Terms and concepts

Generated information is any information generated by the Security Appliance during production, for example, device certificates and passwords. It often needs some configuration parameters to be passed to the Security Appliance to define the format of the information. You configure these parameters in the Product Configuration File.

Generated information tends to be unique to a particular device, and is created in the secure environment of a Security Appliance just before it is provisioned to the device.

With IAR Embedded Secure IP you can add security information, such as cryptographic keys, to your products. This information is referred to as injected information and is added to the Product Configuration File together with any required parameters. The information is then encrypted and provisioned to the devices.

Injected information tends to be identical across all devices provisioned.

Product application is the code for the product to be provisioned to a device to create the finished product. Depending on your edition of Embedded Secure IP you might need to alter the product application before provisioning it.

Product information is all product-related information besides the product application. Examples of product information are injected cryptographic keys and generated configurations for passwords.

Provisioning is the process of programming secure information, whether generated or injected, onto a device during production. It is similar to the concept of programming, but is used to refer to the process of creating secure information for a device and programming that information onto that device.

Secure Deploy – Manufacturing is a provisioning system using a Security Appliance connected to a commercial device programmer. It is used to provision devices after the development of the security aspects have been completed. Any product package created for the system must use the ID of the connected Security Appliance.

Secure Deploy – Manufacturing is typically located in a production house.

Secure Deploy – Prototyping is used to develop a product’s security solution prior to committing it to high-volume manufacturing. It uses a Security Appliance and a product template that are identical to the ones used in volume manufacturing, ensuring that the results obtained with Secure Deploy – Prototyping will be the same as what is generated by a production system.

Secure Deploy – Prototyping is typically located on an Original Equipment Manufacturer's premise for easy access to the ID of the Security Appliance used for provisioning.

A Security Appliance is a hardware security module that provides the security functionality for a product. It is installed in the provisioning system and ensures that any obfuscated data inside the product package can only be de-obfuscated by the Security Appliance whose ID was provided when the product package was created. For product packages, it validates any signatures and de-obfuscates sensitive information contained within. During a production run, the Security Appliance generates information specific to each device, converts device certificate templates into device certificates, and encrypts sensitive information that is to be provisioned to the device.