I believe that a strong cryptographic method can be only implemented if your processor is able to store a piece of software in an internal read protected flash. Otherwise any encryption algorithm has to be loaded from the flash before and can be potentially reengineered. At least the private key must be read protected inside the processor.
For a lower protection level, you can e.g. use the preprogrammed random number in the OTP block to personalize a firmware copy. Or pair it with data in protected internal processor EEPROM. If the processor has an unique ID, a hash can be stored in the OTP area, Again, the hash algorithm must be hidden.
Studying cryptographic methods should help you to find a solution. E. g. Bruce Schneier, Cryptography Engineering.