Code Signing & Secure Debug Access

Centralized Code Signing Service Access Options System Security Algorithms Debug-Access Tokens

Our PRiSM (Permission Rights Signing Manager) code signing system is a powerful tool for ensuring the integrity and provenance of software.

It is a hosted code signing solution with robust access control and user activity logging. PRiSM can also issue access tokens to enable secure, controlled access to debugging capabilities in products.

  • Centralized, managed protection of code/message signing and encryption with traceable user activities
  • Protected infrastructure with multiple security layers and disaster recovery provisions
  • Service accessible through web-based GUI, scriptable remote client, and RESTful API
  • Support for signing Java, Android, Windows, Linux, and Dockerized applications, DOCSIS cable modems firmware, and many more
  • Custom chip-specific code signing and encryption formats
PRiSM Diagram
Click to enlarge

Centralized Code Signing Service with Auditable Access

The detailed activity logging in PRiSM help trace unauthorized or suspicious actions to the user or client involved. Analysis of PRiSM’s activity logs can provide such information as

  • what object was signed
  • what key/certificate was used
  • which code signing/encryption tool was used
  • which user or programmatic client initiated the action

Multiple Interfaces For Service Access

PRiSM offers both a user portal as well as automated machine-to-machine (M2M) interfaces. The user portal is protected by hardware-based two-factor authentication, enabling secure user access to the service from any location. To support automation, PRiSM offers two M2M interfaces, which allow programmatic clients, such as build servers, to access the code signing service without human intervention. To protect M2M access to PRiSM, we provide hardware cryptographic tokens for our customers to integrate with their automated clients.

Robust System Security

Designed to deliver best-in-class security, PRiSM is hosted on a server cluster equipped with hardware security modules (HSMs), and protected by multiple layers of physical and network security. All code signing and encryption keys are protected by HSMs. All network devices and physical hosts are hardened according to the latest security guidelines. Periodic network scanning and penetration testing are conducted to further reduce risks. PKI Center’s geographically-diverse disaster recovery capability and business continuity planning provide assurance of system availability in case of disasters and other disruptive events.

Keys

Code-Signing/Encryption Formats & Algorithms

PRiSM supports a wide variety of standard cryptographic algorithms. It also supports many industry-standard code signing formats, such as Android APK signing, JAR signatures, Microsoft Authenticode, Docker containers, Kubernetes Helm charts, just to name a few.

Custom Chip-Specific Code Signing Formats

In addition to standard algorithms and formats, PRiSM can also perform code encryption and signing according to customized or proprietary formats, which are often required by secure SoCs and microcontrollers. Example vendor-specific boot code formats we support include those of Broadcom, HiSilicon, Qualcomm, Xilinx, Maxilinear, Intel Puma SoCs, and more. With our expertise and experience, we can support new formats as needed with ease.

Signed Secure Debug Access Tokens

With PRiSM, developers can perform debugging without compromising the security of deployed production devices. The services provides secure debugging access to developers, testers, and integrators. During product development and testing, normally-disabled features may need to be temporarily enabled. PRiSM can issue signed data objects (debug access tokens) that authorize temporary, controlled access to debugging features only on development devices in labs.

To learn more about our code signing and secure debug access solutions, please see our whitepaper on PRiSM. See also our joint technical paper with CableLabs on secure boot and trusted boot solutions, in which code signing plays a pivotal role.