Key Vault
Problem: Keeping Secrets Secret
IoT device makers need a way to protect keys and other secret material by encrypting or wrapping them with other keys. But how to protect the root key? How to keep secret keys secret?
Solution: SRAM PUF-based Key Vault
No unencrypted secrets stored on chip
- Secret data and secret (user) keys are protected/wrapped with a root key that is not stored
- SRAM PUF does not leak information about the root key
Root key is generated from SRAM PUF when needed
- By using Intrinsic ID IP, the SRAM PUF on the device is turned into a device-unique PUF root key
- From this PUF root key, other keys such as AES encryption keys can be created
- When secrets need to be unwrapped, the unwrapping key is regenerated from the SRAM PUF and Intrinsic ID IP