Security icon


CryptoManager Infrastructure

The Rambus CryptoManager Infrastructure is a secure supply chain solution for semiconductor and device manufacturers, enabling secure provisioning, key insertion, and cloud key management. Designed to seamlessly integrate into existing manufacturing flows with minimal interruption, CryptoManager Infrastructure currently secures over 1.8 billion devices per year (and counting).


Product Brief

Data Brief

How CryptoManager Infrastructure works

CryptoManager Infrastructure enables the secure provisioning of cryptographic keys and other sensitive data throughout a distributed supply chain, including both captive and 3rd party (untrusted) manufacturing locations. CryptoManager’s secure provisioning and configuration capabilities cover a broad range of secure operations, including key delivery and programming, protection of debug and other sensitive ports, and feature configuration for chips and devices. The CryptoManager Infrastructure can be used to provision device specific information to any on-chip secure enclave, including the Rambus family of CryptoManager Root of Trust cores.

CryptoManager Infrastructure block diagram

Security starts in the CryptoManager Control Center. It enables simple and intuitive administration for secure provisioning of high value keys and data into semiconductor devices. Removing the human element out of key injection, secret cryptographic keys are protected end-to-end and injected automatically, enabling manufacturing integrity and security. As the keys are only known to the semiconductor OEM (and not other within the supply chain), they can be guaranteed secure.

Those cryptographic keys are the foundation of device security: device authentication, attestation, and unique identification.  Using the Rambus Key Management Service, device OEMs can enable cloud-based key management services leveraging those securely provisioned keys to enable supply chain integrity, and for device and data security for connected hardware.  Those OEMs can guarantee that their products only contain ‘known-authentic’ components at any point, anywhere, in their product’s lifecycle. Those keys can be leveraged to provide an immutable device ID, enable secure FOTA, and provide a business model of “key management as a service”.

CryptoManager Infrastructure is a foundational product in any secure supply chain ecosystem.

Solution Offering

CryptoManager Control CenterThe CryptoManager Control Center is a security control system that works in conjunction with an off-line Root Authority. It manages the distribution of data assets with the appropriate authorizations to connected CryptoManager Appliances. It includes an easy-to-use Administration Console for operators to centrally manage the Infrastructure across multiple manufacturing sites.
CryptoManager ApplianceThe Appliance is a tamper-resistant, rack-mounted server, deployed in high-volume manufacturing facilities or cloud services data centers, that provides local security and handles the distribution and programming of secret keys and device configuration data. It also delivers secure production logs and system health data to the Control Center. The appliance is designed to integrate with existing test equipment.
Key Management ServiceA cloud-based key management service which can be leveraged by both semiconductor and device OEMs. The service enables those parties to secure connect to devices anywhere in the field, allowing the OEM to enable a number of functions, including immutable device ID, secure FOTA, and “key material as a service” business models.


DPA Countermeasures


DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.

From the blog

Related Markets & Applications

Data Center
Mobile Edge