Secure microcontrollers to protect data in cloud-based transactions

November 20, 2013 // By Graham Prophet
Inside Secure and Intrinsic-ID have announced a new class of secure microcontrollers for smart cards, and other applications that apply Hardware Intrinsic Security (HIS), to provide the highest levels of security for cloud-based transactions.

By combining Inside Secure’s secure microcontroller designs with patented HIS technology from Intrinsic-ID, the companies will use the unique physical characteristics of each chip to protect cryptographic keys, and thus make the devices extremely hard to clone or reverse engineer.

IC fabrication processes are subject to process variations from wafer to wafer and between individual dice on the same wafer, manifested as differences in the parametric performance of individual transistors and other components. These are variations that lie within the acceptable operating range of the devices. Process engineers normally strive to minimise these differences; the techniques developed by Intrinsic-ID exploit them. Once the IC has been fabricated, these measurable parameters are stable and render each chip unique. Extracting a set of such measurements from, say, a memory array yields a characteristic “signature” for an individual chip. Because the identity is dependent on an essentially random variability, it cannot be reproduced and gives rise to a “physically unclonable function” or PUF.


The Intrinsic-ID HIS technology built into a device such as a secure microcontroller generates cryptographic keys that do not depend on a value having to be stored in memory. Keys are generated at power-up, or on demand; no key material is present at rest, therefore a very high security level can be achieved.

The HIS-based microcontroller chips will be packaged in multiple formats, with the first being a USB smart card token to support the Intrinsic-ID Saturnus secure cloud application. The Saturnus application runs on mobile phones, tablets and PCs, and offers total protection of digital data stored in the cloud. With Saturnus, files are encrypted before they leave the device and are uploaded to the cloud. The encryption keys are generated and managed inside the (USB) hardware security token plugged into the user device making the Saturnus solution unique in the sense that key management is put back in the control of the end user.

The HIS technology