Hardware-rooted identity on the BOM.

Why hardware-rooted device identity

A static device certificate with the key in flash is a weakness. One physical device’s key, extracted, becomes the entire SKU’s identity. A secure element on the BOM, with a key generated on-chip that never leaves, makes per-device identity provably unique.

The four layers

Constraints to design for

• SMT-line time budget. Personalisation has to fit the existing line cadence. Two seconds is the target.
• Field rotation. Devices in remote environments for years. Rotation has to happen over constrained connectivity without ever exposing the private key.
• 10-year horizon. Algorithms picked today have to be defensible in 2036. Cryptographic agility built in.
• BOM cost. Secure element on the bill of materials; cost fits the product margin.

Threat coverage

• Device cloning — per-device hardware-unique key + attestation.
• Key extraction — key never exists outside the secure element.
• Long-tail algorithm risk — EST re-enrolment supports rotation without retrieving devices.
• Supply-chain insider risk — CA signs only attestation-verified keys; rogue CA operator cannot issue against fake devices.

Operational realities

1. Plan personalisation-rig redundancy at the line; rig is a single point of failure during production.
2. Issuing CA must be reachable from the line; outage stops production.
3. Initial certificate validity 3-5 years; EST rotation thereafter.
4. Manufacturer attestation root is part of your supply-chain trust story; source secure elements from chip vendors with auditable provenance.

Related on the AmbiSecure site

• Product: IoT Security Chipset
• Product: IoT solution
• Solution: Secure element integration
• Technology: Secure elements
• Blog: Why Hardware-Backed Identity Matters
• Blog: Secure Element vs TPM vs HSM
• Case study: Secure device identity