Crypto Quantique, a London, UK-based startup, uses quantum tunneling to allow devices to have multiple secure ‘unforgeable’ identities in internet of things (IoT) systems. The company has just raised $8 million, and also appointed Kumi Thiruchelvam as a co-founder and chief commercial officer.

Having debuted its technology in Barcelona last fall, the company said it uses the most advanced techniques in cryptography and quantum physics to address the growing challenges of end-to-end IoT security. Using its quantum driven secure chip (QDSC), Crypto Quantique (CQ) said it enables devices to regenerate keys without secure storage, and also to identify themselves to remote servers without a previous trust relationship or shared key being needed.

It uses quantum tunneling in nano-devices to generate random numbers based on the variations in thickness of the tunneling; tunneling in semiconductors is inevitable when manufacturing at nanoscale. This quantum effect in QDSC means a single chip can generate multiple, unique, unforgeable cryptographic keys on-demand. CQ said it has already tested this on chips created with a 55nm CMOS process by GlobalFoundries.

Because of the way in which the keys are generated, there is no requirement to store the keys on the device because the keys can be retrieved on demand. The company said this eliminates secure storage requirements, as well as the huge cost and security overhead of sending millions of devices to facilities around the world to have secret keys “injected” into them. These cryptographic keys are never stored, are resistant to most side-channel attacks, and can be used independently by multiple applications on demand.

Thiruchelvam has spent the last six years focused on digital identity, security and authentication following a career with Broadcom, TTPCom and BT, and most recently with Intrinsic ID. Speaking to EE Times he said the seed money raised in this funding round will help CQ to work on market validation and some proof points.

He emphasized that IoT security is more than just about the device; there is a need to manage security at four levels: at device and hardware level, in the communications network, in the cloud, and secure life cycle management. Hence CQ is not just focused on devices or licensing its technology intellectual property (IP), but more about secure key management through the lifecycle of the devices. As part of this, the company is adding to its software team to develop its key management service (KMS).

Crypto Quantique wider solution

Crypto Quantique’s key management system, designed to be integrated into any cloud-based or on-premise IoT platform, could be a part of an identity-as-a-service business model being considered by the company. (Source: Crypto Quantique)

He said the future for CQ will be around its KMS, explaining, “Quantum tunneling in silicon is what we’ve patented, enabling secure devices to be unforgeable. The technique creates a large key space so we can generate multiple hardware roots of trust. Hence a single device can have multiple keys, and our KMS will then help users manage all the different use cases in one device.” As an example, from one QDSC-based chip, multiple secure cryptographic keys can be generated, with one for the identity, one for data transmission and another for control commands.

Thiruchelvam added, “We shouldn’t just be restricted to single identities using single key injection when devices can have multiple identities.” Hence, he said CQ is exploring business models rather than just IP licensing. For example, with its KMS it could develop a model to offer identity-as-a-service. The KMS is designed to be integrated into any cloud based or on-premise IoT platform facilitating seamless, zero-touch secure device onboarding for thousands of devices in seconds as well as ongoing device attestation, revocation and secondary identity provisioning capabilities. This will enable enterprises to achieve full end-to-end ownership and control of IoT security with a foundational framework for securing, for example, data in transit, device attestation, data at rest, mutual authentication, and device boot.

“Today’s identity, security and encryption technology is failing to keep up with the onslaught of sophisticated adversaries attacking IoT systems via connected devices,” said Thiruchelvam. “Crypto Quantique brings a new approach to a critical challenge for the IoT security industry. Our solution delivers an unforgeable hardware derived root of trust that will enable true vertical integration from the device through the entire network to cloud computing services. I am excited to help bring our this truly innovative quantum driven cybersecurity to market.”