All IPs > Security IP > Platform Security
In today's digital world, the importance of platform security cannot be overstated. Platform security semiconductor IPs are essential for protecting electronic systems from an increasing array of threats. These IPs play a critical role in ensuring that systems remain secure by safeguarding data, communications, and applications from unauthorized access or malicious attacks.
Platform security IPs include a variety of solutions such as encryption engines, secure boot mechanisms, and trusted execution environments. These technologies work in harmony to validate the authenticity of hardware and software components, providing a comprehensive security framework for electronic devices. By integrating these security measures at a fundamental level, semiconductor IPs ensure that systems are resilient to tampering and meet stringent security standards.
The applications of platform security semiconductor IPs span across a multitude of industries. From consumer electronics like smartphones and smart home devices to critical infrastructure systems and automotive applications, robust security is imperative. These IPs are designed to address the security needs of both edge devices and cloud-based platforms, preserving the integrity and confidentiality of sensitive data as it is processed and transmitted.
In our Silicon Hub, you will find a diverse array of platform security semiconductor IPs tailored to meet varied security requirements. Whether you're looking to protect consumer devices or safeguard enterprise data centers, our cutting-edge IP solutions provide the reliability and flexibility needed to counteract evolving security threats. Explore our category to enhance your products with state-of-the-art security technologies.
Overview: The Secure Enclave IPs are Common Criteria (CC) EAL5+PP0084/PP0117 and EAL5+PP0117 certification-ready Secure Enclaves, respectively. They are available as hard macros for seamless integration into SoCs. These Secure Enclave IPs provide the highest level of security for an SoC, incorporating patented design techniques and countermeasures against side-channel and perturbation attacks to ensure robust security while minimizing power consumption. Key Features: Cryptographic Hardware Accelerators: Efficiently support standard cryptography and security operations to increase throughput while adhering to power constraints and security requirements. BootROM and Secondary Boot Loader: Manage the certified life cycle of the Secure Enclave, enforcing and assuring security from manufacturing to deployment. Proprietary IP: Based on proprietary IP that is free of 3rd party rights and royalties. Benefits: The Secure Enclave IPs offer robust security measures, efficient cryptographic support, and secure life cycle management, making them ideal for applications that require the highest levels of security and reliability. Applications: The Secure Enclave IP is versatile and suitable for a wide range of applications, including but not limited to: Secured and Certified iSIM & iUICC EMVco Payment Hardware Cryptocurrency Wallets FIDO2 Web Authentication V2X HSM Protocols Smart Car Access Secured Boot Secure OTA Firmware Updates Secure Debug Any design requiring a Secure Enclave, Secure Element, or Hardware Root of Trust protected against side-channel and perturbation fault attacks. Compliance and Support: The Secure Enclave is compliant with and ready for CC EAL5+ and EMVCo certification. It is delivered with an SDK and pre-certified CryptoLibrary and secure Boot Loader for seamless integration and enhanced security.
KPIT excels at providing AUTOSAR solutions that streamline software integration and improve vehicle architecture. The company's focus on middleware development ensures efficient application deployment and integration within both classic and adaptive AUTOSAR frameworks. KPIT's solutions enable quick software updates, robust validation processes, and cost-effective production timelines, essential for the evolving landscape of Software-Defined Vehicles (SDVs).
Spec-TRACER is an integrated requirements lifecycle management application, purpose-built for FPGA and ASIC design environments. It supports the comprehensive management of design specifications and facilitates traceability across the development process, from initial specification capture through verification. This tool is invaluable in projects requiring stringent accountability and regulatory compliance, as seen in aerospace and automotive sectors. It enhances project consistency by ensuring that all design requirements are traceable, verifiable, and adhered to throughout the development phase. With features that allow for detailed analysis, reporting, and change management, Spec-TRACER simplifies the complexity of managing design requirements. Teams can achieve enhanced coordination and transparency, verifying that all specifications are met and documented appropriately, thus utilizing thorough and documented processes for effective project management.
PUFrt is a foundational security solution that equips semiconductors with hardware root key generation and storage, essential for establishing a Hardware Root of Trust. It introduces a 1024-bit PUF-based identification code and a true random number generator (TRNG) that comply with stringent cryptographic standards, enhancing data protection against diverse threats. The design includes secure OTP storage and an anti-tamper shell, providing a robust defense against physical attacks. Assured compatibility with varied architectures allows PUFrt to integrate seamlessly, offering key provisioning and securing critical data across system platforms.
The Aeonic Integrated Droop Response System is designed to enhance droop and DVFS response for integrated circuits. It includes multi-threshold droop detection and fast adaptation times, ensuring power savings and optimal system performance. This technology provides extensive observability and integrates standard interfaces like APB & JTAG, aiding silicon health management by delivering data-driven insights for lifecycle analytics.
The PLIC (Platform-Level Interrupt Controller) is a fully compliant RISC-V IP designed to manage multiple interrupt sources within a system. This feature-rich controller is configurable, allowing it to be tailored to specific system requirements while maintaining compliance with RISC-V architectural standards. Its flexibility and capability to prioritize interrupt handling ensure efficient processing, which is crucial for high-performance computing environments.
The eSi-Crypto suite from EnSilica offers an extensive range of cryptographic IPs designed to provide high-quality encryption and authentication functionalities. A standout feature of this suite is its True Random Number Generator (TRNG), which adheres to NIST 800-22 standards and ensures robust random number generation essential for secure communication. These cryptographic cores are versatile and can be easily integrated through various bus interfaces like AMBA APB/AHB and AXI.\n\nSupporting numerous algorithms such as CRYSTALS Kyber and Dilithium, ECDSA/ECC, and AES, the eSi-Crypto suite advances quantum-resilient cryptography. This feature is crucial as it prepares secure digital communications against future quantum threats. Moreover, the suite includes high-throughput solutions suitable for applications that demand both efficiency and resource optimization, like V2X communications.\n\nEnSilica's cryptographic IPs exhibit compatibility with ASIC and FPGA targets, offering low resource usage while maintaining exceptionally high throughput. The suite also encloses IPs for various SHA algorithms, ChaCha20, Poly1305, and traditional standards like RSA and TDES. This comprehensive range meeting both modern cryptographic demands ensures that data protection remains robust and flexible in diverse application scenarios.
The Securyzr iSSP, or Integrated Security Services Platform, is a robust lifecycle management solution tailored for secure deployment, supply, and management of embedded devices. This platform facilitates zero-touch security lifecycle services such as provisioning, firmware updates, and security monitoring, thus ensuring consistent and reliable security from chip manufacture to device decommissioning. It integrates both a secure element (iSE) and a server component, creating a comprehensive chip-to-cloud security solution capable of functioning on public and private cloud environments.
The AES Encryption for RFID applications is engineered to provide robust security for data in RFID communications. Utilizing Advanced Encryption Standard (AES) techniques, it offers a secure and efficient mechanism for protecting sensitive information transmitted in RFID systems. This encryption solution is ideal for applications where data integrity and confidentiality are paramount, protecting against unauthorized access and ensuring secure wireless transactions.
Post-Quantum Cryptography Processor PQPlatform-CoPro (PQP-HW-COP) adds PQShield’s state-of-the-art post-quantum cryptography (PQC) to your security sub-system, with optional side-channel countermeasures (SCA). PQPlatform-CoPro can be optimized for minimum area as part of an existing security sub-system. PQPlatform-CoPro is designed to be run by an existing CPU in your security system, using PQShield’s supplied firmware.
The iShield Key is an advanced hardware authentication tool designed to protect digital identities with the utmost security. Combining the robustness of FIDO security standards with MIFARE DESFire EV3 technology, the iShield Key offers unparalleled access control and authentication capabilities. It is crafted to meet the diverse needs of modern user authentication applications that extend beyond traditional methods. Designed for flexibility, the iShield Key provides users with enhanced security options, safeguarding against online threats such as phishing and account takeovers. Its hardware-based protection ensures that sensitive information, such as passwords and private keys, remain secure from tampering and unauthorized access. Perfect for both personal and enterprise use, the iShield Key seamlessly integrates with existing systems, offering a plug-and-play solution for enhanced cybersecurity. Its user-friendly design ensures that security measures can be implemented efficiently without the need for extensive technical knowledge, making it a valuable tool in the digital security arsenal.
NVM Defender is a comprehensive solution designed to fortify non-volatile memory structures against potential security breaches. With its advanced protection features, NVM Defender provides a robust countermeasure against unauthorized access, ensuring data integrity and confidentiality. The solution is tailored to address the intricate security challenges that arise in various types of memory circuits, safeguarding them from both invasive and non-invasive attacks. Its implementation is crucial for applications demanding high-security standards, such as finance and personal data protection.
DOME for Building Automation Systems is a comprehensive platform designed to provide cybersecurity solutions for automation control devices in building systems. It offers a Zero Trust framework, enabling real-time endpoint protection against sophisticated cyber threats. The system is built to be easily deployable without the need for extensive IT skills or network segmentation, offering a seamless integration into legacy and new systems alike. By focusing on secure communications and device-level protection, DOME ensures that building operations remain secure and uninterrupted.
The ECC Verification Core delivers high-performance verification of elliptic curve cryptographic operations, ensuring superior data protection. Central to modern public key infrastructures, this core supports advanced elliptic curves and is equipped for efficient elliptic curve digital signature operations. Incorporating this core into security systems grants stakeholders the advantage of reliable data verification processes across sectors like telecommunications, military, and internet services. This core facilitates resilient signature verification, essential for applications that handle sensitive and private communications. Through detailed point multiplication processes and swift data throughput, the ECC Verification Core maintains operational efficiency while upholding rigorous security protocols. It is a strategic asset for organizations looking to elevate their security postures, providing robust, scalable solutions to authenticate data and digital identities.
Swissbit's iShield HSM is specifically engineered to enhance security in IoT deployments by securely storing critical authentication keys. As a trusted secure element, it provides a robust solution to protect against unauthorized access and duplication of sensitive data. This hardware security module is designed for seamless integration with AWS IoT Greengrass devices, enhancing the security infrastructure of existing systems with ease. The iShield HSM functions as a security anchor, securely safeguarding private keys and certificates, ensuring they are not exposed to potential vulnerabilities that software might encounter. Its plug-and-play nature allows for straightforward retrofitting into existing devices, making it an efficient choice for systems requiring heightened security over the memory bus. Particularly suited for industrial and embedded applications, the iShield HSM supports a wide range of uses, from securing system log files to protecting data streams in machine-to-machine communications. Its comprehensive encryption and access protection capabilities make it an ideal choice for organizations prioritizing data integrity and security.
Post-Quantum Hardware Accelerator Power side-channel accelerator, supporting a wide range of Hash-Based Signature Schemes (HBSS). PQPlatform-Hash deploys tried-and-tested HBSS including quantum-safe LMS and XMSS (not hybrid). It provides acceleration of HBSS in embedded devices, especially where high throughput is required, or there’s a demand on signature verification. Hash-based signature schemes offer different trade-offs of memory/area to lattice-based, and as a result, PQPlatform-Hash is ideally suited for smaller key sizes, larger signature sizes, and processing times for key generation, signature generation and verification.
This solution offers unparalleled defense against side-channel attacks by leveraging simulation and analysis technology during the design phase. This enables developers to identify and address vulnerabilities before fabrication, significantly reducing costs and improving security assurance. The technology can simulate classic correlational attacks, template attacks, and other innovative strategies, providing comprehensive protection tailored to the distinct requirements of modern hardware designs.
DCRP1A, branded as CryptOne, is a highly secure cryptographic system rooted in over 20 years of expertise from Digital Core Design. This cryptographic solution is engineered for 100% security, optimized for minimal silicon footprint while delivering exceptional processing speeds to safeguard information. With an inherent resistance to power and timing attacks, CryptOne stands as a robust choice for secure digital environments. The DCRP1A smoothly integrates into various systems, leveraging dynamic elliptic curve cryptography for safeguarding communication. This cryptographic core is crucial in environments where advanced security measures are non-negotiable, such as in telecommunications, fintech, and governmental applications. DCRP1A's architecture fully aligns with the stringent requirements set by both the European Commission and the US National Security Agency, making it a future-proof choice amidst the growing anticipation of quantum computing challenges. Designed to operate within any electronic infrastructure, DCRP1A provides versatile security solutions that adapt to evolving threats. Its architecture, combining proprietary processors and cryptographic innovations designed by Polish cryptographers, offers users unprecedented levels of security. Whether for e-governance or military applications, this core delivers performance while maintaining uncompromised security standards.
Designed for the industrial sector, DOME for Industrial Automation provides robust cybersecurity measures to protect operational technology and control systems from cyber threats. Its zero-touch onboarding and management capabilities make it ideal for devices with limited resources, ensuring secure authentication and data integrity. The solution targets endpoint protection for Industrial Control Systems (ICS) which are critical in protecting industrial facilities against potential cyber incidents. DOME's compatibility with existing systems allows for efficient integration and long-term security maintenance.
The DAES Co-Processor is a high-performance cryptographic module designed to execute advanced encryption using the Rijndael algorithm, conforming to standard block cipher modes. Offering bridges to APB, AHB, and AXI buses, the DAES Co-Processor supports 128 and 256-bit key lengths. It's comprehensive in its encryption capabilities, incorporating block modes such as ECB, CBC, CFB, OFB, and CTR. Aimed at delivering robust security for digital communication systems, the DAES Co-Processor is ideal for applications requiring high levels of data confidentiality and integrity. It incorporates an internal key expansion module that enhances the flexibility and scalability of security applications across various industries, including finance, telecommunications, and enterprise data security. The DAES Co-Processor not only ensures data protection through its compliance with rigorous encryption protocols but does so with superior processing efficiency, which makes it suitable for embedded systems where computational resources are limited but secure processing is critical. Organizations can rely on this co-processor to bolster their encryption capabilities without impacting system performance.
The DSHA2-256 is a specialized cryptographic bridge designed to significantly enhance the performance of the SHA2-256 hash function. By facilitating a rapid connection through standard interfaces like APB, AHB, and AXI bus, it ensures efficient data processing and security for digital applications. This accelerator supports SHA2 in both 224 and 256-bit modes, and is compliant with the FIPS PUB 180-4 and RFC 2104 HMAC standards. Engineered for versatility, the DSHA2-256 is a universal solution that fits seamlessly into diverse electronic environments, catering to applications demanding heightened security. It's specifically beneficial for sectors requiring robust data authenticity, including aerospace, financial services, and cybersecurity. Its native mode support for HMAC enhances its utility for message integrity and authentication in both embedded and external systems. With optimal speed and minimal latency, the DSHA2-256 ensures that security does not come at the cost of performance. Organizations implementing this cryptographic accelerator can maintain high throughput while ensuring their data remains protected against unauthorized access and modifications. The DSHA2-256, with its advanced hashing capabilities, is a key enabler in building secure and efficient data transmission ecosystems.
The DSHA2-512 is a sophisticated hash accelerator constructed to optimize the performance of SHA2-512 hashing functions. It incorporates robust connectivity features, linking seamlessly to major bus interfaces including APB, AHB, and AXI. This facilitates enhanced security operations across numerous applications, supporting SHA2 bit modes of 256, 384, and 512, while adhering to industry standards such as FIPS PUB 180-4 and RFC 2104 for HMAC. Specifically designed for environments with demanding security requirements, the DSHA2-512 finds its application in sectors ranging from secure telecommunications to advanced governmental departments. Its comprehensive mode support and high-throughput capabilities make it a reliable choice for ensuring data integrity and authenticity in simultaneous processes. The integration of native mode HMAC support expands its utility in authentication processes, providing an additional layer of security for sensitive transactional data. With its optimized design, the DSHA2-512 ensures smooth operational flow without compromising the system's processing efficiency. As organizations deal with increasingly complex security landscapes, this hash accelerator provides a pivotal component in maintaining a secure and highly functional data processing environment.
FortifyIQ's Fault Injection Attack Countermeasures focus on pinpointing and remedying design-level vulnerabilities susceptible to fault injections. By using advanced simulation tools, the system allows for early detection of potential weaknesses, offering a flexible and precise pre-silicon analysis. This reduces the risk of costly post-production fixes and ensures that the hardware remains secure against targeted disruptions, making it a vital component in maintaining robust device security protocols.
The Integrated Secure Element (iSE) from the Securyzr range serves as a Root of Trust for secure embedded systems. It delivers multiple protective services to the host system, such as secure booting, key isolation, and anti-tampering defenses. Designed to enhance security beyond traditional trusted execution environments, the iSE empowers system-on-chip (SoC) environments with advanced computation capability and robust isolation, ensuring steadfast protection against attacks.