A Tamper Resistant Chip (TRC) is a standalone integrated circuit that houses a tamper‑resistant element (TRE). The TRE is a secure enclave—a combination of specialized hardware and low‑level software that is designed to resist physical and software attacks. It creates a controlled environment inside the chip to store cryptographic keys and sensitive data and to execute secure operations.
A secure enclave (also known as an Integrated Tamper-Resistant Element or iTRE) is a certified security module within a system-on-chip that can securely host SIM or eSIM operating systems, along with confidential and cryptographic data. A TRC encapsulates this TRE in a discrete package rather than embedding it directly in a system‑on‑chip, providing a hardened boundary between the secure element and the rest of the device.
In practice, TRCs are used in mobile devices, payment cards, hardware security modules and IoT equipment to provide a root of trust for identity and authentication. They offer resistance against tampering attempts by controlling access to the TRE and by preventing sensitive keys from leaving the chip. iSIM technology integrates the SIM into a dedicated area on the system‑on‑chip where it is protected by a tamper‑resistant element ; TRCs fulfil a similar purpose but remain physically discrete components.
Because TRCs are built according to security standards (such as those defined by the GSMA and Trusted Connectivity Alliance), they are recognized as secure elements for protecting mobile subscription credentials and other sensitive IoT data. They enable remote SIM provisioning and secure profile storage without requiring a separate SIM card, providing robust protection against both physical and logical attacks.
Key features of a TRC
• Secure storage and cryptography – A TRC provides a tamper‑resistant area for storing cryptographic keys and subscriber identities and performing secure operations, making it difficult for attackers to extract secrets .
• Hardened silicon architecture – The TRE is made of hardened silicon with dedicated cryptographic functionality . This reduces the device’s overall attack surface and provides strong resistance to physical attacks.
• Certified security standards – TRCs and TREs conform to industry standards (GSMA, ETSI and Trusted Connectivity Alliance) and can achieve certifications such as Common Criteria EAL5+, ensuring compliance with global security requirements .
• Supports remote provisioning – By isolating sensitive data and processes, TRCs facilitate Remote SIM Provisioning (RSP), allowing operator profiles to be downloaded, updated and managed over the air without exposing credentials .
• Hardware‑backed security – eSIM and iSIM devices rely on hardware‑based security to protect network credentials. iSIMs place the SIM functionality in a secure area on the SoC, protected by a tamper‑resistant element . TRCs provide the same protection in discrete form, ensuring secure identity management and authentication across IoT devices.
• Trusted root for device identity – The secure enclave inside a TRC acts as a root of trust for the device. It securely hosts the SIM or eSIM operating system along with applications and cryptographic data , establishing trust in the device’s identity and the data it exchanges with networks and cloud services .
• Protection against tampering and theft – For IoT deployments, physical access to devices may be difficult to monitor.