Security
CryptoManager Trusted Provisioning Services
Local and cloud-based trusted key creation, delivery and authentication services including optional hosting, operation and maintenance of CryptoManager Secure Infrastructure for secure SoC and device manufacturers, as well as downstream application developers and service providers.
How it works
A key component to the CryptoManager Platform, our trusted provisioning services enable improved security for SoCs, devices and secure applications by providing a trusted path for sensitive data throughout their lifecycle. This sensitive data can include cryptographic keys and configuration settings to enable application security; personalization information for applications, devices and users; and application, device, and service features; as well as other forms of sensitive information enabling device life-cycle management and robust on-device security services.
The CryptoManager secure in-field provisioning capabilities are based on trust established early in the manufacturing process through integration with the CryptoManager Security Engine as a robust on-device root-of-trust. This enables a complete cloud-to-silicon full-lifecycle security ecosystem that provides a new level of protection for devices in the field, and fundamentally changes the way that trust is established and managed for mobile devices and applications.
A number of high value mobile application segments are dependent on strong device-side security to manage risks and enable mobile application services businesses. These applications include mobile payments, smart ticketing, content protection, and other applications requiring strong identity, security and trust. With the prospect of multiple trusted applications which, in turn, require support from a mix of trusted stakeholders within the mobile ecosystem, the need for a unified, secure, and trusted provisioning platform has become essential.
CryptoManager IoT Device Management
Rambus CryptoManager IoT Device Management provides device-to-cloud secure connection to protect high availability of service and reduce risk of application layer DDoS attacks. Our out-of-the-box IoT security solution also features disaster recovery and key management, device verification, and key decommissioning and re-assignment. Rambus CryptoManager IoT Device Management client can be pre-integrated in three primary device architectures for IoT devices: a CryptoManager Security Engine with pre-provisioned keys, a third-party secure hardware and a ‘no security’ hardware scenario. For the first option, IoT Device Management utilizes Rambus CryptoManager hardware and pre-provisioned keys, which are already integrated in billions of chipsets.
Solution Offering
- Ubiquitous On-device Root-of-Trust
- Via a hardware core, endpoint security that begins at the SoC manufacturing stage of the lifecycle through keys provisioned very early in the manufacturing process to a trust root integrated in the mobile device chipsets; or
- Via a software agent that runs in the trusted operating system or the high-level OS when the hardware core is not present, endpoint security for in-service devices and other devices that lack a hardware core.
- Full-lifecycle Cloud-to-Silicon Secure Provisioning
- Enables trusted manufacturing provisioning services to chipmakers and device makers at all levels of the supply chain
- Provides trusted in-field provisioning services for Apps whether pre-installed by the device maker or provided by a service provider and downloaded from the App Store
Flexible Service Provider Engagement options
- Customer owned and operated infrastructure – for service providers and network operators who want the control and flexibility of deploying the infrastructure that enables secure provisioning services for in-field devices within their data centres
- Secure provisioning infrastructure provided as a cloud service – hosted infrastructure option for service providers focus on rapid time-to-market and low upfront investment.
Brings new levels of visibility and control
- Supply chain process monitoring to ensure production volumes and process yields are being accurately measured
- In-field provisioning transaction reporting accurately tracks the delivery of sensitive keys and data, and enables simple and dependable services billing
De-Centralized Trust Management Model
- Breaks reliance on traditional centralized trust authorities to broker trust for in-service devices
- Service providers and operators can establish independent trust with devices, users, and applications to enable secure device services throughout the device lifecycle
- Comprehensive cloud service for customers who prefer to consume the CM Infrastructure for secure provisioning as a service rather than a product.
- Hosts, operates, and maintains all components of the CryptoManager Infrastructure, allowing application developers and service providers, to leverage the trust and security of CryptoManager without having to own and operate provisioning infrastructure.
- Includes tools allowing easy integration of access to the cloud service into existing customer backend platforms for key provisioning and feature management of applications.
- 24×7 Support and Maintenance of CM Device and System Software
- Integration, Test, and Deployment Guides as well as Setup Support professional services
- Customer Admin / Operator Training and Certifications
Inventions
DPA Countermeasures
DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.
