The Vault-IP hardware solution provides a complete and efficient isolated environment, a vault, where all crypto functions are executed, and cannot be accessed by the SoC operating system. Having the security vault inside the SoC itself definitively binds the crypto assets with the device. Such a binding cannot really be established with a secure element model.
Inside Secure’s Vault-IP is delivered as a FIPS-certified silicon IP security module that easily integrates into any chip. Previously, a platform vendor using this process would not have been able to claim certification on the final silicon. Working in collaboration with the CMVP and atsec, Inside Secure was able to address this issue and obtain the first ever Level 2 FIPS 140-2 certificate (#2272) for an IP component. With this certification, Inside Secure’s customers may now apply for incremental recertification of their chip against the existing FIPS certificate for Vault-IP. While full FIPS-140-2 Level 2 certification typically takes over a year to achieve, recertification using the initial validation as a base allows for process efficiencies by both the laboratory and the CMVP and significantly reduces the time and cost.
The Vault-IP Secure Platform provides cryptographic building blocks (symmetric, asymmetric, hashing and true random number generation), as well as ‘trust anchors’ in hardware, allowing designers to implement a comprehensive security architecture without getting bogged down in the complexities of low-level cryptographic operation and key management. The platform components provide a low cost, low power and small footprint IP solution for system and platform integrity, and cryptographic acceleration services to applications. The key attributes of the Vault-IP Secure Platform are secure boot, secure storage, secure debug, hardware Root of Trust, secure communication, and a secure asset store.
Vault-IP is a family of solutions, comprised of:
- VaultIP-120, a lightweight platform protections core, offering NVM interface, TRNG, RSA, ECC, AES, SHA-256, targeting single core closed designs
- VaultIP-130, providing extended functions, offering NVM interface, TRNG, RSA, ECC, AES, 3DES, SHA-1, SHA-256, SHA-512, targeting multi core trustzone and non trustzone designs
- VaultIP-140, providing additional algorithms on top of VaultIP-130, such as Poly1305 and ChaCha2, targeting homekit and other IoT ecosystems.