Digital Authentication for Internet of Things and Embedded Applications
SPARTAN is a family of digital authentication software modules for authenticating IoT endpoints, enabling anti-counterfeiting and anti-cloning. The SPARTAN products utilize Intrinsic ID’s patented SRAM PUF technology to give microcontrollers and other semiconductors unique identities, which serve as the foundation for a security subsystem. SPARTAN is built on top of Intrinsic ID’s flagship BROADKEY software and enables a software approach for providing hardware-based security that can be implemented on virtually any CPU.
SPARTAN CLOUD is an embedded authentication software module for IoT devices to establish a secure Transport Layer Security (TLS)-based connection to major cloud platforms, including Amazon Web Services and Microsoft Azure IoT Hub. By running SPARTAN CLOUD on the CPU of a device, it sets up an authenticated connection based on a device-unique key with the cloud platform via TLS. It provides seamless integration with cloud-connected applications via the SPARTAN-CLOUD library based on the MQTT messaging protocol.
The device’s SRAM PUF-based unique key is generated with BROADKEY, which is integrated in the SPARTAN CLOUD library. Further it has APIs to connect with TLS, MQTT and applications as indicated below.
- Operates outside the manufacturing flow
- Connects to third-party TLS library (e.g. mbed TLS, WolfSSL, Mocana NanoSSL …)
- Agnostic with regard to cloud connection. Operates with all major public and private clouds, including Amazon Web Services, Microsoft Azure IoT Hub and Google Cloud Platform.
- Portable to virtually all CPUs, operating systems, platforms
- Cloud-based data collection and processing from trusted IoT sensor nodes
- Smart home devices, controlled from the cloud
- Smart city infrastructure, controlled from the cloud
- Smart health monitoring services
- Network connection from devices to cloud
- Chips with a CPU and 1 KB of uninitialized SRAM memory available
- Ability to run cloud connection software (e.g. MQTT connection software) with security library (e.g. TLS)
- C library compiled for a specific target CPU, for connecting to a specific cloud platform
- Wrapper around CLOUD service specific connection library (e.g. AWS MQTT library)
- Includes BROADKEY-FLEX-256-EC product
- Comes with a certificate signing tool but can also work with certificates from CAs such as GlobalSign.
SRAM PUF Benefits
- Device-unique, unclonable fingerprint
- Leverages entropy of manufacturing process
- No key material programmed
- Secure Key Storage
- Flexible Key Provisioning
- HW-SW Binding
- Supply Chain Protection
- 256- or 128-bit key entropy
- Highly reliable across large range of operating environments and on every technology node
- Lifetime > 25 years
- Requires uninitialized SRAM