Secure Deploy architecture
The Secure Thingz Secure Deploy architecture is an advanced, integrated framework to deliver a PSA-aligned Supply Chain of Trust. The solution enables the protection of critical IP from design to deployment, ensuring:
Simple management of critical intellectual property across the development and manufacturing process
- Secure programming/provisioning of the system with keys and certificates built on top of a root of trust consistent with PSA principles.
- Simple management of an OEM’s critical IP across both development and manufacturing.
- Seamless integration into tier-1 programming and manufacturing systems.
- Robust root-of-trust frameworks for complex identification and ownership across the device lifecycle.
- Integrated key and certificate management simplifying and securing development, manufacturing and applications.
The Guardian product family
Secure production of devices is the cornerstone of securing the IoT, and Secure Thingz and its partners have developed solutions for your requirements.
The Guardian platform enables OEMs to encrypt their critical IP and control which manufacturing facilities have access to the deliverables. Through this highly secure framework, operating between physically tamper-resistant hardware security modules (HSMs), the OEM can define specific quantity production, target programmer information, versioning and multiple other production capabilities, to any enabled machine globally. The platform enables factories to service multiple OEMs securely, and OEMs to work with multiple production partners, creating a secure, yet balanced ecosystem.
Secure Thingz, in partnership with Data I/O, has developed the Data I/O Sentrix platform that integrates physical-device handling with the Guardian provisioning solutions to enable high-mix, high-volume production within programming houses and contract manufacturers globally.
The Citadel product family
Secure Thingz engages with silicon vendors and OEMs working on Arm-based devices to enable Citadel security solutions. These solutions comprise a set of secure boot management functionality that operates within the lowest-level control domains to secure the device from the ground up; alongside integrated development environment (IDE) extensions to the leading development tools.
The Citadel firmware encompasses critical, low-level functionality to provide the trust anchors within the root of trust. The firmware integrates onto the core cryptographic hardware to ensure credentials (keys and certificates) can be managed and stored correctly, across the three critical phases of factory provisioning, operational start-up, and patching and remediation cycles.
The Citadel IDE extensions are designed to substantially simplify secure application development. The extensions integrate the device root-of-trust framework to provide a consistent approach to key development and management, the creation of standard ownership functions, such as certificate issuance and revocation, plus application and update mastering with encryption and key exchanges fully integrated.