Intrinsic ID Becomes World’s First IP Vendor with PSA Certified Level 3 Root of Trust Component

New solution from Intrinsic ID brings lab-validated security to connected devices in critical, high-performance Internet of Things (IoT) applications and enables compliance with US Cyber Trust Mark Program

• lntrinsic ID launches QuiddiKey 300, a new member of the QuiddiKey family purpose-built for chip designers to fast-track to full PSA Certified chip evaluations and build security-certified connected devices that comply with the US Cyber Trust Mark Program.
• PSA Certified Level 3 certification has been achieved after rigorous testing by independent security lab, further validating the robustness of the QuiddiKey IP.
• QuiddiKey 300 is qualified as a trusted component in a system that requires PSA Certified Level 3 certification targeting security-critical IoT applications ranging from defense, healthcare and infrastructure to the data center, consumer devices, AI and autonomous driving.

Sunnyvale, Calif., September 28, 2023 – Intrinsic ID, the leading provider of Physical Unclonable Function (PUF) technology field-proven in more than 500 million devices across the globe, today became the world’s first IP provider to achieve PSA Certified Level 3 Root of Trust (RoT) Component Certification with QuiddiKey 300. QuiddiKey 300 is a new product from Intrinsic ID based on the company’s robust and proven PUF technology that brings security-certified RoT IP to chip designers creating high-value assets. It allows them to fast-track their products for a full PSA Certified certification and further helps ensure supply chain integrity, chiplet security, and protection against reverse engineering. PSA Certified is a highly respected certification scheme co-founded by Arm in partnership with global technology companies that aims to implement a comprehensive IoT security assurance framework for secure digital transformation.

As a PSA Certified hardware IP solution, QuiddiKey 300 has been independently tested to ensure it provides substantial protection against both software and hardware attacks (including side-channel and fault injection attacks) and is qualified as a trusted component in a system that requires a PSA Certified Level 3 Root of Trust. It is optimized for IoT applications where connected device security is critical, such as defense, healthcare, infrastructure, consumer devices, the data center, AI and autonomous driving among others.

“We are thrilled to be the first IP vendor to achieve PSA Certified Level 3 RoT component certification with QuiddiKey 300. This gives our customers access to certified, robust security components that will help build a more trusted IoT and comply with legislation including the new US Cyber Trust Mark program,” said Pim Tuyls, CEO of Intrinsic ID. “We prioritized PSA Certified validation for QuiddiKey 300 because we believe in a standardized approach to device security, underpinned by certification. PSA Certified is an objective and comprehensive process to developing lab-validated components on which a robust and secure IoT can thrive.”

“PSA Certified and its ecosystem are contributing to an environment where security is implemented from the beginning of product development” said Marc Witteman, CEO at Riscure. “The PSA-RoT certification enables a framework for vendors and independent security labs to vigorously test components and ensure that they meet industry security standards for an IoT device.”

About QuiddiKey 300
QuiddiKey 300 is a PUF-based physical security solution that enables device manufacturers to secure their products with internally-generated unclonable identities and device-unique cryptographic keys. It uses the inherently random start-up values of SRAM as a PUF, which generates the entropy required for a strong hardware RoT. In addition to its PUF-related protection against physical attacks, QuiddiKey 300 has several built-in physical countermeasures. These include both systemic security features as well as more specific countermeasures that protect against specific attacks. More details about QuiddiKey 300 can be found in the new white paper “Earning Digital Trust – QuiddiKey 300: The First Root-of-Trust IP PSA Certified Against Physical Attacks.”

Availability
QuiddiKey 300 is available now and is the second product in the QuiddiKey X00 series, which customized the core QuiddiKey IP for key target markets such as: automotive, data center, and government and defense. QuiddiKey 300 can be flexibly integrated across all foundries and technology nodes and received Level 3 certification according to the Security Evaluation Standard for IoT Platforms (SESIP) from GlobalPlatform® SESIP-certified. QuiddiKey IP is NIST CAVP certified, ready for FIPS 140-3, and has been deployed and proven in more than 500 million devices, which have been certified by EMVCo, Visa, CC EAL6+, PSA Certified, ioXt, and governments across the globe. For licensing details contact Intrinsic ID via info@intrinsic-id.com.

QuiddiKey 300 includes a NIST-compliant (SP 800-90A/B) random number generator (RNG) which can also be licensed separately as QuiddiKey RNG 300.

About PSA Certified
PSA Certified is an architecture agnostic program and has been designed to cover a large array of products and implementations including: processors, chipsets and system-on-chips, software, IP products, development boards, modules and end products. To achieve PSA Certified Level 3 RoT Component certification, an RoT component must pass a series of rigorous lab-based vulnerability analysis and penetration testing.

About Intrinsic ID
Intrinsic ID is the world’s leading provider of security IP for embedded systems based on PUF technology. The technology provides an additional level of hardware security utilizing the inherent uniqueness in each and every silicon chip. The IP can be delivered in hardware or software and can be applied easily to almost any chip – from tiny microcontrollers to high-performance FPGAs – and at any stage of a product’s lifecycle. It is used as a hardware root of trust to protect sensitive military and government data and systems, validate payment systems, secure connectivity, and authenticate sensors.

###