Unencrypted CPUs make it easier for attackers to access and analyze sensitive data. Security controllers with Integrity Guard are equipped with a fully encrypted data path covering both the CPU and the memories. This means that the chip contains no plain data. Integrity Guard is thus the first ever commercial security controller with dual CPUs to utilize fully hardware-encrypted processing, whereby each CPU uses different secret keys, which change dynamically. Infineon designed the Integrity Guard CPUs from scratch in order to implement these landmark operational encryption capabilities.

Localized attack methods aim, for instance, to expose secret keys or change the (program) flow at the very heart of a chip – the CPU. Security controllers with Integrity Guard are equipped with comprehensive error detection mechanisms based on a dual CPU design. It has been shown that conventional, scenario-specific countermeasures not only drive costs upwards and necessitate tedious security updates, but also may not be capable of meeting demanding security needs over time.

A dual CPU approach allows error detection even during processing – the CPUs constantly check each other to establish whether the other unit is functioning correctly. Relevant attack scenarios are detected and events that would not lead to an error are ignored. This significantly reduces the risk of false alarms – one of the big disadvantages of conventional solution concepts. The Integrity Guard approach includes error detection and correction throughout the entire system.

Thanks to their robust design, security chips with Integrity Guard technology are also ideal for difficult and demanding environments. Their digital features do not have to be adjusted or calibrated, which makes the chips even more resistant to attacks. Conditions that do not directly harm the chip itself do not therefore compromise its functionality.

Almost all security features are automated with Integrity Guard security controllers. This self-checking (automated) feature reduces memory requirements by approximately 30% because Integrity Guard requires less code and this, in turn, reduces development effort. As a result, customers can look forward to significantly lower overall costs over the product lifecycle and faster time-to-market. The open architecture of Integrity Guard also accommodates future hardware extensions, paying the way for product and lifespan enhancements.