English
You are here:
PUF-based Secure Crypto Co-processor
PUFiot is a novel high-security crypto co-processor. Compared with traditional security SoC design (embedded HSM with secure core or discrete crypto components), PUFiot can provide a much easier to adopt hardware RoT with less vulnerability, quickly improving the security level for any system without additional loading on the processor core or operating system.
Keys and other sensitive information are well-protected and accessible only in the PUFiot; The keys inside PUFiot are well-defined and access-controlled by hardware. PUFiot also includes a kill function for architects to permanently delete the hardware key.
The security boundary for PUFiot is quite robust, based on a physical separation of hardware, with less vulnerability than a software-only barrier. The on-board PUF is a naturally well-protected source of static entropy, suitable for SoC architects to build a system’s key hierarchy using established key generation and management procedures. In addition, PUFiot’s crypto engines can perform a wide variety of secure operations, such as key exchange, secure booting or TLS (public key validation and signing), authentication (MAC), or key wrapping (again based on the natural randomness inherent to the PUF) and storing said wrapped keys to an external memory.
PUFiot is a high-security crypto co-processor that is built from the addition of five more blocks to PUFrt, for a total of nine main blocks:
PITC: PUFiot Control APB I/F
DMA: direct memory access AXI4 I/F
PUFkeyst: a 4kb mass production OTP with built-in instant hardware encryption
PUFuid: One set of hardware fingerprint with the ability to act as a unique private key, UID, or root key
PUFtrng: a high-quality true random number generator
KWP: key wrapping function, for export of keys for external use
PKC: public key co-processor, supporting all elliptic curve cryptography functions
Crypto: crypto engine collective, consisting of private key cipher, message authentication code, hash, and key derivation functions
Comprehensive anti-tamper circuitry and countermeasures
Keys and other sensitive information are well-protected and accessible only in the PUFiot; The keys inside PUFiot are well-defined and access-controlled by hardware. PUFiot also includes a kill function for architects to permanently delete the hardware key.
The security boundary for PUFiot is quite robust, based on a physical separation of hardware, with less vulnerability than a software-only barrier. The on-board PUF is a naturally well-protected source of static entropy, suitable for SoC architects to build a system’s key hierarchy using established key generation and management procedures. In addition, PUFiot’s crypto engines can perform a wide variety of secure operations, such as key exchange, secure booting or TLS (public key validation and signing), authentication (MAC), or key wrapping (again based on the natural randomness inherent to the PUF) and storing said wrapped keys to an external memory.
PUFiot is a high-security crypto co-processor that is built from the addition of five more blocks to PUFrt, for a total of nine main blocks:
PITC: PUFiot Control APB I/F
DMA: direct memory access AXI4 I/F
PUFkeyst: a 4kb mass production OTP with built-in instant hardware encryption
PUFuid: One set of hardware fingerprint with the ability to act as a unique private key, UID, or root key
PUFtrng: a high-quality true random number generator
KWP: key wrapping function, for export of keys for external use
PKC: public key co-processor, supporting all elliptic curve cryptography functions
Crypto: crypto engine collective, consisting of private key cipher, message authentication code, hash, and key derivation functions
Comprehensive anti-tamper circuitry and countermeasures
View PUF-based Secure Crypto Co-processor full description to...
- see the entire PUF-based Secure Crypto Co-processor datasheet
- get in contact with PUF-based Secure Crypto Co-processor Supplier
Block Diagram of the PUF-based Secure Crypto Co-processor IP Core
