News Article | May 25, 2017
SPARTAN CLOUD is First Product Released, Enables Secure Connection to Major Cloud Platforms Based on Transport Layer Security (TLS) SUNNYVALE, CA--(Marketwired - May 25, 2017) - Intrinsic ID, a leading provider of authentication technology for Internet of Things security and other embedded applications, today announced the availability of SPARTAN™, a family of authentication solutions for IoT devices. SPARTAN enables device makers for the first time to ensure authentication based on digital identities derived from the silicon fingerprint of a chip that can be created at any point in the supply chain. "SPARTAN is the logical next piece in our IoT security portfolio," said Pim Tuyls, chief executive officer of Intrinsic ID. "SPARTAN builds on the key creation capabilities of our BROADKEY product and the key provisioning of CITADEL to deliver strong, hardware-based authentication instantiated in software, which therefore escapes the availability, scalability and cost limitations that plague traditional security methods such as secure elements. This approach takes into account principles for IoT security issued by the Department of Homeland Security last year." In November 2016 the U.S. Department of Homeland Security announced issuance of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0, which highlights approaches and suggested practices to fortify the security of the IoT and equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. The first member of the SPARTAN product family is SPARTAN CLOUD, which is available immediately. SPARTAN CLOUD is embedded security software for IoT devices to establish a secure Transport Layer Security (TLS)-based connection to major cloud platforms, including Amazon Web Services, Microsoft Azure IoT Hub and Google Cloud Platform. It provides seamless integration with cloud-connected applications via a library based on the MQTT messaging protocol. Use cases include cloud-based data collection and processing from trusted IoT sensor nodes; smart home devices controlled from the cloud; smart city infrastructure; and smart health monitoring services. SPARTAN CLOUD offers several advantages over traditional methods applied to similar use cases. The strong, SRAM PUF-derived chip identity means the chip cannot be cloned by copying non-volatile memory (NVM) information from one chip to another. No sensitive data is stored in NVM so the device's private key is reconstructed on the fly from SRAM PUF. Since standard SRAM memory is used, the solution can be widely deployed in nearly any digital chip. The reconstructed private key is used directly by the Transport Layer Security (TLS) stack for client authentication towards the cloud server. The solution integrates seamlessly with the MQTT protocol library that is offered by the cloud provider to connect to its services. Intrinsic ID partners have expressed enthusiasm at the SPARTAN announcement. "The integration of Intrinsic ID's SRAM PUF technology in our eSecure module has resulted in very successful custom security development," said Thierry Watteyne, chief executive officer of Barco Silex. "I expect the extension of Intrinsic ID expertise which resulted in the SPARTAN authentication product family to benefit both our partnership and service to mutual customers." "Authentico and Intrinsic ID have both focused on taking new approaches to longtime security issues, and the development of SPARTAN demonstrates their innovative mindset," said Philip Lundin, chief executive officer of Authentico. "We at Authentico are focused on bringing traditional password security to a much higher level by implementing state-of-the-art protected password storage schemes based on SRAM PUF. We look forward to working with the Intrinsic ID team to apply SRAM PUF to protect human authentication based on passwords." "The need to guarantee the authenticity of IoT devices is bringing intense pressure to device and system manufacturers, and that pressure will only continue to increase," Tuyls said. "Device authentication must be both certain and cost effective as IoT devices continue to become not only more ubiquitous, but more critical." SPARTAN utilizes Intrinsic ID's SRAM Physical Unclonable Function -- or SRAM PUF -- technology that forms the basis for other Intrinsic ID products. SRAM PUF technology extracts a chip's silicon fingerprint and derives from it a cryptographic root key, which is unique to a particular SRAM and hence a particular chip. Intrinsic ID products utilize the root key to derive additional cryptographic keys that serve as the foundation for ensuring a device's security. Forthcoming members of the SPARTAN family include SPARTAN LIGHT, a small-footprint embedded authentication solution for securing an identity between a chip and a host. SPARTAN LIGHT embodies a number of advantages over traditional authentication -- it is more secure because it contains no sensitive data in the chip's NVM, and is unclonable because copying the NVM content does not copy the key. Because it works with standard SRAM, available in nearly any digital chip, it can be deployed widely. Furthermore it imposes only a small footprint on the authenticating device and therefore bears a low cost. Use cases include sensor authentication; microcontroller authentication; engine control unit (ECU) authentication, particularly suitable to automotive applications; and consumable authentication, applicable for batteries. Other future members of the SPARTAN product family include SPARTAN BROADCAST, tailored to protection of broadcast data based on asymmetric cryptography, and SPARTAN SECURE CHANNEL, which provides mutual authentication between chips as part of establishing a Secure Authenticated Channel, a method of transferring data which is resistant to overhearing and tampering. SPARTAN CLOUD is available now and will be demonstrated at Intrinsic ID's Spring Security Summit today in Mountain View. Intrinsic ID is the world's leading digital authentication company for the Internet of Things (IoT) and embedded applications. It is the inventor of SRAM Physical Unclonable Function, or SRAM PUF, leveraging manufacturing variations in semiconductors to create unique IDs and keys to authenticate chips, data, devices and systems. Through its flexibility, scalability and low implementation cost, Intrinsic ID products address the security needs of the fast-growing IoT market. Its solutions are used to validate payment systems, secure connectivity, authenticate sensors, and protect sensitive government and military data and systems. Intrinsic ID's award recognition includes the EU 2016 Innovation Radar Prize, which honors high-potential innovations and innovators in EU-funded research. Intrinsic ID's SRAM PUF technology has been proven in millions of devices and in products that have passed certification by Common Criteria Evaluation Assurance Level (EAL6+), EMVCo, Visa and multiple governments. Visit Intrinsic ID online at www.Intrinsic-ID.com. Intrinsic ID, the Intrinsic ID logo, BROADKEY, CITADEL and SPARTAN are trademarks or registered trademarks of Intrinsic ID, Inc., and are protected by trademark laws of the United States and other jurisdictions. All other product and company names are trademarks or registered trademarks of their respective companies.
Intrinsic-ID | Date: 2017-08-23
An electronic cryptographic device (100) comprising a physically unclonable function (PUF) (110) and an enrollment unit (142) arranged to generate a first PUF data during the enrollment phase, the first PUF data being derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data comprising a first helper data. The first PUF data is transmitted to an electronic server during an enrollment phase. The device comprises a use-phase unit (144) arranged to generate a second PUF data derived from a second noisy bit string during a use phase. The first helper data is received from the server in response to transmitting the second PUF data. An error corrector (160) is arranged to apply the first helper data to the second noisy bit string.
Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2011.9.2 | Award Amount: 1.32M | Year: 2012
Physically Unclonable Functions (PUFs) are used to uniquely identify electronic components and to protect valuable objects against counterfeiting. They allow creating a root of trust in a hardware system through generating device-unique fingerprints and deriving secret keys from the underlying physical properties of the silicon. Today they are typically found in specially designed hardware components and result from the silicon properties of individual transistors. They exist in many forms, among which are the so-called SRAM PUFs.\n\nThis project intends to study and show the existence of SRAM PUFs and other types of PUFs in standard PCs, laptops, mobile phones and consumer electronics. This has not been attempted so far. The mere existence of physical properties that depend on a component and are reproducible is only the first step to guarantee appropriate robustness, reliability and randomness properties for use as secret keys or trust anchors in mass-market applications. By uncovering the security properties of PUFs in standard components such as graphical processing units, central processing units and PCI connectors, this project will provide the first intrinsic and long-wanted basis for security in everyones most common computing platforms: standard PCs and similar hardware. This new root of trust in turn adds security for mass-market applications, replacing or complementing the role of a trusted platform module and enabling security for applications such as broadcast applications, content protection for the gaming industry and secure day-to-day transactions for everyone. The results of the project will allow for the first time an a priori open platform, the most difficult element to secure in an information-technology system today, to inherit security properties from its own identity and its intrinsic physical properties.
Agency: European Commission | Branch: FP7 | Program: BSG-SME | Phase: SME-2013-1 | Award Amount: 1.49M | Year: 2014
With a mobile wallet the mobile phone becomes a secure storage unit for credit cards, tickets, loyalty cards and keys. Mobile wallets available today require the use of a physical chip, a secure element that is costly to gain access to and has limited storage capacity. As opposed to a physical wallet that usually contains identity cards; no mobile wallet available today can provide the electronic equivalent the electronic identity (eID) because there are no solutions that provide the required level of security. To make the mobile wallet a real alternative to the physical wallet, there is a need for more storage capacity and higher security levels. Our idea is to develop a high-security wallet framework that can be used in combination with mobile wallets from various providers. Combined with a secure element implemented in software, improved authentication methods and our Trusted Service Manager (TSM) back-end system we will be able to provide complete life-cycle management for services with all security levels. The use of a secure software element combined with our TSM architecture will provide a neutral point of contact between the users and the service provider, provide a cost-efficient solution for over-the air provisioning of mobile phones and reduce user lock-in imposed by mobile operators or mobile phone manufacturers. Service providers with low security requirements will benefit from our innovations through easier access to the users and reduced costs for provisioning. Our innovation will aid the roll-out of eIDs in European countries by improving user-friendliness. This is an important step towards improving European eGovernment infrastructure. We, the SMEs will benefit from increased revenue and sales of the developed technology and expect 5 years post project an accumulated turnover of 168 million from selling the new HighTrustWallet, creating an estimated 1120 jobs.
Agency: European Commission | Branch: H2020 | Program: ECSEL-RIA | Phase: ECSEL-06-2015 | Award Amount: 38.85M | Year: 2015
The goal of the PRIME project is to establish an open Ultra Low Power (ULP) Technology Platform containing all necessary design and architecture blocks and components which could enable the European industry to increase and strengthen their competitive and leading eco-system and benefit from market opportunities created by the Internet of Things (IoT) revolution. Over 3 years the project will develop and demonstrate the key building blocks of IoT ULP systems driven by the applications in the medical, agricultural, domestics and security domains. This will include development of high performance, energy efficient and cost effective technology platform, flexible design ecosystem (including IP and design flow), changes in architectural and power management to reduced energy consumption, security blocks based on PUF and finally the System of Chip and System in Package memory banks and processing implementations for IoT sensor node systems. Developped advanced as 22nm FDSOI low power technologies with logic, analog, RF and embedded new memory components (STT RAM and RRAM) together with innovative design and system architecture solutions will be used to build macros and demonstrate functionality and power reduction advantage of the new IoT device components. The PRIME project will realize several demonstrators of IoT system building blocks to show the proposed low power wireless solutions, functionality and performance of delivered design and technology blocks. The consortium semiconductor ecosystem (IDMs, design houses, R&D, tools & wafer suppliers, foundries, system/product providers) covers complementarily all desired areas of expertise to achieve the project goals. The project will enable an increase in Europes innovation capability in the area of ULP Technology, design and applications, creation of a competitive European eco-system and help to identify market leadership opportunities in security, mobility, healthcare and smart cost competitive manufacturing.
Intrinsic-ID | Date: 2015-09-24
Some embodiments are directed to a cryptographic method for providing an electronic first device, an electronic second device and an electronic intermediary device, the cryptographic method establishing a cryptographically protected communication channel between the first device and the second device. The method comprises establishing a session identifier (SID) between the first device and the intermediary device. The first device sends the session identifier and a first key element to the second device over an out-of-band channel. The second device sends a registration message comprising the session identifier to the intermediary device. The first and second device can communicate through the intermediary device protected using a shared key derived at the first and second device.
Intrinsic-ID | Date: 2014-10-18
The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier.
Intrinsic-ID | Date: 2012-04-05
A random number generating system for generating a sequence of random numbers comprising a memory, the memory being writable, volatile and configured such that the memory contains an at least partially random memory content upon each powering-up of the memory, an instantiating unit configured for seeding the random number generating system with a seed dependent upon the at least partially random memory content, the sequence of random numbers being generated in dependence upon the seed, and an over-writing unit configured for over-writing at least part of the memory with random numbers generated by the random number generating system in dependence upon the seed.
Intrinsic-ID | Date: 2013-09-10
Intrinsic-ID | Date: 2012-11-23
A cryptographic system for reproducibly establishing a reliable data string, such as a cryptographic key, from a noisy physically unclonable function (PUF, 110) is provided. The system comprises a hard decision decoder (150) to decode a first multiple of error correctable data words to obtain a second multiple of corrected and decoded data words and a reliability information extractor (180) to determine reliability information, e.g. soft decision information, that is indicative of a reliability of corrected and decoded data words. The system further comprises a soft decision decoder (160) configured to use the reliability information to decode at least one further correctable data word. Error correcting a PUF using reliability information decreases the false rejection rate.