Vault-IP Platform Security Solutions

Primarily designed for secure device authentication and secure boot, VaultIP-120 is the smallest member of the VaultIP family. With its very low gate count, it is a perfect match for tiny battery-powered devices requiring ultra-low power consumption and hardware Roots-of-Trust. With its embedded DMA, VaultIP-120 offloads the main CPU from AES and ECDSA operations, allowing faster transition to sleep mode.


Vault-IP Platform Security Solutions

Designed to be integrated in SoCs featuring a TEE (Trusted Execution Environment), Vault-IP-130 is the ideal security module to equip your platform with hardware Roots-of-Trust. At its heart, the VaultIP Asset Manager secretly generates keys and securely stores them. Fully featured, its cryptographic data plane associated to its DMA offloads the main CPU while never exposing your keys to the OS or the applications.


Vault-IP Platform Security Solutions

Designed on top of VaultIP-130, VaultIP-140 retains all its properties while extending its cryptographic capabilities with additional hardware engines that accelerates recently emerged popular standards. This comprises the support for ChaCha20 and Poly1305 algorithms, including the combined AEAD mode, and the support of X25519 key exchange as well as EdDSA signatures (Curve25519).

More information

The Vault-IP hardware solution provides a complete and efficient isolated environment, a vault, where all crypto functions are executed, and cannot be accessed by the SoC operating system. Having the security vault inside the SoC itself definitively binds the crypto assets with the device. Such a binding cannot really be established with a secure element model.

Inside Secure’s Vault-IP is delivered as a FIPS-certified silicon IP security module that easily integrates into any chip. Previously, a platform vendor using this process would not have been able to claim certification on the final silicon. Working in collaboration with the CMVP and atsec, Inside Secure was able to address this issue and obtain the first ever Level 2 FIPS 140-2 certificate (#2272) for an IP component. With this certification, Inside Secure’s customers may now apply for incremental recertification of their chip against the existing FIPS certificate for Vault-IP. While full FIPS-140-2 Level 2 certification typically takes over a year to achieve, recertification using the initial validation as a base allows for process efficiencies by both the laboratory and the CMVP and significantly reduces the time and cost.

The Vault-IP Secure Platform provides cryptographic building blocks (symmetric, asymmetric, hashing and true random number generation), as well as ‘trust anchors’ in hardware, allowing designers to implement a comprehensive security architecture without getting bogged down in the complexities of low-level cryptographic operation and key management. The platform components provide a low cost, low power and small footprint IP solution for system and platform integrity, and cryptographic acceleration services to applications. The key attributes of the Vault-IP Secure Platform are secure boot, secure storage, secure debug, hardware Root of Trust, secure communication, and a secure asset store.


Vault-IP is a family of solutions, comprised of:

  • VaultIP-120, a lightweight platform protections core, offering NVM interface, TRNG, RSA, ECC, AES, SHA-256, targeting single core closed designs
  • VaultIP-130, providing extended functions, offering NVM interface, TRNG, RSA, ECC, AES, 3DES, SHA-1, SHA-256, SHA-512, targeting multi core trustzone and non trustzone designs
  • VaultIP-140, providing additional algorithms on top of VaultIP-130, such as Poly1305 and ChaCha2, targeting homekit and other IoT ecosystems.