SafeNet, The Foundation of Information Security
 
 
Language: English English Japanese Chinese Chinese Spanish Portuguese
sample image
Blank
Email this page Print this page Feedback
   SafeXcel IP – Trusted Module
Blank
High-performance wireless security.
Blank

SafeXcel IP - Trusted Module

Silicon-proven Trusted Execution Environment for mobile, entertainment, and consumer devices

Highlights

  • TPM-ready Trusted Execution Environment (TEE) for maximum device security
  • Enables mobile VPN, DRM, m-commerce applications
  • Smaller footprint for efficient integration
  • Higher performance and increased battery life
  • Effective protection against side channel attacks
  • Integration with security middleware SafeZone Software provides complete HW/SW security system

Today’s mobile carriers, handset vendors, and consumer electronics manufacturers demand robust embedded security in mobile devices to protect premium content, enable new services, and take advantage of revenue opportunities. SafeXcel IP - Trusted Module provides semiconductor manufacturers with a tamper-proof embedded security solution that protects both content and communications – providing the highest levels of security to protect revenues and meet security, performance and cost requirements of device manufacturers in the mobile, entertainment, and enterprise markets.

Designed to precisely meet these market requirements, SafeNet provides the world’s first Trusted Execution Environment (TEE) silicon IP solution for resource-constrained environments. At the heart of this solution lies a trust boundary, separating the Trusted Module from the application processor’s host environment, which is typically vulnerable to hacks and virus attacks. Sensitive material such as keys and credentials can now safely be handled in the Trusted Module, a secure subsystem below the trust boundary, without the risk of being compromised.

The SafeXcel IP - Trusted Module is the hardware security foundation essential to security-sensitive applications such as robust digital rights management (DRM), platform integrity applications such as secure bootloader and OTA download protection, m-commerce, anti-fraud solutions as well as VPN solutions for enterprise applications and dual-mode handsets. Designed for cost-effective integration into any mobile or consumer device, it provides a complete security platform for secure authentication, key management and decryption of protected content. Being TPM ready, the Trusted Module offers a future-proof migration path to standards compliant security solutions.

Protect Critical Information below the Security Barrier

SafeXcel IP - Trusted Module prevents sensitive cryptographic key material from being compromised and guarantees the integrity of keys, programs, and data stored on the device. Many applications and services rely on trusted keys for a variety of security functions, making encryption and secure storage of keys paramount to implementing effective wireless security. While conventional methods store keys in a manner that is easily compromised, the Trusted Module’s trust boundary provides maximum protection by handling keys, certificates and credentials behind a robust security barrier. This secure environment enables applications to use keys without ever exposing them to the runtime system or other applications.

The firmware that executes the security-critical commands inside the SafeXcel IP - Trusted Module is written in a SafeNet proprietary assembly language, which raises the overall security level even more.

Turbo Boost to Application Performance

SafeXcel IP - Trusted Module is designed to provide maximum performance to security-sensitive applications in a variety of ways. By using dedicated hardware accelerators inside the Trusted Module, SafeXcel IP - Trusted Module provides a first performance boost compared to software execution on the host processor. The second boost comes from the use of quickly accessible local storage inside the Trusted Module, which eliminates time-consuming Memory Management Unit overhead. For the most computationally intensive applications, such as secure streaming audio and video (including broadcast), the SafeXcel IP - Trusted Module even provides a High Speed Streaming Interface.

Intelligent Design for Maximum User Experience

By offloading security operations from the main application processor, the Trusted Module frees up cycles on the host CPU, which significantly enhances the user experience in situations when the CPU is near full load. SafeXcel IP - Trusted Module also contributes to the user experience by significantly extending the battery life with the ability to run the Trusted Module’s cryptographic accelerators at a much lower clock speed than the host processor. This is especially useful for fast but repetitive algorithms such as the symmetric ciphers used to decrypt streaming content.

Small Footprint – Rapid Time to Market and Lower TCO

SafeXcel IP - Trusted Module’s design is optimized for small footprint (and hence lower power consumption) using different techniques, including sharing of gates and memory among different algorithms, as well as the use of assembler for reduced ROM requirements. SafeXcel IP - Trusted Module provides a ready-to-deploy security solution that dramatically accelerates development cycles and reduces total cost of ownership.

Complete Security Solution—SafeZone Software

To address the difficulties of security integration across hardware, software and application layers, SafeNet provides a unique middleware solution - SafeZone Software.

SafeZone Software is an integrated security middleware that enables application developers to transparently utilize and easily integrate hardware-based security services. The SafeZone middleware provides the certificate and cryptographic protocols and algorithms essential to applications while ensuring API compatibility and seamless upgradeability to future generations of processors and mobile devices. With SafeZone Software, software developers can take full advantage of sophisticated security mechanisms, and develop robust and future-proof mobile applications that are optimized for the resource-constrained wireless environment.

Minimize Risk with a Silicon-Proven Solution

SafeNet is committed to providing security solutions that are tightly integrated with products from the leading vendors in the industry. Integrating embedded security solutions from SafeNet—a recognized and trusted leader in the security market—gives you a significant advantage. It provides you with the most advanced security solutions available, lowers your total cost of ownership, increases the value of your product, and significantly accelerates time to market.

SafeNet is the world’s biggest provider of integrated security solutions for OEMs. The world’s leading chip manufacturers, including Texas Instruments, AMCC, PMC-Sierra, Samsung, AMD and ARM, trust SafeNet’s silicon-proven SafeXcel IP products for their embedded security needs, giving SafeNet the biggest licensed security IP footprint in the semiconductor industry.

Benefits

  • Trusted Execution Environment for robust security
  • Integrated embedded security solution
  • Maximum performance
  • Extended battery life
  • Enables OMA DRM 2.0
  • Secure Key Management
  • Silicon-proven solution
  • Protection against side channel attacks
  • Small footprint for efficient implementation
  • Low total cost of ownership
  • Integrated with third party DRM solutions
  • Support for broad range of processors and operating systems
  • Quick time to market
  • Minimized risk
  • World-class support

FEATURES

Standard Cryptographic Accelerators*

  • Public Key Algorithms
    • RSA
    • DSA
    • Diffie-Hellman
  • True Random Number Generation (Entropy based)
  • Encryption/Decryption
    • AES
    • DES & 3DES
  • Hashing
    • SHA-1
    • MD5
    • *Other algorithms can be supported upon request

Key Exchange Mechanisms

  • RSAES-KEM
  • AES-WRAP

Host Interface

  • AHB (Advanced High Speed Bus) interface
  • Streaming interface with embedded FIFO's and DMA support
  • A mailbox forms the SafeZone security barrier that passes commands, status and regular data, but shields sensitive embedded data like keys.

Clock Signals

  • System clock input
  • Host clock input
  • Power saving modes

Embedded storage

  • Mailbox
  • Rootkey storage
  • Volatile key storage
  • Non-volatile key storage
  • Battery backed RTC value
  • Input and output FIFO's in the streaming interface

SafeXcel IP - Trusted Module is available as a complete, tested and ready-to-deploy package, including

  • Core design in Verilog RTL Code
  • Generic Synthesis Scripts
  • RTL Test Bench
  • Test Scripts
  • User Documentation
  • World-class support
  • Training
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2008 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.