Heard of AI? … How about Artificial DNA?

In a world where IoT devices are expected to reach Trillions, mutual TLS authentication is critical when a device connects to its IoT server. For this to occur, this device must have its “client” certificate and private key loaded on it.

The traditional approach is to use Remote Key Loading (RKL), where a Hardware Security Module (HSM) securely injects the private key into an EEPROM on the device. This EEPROM, is deemed a “secure vault” as it is segregated from the flash memory used to store the firmware.

The issue with the above approach though, is that the private key is stored in “clear text” within the EEPROM.

With Device DNA as I call it, or Physical Unclonable Function (PUF) technology as the industry calls it, the private key is stored encrypted in the EEPROM and only upon need, it is decrypted, used, then its clear text form is deleted. All this is done in a near instantaneous manner.

When semiconductors are manufactured, deep submicron variations occur naturally in the process. This makes each transistor in an SRAM memory chip unique in its own random way, which makes the SRAM itself unique, giving it an ID … giving it a “DNA”.

Using a PUF function, this uniqueness, can be harvested and turned into a unique stream of ones and zeros that forms a Key Encryption Key (KEK), which in turn is used to encrypt the private key.

The nice part about the KEK is that it is never stored, but rather re-generated by the PUF function from the device’s “DNA”. It is only re-generated when needed, which is when the private key itself is needed.

Outside that, the KEK doesn’t exist, and the private key stays “encrypted” in the EEPROM.

Intrinsic ID is a provider of Device DNA, which implements PUF in a software form that can be applied to any of your IoT devices … for ultimate cutting-edge security.