Loading
Log in to myMicrochip to access tools and benefits. Sign up in just one minute.
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!
Start with the Most Popular Pre-Configured Use Cases and Use Your Own Credentials
When it comes to IoT security, authentication is one of the foundational concepts that should be implemented first in your design. The trust between the device identity and the cloud platform relies on a chain of trust. AWS IoT supports certificate-based authentication, but the trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. However, adding authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size and ensuring a secure manufacturing flow. These challenges can be addressed by using the TrustFLEX ATECC608B-TFLXTLS secure element from our Trust Platform family of solutions.
Defining the secure element’s configuration is generally a time-consuming task. The TrustFLEX ATECC608B-TFLXTLS comes pre-configured with the most commonly used use cases to speed up your development and reduce the complexity of the onboarding process. To further simplify onboarding, the device also comes with default generic certificates for thumbprint authentication and overwritable keys. This allows you to either choose the default certificates and keys and lock them afterwards or overwrite the default credentials with your own. When combined with AWS IoT Core Application Program Interfaces (APIs), such as Just-In-Time-Registration and Use Your Own Certificate, you can use a Certificate Authority provider of your choice to create an end-to-end secure authentication. The device’s private keys will have to be provisioned in the secure element using our provisioning infrastructure and the Hardware Secure Modules (HSMs) that are installed in our factories. The key will then be isolated from exposure to software, firmware, manufacturing sites, end users and other third parties. Our ATECC608B-TFLXTLS provides a common criteria JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in TLS networks that are based on a Public Key Infrastructure (PKI) security model and leverage a wide variety of traditional low-power microcontrollers (MCUs).
Step 1: Download the Trust Platform Design Suite, available for Windows® and macOS®, to prototype with your secure element.
Step 2: Buy the development kit of your choice, then prototype and integrate your application code in the microcontroller.
Step 3: Once the C code is working in your embedded application, you are ready to create the configuration file using the TrustFLEX configurator that is available in the Design Suite. After the configuration file is finalized, submit a support ticket to obtain your encryption key. Encrypt the configuration file using the provided utility, load it in the support ticket and you will receive provisioned validation devices by our Hardware Secure Module (HSM) equipped factories.
Benefits of Using the TrustFLEX ATECC608B with AWS IoT Core
- Create secure authentication to IoT devices powered by AWS IoT Core
- Benefit from the scalability of AWS IoT Core (including China)
- Leverage AWS Just-In-Time-Registration and Use Your Own Certificate
- Provide a unique, trusted, protected and managed device identity
- Pre-configured with most popular use cases
- Turn-key code examples available for each use case
- Leverage Microchip’s secure provisioning service
- Simplify logistics of shipping private keys and reduce manufacturing costs
- Microcontroller-agnostic implementation
- JIL rated “high” secure key storage
- Protection against known tamper, side-channel attacks
TrustFLEX ATECC608B-TFLXTLS Use Cases
Each of the device slots are pre-configured to offer the following use cases:
- Custom Certificate Authentication
- Token Authentication
- Secure Boot (with key attestation)
- Over-the-Air (OTA) Verification
- Firmware Intellectual Property (IP) Protection
- Message Encryption
- Key Rotation
- I/O Protection Key
- Host Accessory Authentication
Visit the ATECC608B-TFLXTLS product page to learn more about the device’s features.
Are You Interested in AWS IoT Greengrass Hardware Security Integration?
Trust Platform Design Suite
Install the Trust Platform Design Suite software package to get started with any of the Trust&GO or TrustFLEX secure elements available with our Trust Platform. Our tutorial will guide you through the installation of the tools that will simplify your development from prototyping to production and accelerate your time to market.
CryptoAuth Trust Platform Development Kit
Part Number: DM320118
This USB-based development kit includes a SAM D21 MCU, debugger, mikroBUS™ socket and on-board ATECC608B secure element with Trust&GO, TrustFLEX and TrustCUSTOM options.
ATECC608B Trust Platform Kit
Part Number: DT100104
For use as an add-on board to the CryptoAuth Trust Platform Development Kit (DM320118), this kit provides a mikroBUS footprint for adding soldered-down versions of Trust&GO, TrustFLEX or TrustCUSTOM secure elements.
CryptoAuthentication™ SOIC Socket Kit
Part Number: AT88CKSCKTSOIC-XPRO
This board provides an SOIC8 socket to accommodate an ATECC608B or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.
