Rather than target just one or two of the many security issues facing manufacturers and developers of electronics systems in an age of pervasive connnectivity – and almost certain intrustion – Rambus Inc. has just released its CryptoManager platform.
It also announced that one of it's first customers is Qualcomm, which has just licensed the platrorm and will be integrating the CryptoManager Security Engine – a soft silicon IP core embedded in the SoC – into select SoCs and adopting the Infrastructure suite as part of its overall manufacturing process.
Taking advantage of its long experience in all aspects of online and physical security, the CryptoManager platform created by the Rambus Cryptography Research (CRI) division, consists of both a Security Engine and an Infrastructure suite that is designed to improve efficiency and security during the manufacturing process and to bring under one unified environment all of the various security challenges facing developers of online electronics products.
According to Paul Kocher, president and chief scientist for the Rambus Cryptography Research division, the CryptoManager Security Engine is a silicon core integrated into a SoC, providing a hardware root-of-trust for the secure provisioning, configuration, keying, and authentication of SoCs during chip and device manufacturing.
“SoC manufacturing is increasingly complicated and expensive. The ongoing demand for improved time-to-market and lack of visibility during the complicated manufacturing process restricts the ability to quickly respond to dynamic market conditions for new features,” said Kocher. Such a capability, he said, “can dramatically change the chip manufacturing process by helping chip and handset makers tackle the security challenges of future mobile devices, allowing for a secure foundation for our connected lives.”
Architecturally, the security platform has two elements: 1) the Security Engine, a soft silicon IP core embedded in the SoC design; and 2) the Infrastructure, an information technology framework consisting of specialized server hardware, security hardware, embedded firmware, and software.
According to Craig Rawlings, senior director of business development for the Cryptography Research Division, the Security Engine SoC provides a hardware root-of-trust for on-chip processes and acts as a secure “nervous system” for the SoC to address fundamental security tasks during chip and device manufacturing. “For example, the Security Engine performs secure operations inside the SoC such as cryptographic key and secure boot provisioning as well as configuration of debug modes and debug/test access ports,” he said.
The CryptoManager Infrastructure (Figure 1 below ) has three main elements: the Service (head-end master control center located in customer’s datacenter) , the Appliance (remote security appliance located in the offshore manufacturing location), and the Client Library (specialized software that runs on manufacturing test equipment in the remote manufacturing location).
The CM Service node, said Rawlings, acts as a central operations control center that manages the overall Infrastructure configuration, digital security assets, and all authorized device services. The Service also includes monitors and alerts to assure prompt notification for any irregularities in the operations of the Infrastructure. It includes a Management Console that provides a common user interface for system administrators and operators.
The CM Appliances for local storage of digital security assets. This is done, he said, for performance reasons as the provisioning of sensitive data such as keys must be performed rapidly to ensure no unnecessary bottlenecks are introduced into the production line. These appliances are configured in clusters for redundancy and performance scalability and located in the datacenter of remote contract manufacturing sites.
“Appliances are needed to establish a secure communication channel between the Service and the Security Engine in the target SoC device,” he said, “to enable end-to-end protection of digital security assets and feature controls during the manufacturing process.
This is achieved via the Client Lib running on the test equipment. Appliances are also needed to store digital security assets locally for performance reasons. The provisioning of sensitive data such as keys must be performed rapidly to ensure no unnecessary bottlenecks are introduced into the production line.
Beyond its secruity aspects, the platform automates the provisioning of device services across the supply chain, reducing operating costs and accelerating time-to-market, said Rawlings, emphasizing that it has been designed to be easily integrated into any manufacturing facility without disruption to existing operations.
Rawlings said the CryptoManager Infrastructure provides a single UI across factory locations, real-time visibility into operations, and remote feature activation. “As a result, chip and handset makers can meet device personalization demands, reduce operating costs and accelerate time-to-market,” he said, “all while ensuring the security of secret keys and sensitive data. ”