LONDON Quiddikey, an anti-counterfeiting and anti-tamper function for embedded devices developed by Philips Intrinsic-ID has been released to provide generation and storage of secret cryptographic keys based on the unique intrinsic features of a device's hardware.
The keys can be used to protect digital data in a variety of applications from embedded software in ICs to digital credentials, as used in public transport payment cards and the like.
The cryptographic keys do not need to be permanently stored and are generated only when needed. Since no hardware modifications are required in the existing devices, the solution can be implemented in existing designs.
The hardware in an electronic device has intrinsic physical features, which, due to process variations, are non-reproducible, not even by the original manufacturer. These features can be used to derive a unique ID that is intrinsic to the device, similar to a fingerprint that uniquely identifies an individual.
From this hardware fingerprint, Philips says Quiddikey can further derive, or 'extract', a robust secret cryptographic key. Unlike existing approaches, in which the key is permanently stored in the device, with Quiddikey the key is not stored but can be extracted only as and when needed.
Quiddikey is commercially available via a licensing scheme. In the IP business there is a growing outsourcing of device manufacturing which allows illegal over-production (known as 'overbuilding') of physical devices that contain IP. To prevent overbuilding, Quiddikey can be used to identify and register each device on the production line, generating a unique Quiddicode without which the IP will not run.
Philips Intrinsic-ID provides the service of securely activating only the legally produced devices, giving IP owners full control over production.
Quiddikey is being demonstrated at the Workshop on Cryptographic Hardware and Embedded Systems 2008 (CHES 2008) in Washington, DC this week.