Start with the Most Popular Pre-Configured Use Cases and Use Your Own Credentials


When it comes to IoT security, authentication is one of the foundational concepts that should be implemented first in your design. The trust between the device identity and the cloud platform relies on a chain of trust. AWS IoT supports certificate-based authentication, but the trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. However, adding authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size and ensuring a secure manufacturing flow. These challenges can be addressed by using the TrustFLEX ATECC608B-TFLXTLS secure element from our Trust Platform family of solutions.

trustflex-product-logo

Defining the secure element’s configuration is generally a time-consuming task. The TrustFLEX ATECC608B-TFLXTLS comes pre-configured with the most commonly used use cases to speed up your development and reduce the complexity of the onboarding process. To further simplify onboarding, the device also comes with default generic certificates for thumbprint authentication and overwritable keys. This allows you to either choose the default certificates and keys and lock them afterwards or overwrite the default credentials with your own. When combined with AWS IoT Core Application Program Interfaces (APIs), such as Just-In-Time-Registration and Use Your Own Certificate, you can use a Certificate Authority provider of your choice to create an end-to-end secure authentication. The device’s private keys will have to be provisioned in the secure element using our provisioning infrastructure and the Hardware Secure Modules (HSMs) that are installed in our factories. The key will then be isolated from exposure to software, firmware, manufacturing sites, end users and other third parties. Our ATECC608B-TFLXTLS provides a common criteria JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in TLS networks that are based on a Public Key Infrastructure (PKI) security model and leverage a wide variety of traditional low-power microcontrollers (MCUs).

Ready to Get Started With TrustFLEX and AWS IoT Core?


Step 1: Download the Trust Platform Design Suite, available for Windows® and macOS®, to prototype with your secure element.

Step 2: Buy the development kit of your choice, then prototype and integrate your application code in the microcontroller.

Step 3: Once the C code is working in your embedded application, you are ready to create the configuration file using the TrustFLEX configurator that is available in the Design Suite. After the configuration file is finalized, submit a support ticket to obtain your encryption key. Encrypt the configuration file using the provided utility, load it in the support ticket and you will receive provisioned validation devices by our Hardware Secure Module (HSM) equipped factories.

trust-platform-design-suite-microchip-microsolutions

Benefits of Using the TrustFLEX ATECC608B with AWS IoT Core

  • Create secure authentication to IoT devices powered by AWS IoT Core
  • Benefit from the scalability of AWS IoT Core (including China)
  • Leverage AWS Just-In-Time-Registration and Use Your Own Certificate
  • Provide a unique, trusted, protected and managed device identity
  • Pre-configured with most popular use cases
  • Turn-key code examples available for each use case 
  • Leverage Microchip’s secure provisioning service
  • Simplify logistics of shipping private keys and reduce manufacturing costs
  • Microcontroller-agnostic implementation
  • JIL rated “high” secure key storage
  • Protection against known tamper, side-channel attacks
atecc608b-3bx-regular

TrustFLEX ATECC608B-TFLXTLS Use Cases

Each of the device slots are pre-configured to offer the following use cases:
  • Custom Certificate Authentication
  • Token Authentication
  • Secure Boot (with key attestation)
  • Over-the-Air (OTA) Verification
  • Firmware Intellectual Property (IP) Protection
  • Message Encryption
  • Key Rotation
  • I/O Protection Key
  • Host Accessory Authentication

Visit the ATECC608B-TFLXTLS product page to learn more about the device’s features.

Are You Interested in AWS IoT Greengrass Hardware Security Integration?


Find out how to develop an IoT Greengrass Hardware Security Integration solution using the ATECC608B secure element.

Trust Platform Devices


Development Tools


Learning