INSIDE Secure is introducing the VaultIC(TM) 100, an innovative, compact turnkey security module designed to enable manufacturers of high-tech products and consumables to reduce the cost of implementing robust security measures that protect their brands from counterfeiting and cloning.
“Counterfeiting and cloning is taking a tremendous toll on makers of popular high tech brands, not only in lost revenues, but also in jobs lost and company reputation,” said Christian Fleutelot, general manager, VaultIC, secure microcontroller solutions business unit, at INSIDE Secure. “The VaultIC100 chip provides these manufacturers with a turnkey solution offering banking-level security to protect their brands at a price point attractive for high-volume markets.”
Batteries, chargers, printer ink and toner cartridges and other consumer electronics accessories represent one of the largest segments of the counterfeit products market. With the VaultIC100 turnkey security solution, manufacturers can now protect their brands with a solution featuring a smaller footprint and less memory-reducing the overall system cost.
The VaultIC100 device features elliptic curve mutual authentication, a highly secure and efficient method of protecting these products. Using the VaultIC100 security module, printers and ink cartridges, for example, can authenticate each other, ensuring that the ink cartridge has been approved for use with the printer, but also that it is the correct one for that model printer.. Cell phones and laptops can ensure that only approved batteries of the correct type are employed, providing an extra measure of safety from potential fires or explosions.
INSIDE’s VaultIC100 can protect against cloning of various others products including computer and gaming console accessories, white goods, battery chargers, mp3 readers, Bluetooth(R) earphones, smart energy meters and more.
In the simplest case, the host product (a printer or cell phone, for instance) sends a random challenge message to the accessory product (ink cartridge or battery), which contains an embedded VaultIC100, to check if it is an authorized device. The VaultIC100 uses its securely stored private key to compute the elliptic curve digital signature of the challenge message and send it back to the host. Using the corresponding public key, the host performs the necessary signature verification. Based on the result, the host decides whether to authenticate the accessory or not.
For even greater security, the VaultIC100 can be employed as part of a public-key infrastructure (PKI). Although more complex to implement, the PKI approach is a more secure way of distributing keys, and completely eliminates the need to store a copy of the secret key in the host device. The public key and its digital certificate either can be embedded in the host or stored in the VaultIC100 contained in the accessory product and retrieved by the host when needed for authentication. The private key is protected in the VaultIC100.
The new VaultIC100 security module is low cost and extremely compact (2 x 3 mm). It includes a secure RISC CPU, hardware random number generator and INSIDE’s Ad-X(TM) advanced hardware crypto accelerator, which supports the use of various FIPS-recommended elliptic curves up to 303 bits. Communications are handled through one or two wire (I²C) interfaces, making the VaultIC100 suitable for a variety of high volume embedded applications. The VaultIC100 also includes a variety of dedicated anti-tampering hardware for protection against simple and differential power analysis (SPA/DPA) attacks, advanced protection against physical attacks (including active shield), environmental protection systems (voltage, frequency and temperature monitors), light protection and secure management/access protection to prevent reverse engineering or cloning. VaultIC100 is Common Criteria EAL4+ ready and able to protect high-value assets.
The included advanced security firmware makes it easy to implement fully user-defined, non-volatile storage of sensitive or secret data; set up identity-based authentication with user, administrator and manufacturer roles; perform authentication, digital signature, encryption/decryption and other advanced cryptographic operations using keys and data from the file system; and provide secure communication channels. INSIDE’s VaultIC Starter Kit provides an easy path to mastering the cryptographic and secure data storage features of the VaultIC security modules.