The security platform aims to enable businesses of all sizes to assign certified and trusted identities to devices joining the secure Internet of Things (IoT). The Atmel Certified-ID security platform prevents unauthorised reconfiguration of an edge node to access protected resources on the network. This new platform is available on the Atmel SmartConnect Wi-Fi, Bluetooth, Bluetooth Smart, and ZigBee solutions that connect directly to Atmel Cloud Partners, providing a secure turnkey solution for IoT edge node-to-cloud connection.
The Atmel Certified-ID platform delivers a distributed key provisioning solution, building on internal key generation capabilities of Atmel’s ATECC508A CryptoAuthentication device, without invoking large scale infrastructure and logistics costs. This new platform also allows developers to create certified and trusted identities to any device before joining an IoT network.
Today, secure identities are commonly created through a centralised approach where IoT device keys and certificates are generated offline and managed in secure databases in Hardware Security Modules (HSM) to protect the keys. These keys are then programmed into the IoT devices by connecting the HSM to automation equipment during device manufacturing. This approach is indispensable in large deployments consisting of millions of devices. It can also entail significant upfront costs in infrastructure and logistics which must be amortised over a large number of devices for cost effectiveness.
By using the internal key generation capabilities of Atmel’s ATECC508A device, the platform enables decentralised secure key generation, allowing distributed IoT device provisioning regardless of scale. This method eliminates the upfront costs of the provisioning infrastructure which can pose a significant barrier in deploying devices in smaller scales. The new platform enables developers to create secure IoT devices compatible with partner cloud services and the ability to securely join ecosystems.
Atmel is currently working with several cloud service companies including Proximetry and Exosite on the Certified-ID platform. These collaborations allow developers to select from a full suite of ecosystem partners for a secure connection between the edge nodes and the IoT. Other partners will be announced as they are integrated in the Certified-ID platform.
Atmel now offers security provisioning tool kits to enable independent provisioning for pilot programs or production runs when used in conjunction with the ATECC508A CryptoAuthentication devices. These devices are pre-provisioned with internally generated unique keys, associated certificates, and certification-ready authentication once it is connected to an IoT ecosystem.
Developers will need two kits to securely provision their devices. These include Atmel’s AT88CKECCROOT tool kit, a ‘master template’ that creates and manages certificate root of trust in any ecosystem, and the AT88CKECCSIGNER tool kit, a production kit that enables partners to provision IoT devices. The AT88CKECCSIGNER kit allows designers and manufacturers the ability to generate tamper-resistant keys and security certifications requiring hardware security in their IoT applications. These keys provide the level of trust demanded by network operators and allows system design houses to provision prototypes in-house—saving designers overall investment costs.
The tool kits also include a graphical user interface that allow everyone to seamlessly provision their IoT devices with secure keys and certificates without special expertise. With distributed provisioning, developers are not required to use expensive HSM for key management and certificate acquisition fees.
In addition to secure IoT provisioning, the new Certified-ID platform provides high-quality random number generation to guarantee a diverse set of public and private keys. It delivers solutions to a variety of IoT security needs including node anti-cloning protection, data confidentiality, secure boot, and secure firmware upgrades over-the-air. The tamper resistance built into the ATECC508A device continues to provide the desired protection even when the device is under physical attack.
Atmel Secure Products: www.atmel.com/security
Atmel Cloud Partners: https://www.atmel.com/products/wireless/cloud-partners/default.aspx