The Era of Intellectual Property
During the 1980s and early 1990s, it was semiconductor chips that delivered new technologies for system developers. While product system architects and engineering managers are still coping with recent changes, the delivery vehicle for new electronic technologies is now Intellectual Property (IP).

IP comes in many forms such as silicon IP, firmware, technology (patent) licensing and software. To further emphasize this point, all technologists both on the procurement side and the sales side of the electronic industry spend a portion of their day negotiating and reading licensing terms and conditions.

Table 2. POA Applications and Optional Features

Since a technology company's most valuable assets are now tied up in IP, the protection and management of a company's digital assets are rapidly becoming more important than the protection and management of its physical assets.

For POA-based devices and systems, the prospects for virtualizing SKUs, as well as supporting aftermarket feature and/or conditional access service activation, further emphasize a powerful shift toward the importance of securing electronic device and system IP (Table 2 above).

POA Requires a Hardware Root of Trust
For any technology company that has poured investment into product development to produce a superior product, it is understandably in that company's best interest to protect its investment.

As markets cross global borders where IP protections and rights are viewed differently, legal protections may no longer be effective. This is particularly true in high-tech where product life cycles are relatively short and development cycles arguably move much faster than the law, even in more traditional markets.

Due to the open nature of most systems, in terms of hardware that runs system software, security has been a challenge. For example, how long does it take an experienced engineer to probe or poke through software in system memory or on disk to find an installation or security encryption key?

For those among us with security expertise, it has long been observed that many security schemes are not developed by security experts, which is one reason why young hackers are often so successful. For this reason, security experts have long been striving for ways to make strong security more accessible to non-security product development engineers and information technology (IT) engineers.

To deliver on the promise of easy-to-implement, strong and effective security that is still user friendly, multiple disciplines are required. This has made security that keeps sensitive electronic information private a challenge. After all, software resides on hardware which is physical, must be debugged and tested, and may be observed visually and electronically.

It has long been understood by security experts that a root of trust (ROT) is essential to system security (Figure 3 below). A ROT is a secret that if kept will not compromise the security of the overall system. A ROT is necessary to provide: (1) a safe place for system-critical secrets, (2) secure processes and (3) extended trust to internal and external entities. Securing the ROT has posed a fundamental challenge.

More recently, this idea has been extended to the concept of a hardware root of trust (HROT) since software has been vulnerable to attack. This is because software is hosted on commonly known and understood hardware, and a software image is for practical purposes identical across all instances of its existence on a general-purpose hardware platform.

A HROT, on the other hand, may provide a ROT that is unique to each system or device and one that provides much stronger security to even the most sophisticated forms of attack. New embedded non-volatile memory (NVM) technologies and security IP cores are establishing strong security, which makes it economically impractical to mount an attack on systems which leverage one or both of these more recent technologies.

Figure 3. HROT Protects System Information

In the current global information age, securing off-shore and third-party manufacturing facilities to a company's secure internal facilities to protect sensitive data requires secure channels to protect sensitive product technology, as well as internal and third-party (trade) secrets.

This requires IT infrastructure support that manages and leverages the HROT in combination with secure server platforms that protect against tampering in low-trust or no-trust environments.

In combination, the elements required to form this secure channel are a small footprint embedded security IP core that provides the ROT, a secure server appliance that may be co-located in a hostile environment, including hardened system and application software for managing sensitive information throughout the manufacturing, distribution and retail channel (Figure 4 below).

Figure 4. Third Party Manufacturing and Supply Chain Security

As previously mentioned, there are important trends in system architectures that are leading to applications that require stronger device-level and system-level security. The advent of the SOC is now progressing to its next evolutionary step " the platform SoC.

A POA device is a single design that is capable of taking on multiple personalities in post production. These personalities may incorporate multiple logic and analog functions that may be digitally activated and/or deactivated in post production to support multiple interface and feature configuration options.

While adding modest complexity and therefore unit cost to a design, the benefits of reduced NRE risk and virtualized SKU'ing bring strong competitive and economic advantages.

As these POA devices incorporate the configuration and management of premium product features and services, the requirement to secure these devices and the systems they support with an effective hardware root of trust becomes a critical requirement for today's system architect.

Craig Rawlings is the Sr. Director of product management at Certicom Corp., a RIM Company. Craig started his career at Hewlett Packard in 1985 and has since worked in executive high-tech marketing and sales positions for Kilopass, Actel, Resilience and Progress Software. Craig has published numerous articles and has earned a B.S.E.E. and MBA from Brigham Young University. Craig may be reached for inquiries at crawlings@certicom.com.