Secure the production and personalization of your products
AMS helps silicon providers as well as device manufacturers to securely provision cryptographic keys, trust anchors, unique device identifiers and debug passwords, with visibility and governance over the manufacturing process. Its flexibility eliminates the need for ad hoc approaches to device provisioning and helps ensure a secure, traceable process throughout the supply chain.
Product Features and Benefits
AMS allows a centralized manufacturing Controller to govern production at remote sites with minimal connectivity required for its operation. Digital assets are secured in transit between the Controller and AMS Appliances and protected at rest using built-in Hardware Security Modules (HSMs). The system offers specialized modules useful for provisioning and tracking digital assets during device production.
The STT module provides the ability to provision and track device-unique serial numbers over a manufacturer specified range at a set of production sites.
The KeyInject module provides the ability to securely provision keys and other sensitive assets, either on a serialized “next key” basis (SKI) or on an addressable “key for a specific device” basis (AKI). Keys so provisioned may only be used once, with logs available to report where and when a keying asset was consumed. Customizable transforms support both the ingress and egress of device keying material modified for use by chip families with keystore pre-processing requirements.
The Static Data Inject module allows common digital assets, such as device firmware or trusted root certificates, to be provisioned to a group of devices during the manufacturing process. It is useful for configuring and dynamically managing high-level product SKUs at remote production sites.
The Yield Logging module enables device manufactures to track test results from remote manufacturing sites, mitigate the risk of material and inventory waste by supporting early detection of problems in the manufacturing process.
Processor Data Return is an optional module that can be customized to support unique manufacturing requirements to capture device unique data such as the registration of a device public key or the return of a device encrypted data-blob for a two-stage personalization process.
Feature Control is an optional custom module to register and cryptographically activate new features in devices with appropriate hardware support. It supports secure SKU management which can reduce inventory stocking costs and royalty outlays to reduce product BOM and manufacturing costs as well as to enable premium aftermarket product features. BlackBerry can work with specialty RTL providers to incorporate feature control management for IC logic blocks for SKU management and aftermarket feature enablement.
The AMS Controller is a secure server appliance which acts as the repository for sensitive device assets in the heart of the OEM’s manufacturing and logistics process. The Controller enables new asset codes to be defined and managed and key sets to be loaded. It periodically connects to Appliances at distant manufacturing sites to deploy assets and retrieve logs for process monitoring.
AMS Appliances are hosted at remote manufacturing sites where they are contacted intermittently by the Controller for status queries and asset updates. Appliances are deployed in pairs for high availability, with each appliance securely paired with the governing central Controller.
AMS Test Agent libraries
AMS Test Agent libraries allow device manufacturers to integrate the AMS platform with traditional tester-based manufacturing systems. They provide a set of application programming interfaces (APIs) which allow test engineers to quickly and easily leverage the power of AMS to secure their provisioning process.