TrustFLEX TLS

We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here

Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here

Complete your profile to access more resources.Update Here!

Item	Qty
Your cart is empty.

Getting Started Parametric Chart Development Tools Definitions and FAQs Partners

Leverage the Simplicity of Thumbprint Certificate Authentication

The vast majority of networks mandate Transport Layer Security (TLS), which relies on certificate-based authentication. Whether you are using a public cloud or a private cloud, the trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. The TLS stack is good for managing the key agreement and the encryption. However, implementing secure authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size, and creating a possibly cost-prohibitive, weak and hard-to-scale manufacturing flow. These challenges can be addressed by using the TrustFLEX ATECC608B-TFLXTLS secure element from our Trust Platform family with TLS stack providers. This solution also provides you with the flexibility to choose your own certificate authority in addition to leveraging the integrated authentication use cases in the same secure element.

Benefits of Using the TrustFLEX ATECC608B With TLS:

Leverage multiple use cases with our pre-configured devices
Use your own certificate authority
Leverage the simplicity of thumbprint certificate authentication
Implement a unique, trusted, protected and managed device identity
Turn-key code examples

Leverage Microchip’s secure provisioning service
Simplify logistics of shipping private keys and reduce manufacturing costs
Microcontroller-agnostic implementation
JIL rated “high” secure key storage
Protection against known tamper, side-channel attacks

TrustFLEX ATECC608B-TNGTLS Features

Custom Certificate Authentication: Use either the default thumbprint certificates already inside the TrustFLEX device or overwrite them with your own certificate.
JSON Web Token (JWT) Authentication: Leverage a private key to perform an Elliptic Curve Digital Signature Algorithm (ECDSA) sign operation on a token that will be verified by its corresponding public key somewhere else in the network.
Secure Boot (with key attestation): Perform an ECDSA verification at boot using a public key corresponding to a private key used to sign the code that the system will boot from. The public key becomes highly sensitive as it will allow a system to boot.
OTA Verification: Perform an ECDSA verification after an update using a public key corresponding to a private key used to sign the code the system will be updated with. The public key becomes highly sensitive as it will allow a system to be updated with a new code that needs to be trusted.
Firmware Intellectual Property (IP) Protection: Perform a verification during the system runtime using a key corresponding the one used to sign the code the system will run on. The verification key becomes highly sensitive as it will allow a system to run on a genuine code image.
Message Encryption: Provides the capability to encrypt a very small packet of data using the integrated hardware Advanced Encryption Standard (AES) engine.
Key Rotation: Provides the capability to rotate private keys within the secure boundaries of the secure element.
I/O Protection Key: Provides the capability to uniquely pair the MCU and the secure element.
Host Accessory Authentication: Provides the capability to create an ecosystem control strategy by having a main host authenticate its peripherals using as basic PKI architecture.

Ready to Get Started with TrustFLEX and a TLS Stack Provider?

mBedTLS

Buy the CryptoAuthentication™ SOIC XPRO Starter Kit (DM320109)
Download the code example on GitHub
Buy the ATECC608B-TFLXTLS

WolfSSL

Buy the CryptoAuthentication™ SOIC XPRO Starter Kit (DM320109)
View wolfSSL ATECC examples
Buy the ATECC608B-TFLXTLS

Linux® OS

Buy the SAMA5D27 SOM1 Kit1 (ATSAMA5D27-SOM1-EK1)
Download the code example on GitHub
Buy the ATECC608B-TFLXTLS and the CryptoAuthentication UDFN Socket Board (AT88CKSCKTUDFN-XPRO)

Trust Platform Devices

View All Parametrics

Please visit the full parametric chart. If you still cannot find the chart you are looking for, please complete our Website Feedback Form to notify us of this issue.

Similar Devices

View All Family Devices

No similar devices found.

Development Tools

Search:

Showing 1 to 10 of 11 entries

Development Tool	Description
CryptoAuth Trust Platform Development Kit (DM320118)	This USB-based development kit includes a SAM D21 MCU, debugger, mikroBUS™ socket and on-board ATECC608B secure element with Trust&GO, TrustFLEX and TrustCUSTOM options.
ATECC608B Trust Platform Kit (DT100104)	For use as an add-on board to the CryptoAuth Trust Platform Development Kit (DM320118), this kit provides a mikroBUS footprint for adding soldered-down versions of Trust&GO, TrustFLEX or TrustCUSTOM secure elements.
CryptoAuthentication™ SOIC Socket Kit (AT88CKSCKTSOIC-XPRO)	This board provides an SOIC8 socket to accommodate an ATECC608B or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.
CryptoAuthentication UDFN Socket Kit (AT88CKSCKTUDFN-XPRO)	This board provides a uDFN8 socket to accommodate an ATECC608B or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.
AVR-IoT WG Development Board (AC164160)	The AVR-IoT WG development board combines a powerful 8-bit ATmega4808 MCU, an ATECC608B CryptoAuthentication™ secure element IC and the fully certified ATWINC1510 Wi-Fi^® network controller to provide the most simple and effective way to connect your embedded application to Google’s Cloud IoT core platform.
PIC-IoT WG Development Board (AC164164)	The PIC-IoT WG development board combines a powerful PIC24FJ128GA705 MCU, an ATECC608B CryptoAuthentication™ secure element IC and the fully certified ATWINC1510 Wi-Fi^® network controller to provide the most simple and effective way to connect your embedded application to Google’s Cloud IoT core platform. The board also includes an on-board debugger and requires no external hardware to program and debug the MCU. Transmit light and temperature sensor data from the board to the cloud or add your own sensor using the mikroBUS™ header to interface to MikroElekronika Click boards™.
Google Cloud IoT Core Secure Authentication Kit with 32-bit MCU	Use this prototyping kit to learn how to implement a hardware root of trust and secure your authentication to Google Cloud IoT Core. It includes an ATWINC1500 Wi-Fi^® device, SAM D21 microcontroller and ATECC608B secure element.
Secure UDFN click	This Click board™ from MikroElektronika provides a uDFN8 socket to accommodate an ATECC608B or ATSHA204A secure element and operate it on the CryptoAuth Trust Platform Development Kit (DM320118).
WiFi 7 click	This Click board™ from MikroElektronika includes an ATWINC1500 Wi-Fi^® module which can be used to add TCP/IP and TLS links to the CryptoAuth Trust Platform Development Kit (DM320118).
Shuttle click	This Click board™ from MikroElektronika provides an easy and elegant solution for stacking up to four Click boards on a single mikroBUS™ socket.

Show entries

Previous1 2Next

Definitions

Credentials: Identity verification tools or methods that include X.509 certificates, generic certificates for thumbprint authentication, keys and data packets

Customization: The action of creating a unique device/system through its configuration and set of secrets

Firmware Verification: When a key and cryptographic operation are used to verify a signed image on a device at boot up or during run time

IP Protection: When a key and a cryptographic operation are used to verify signed (or hashed) firmware that is considered Intellectual Property (IP) of a product

Key(s): A set of binary numbers that is used to trigger a cryptographic algorithm that implements asymmetric or symmetric encryption

Over-the-Air (OTA) Verification: When a key and a cryptographic operation are used to verify a signed image that has been loaded into a connected device by a push notification from a cloud service

PKI: Public Key Infrastructure

Provisioning: The action of generating a credential into an embedded storage area

Thumbprint Certificate: An X.509 certificate not issued by a certificate authority that is used for authentication to the cloud

Find More Definitions

FAQS

General Questions:

Q: How can I get started with the Trust Platform?
A: Use the “Let Us Guide You to the Right Option” on the Trust Platform page, which will help you take the first step. You will find additional information about getting started with Trust&GO, TrustFLEX and TrustCUSTOM on their pages.

Q: I am a distribution partner. How do I enroll in the Trust Platform program?
A: Contact your local Microchip sales office to request assistance with joining the program.

Trust&GO Questions:

Q: Do I need to contact Microchip to provision my Trust&GO secure element?

A: No. When you buy the device, it is already provisioned with keys and certificates specific to the use case you have selected that are locked inside the device. Trust&GO cannot be altered and is intended to be used as is.

Q: Where can I obtain the public keys and certificates for my Trust&GO device?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file.

TrustFLEX Questions:

Q: Do I need to contact Microchip to provision my TrustFLEX secure elements?
A: Yes. When you buy the device, it comes pre-configured with your selected use case(s). By default, the TrustFLEX device also come with keys and generic certificates for thumbprint authentication that are overwritable internally if you have not already locked them using the lock bit. While the configuration cannot be altered, the default credentials can be changed if you have not already locked them. If you decide to use the default credentials, you will have to lock them after receiving the device. If you don’t want to use the default credentials, you can replace them with yours and then lock them. After you have made your decision, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the public keys and certificates for my TrustFLEX device when I use the default credentials?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file. WARNING: If you have overwritten the default credentials in your device, the manifest file will no longer be compatible with the device’s new credentials.

TrustCUSTOM Questions:

Q: Do I need to contact Microchip to provision my TrustCUSTOM secure element?
A: Yes. When you buy the device, it will be blank. You will need to use the TrustCUSTOM configurator, which is available under Non-Disclosure Agreement (NDA) to define the configuration, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the secret packet exchange for my TrustCUSTOM device?
A: This utility is only available through a Non-Disclosure Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Q: Where can I get the full data sheet for my TrustCUSTOM device?
A: This document is only available through a Non-Discloser Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Training

Documents
Videos

Search:

Showing 1 to 8 of 8 entries

Title	Description
How to Use Microsoft^® Azure^® RTOS and the ATECC608 TrustFLEX Secure Element	In this blog you can read about how to implement a secure boot and Transport Layer Security (TLS) mutual authentication for your Internet of Things (IoT) device.
How Transport Layer Security (TLS) and Secure Elements Work	In this blog you can learn about the importance of TLS and the embedded security pillars as encryption is weak without robust secure key storage to protect the private key.
Asymmetric Authentication Use Case Example	The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Secure Firmware Download Use Case Example	In this use case example, you will see a demonstration of the authentication of a firmware update. The example uses asymmetric cryptography to establish a chain of trust to validate the update.
Securing Cloud-Connected Devices with Google Cloud IoT and Microchip	This blog article written by Google discusses how the ATECC608B secure element strengthens authentication between IoT Core and IoT hardware.
Symmetric Authentication Use Case Example	The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Symmetric Authentication with a Non-Secure MCU Use Case Example	In this use case example, you will learn how to authenticate an object using one-way symmetric authentication, which avoids the need for an Internet connection and white (or black) list. A white list is a lookup table for identifying approved units and a blacklist is a lookup table for identifying non-approved units.
Zero Touch Secure Provisioning Kit for AWS IoT - End-to-End Security with AWS Cloud	This user's guide provides a detailed walkthrough of provisioning the Zero Touch Secure Provisioning Kit to connect and communicate with the Amazon Web Services (AWS) IoT service.

Show entries

AWS IoT Security: The New Frontiers

In this session from AWS re:Invent 2016, AWS explains the value of Just in Time Registration (JITR) and Bring you Own Certificate (BYOC) using an ATECC508A secure element.

Partner	Location	Contact
	Bristol BS34 8RB, United Kingdom	info@cerb-labs.com
	Tampere, Finland	jouni.hautamaki@crosshill.fi
	San Diego, CA USA	Dean Gereaux deang@goldenbits.com
	Tampa, FL USA	info@occamtechgroup.com
	Chicago, IL USA	info@optimaldesignco.com
	BSD City, Indonesia	Edy Gunawan edy@mailc.net
	Munich, Germany	sales@sematicon.com