On the day of Nancy Pelosi's visit to Taiwan, people were shocked to see large public displays on building facades showing hostile contents planted by hackers warning of the consequences of the US House speaker's support for the island. The general public is seldom aware that IoT devices like public displays are potentially at risk of hacking.
Information security has become ever more important in the era of the Internet of Things (IoT). JMEM Technology (JMEM TEK), a semiconductor information security startup founded three years ago by alumni of Taiwan's National Chiao-Tung University (NCTU), is unique in its approach to preventing hackers and protecting customers' IC intellectual properties.
In the past, during the updating of firmware and software, the shortcomings of the existing authentication mechanism would make it easy to form loopholes for hackers to break through. JMEM TEK came up with an integrated solutions for dealing with vulnerabilities at both the firmware and software levels, attracting attention from customers and venture capitalists.
The team members are all graduates or students of the Department of Electrophysics of NCTU. Their professors have provided support not only in the form of mentorship but also as angel investors. Other NCTU alumni also helped introduce potential IC design customers to them.
They leveraged resources such as electronic design automation (EDA) tools and chip manufacturing shuttle provided by Industrial Technology Research Institute's Innovation Incubation Center in Nangang, Taipei, and had been working in stealth mode until 2022 when they formally registered their company.
The founder and CEO, John Chang, majored in business and electronic engineering at the Queensland University of Technology in Australia before continuing his study at NCTU. He is in charge of operations and single-device design. CTO Paul Lo takes care of the circuit design, and there are other teammates who work on packaging and testing. Their IC design is subdivided into analog and digital.
Chang explained that for the storage device, if the data is stored in the chip, the company's solution focuses on one-time programmed (OTP) memory. The traditional manufacturing process is to program data into the chip during the programming process, so the action of writing data into the chip is in the hands of others.
The OTP solution of JMEM TEK allows customers to write data after getting the chip so that no one else can tamper with it. The security of this part is thus ensured.
However, protecting IP at the software level alone is not enough, so the team also has a hardware approach to prevent people from reverse engineering the chip.
Lo said the architecture of many IoT chips is relatively simple, and usually has OTP inside. But when they are taken to China, they are opened up and the hardware protection is disabled through various methods, so the firmware inside the controller or the calibration code inside the sensor can be easily copied.
"As communication technology has advanced from 4G to 5G, and will soon move to 6G, we will soon enter the era of the Internet of Everything," said Lo. "JMEM's solution is to give each device an independent ID, just like a human fingerprint. The function, still under development, is called physical unclonable function, which can add biometric-like identification to each device to confirm whether it should be trusted and authorized to access information."
Lo explained that whenever a device wants to connect with a local device, the system will detect whether it is a trusted device. If not, access can be denied immediately, thus greatly reducing the risk of hacking from device to device.
"This part of the solution is in the protection of authorization mechanism, which is fundamentally different from the traditional software information security at the network level because the identification is added at the hardware level," said Lo.
"In addition, we are also working on the design of encryption processing chip IP and the prevention of bypass attacks, such as the use of laser probing or electronic waves to understand the circuit feedback," said Chang.
"We are not trying to replace the software, but rather to propose a combination of software and hardware to make the product more secure," Chang explained.
Latest regulations in Europe, the US and China hold system vendors responsible for losses resulting from inadequate system security in the event of hacking, and the amount of penalty often can reach as high as US$1 billion. When such incidents occur, the finances and reputation of system providers will be severely impacted. "This greatly enhances the motivation of customers to adopt chip information security solutions," said Chang.
Chang observed that information security has become more and more important: There is a significant increase in research papers studying it, and international conferences on failure analysis have also started to discuss information security.
He believes that as the chip war between the US and China intensifies, the problem of China copying chips will become more and more serious. In the past, China copied between their own manufacturers, and when their technology matures to a certain level, they will start copying the ones made by advanced countries, he said.
The company's future applications will first focus on two main verticals: IoT and automotive chips. As IoT chips are usually relatively inexpensive, it is impossible to add many complex functions, and JMEM TEK's solutions can achieve cheap and simple functions. As it takes a long validation period for automotive applications, JMEM will first focus on IoT chips before moving to automotive chips. For the automotive segment, the company can rely on some of its investors who have connections with car manufacturers.
JMEM's previous round of fundraising was led by 500 Global in the form of a simple agreement of future equity (SAFE), and the next round of capital raising has already received many commitments and has been oversubscribed.
JMEM declined to disclose the goal of the fundraising for 2023 but said that they plan to use the fund to conduct a shuttle tape out in May 2023 for silicon proof of concept, that it to prove the feasibility of the process.
Since JMEM TEK's business model is IP licensing, silicon proof of concept will be a key factor for their success and hence a goal to reach for the next two years.
Planning Pre-A fundraising (2023)
CEO John Chang
CTO Paul Lo
Innovation R&D center
Source: JMEM TEK, compiled by DIGITIMES Asia, December 2022