Secure microcontrollers to protect data in cloud-based transactions
By combining Inside Secure’s secure microcontroller designs with patented HIS technology from Intrinsic-ID, the companies will use the unique physical characteristics of each chip to protect cryptographic keys, and thus make the devices extremely hard to clone or reverse engineer.
IC fabrication processes are subject to process variations from wafer to wafer and between individual dice on the same wafer, manifested as differences in the parametric performance of individual transistors and other components. These are variations that lie within the acceptable operating range of the devices. Process engineers normally strive to minimise these differences; the techniques developed by Intrinsic-ID exploit them. Once the IC has been fabricated, these measurable parameters are stable and render each chip unique. Extracting a set of such measurements from, say, a memory array yields a characteristic “signature” for an individual chip. Because the identity is dependent on an essentially random variability, it cannot be reproduced and gives rise to a “physically unclonable function” or PUF.
The Intrinsic-ID HIS technology built into a device such as a secure microcontroller generates cryptographic keys that do not depend on a value having to be stored in memory. Keys are generated at power-up, or on demand; no key material is present at rest, therefore a very high security level can be achieved.
The HIS-based microcontroller chips will be packaged in multiple formats, with the first being a USB smart card token to support the Intrinsic-ID Saturnus secure cloud application. The Saturnus application runs on mobile phones, tablets and PCs, and offers total protection of digital data stored in the cloud. With Saturnus, files are encrypted before they leave the device and are uploaded to the cloud. The encryption keys are generated and managed inside the (USB) hardware security token plugged into the user device making the Saturnus solution unique in the sense that key management is put back in the control of the end user.
The HIS technology developed by Intrinsic-ID offers an extra layer of protection for the already substantial dedicated anti-cloning and other physical security protections offered by all INSIDE secure microcontroller products.
“In addition to securing payment transactions, provisioning media content and protecting data in the cloud, the INSIDE Secure smart card chips and tokens will offer top-level security and key management flexibility to protect a whole new class of applications. These may include machine-to-machine, smart grid, track-and-trace and many other applications as they emerge from the rapidly developing Internet of Things,” said Pim Tuyls, CEO at Intrinsic-ID.
Data security for Dropbox users
Most recently, Intrinsic-ID has produced a packaged application of its Saturnus product, for Dropbox users. This new application enables enterprises to easily and securely protect digital assets stored and shared in the cloud, via software and a USB smartcard token. According to Intrinsic-ID, the product is particularly secure as there are no security backdoors in the system.
“With a billion files synched every day via Dropbox, the industry is clearly moving to a “synch and share” model, which provides greater flexibility and ease of use but also presents bigger security risks,” said Pim Tuyls, CEO of Intrinsic-ID. “Our announcement today takes this model to a new level by making security a seamless part of the equation. With our solution, users can easily ‘secure, synch and share’ their data and enterprises can be confident that the data is safe.”
Saturnus, says Intrinsic-ID, makes secure data access easy to manage and implement in enterprises; USB tokens can be handed out to employees, just like a badge to enter the building. Saturnus allows file-by-file encryption and sharing, so users can select the specific data they want to secure. Cloud storage and sharing is as easy, intuitive and fast as in Dropbox; as with Dropbox, files are synchronised automatically and security runs transparently in the background.
The Saturnus-for-Dropbox product comes as a bundle of the USB smart-card token and a three-year license of Saturnus software. Currently both Android 4.x and Windows XP/7 devices are supported.
Intrinsic-ID; www.intrinsic-id.com