneous Internet-of-Things ecosystem, from the ultra-low power sensor to the connected car. 

Scalable & Flexible

  • Customizable - No fixed configurations & performances
  • Supports a very broad and recent crypto functions

It can also be configured to have the appropriate trade-off between resources and performances for specific customer applications

Best-in-class Security

  • No external devices & no additional components 

Easier to interfere a communication between 2 components if physical access to the device

  • Keeps the typical “secure key storage” 

Even without embedded Flash

Broad Range of High Performance Cryptos

  • Ideal for network packet encryption or crypto offloading
  • Includes a AXI DMA interface to the Host memory space 

Keeping the key hidden from the host CPU 

Secure OTA Updates

  • Lifecycle management
  • The eSecure IP can be updated using secure SW update Over-the-air (OTA) without reloading new keys
  • New features/updates/removal can quickly be implemented

Secure Boot

  • Execute authenticated and trusted software
  • Prevent malicious code execution

Small Footprint

  • Reduced board area, board layers
  • Less complexity at the PCB level

Time-to-market Acceleration

  • Smooth integration of the eSecure IP
  • No need for a new chip for new features/updates/removal

OTA available

Cost Effective

  • Lower product cost, replacing many discrete components with one chip
  • Less components = reduced inventory cost

Secure Debugging

  • Authenticate and protect in-the-field
  • Perform secure failure analysis/RMA

Certificate based 

Set permissions levels 

Public key cryptograph

Easy integration

  • No security chip needed on the board so straightforward implementation

QuiddiKey Hardware IP (PUF)

Intrinsic ID QuiddiKey® is a hardware IP solution that enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys without the need for adding costly, security-dedicated silicon. It uses the inherently random start-up values of SRAM as a physical unclonable function (PUF), which generates the entropy required for a strong hardware root of trust. QuiddiKey IP can be applied easily to almost any chip – from tiny microcontrollers (MCUs) to high-performance systems-on-chip (SoCs).

Features

  • Uses standard SRAM start-up values as a PUF to create a hardware root of trust
  • Root key is never stored, but re-created from the PUF each time it is needed
  • Offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device
  • Keys are bound to the device and can only be recreated and accessed on the device they have been created on 
  • Configurations can be customized for your application
  • Custom driver API for easy integration 
  • Deployed in hundreds of millions of production devices over more than a decade

Benefits

  • Offers a higher level of security than traditional key storage in NVM such as secure flash, OTP or e-fuses
  • Enables designers to create and store an unlimited number of keys securely in unprotected NVM on/off chip
  • Minimizes overhead through optimized hardware design
  • Eliminates the need for centralized key management and programming
  • Highly reliable secure key storage solution in the most advanced technology nodes

Security Enclave with the world’s leading PUF

The eSecure IP is a complete standalone module that enables security applications by shielding the secret information from the non-secure application running on the main processor. The firewall prevents any unauthorized access to the secret data. The secure controller embedded in the eSecure module keeps full control of the execution of the security functions. In some designs, the secure controller can be optionally virtualized in the host processor. Customers have received PSA Level 3 certification. The eSecure is delivered with end-to-end secure debugging solution.

The solution combines Intrinsic ID’s patented SRAM PUF technology for key generation and military-grade secure storage with Silex Insight’s hardware security engines with high-performance accelerators for symmetric and asymmetric cryptography. With this combined solution, any IoT chip manufacturer can provide a security architecture that ensures its customers have the strongest possible foundation to create the secure devices that the IoT so desperately requires.

QuiddiKey Hardware IP (PUF) for generating and storing cryptographic keys

Supports Crypto Offloading

Wide range of cryptographic algorithms

Asymmetric: RSA/ECC/ECDSA/Curve25519/EdDSA/SRP/J-PAKE ... 
Symmetric: AES/SHA/ChaCha20-Poly1305/ARIA … TRNG + DRBG (NIST 800-90A/B/C)

Algorithms specific to the Chinese market

Asymmetric: SM2/SM9Symmetric: SM3/SM4/ZUC

Post-quantum cryptography (PQC) algorithms

Secure Any Application

The Security Enclave IP is a very efficient solution to enable any secure application on chip. The hardware module shielded from the main processor brings a high level of security. Also the hardware offloading of the cryptographic operations from the main processor to the eSecure module guarantees a low power operation. The Security Enclave IP module is tuned to the target application in terms of feature and performance.

WE'VE GOT YOUR

SECURITY COVERED!

Answer ALL Your Security Needs

FPGA Chip

Secured System-on-Chips (SoC)

Device Unique Identity

Proven Root-of-Trust for use with ASICs

Prevents counterfeiting and cloning

Secure boot

Identify and trust your devices

- Execute authenticated and trusted software

- Prevent malicious code execution


- Uniquely identify each manufactured part

- Authenticate your device

Authenticate your code at run-time

Device rights management

Secure software update (Field upgradable)

Attestation

Anti-rollback protection

Device decommissioning

Secure Storage of Secret Information

Secure Debugging

FPGA Chip

Confidentiality and authenticity is guaranteed

Authenticate and protect in-the-field

Store secret assets

Perform secure failure analysis/RMA

- In protected and unprotected storage

- Certificate based

- Set permission levels

- Public key cryptography

Confidentiality & authenticity

- Achieved with strong cryptographic algorithms

Secure key provisioning

- Key revocation

Ready-to-sell

Side-channel Attack Protection

Secure Communication

Protect against external physical attacks

Only using the most secure & latest algorithms

Unique efficiency DPA countermeasures

- AES        - Public Key Accelerator       - SM4

TLS/DTLS (TLS/SSL 1.2/1.3)
IPsec and MACsec
Thread networking, Apple Homekit,Bluetooth, Zigbee and more

Anti-tampering

- Multiple tamper detection mechanisms

- Configurable depending on threat model

- Digital sensors

Get our Brochure

Interested to know more about our solution?

Feel free to get in touch with us

Rue Emile Francqui 11,1435 Mont-Saint-Guibert, Belgium
Tel: +32 10 45 49 04E-mail: contact@silexinsight.comWeb: www.silexinsight.com

Silex Insight is a recognized market-leading independent supplier of Security IP solutions for embedded systems The security platforms and solutions from Silex Insight include flexible and high-performance crypto engines which are easy to integrate and an eSecure IP module that provides a complete security solution for all platforms. Developments take place at the headquarters near Brussels, Belgium.

710 Lakeway Drive, Suite 100 Sunnyvale,CA 94085-4047, US
Tel: +1 408-933-9980E-mail: info@intrinsic-id.comWeb: www.intrinsic-id.com

Intrinsic ID is the world’s leading provider of security IP for embedded systems based on PUF technology. The technology provides an additional level of hardware security utilizing the inherent uniqueness in each and every silicon chip. The IP can be delivered in hardware or software and can be applied easily to almost any chip – from tiny microcontrollers to high-performance FPGAs – and at any stage of a product’s lifecycle.

Copyright © 2022. All rights reserved.