Elliptic delivers proven and highly integrated Platform Security solutions spanning silicon cores to embedded software. These flexible solutions enable Elliptic’s customers to build trusted execution environments for their applications.
The significant growth of connected consumer electronics such as smartphones and tablets, networking infrastructure, gateways, base stations, femtocells, mobile applications increases the demand and the importance of Platform Security.
Elliptic's Platform Security environment - the Ellipsys Trust Framework - offers manufacturers and system providers the ability to implement cost-effective cryptographic protection of high value assets. Using the framework it is now possible for:
- Manufacturers to protect against counterfeiting, cloning, overbuilding of products produced by ODMs and contract manufacturers;
- IP designers to protect IP in the form of firmware-embedded algorithms, programs, and FPGA bit files, through all phases of product life cycle;
- Content Distributors to protect high value content such as High Definition video;
- Device manufacturers to activate and provision products at the point of sale;
- Network operators and administrators to manage the identity of devices and subscribers, and to enable features, applications and services in mobile and wired networks
In each of these situations, cryptographic credentials such as keys or certificates must be managed and inserted into the target device.
The Ellipsys Trust Framework is designed to be very flexible in the format of keys and certificates that it can manage to allow it to be adapted to the use model required for the target application. For example, if a manufacturer wishes to protect against anti-cloning when using an ODM, it can securely inject credentials from a secure server administered by the manufacturer. Only those products that receive these credentials will function correctly. Similarly, a designer of DSP algorithms for example could decrypt and enable the code only for authenticated use through the secure injection of credentials during manufacturing by customers. This will ensure that only authorized (and paid) copies are enabled.
Secure environments like ARM TrustZone are a solid foundation for security solutions in Embedded Systems. Elliptic provides versatile embedded hardware and software security solutions, designed for ARM TrustZone users, which range from hardware protocol accelerators and co-processors like SPAcc and SPP, to platform security, DRM and content protection. The Ellipsys Trust Framework is an ideal fit for the ARM TrustZone architecture. Trusted keys and devices are managed from production through end-user provisioning using Ellipsys-CA, TrustZone enabled processors are securely booted with Ellipsys-SB, and run-time access to embedded secrets is protected with Ellipsys-VSM using the TrustZone API.
All product offerings from the Ellipsys Trust Framework share a common API and code base and any or all components may be used depending on the needs of a particular project. The framework is built to optionally support hardware acceleration for cryptographic operations and offload for embedded processors.
Ellipsys Trust Framework Product Family:
Ellipsys-SB is a bootstrap loader that can greatly enhance the security of embedded systems by cryptographically verifying (and optionally decrypting) that the code being loaded and executed is authentic and has not been tampered with. The solution includes developer tools to assist with deployment issues such as security updates, code signing and image building.
A server based set of applications that provide a trusted, managed environment to generate, inject, transport, archive and revoke keys and certificates to ensure Design IP protection in the supply-chain. It can also be used to generate and manage credentials used in device-to-device identification and authentication, protocols, content protection and other security applications.
Software developers dealing with keys and other secrets often rely on simplistic protection of these values through simplistic mechanisms such as folder permissions. This leaves these credentials open to an easy hack. In some cases, secrets may have enough value (such as an RSA or ECC private key for e-commerce) that an expensive hardware security module (HSM) needs to be used. For many applications however, a well constructed software system designed to hide keys and secrets can be a cost-effective solution. Elliptic offers this capability through the ESS-07 Virtual Security Module.
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.