Combining flash storage and security meets industrial requirements

CodeMeter offers the protection, licensing, and security technology required nowadays in embedded solutions – ready for the Industrial IoT. The combination of flash storage and security in one device enables solutions never thought possible with separate devices.


By Oliver Winzenried, Wibu-Systems            Download PDF version of this article


Wibu-Systems is a leading vendor of sophisticated security and licensing software tools and hardware secure elements (CmDongle) for all common types of software. The flagship technology, CodeMeter, safeguards the integrity of data, applications, and digital communication, while adding versatile and granular licensing capabilities to pave the way for innovative business models. Both capabilities are combined in CmDongles with integrated flash memory for the strongest and most comprehensive production technology in the market. It enables to meet the following trends in the Industrial Internet of Things. Connected systems are replacing closed infrastructures, software is replacing hardware, business models are evolving, the architectural landscape is diversifying, and new use cases and services are being released.

Figure 1. The CodeMeter product porfolio is available in various form factors

 

Illegal counterfeiting, re-engineering, and illicit copying are threatening the invaluable know-how of companies everywhere. This is not a new danger, as similar threats, such as sabotage, manipulation, or espionage via malware or wiretapping, have long become a sad, but all too familiar reality. The time of isolated solutions has long passed, as industry is moving towards the connected world of IIoT (Industrial Internet of Things). This opens new avenues for attacks, as machines have begun to communicate via TCP/IP networks that are open and inherently insecure. A soft underbelly has been exposed to new types of threats.

Protection strategies are now required in many places where they were never needed before. Reports about hacked cars or medical devices accessed surreptitiously from simple laptops abound and demonstrate how important data security and integrity have become in our daily lives. Hackers cost the economy millions, as evidenced by the recall of 1.4 million Jeeps by Fiat Chrysler in the United States after a hacker attack.

CmDongles with integrated flash memory include the CodeMeter smart card chip with added space for more than 1,000 licenses and cryptographic keys and the full complement of CodeMeter security functions. The built-in flash memory can be accessed like any disk and includes different sized data partitions. Each CmDongle with flash memory comes with a CmPublic and CmSecure partition that can be read and written to through the CodeMeter API without being recognized as a disk by the host. The USB stick models include additional CmPrivate and CmCdRom partitions. The four partitions are unique to these highly integrated dongle designs and easily configured to accommodate new product or design strategies to match the user needs. CmDongle is available in USB stick, microSD card, SD card, CF card, and CFast card versions. Whatever the form factor, the full CodeMeter security feature set is always on board. This includes symmetric and asymmetric encryption, signatures, and the storage of X.509 certificates. The card versions are equipped with SLC flash memory, while the industrial-grade USB model has up to 8GB SLC (Single Level Cell) flash memory, compared to 2-bit MLC (Multi Level Cell) flash memory for its commercial-grade cousin. Selected CmDongle variants with flash memory can operate at temperatures from -40°C to +85°C. The SLC flash memory technology was chosen for its long lifespan, low power consumption, memory protection with AES encryption, and long availability in the market. In short: these CmDongles are ready for industry!

Why add flash memory if all CodeMeter security features are available on the non-flash CmDongles as well? Because of the many benefits of the combination product. The first is lower costs. In economic terms, any reduction in the number of components implies a reduction in administration costs. It also enables industrial-grade design. The devices promise a longer productive life of its components operating without breaks or faults. CmDongles with flash memory are designed, produced, and prepped for industrial applications. Their long life and long availability reduce the Total Cost of Ownership (TCO) and increase profits. The smaller form factor allows security functions to be included in very-small-scale devices. Combined devices consume less power than separate solutions. The combination product can be used with new software to upgrade the security of existing devices. Devices already in the field can be upgraded without any changes to their hardware, as the standard form factors USB stick, microSD card, SD card, CF card, or CFast card cover the entire range of common mobile flash memory solutions. Four special data partitions offer opportunities for new products and functions, such as secure storage of highly sensitive data on mobile devices, mobile software solutions, and greater security overall. The built-in combination of smart card chip and flash memory adds to the security of the design. Gambling machines, ATMs, or other devices that are popular targets for tampering and other cyberattacks can benefit from this unique quality.

Figure 2. All the security software is integrated in the CodeMeter ASIC

 

How much revenue a manufacturer generates with a device can only be known once all costs incurred during the entire life of the device are deducted (commonly referred to as TCO = total cost of ownership). This includes the simple cost for the components as well as the spending on logistics, administration, certification, repairs and servicing, replacements, training, maintenance, or other lifecycle expenditures. For comparison, CmDongles with integrated flash memory disk come at a higher upfront price than consumer flash memory cards that typically employ MLC/TLC (Triple Level Cell) flash memory technology. Their economic advantage lies in the reduced need for logistics, administration, and certification: fewer parts mean simpler and cheaper provisioning. A single unit has to be procured, only one item introduced in the ERP system, and only one component stored, monitored, or replaced. Components for industrial applications are typically available for many years in identical formats. Firmware and internal electronics remain unchanged in order to work reliably in all OEM applications. Another advantage lies in greater equipment reliability. The CmDongle comes with a range of certifications to make full certification of the embedded device easier and less expensive. In a TCO calculation, the higher purchase price becomes a negligible factor.

Device availability and reliable operations are the prime directive for industrial applications. For integrated flash memory, this means that no data can be lost in case of power outages. Data integrity must be guaranteed even after many access cycles. Wibu-Systems uses only SLC and 2-bit MLC flash memory with high-end industrial flash memory controllers made by Hyperstone with its unique hymap flash firmware. Hyperstone, the only maker of flash memory controllers in Europe, specializes in industrial applications. Swissbit, the maker of CmCards for Wibu-Systems, is known for its industrial-grade memory products made in Germany. It uses Common-Criteria-certified smart card chips like Infineon SLM97 with EAL5+ certified hardware and Cryptolib. The electronic components and manufacturing partners were selected with long life, reliable operations, and the long-term availability of identical CmDongles with fixed bill of material (BOM) in mind. These CmDongles come with industrial-grade properties and can optionally be delivered with conformal coating. They achieve an unbeatable MTBF (Mean Time Between Failures). In commercial terms, the costs of machine stoppages or service repairs caused by faulty memory far exceed the upfront investment into long-life, high-reliability cards with SLC flash. There are certain applications with less stringent requirements and more emphasis on value-for-price which can benefit from 2-bit MLC flash and the excellent Hyperstone hymap firmware.

Product qualification is an expensive and time-consuming, but inevitable process for many industrial applications. CmDongles are qualified according to the following standards: compliance and regulatory tests, e.g. EMC (Emission, Immunity, ESD for CE, FCC, IC, VCCI, KCC, RCM) and registration of conformity (VCCI, KCC, UL), environmental tests (TC, UHAST, HTS, THB), robustness tests, e.g. hazardous gases, corrosion, free fall, shock, vibration, and lifetime tests. These tests are costly, as some require hundreds of samples and external labs need to be commissioned for tests and measurements according to the JEDEC, CISPR, UL, USB, MIL, IEC, EN standards. All of these tests guarantee reliability in industrial applications where use of consumer-grade products would be highly risky.

The life expectancy of a memory card depends on its internal design and technology. MLC flash memory technologies can distinguish more states of the cell compared to the regular two states, meaning that four or eight different charge states (in the case of the TLC) are identified when writing to or reading from the floating gate transistor. Each cell can hold more than one bit with this technology. Such MLCs are cheaper, because more bits are available per square inch, but they are also more susceptible to disruption, making bit errors and catastrophic failure more likely. In the end, the life expectancy of the memory is reduced. Processes to correct bit errors become increasingly complex when more than one bit is expressed in each cell. 2-bit MLC flash with Hyperstone hymap firmware are a good compromise for some applications, whereas SLC flash offers the ultimate in reliability and life expectancy.

At the chip level, manufacturers need to know which objectives they are pursuing. If the goal is to save costs or achieve high write speeds, as in the case in most consumer-grade flash products, durability, MTBF, electric stability, or power consumption are not as important. Since Hyperstone has committed itself to industrial-grade designs, its goals are long-lasting availability, reliability, data integrity after power failures, and low power consumption. These attributes require additional resources and intelligent capabilities in the controller. The patented hymap firmware manages internal controller functionality, such as early acknowledgement, in an industry-ready manner to ensure that no data is lost when the power supply is disrupted.

Figure 3. The new CmStick/BMC 16GB uses the latest SiP (System-in-Package) technologies with die stack in the SiP module

 

Many embedded devices are tiny and use every last bit of available space. However, most embedded systems include flash memory storage for applications and other data. If this original flash memory card is replaced with a CmDongle with integrated flash memory, the same form factor and same number of interfaces now comes supercharged with maximum security. The smallest version of CmDongle with flash memory comes as a microSD card. At only 11mm × 15mm × 0.7mm in size, it fits even the tiniest devices – a great opportunity for making the controllers, sensors, and engines of the Industry 4.0 world more secure. The new CmStick/BMC 16GB uses the latest SiP (System-in-Package) technologies with die stack in the SiP module to accommodate the smallest form factor with USB interfaces, highest reliability, humidity and shock resistance.

Industry and legislators are responding to the increasing threats of cybercrime with new regulations or changes to the old rulebooks. This is happening in Europe, Asia, the United States and the rest of the world. One recent example is the US Cybersecurity Improvement Act of 2017. Technical protection measures are already required by law for medical devices. New devices have begun to include security by design, but many legacy devices will remain in use until they are eventually replaced by newer machines. These devices can now benefit from the ability to retrofit security technology in an easy and streamlined manner. Security measures can be added whenever normal smart card connections are available. The existing hardware remains untouched, and only the software needs to be adjusted for the new security functions. Little effort is needed to bring old technology up to the newest standards of security.


Related


Give Your Product a Voice with Alexa

Join us for a deep dive into the system architecture for voice-enabled products with Alexa Built-In. Device makers can use the Alexa Voice Service (AVS) to add conversational AI to a variety of produc...

The two big traps of code coverage

Code coverage is important, and improving coverage is a worthy goal. But simply chasing the percentage is not nearly so valuable as writing stable, maintainable, meaningful tests. By Arthur Hick...

Securing the smart and connected home

With the Internet of Things and Smart Home technologies, more and more devices are becoming connected and therefore can potentially become entry points for attackers to break into the system to steal,...

Accurate and fast power integrity measurements

Increasing demands on power distribution networks have resulted in smaller DC rails, as well as a proliferation of rails that ensure clean power reaches the pins of integrated circuits. Measuring r...

 

nVent Schroff at Embedded World 2019

The theme of the nVent Schroff booth at Embedded World 2019 was “Experience Expertise – Modularity, Performance, Protection and Design”. Join us as our experts give an overview of th...


Garz & Fricke Interview at Embedded World 2019 with Dr. Arne Dethlefs: We are strengthening our presence in North America

Through its US subsidiary, located in Minnesota, Garz & Fricke is providing support for its growing HMI and Panel-PC business in the USA and Canada while also strengthening its presence in North A...


SECO's innovations at embedded world 2019

In a much larger stand than in previous years, at embedded world 2019 SECO showcases its wide range of solutions and services for the industrial domain and IoT. Among the main innovations, in this vid...


Design and Manufacturing Services at Portwell

Since about two years Portwell is part of the Posiflex Group. Together with KIOSK, the US market leader in KIOSK systems, the Posiflex Group is a strong player in the Retail, KIOSK and Embedded market...


Arrow capabilities in design support

Florian Freund, Engineering Director DACH at Arrow Electronics talks us through Arrow’s transformation from distributor to Technology Platform Provider and how Arrow is positioned in both, Custo...


Arm launches PSA Certified to improve trust in IoT security

Arm’s Platform Security Architecture (PSA) has taken a step forward with the launch of PSA Certified, a scheme where independent labs will verify that IoT devices have the right level of securit...


DIN-Rail Embedded Computers from MEN Mikro

The DIN-Rail system from MEN is a selection of individual pre-fabricated modules that can variably combine features as required for a range of embedded Rail Onboard and Rail Wayside applications. The ...


Embedded Graphics Accelerates AI at the Edge

The adoption of graphics in embedded and AI applications are growing exponentially. While graphics are widely available in the market, product lifecycle, custom change and harsh operating environments...


ADLINK Optimizes Edge AI with Heterogeneous Computing Platforms

With increasing complexity of applications, no single type of computing core can fulfill all application requirements. To optimize AI performance at the edge, an optimized solution will often employ a...


Synchronized Debugging of Multi-Target Systems

The UDE Multi-Target Debug Solution from PLS provides synchronous debugging of AURIX multi-chip systems. A special adapter handles the communication between two MCUs and the UAD3+ access device and pr...


Smart Panel Fulfills Application Needs with Flexibility

To meet all requirement of vertical applications, ADLINK’s Smart Panel is engineered for flexible configuration and expansion to reduce R&D time and effort and accelerate time to market. The...


Artificial Intelligence

Morten Kreiberg-Block, Director of Supplier & Technology Marketing EMEA at Arrow Electronics talks about the power of AI and enabling platforms. Morten shares some examples of traditional designin...


Arrow’s IoT Technology Platform – Sensor to Sunset

Andrew Bickley, Director IoT EMEA at Arrow Electronics talks about challenges in the IoT world and how Arrow is facing those through the Sensor to Sunset approach. Over the lifecycle of the connected ...


AAEON – Spreading Intelligence in the connected World

AAEON is moving from creating the simple hardware to creating the great solutions within Artificial Intelligence and IoT. AAEON is offering the new solutions for emerging markets, like robotics, drone...


Arrow as a Technology Provider drive Solutions selling approach

Amir Sherman, Director of Engineering Solutions & Embedded Technology at Arrow Electronics talks about the transition started couple of years ago from a components’ distributor to Technology...


Riding the Technology wave

David Spragg, VP, Engineering – EMEA at Arrow Electronics talks about improvements in software and hardware enabling to utilize the AI capabilities. David shares how Arrow with its solutions is ...


ASIC Design Services explains their Core Deep Learning framework for FPGA design

In this video Robert Green from ASIC Design Services describes their Core Deep Learning (CDL) framework for FPGA design at electronica 2018 in Munich, Germany. CDL technology accelerates Convolutional...


Microchip explains some of their latest smart home and facility solutions

In this video Caesar from Microchip talks about the company's latest smart home solutions at electronica 2018 in Munich, Germany. One demonstrator shown highlights the convenience and functionalit...


Infineon explains their latest CoolGaN devices at electronica 2018

In this video Infineon talks about their new CoolGaN 600 V e-mode HEMTs and GaN EiceDRIVER ICs, offering a higher power density enabling smaller and lighter designs, lower overall system cost. The nor...


Analog Devices demonstrates a novel high-efficiency charge pump with hybrid tech

In this video Frederik Dostal from Analog Devices explains a very high-efficiency charge-pump demonstration at their boot at electronica 2018 in Munich, Germany. Able to achieve an operating efficienc...