Krypto Security Features

Krypto Security Features

Krypto® Security Technologies is a family of security technologies that provides system-level and intellectual property (IP) protection through read, write and erase schemes.

Krypto® Encrypted Access
Krypto® Encrypted Access allows the protection of intellectual property from inadvertent or malicious modifications and the ability to read code/data. It is available in addition to other security features on certain products. This security feature uses both hardware and software to protect blocks. It can be used to prevent malicious code modifications, to hide sensitive data or to limit access to certain blocks.

Modify protection-Protects individual blocks or groups of blocks from program and erase operations. The content to be protected is configured through non-volatile modify protection bits (NVMP bits) assigned to each block/group of blocks.

Read protection-Protects individual blocks or groups of blocks from read operations. The content to be protected is configured through non-volatile read protection bits (NVRP bits) assigned to each block/group of blocks. The devices support specific encryption algorithms.

Protection modes
The following are the different protection modes.
  • Default mode: blocks can be added and removed from the set of modify protected blocks. New blocks can only be added to the set of read protected blocks.
  • Password protection mode: a password is required before modifying the set of blocks selected to be protected from program/erase and read operations.
  • OTP mode: new blocks can be added to the set of blocks selected to be protected from program and erase but no block can be removed.
  • Freeze mode: the set of block selected to be protected from program/erase and read operations is frozen.
  • Memory authentication: this mechanism prevents on-board flash substitution.
Krypto® Password Access

Password access will protect intellectual property stored in the main-array memory blocks by preventing reads or modification until a valid 64-bit password is entered.

Password access has three modes of protection.
  • Read access protect - prevents data or code from being read from a block in the flash memory array prior to the proper password being entered.
  • Modify access protect - prevents a block from being programmed or erased in the flash memory array prior to the proper password being entered.
  • Permanent modify protect - prevents a block from being programmed or erased in the flash memory even if a proper password has been entered.
Krypto® Flex Lock
Krypto® Flex Lock allows software to control block locking or it can require hardware interaction before locking can be changed. Any block can be locked or unlocked with no latency. Once blocks are locked, they cannot be programmed or erased; they can only be read.
  • Lock block - The blocks can be locked by software only. On power-up or reset all blocks are locked.
  • Unlock block - The Unlock Block command unlocks locked blocks (if block isn’t locked-down) so they can be programmed or erased. Unlocked blocks return to the locked state at device reset or power-down.
  • Locked-down blocks - Locked-down blocks are protected from program and erase operations like locked blocks, but software commands alone cannot change their protection state. This feature requires the use of the WP# pin.
  • WP# = VIL -the lock-down command locks the block and prevents a block from being unlocked
  • WP# = VIH overrides lock-down so that commands can change the lock state.
The lock-down state is cleared only when the device is reset or powered-down.

Krypto® Authenticated Operations
Krypto® Authenticated Operations provides data integrity against unauthorized modifications to the memory device. Memory ranges can be specified by the system designer with either temporary or permanent read and modify protection. Modify protection is achieved through replay-protected command authentication using an HMAC code, password or a combination of both. Krypto® Authenticated Operations HMAC-based protection also enables a secure binding between the host controller and memory.  

A variation of Krypto® Authenticated Operations using RSA pubic key cryptography for authentication can also be made available upon request.

Security Features