A Timely Update on Secure-IC

I last wrote about Secure IC back in 2023, a provider of embedded security technologies and services. Cadence announced at the beginning of 2025 their intention to acquire this company, which warrants a check-in again on what they have to offer. Secure-IC addresses multiple markets, from automotive, through defense/space and more. The central value is security management all the way through a product lifecycle, from initial design through manufacturing, provisioning, mission mode and ultimate decommissioning.

First, where are markets at on security?

We all understand that security is important, but just how important? According to Karthik Raj Shekar (FAE lead and Project Manager at Secure-IC), active engagement is accelerating. Where once security features were a checkmark, now they are must-have in automobile, mobile, server applications, defense (of course), smart cards and payment apps.

That demand is evolving is not surprising. Take automotive where new capabilities create new potential attack surfaces, through telematics or V2X for example. Even more critically, over-the-air updates with an ability to change core software demand high levels of protection.

What I found interesting is that pressure to get serious about security is being driven top-down. OEMs are being held to must-comply security standards, either regulatory or though guidelines/ad-hoc requirements. They push these down their supply chains not as checkmarks but as specific compliance expectations. Now Karthik sees chip makers becoming very proactive, anticipating where they will need to be versus coming security demands across a broad swath of markets. Which leaves me wondering which products can still ignore security. $60 porch-pirate cameras perhaps, but not security cameras providing guarantees. Cheap drones, but not high-end drones. Opportunities for non-compliant chips will still exist, but likely not in the big $$ markets.

Secure-IC solutions

The company provides a comprehensive palette of solutions, from embedded hardware and software which can be built into your chip design, to server solutions running in the cloud for fleet management, to security evaluation tools from design through post-silicon, to side-channel and fault injection vulnerabilities as a service provided by Secure-IC experts.

The design solution starts with a root of trust they call Securyzr, providing a very broad set of security services. These include of course attestation, key management, crypto options (including post-quantum options), secure connectivity, secure boot and trojan detection. Also some wrinkles I haven’t heard of elsewhere: ability to do post-silicon trimming for sensors (which can be controlled from the cloud-based server), and an AI agent embedded in the device software to reduce false alarms and ensure only important information is sent to the cloud server.

The cloud server is an integral part of the complete solution, allowing you to manage the security of a fleet of products. Here you can control provisioning (assigning keys to newly commissioned products, secure firmware update over the air and extensive monitoring options. As noted above, you can monitor and tune sensors, even turn malfunctioning sensors off to adapt to change conditions in the field and among the fleet. Here integrated device security and cloud-based management makes sense. I’m not sure how a standalone cloud security platform could manage down to sensor-level tuning. Maybe at some point. One more important point – they also provide support for Product Security Incident Report Teams (PSIRT). Security is a dynamic domain as we all see in regular OS and product update requests. PSIRT support helps OEMs stay on top of latest zero and one-day threats for their own products. Ultimately when you want to take a product out of service, the cloud service will support decommissioning, ensuring that expired credentials cannot be hijacked by a threat actor to pose as a legitimate member of the fleet.

If you are selling into security-sensitive fields ultimately you will need to prove compliance through an authorized neutral lab. Getting ready for such testing can consume significant expert time and effort. Security-IC tracks relevant standards very closely: PSA, Autosar MCAL, TPM2.0, PKCS#11, Common Criteria, FIPS, etc, and can provide expert assistance and tools to do gap analysis on your design against the appropriate requirements for your target markets. They will also (optionally) help with side-channel and fault insertion analysis, both areas demanding high expertise to track down weaknesses.

Altogether this looks like a very comprehensive suite of solutions. You can learn more about Secure-IC HERE.