Intrinsic ID’s BroadKey offers hardware root-of-trust security at core of Authentico’s password security system

Intrinsic ID, provider of digital authentication technology for Internet of Things security, announced on Monday that Authentico Technologies incorporated hardware root-of-trust security provided by Intrinsic ID’s BroadKey software in Authentico’s new patented system for secure password storage and key management.

Authentico’s product, CIPHRA, is a hardware device that makes password theft essentially impossible even if a database is stolen. Passwords and other sensitive data are protected because with BroadKey no root keys are stored.

Using a BroadKey-generated hardware root of trust, Authentico developed a centralized hardware unit that can be installed on an enterprise’s servers. The device works as a plug-and-play product and, once running, it enhances security without any noticeable change in the user experience or login process.

BroadKey reliably reconstructs the same cryptographic key under all environmental circumstances. It generates an Activation Code which, in combination with the SRAM startup behavior, is used to reconstruct on demand, in real time, an intrinsic PUF key which is never stored. When it is needed later it can be reconstructed.

The intrinsic PUF key can be used as a root key to wrap and manage user keys. Reconstruction can be done very quickly starting at 0.7M cycles for 128 bits keys. All of BroadKey’s features are accessed by the host software via the BroadKey API

BroadKey enables IoT device manufacturers to securely anchor their connected products with a unique secret key or identity without having to add security-dedicated silicon. BroadKey does not have to be loaded at silicon production but can be installed later in the supply chain, or even retrofitted on deployed devices via “brownfield” update.

Additionally, BroadKey can wrap and manage other system keys that form the basis of security solutions ranging from simple to sophisticated.

“Our approach, utilizing the ability of BroadKey to generate strong unclonable keys and not store them anywhere, makes bulk theft of passwords essentially impossible,” said Philip Lundin, chief executive officer of Authentico Technologies. “The significance of this level of security is paramount in this era of GDPR and privacy by design, because the exposure of passwords has reached alarming levels.”

In an episode reported on widely in January 2019, nearly 773 million records, including email addresses and passwords, were exposed in a series of data breaches discovered by Australian web security expert Troy Hunt. It is considered the largest-ever discovery of breached data.

“Not only do we all have many more passwords to keep track of than we did just a few years ago, they are key to accessing critical, private, and sensitive data,” Lundin said.

“I am very happy with Authentico’s choice of BroadKey’s root-of-trust security for its innovative CIPHRA product that addresses the huge problem of protecting usernames and passwords in databases,” said Pim Tuyls, chief executive officer of Intrinsic ID. “By using BroadKey within CIPHRA, Authentico offers a solution that protects all the user credentials even when the database is stolen.”

The CIPHRA product is available now from Authentico.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.