Crypto Quantique, a provider of quantum-driven cybersecurity for IoT, has received confirmation from independent security experts, Riscure, that its QDID quantum-driven semiconductor IP is PSA Certified Level 2 Ready.
PSA Certified is a collaborative security program. Its founding members include semiconductor IP provider Arm, and Riscure, a software and hardware security evaluation vendor specializing in chip, embedded and mobile devices. The program defines a framework for connected device security and its aim is to prevent security becoming a barrier to product development.
There are different elements to PSA Certified security evaluation which looks to certify security credentials for chips, software, Root-of-Trust (RoT) components and devices. At PSA Certified Level 2 and PSA Certified Level 3, the focus is on the PSA-RoT which is provided by silicon vendors. PSA Certified Level 2 Ready is built for companies who provide a sub-set of the full PSA-RoT security requirements.
According to a company statement, Crypto Quantique’s semiconductor hardware IP (QDID) is a dedicated physical unclonable function (PUF) used in standard CMOS processes. It supports a full PSA-RoT supplied by chip vendors by exploiting the femto-currents caused by random quantum tunnelling of electrons through the oxide layer of chips to generate random numbers, or seeds. The seeds are then used to produce, unique, uncorrelated and unclonable identities and cryptographic keys on demand. Because these identities and keys are produced within the device itself and do not need to be stored in memory or injected from external sources, they are inherently more secure than those produced by alternative technologies. The second-generation PUF technology is also by far the most economical, requiring only minimal silicon area to generate multiple keys and eliminating the need for expensive on-chip peripherals such as secure memory.
The PSA Certified Level 2 Ready scheme enabled Crypto Quantique to carry out penetration testing on a subset of the PSA Certified Level 2 security requirements, showcasing to chip vendors that its QDID technology meets some of the PSA Certified Level 2 requirements. This allows chip makers to take the pre-certification and use it in a full PSA Certified Level 2 certification.