Chip Design

PUF, namely physically unclonable functionality, is the “silicon biometrics” that exploit the intrinsic and ubiquitous variations in semiconductor integrated circuits (IC) to generate random but unique, unpredictable while reproducible, and most importantly, unclonable hardware fingerprints. Even under the identical manufacture process, each IC is actually different due to the physical variability stemmed from the ultra-large scale integration (hundreds of millions of transistors integrated into one silicon chip) and uncontrollable non-uniformity in nanoscale device characteristics. PUF leverages this physical variability for low-cost, small-footprint, energy-efficient authentication and cryptographic key generation suitable for IoT platforms.

A PUF based key does not require physical storage and is generated on the device at the time of usage. It’s free from physical hacking and excels in situation when the devices are deployed without physical security. It can be used as a symmetric key or a private key when the corresponding public key is accessible by other devices or computer systems. PUF provides an alternative secure yet much more simplified solution for key management and does not change our dependency on cryptograph.
Compressive Sensing (CS) is a signal processing technique for efficiently acquiring and reconstructing a signal. This is based on the principle that, through optimization, the sparsity of a signal can be exploited to recover it from far fewer samples than required.

In Soteria Networks, we have developed a secured compressing sensing technology that achieves compression and encryption in a unitary step inside the chip. The transformed signal can be transported through non-SSL network and reconstructed on the server side.

Compared with the standard H.264, CS processing is much less complex, thus achieving lower power consumption.

Cloud Integration Platform

The API Gateway provides a great infrastructure component that simplifies service oriented architect implementation. APIs are registered with the API gateway. Requests for the services are routed through the API gateway.

The API gateway implements the authorization enforcement based on the privileges of the principal in the request.
OAuth2 provides authorization flows for web applications, desktop applications, mobile phones, and living room devices. It offers similar single sign on capability, but is a better choice when it comes to API level authentication for server to server communication. It handles the authorization by a resource owner when a client accesses a resource server protected by an OAuth2 authorization server.

The OAuth2 Authorization server by Soteria Networks is integrated with the SAML IDP server as its service provider, thus achieving the maximum authentication service reusability.
The SAML Identity Provider is an web application that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles. It can also be used for non-browser profile, i.e. API authentication, although less frequently.
A TOTP (Time based one-time password) is by default integrated with the SAML Identity Provider as the second authentication factor. It sends a 6-digit token to the user through text or email services.
The standard user and device lifecycle management is fully supported. In addition, multi-tenancy provides data segregation and low maintenance for shared environment.


Case Study

Personal casualty is a great concern in high-voltage electric grid field construction. For compliance purpose, the customer needs to record the field activities. Realtime monitoring is preferred when wireless signal, such as 3G/4G, is available, otherwise, the video should be kept in the recording unit for late processing. An existing proposal based on VPN and H.264 was not accepted due to limited bandwidth and battery time lasts only 4 hours.

The customer was persuaded by our CS based proposal since it eliminates the VPN usage and the battery can last up to 8 hours.

Foreign objects enter railway tracks and can create huge human and property loss, especially in high speed rail and subway systems. There is an imperative need to leverage realtime audio and video signals collected from the field to predict imminent accidents.

Dedicated wired signal transportation provides sufficient bandwidth and data protection, but the construction cost and logistics are huge obstacles, which makes wireless a much preferred solution. However wireless has limited bandwidth and prone to security attack.

The compressive sensing technology by Soteria Networks is a perfect solution that solves both the bandwidth and security issue. It compresses and transforms the data in a unitary step. Even better, this is done at the chip level, much faster than the software method. The transformed data can transit through even public wireless network without worrying about man in the middle attack.

Soteria Networks is working with a railway technology company developing a track defect detection system.

A Fortune 500 company provides monitoring and diagnosis service to hundreds of thousands of storage servers hosted on the customer sites. Customer security concern requires support personnel visit that results in high cost and slow service. A federated remote access solution is desired to allow customers to participate in the decision process.

With the first rollout of a solution designed by us, it eliminates annual loss of 22,000 man hours, translating to $2M in savings. Long term benefit also includes saved additional license cost each year.

We offer more possibilities to meet your every need

Our chip level technologies add powerful features to IoT solutions, including security, low power consumption and less data transmission. Combined with our Cloud Integration Platform, it forms an enclosed eco system.

Why Choose Us?

Choose the components from our micro service based suite to fit your needs and achieve system capacity elasticity. Micro-service architecture offers highly customizable packages and enables flexible integration with customers’ existing systems. Micro services are easy to replace, organized around capabilities, and can be implemented using different programming languages, databases, hardware and software environment, depending on what fits best. Our platform supports continuous delivery of new features.
Unified platform protecting enterprise applications, data and IoT devices and supporting identity relationship management (IRM) between users and devices.
High-quality product and support personnel with appropriate pricing. Responsive design and intuitive work flow reduce training budget. Great emphasis on DevOps using the industry leading practices.
We offer 24/7 service support on our product in production. Customer satisfaction is our ultimate goal.