Secure Vault’s hardware features are designed to offer an optimized level of security integrated in to a cheap, wireless SoC. The device features a security subsystem that has a dedicated core, bus and memory separate from the host processor. This architecture isolates critical features, such as secure key store management and cryptography, into their own functional areas. The isolation can also help companies that are working to address emerging regulatory measures, like GDPR in Europe and SB-327 in California. The integration of the security system within a wireless SoC helps ease development and facilitates over-the-air (OTA) updates.
Secure Vault offers:
Secure Device Identity
Silicon Labs’ factory trust provisioning service has optional secure programming to provide a secure device identity certificate during IC manufacturing for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks. The device certificate guarantees the authenticity of the chip for its lifetime.
Secure Key Management and Storage
In Secure Vault, keys are encrypted and isolated from application code. Virtually unlimited secure key storage is offered as all keys are encrypted using a master encryption key generated using a PUF. The power-up signatures are unique to a single device, and master keys are created during the power up phase to eliminate master key storage, reducing attack vectors.
Advanced Tamper Detection
Configurable tamper-response features enable developers to set-up appropriate response actions with interrupts, resets, or in extreme cases, secret key deletion.