skip to Main Content

AWS, Intrinsic ID and Meeting Lofty IoT Security Needs

Luis Ancajas – Sr. Vice President, Business Development – Intrinsic ID |

Have you been to an AWS Pop-up Loft? These venues – in San Francisco, New York and Munich – are intended to enable informal interaction among startups and developers. They can talk over coffee, discuss apps, sit in on educational sessions and get answers to AWS technical questions. Sessions at the lofts offer hands-on experience through free technical workshops on topics such as containers, IoT and more. Earlier this month the Intrinsic ID team had an opportunity to demonstrate our security technology at the San Francisco facility and show how it meets the AWS requirements for IoT security.

Olaf Heemskerk And Luis Ancajas At AWS Loft 2 Nov 2017 E1511208593320

Intrinsic ID’s Olaf Heemskerk (left) and Luis Ancajas at an AWS Pop-up Loft event in San Francisco.

I’d attended events at the AWS Pop-up Loft before. During a June session in San Francisco, AWS outlined its three requirements for IoT security:

  • Fine-grained authorization for things and people
  • Secure communications with things
  • Strong thing identities

With our demo we were ready to show how Intrinsic ID’s technology addresses these requirements. We leverage a semiconductor’s unique physical properties to derive an unclonable device identity, which can be used as a secret key in cryptographic protocols that guarantee and prove authenticity of data and devices.

We showed the capabilities of BroadKey, our software-based secure key management software solution, and Spartan-Cloud, which utilizes device-unique keys to provide IoT-connected devices an authenticated connection with AWS. This demo was a good opportunity to see IoT security invoked in a live working environment – AWS IoT providing the cloud connectivity, a microprocessor developed by IoT chipmaker Espressif Systems, and security technology by Intrinsic ID. Our team had recently ported BroadKey for use on the Espressif MCU, and field applications engineer Olaf Heemskerk gave a live demo of BroadKey and Spartan-Cloud.

The process is straightforward – a unique fingerprint is derived from within the device and is used to derive an asymmetric public-private key pair. The public key is exported with a certificate signing request (CSR) to the certificate authority, in this case via AWS IoT. A device-unique certificate is issued and sent to the device. In real time the device-to-AWS connection is authenticated and data is sent. The private key is not stored on the device but recreated when needed.

The audience on this day – I estimated 60 to 70 – were from a wide range of IoT device applications, including gaming solutions for casinos; sensor data for energy infrastructure; wireless modules for factory equipment; and a sensor for detecting wetness in a diaper (yes, really). After the demo we heard many positive comments from the attendees, who seemed to appreciate a simple and elegant approach for adding security to their devices.

This demonstrated how Intrinsic ID addresses the key IoT security requirements AWS has laid out. A big thank you to Anton Shmagin and Tim Mattison of AWS, who were kind enough to invite us and presented a condensed version of the AWS IoT Cloud service. Keep an eye out for an announcement of our next appearance for a loft event – we expect to be back soon.


Luis Ancajas has been Sr. Vice President at Intrinsic ID since 2012. He has held engineering, marketing and sales management roles in the computing, semiconductor, EDA and security industries, at companies such as Amdahl, Quickturn, Synopsys and Faraday Technology. Ancajas holds an MSEE from Stanford University and BSEE from the University of California, Berkeley.


For more on the technology behind BROADKEY and SPARTAN, download our white paper The Secure Silicon Fingerprint.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top