skip to Main Content

Key Vault

Problem: Keeping Secrets Secret

IoT device makers need a way to protect keys and other secret material by encrypting or wrapping them with other keys. But how to protect the root key? How to keep secret keys secret?

Solution: SRAM PUF-based Key Vault

No unencrypted secrets stored on chip

  • Secret data and secret (user) keys are protected/wrapped with a root key that is not stored
  • SRAM PUF does not leak information about the root key

Key Vault - Key Regeneration

Root key is generated from SRAM PUF when needed

  • By using Intrinsic ID IP, the SRAM PUF on the device is turned into a device-unique PUF root key
  • From this PUF root key, other keys such as AES encryption keys can be created
  • When secrets need to be unwrapped, the unwrapping key is regenerated from the SRAM PUF and Intrinsic ID IP
Back To Top