Security icon


CryptoManager Security Engine

Dedicated to providing ubiquitous trust across the ecosystem, the CryptoManager platform includes a Security Engine, which is a flexible root-of-trust implemented as hardware or software, for the secure provisioning, configuration, keying and authentication throughout the lifecycle of a device.


Product Brief

CryptoManager Security Engine block diagram

How it works

Our CryptoManager Security Engine is an in-device root-of-trust offered as an embedded hardware core, or as a software agent that can be implemented as a protected element in a trusted OS or directly in the high-level device OS for the secure provisioning of keys and features throughout the device lifecycle. This provides flexible implementation options and allows the CryptoManager Infrastructure to securely communicate with the device to provision keys and manage feature configurations in the supply chain and downstream ecosystems.

The Security Engine hardware core is suitable for integration in application processors, modems, and other chipsets and features flexible design options that enable functionality, area, and power to be optimized for the required security level. This ensures maximum trust with minimal design impact. The core stores and protects sensitive key and configuration information in One Time Programmable (OTP) memory in the SoC. For feature management, the core manages rights delegation and feature activation based on permission settings. It verifies the digital signatures and security policies, ensuring that only authorized transactions are accepted. Depending on the SoC designer’s requirements, this capability may be used to configure chip features during different stages of manufacturing and enable secure applications in the field.

The Security Engine software agent is designed to offers similar functionality, but is implemented in software that can run in either Trusted Execution Environment (TEE) or High Level OS environments. All implementations of the Security Engine are supported by a trusted provisioning services stack that includes software libraries and drivers for easy integration and enablement of secure applications and services.

Solution Offering


DPA Countermeasures

DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.

From the blog

Related Markets & Applications

Mobile Edge
Data Center