Microchip Technology Inc

Zero Touch Secure Provisioning Kit for AWS IoT


From Sensor to Cloud

Temperature Icon

The OLED1 Xplained Pro provides a 128x32 OLED display to visually results from commands, 3 LEDs and 3 push buttons to simulate sensors and actuators that an IoT system would implement.

MCU icon

The kit is controlled by the SAM G55 Cortex™-M4 processor-based microcontroller with floating point to ensure maximum through put. It operates at a maximum speed of 120 MHz and features 512 Kbytes of Flash and up to 176 Kbytes of SRAM. The SAMG55 will communicate with the ECC508 using the I2C protocol.

Authentication icon

The onboard ECC508 crypto-authentication device comes pre-loaded with with the private key corresponding to your AWS account which simplifies the key provisioning issue for the end manufacturer. In addition, the device has strong resistance against environmental and physical tampering including countermeasures against expert intrusion attempts. It also features a high-quality random number generator, an internal generation of secure unique keys, a low-power processor-agnostic cryptographic acceleration for compatibility with the widest range of resource constrained IoT devices and the ability to seamlessly accommodate various production flows in the most cost effective manner.

Ethernet Icon

The ATWINC1500 is a low-power consumption 802.11 b/g/n module, which is specifically optimized for low power IoT applications. The highly integrated module features small form factor while fully integrating Power Amplifier, LNA, Switch, Power Management, and PCB antenna. With seamless roaming capabilities and advanced security, it could be interoperable with various vendors’ 802.11b/g/n Access Points in wireless LAN.

Cloud White Icon

AWS IoT is even more flexible by giving you the ability to do Just-in-Time registration of device certificates. This expands on the Use Your Own Certificate feature and simplifies the process of building systems that make use of millions of connected devices. Instead of having to build a separate database to track the certificates and the associated devices, you can now arrange to automatically register new certificates as part of the initial  communication between the device and AWS IoT. The ECC508 enables any hardware from the benefit of the Just-in-Time feature.

What can you do with the kit?

In the IoT space, security is by far the largest challenge companies are facing. Any cloud-connected devices need a unique protected identification that can be securely authenticated. There two main challenges to achieve this goal:

  • having a secured authentication method is the first point to address
  • distributing/managing the private keys in a large-scale production environment.

The ECC508 answers this challenge by complying and pairing with the AWS IoT Just-in-Time provisioning feature. Historically, single authentication has been the common method but now AWS IoT offer mutual authentication capabilities. The ECC508 makes the process of adding this new mutual authentication with a remote server easy, flexible and cost effective, as well as solving the private key implementation during the manufacturing process.

You can now develop a secured IoT end node via Wi-Fi® benefiting from the mutual authentication method offered by the "Just-in-Time registration" from AWS IoT paired with the ECC508. As a result, you don't have to provision your private key in your hardware nor expose the private key that's safely stored in the ECC508.

How do you use the kit?

To implement the device, simply solder the tamper-resistant ECC508 device on the board and connect it to the host microcontroller (MCU) over I2C. Once it is complete, there is no need to load unique keys (private keys) and certificates required for authentication during the manufacturing of the device. The ECC508 comes pre-configured from Microchip factories to be recognized by the AWS IoT service without any intervention. All the information is contained in a small, easy to deploy crypto companion device that’s agnostic to surrounding hardware. The solution is fully vetted and supported by AWS to meet all of their security requirements.