Hardware-based security is the only way to protect secret keys from physical attacks and remote extraction, but extensive security expertise, development time and costs are required to configure and provision each device. With companies producing anywhere from hundreds to millions of connected devices per year across the globe, scalability of architecture can be a major barrier to deployments. Manufacturers typically have only been able to support configuring and provisioning for high-volume orders, leaving companies with low- to mid-sized deployments with low performing options.
To address this need in the mass market, Microchip Technology has released what it believes to be the industry’s first pre-provisioned solution that provides secure key storage for low-, mid- and high-volume device deployments using the ATECC608A secure element.
Microchip’s Trust Platform consists of a three-tier offering, providing out-of-the-box pre-provisioned, pre-configured or fully customizable secure elements, allowing developers to choose the platform best suited for their individual design. As the first solution to provide ready-to-go secure authentication for the mass market, the first tier – Trust&GO – provides zero-touch pre-provisioned secure elements with a Minimum Orderable Quantity (MOQ) as low as 10 units. Device credentials are pre-programmed, shipped and locked inside the ATECC608A for automated cloud or LoRaWAN authentication onboarding. In parallel, corresponding certificates and public keys are delivered in a “manifest” file, which is downloadable via Microchip’s purchasing e-commerce store and select distribution partners.
In addition to saving up to several months of development time, the solution significantly simplifies provisioning logistics, making it easy for mass market customers to secure and manage edge devices without the overhead cost of third-party provisioning services or certificate authorities.
With the ability to authenticate to any public or private cloud infrastructure, Microchip’s Trust Platform is also flexible and customizable. For customers who want more customization, the program includes the TrustFLEX and TrustCUSTOM platforms.
The second tier in the program, TrustFLEX, offers the flexibility to use the customer’s certificate authority of choice while still benefiting from pre-configured use cases. These use cases include baseline security measures such as Transport Layer Security (TLS) hardened authentication for connecting to any IP-based network using any certificate chain, LoRaWAN authentication, secure boot, Over-the-Air (OTA) updates, IP protection, user data protection and key rotation.
This reduces the time and complexity involved in customizing the device without requiring customized part numbers. For customers who would like to entirely customize their designs, the third tier in the program – TrustCUSTOM – provides customer-specific configuration capabilities and custom credential provisioning.
Microchip worked with Amazon Web Services (AWS) to enable a straightforward and simplified onboarding process into AWS IoT services for products designed with all variants of the Microchip Trust Platform.
The ATECC608A provides Common Criteria Joint Interpretation Library (JIL) “high”-rated secure key storage, giving customers confidence that devices implement industry-proven security practices and the highest level of secure key storage. With hardware-based root of trust storage and cryptographic countermeasures, the device protects against the widest classes of known physical attacks. Microchip’s secure manufacturing facilities safely provision keys, ensuring that keys are never exposed to any party during provisioning or the lifetime of the device.