Microchip Technology Inc
Menu

Hardened TLS Benefits

Mitigate remote attacks, use a unique trusted identity
Network@3x
TLS@3x
Authentication@3x
BrandQuality@3x
Revenue Growth@3x

Transport Layer Security 1.2 (TLS 1.2) has become the de facto standard for connecting embedded systems to a network.  While TLS 1.2 is undeniably robust,  an embedded system still requires a unique, secure and trusted identity to prevent large-scale remote attacks. For example, a malicious attack can cause a hospital power grid to go down and potentially risk human lives, interrupt online services and advertising activities resulting in a loss of revenue, or suspend the production capabilities of industrial plants and their supply chains to almost instantaneously affect their profitability.  When combined with the TLS 1.2 protocol, Microchip’s ATECC508A CryptoAuthentication™ device offers a unique, trusted, and verifiable identity that can help protect billions of connected devices

How do Microchip's CryptoAuthentication devices help enhance TLS?

By physically isolating keys and secrets from the application

TrustedStorage@3x

Secure Key Storage
In order to harden the TLS protocol, trust in the system, the device provider, the manufacturer must be optimum to decrease potential backdoors and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands. The ATECC508A is your solution.

PhysicalProtection@3x

Physical Protection
Microchip ECC based devices integrate various vital physical protection schemes to strengthen your TLS security at the root of the hardware design. The ECC based secure element family is architected with anti-tampering features such as active shield and side attack counter measures as well as robust secure key storage with locking mechanisms.

Cryptography@3x

Hardware Cryptography
In terms of cryptography, the most important function is to provide a high entropy FIPS compliant random number generators (RNG). The ATECC family integrates best in class RNG enabling high entropy capabilities. In addition, the device is capable of providing both an ECC hardware accelerator and SHA256 hashing as well as a unique serial number per device.

Provisioning@3x

Trusted Provisioning
Trust cannot rely only on the hardware device but also on the manufacturing process. Exploiting 3rd party weaknesses is one of the top target of hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can now leave this burden to Microchip secure factories and leverage our trusted provisioning service already used by thousands of companies.
 
Asset 12@3x
TLS@3x
SecurityPartners@3x
  • Hardware based root of trust based on X509 certificate
  • Public Key Infrastructure (PKI)
  • ECC hardware accelerator
  • ECDHE-ECDSA sign
  • Tamper resistant
  • Keys are never sent, exposed, nor disclosed
  • Free integrated TLS stack from WiFi module ATWINC1500
  • Free integrated TLS stack from Bluetooth/Wifi combo ATWINC3400
  • Cost efficient solution
  • Enable connectivity to small microcontrollers
  • Certified 3rd party security partner TLS stacks
  • Certificate Authority options
  • Years of experience
  • Offer agnostic implementation to connectivities and microcontrollers
  • WolfSSL, CycloneSSL, OpenSSL stacks
Tabs / Security ICs / CryptoAuthentication / Hardened TLS
Products
Datasheets
Other Documents
BoM
Tools and Software

Datasheets

Title


Date Published

Type


Size


ATECC508A Summary
Secure authentication and product validation device datasheet summary. The complete document is available under NDA. For more information, please contact your local Microchip sales office.
10/2015 PDF 613 KB
ATECC108A Summary
Secure authentication and product validation device datasheet summary. The complete document is available under NDA. For more information, please contact your local Microchip sales office.
01/2016 PDF 608 KB

Application Notes

Title Date Published
3-lead CONTACT Package Usage 08/2015
ACES Overview
This Application Note provides an overview of the Crypto Evaluation Studio (ACES) package
05/2011
Application Brief: Analyzing Strength of Security 05/2011
ATECC Compressed Certificate Definition
Provides the details required to integrate an ATECC CryptoAuthentication device and the AT88CKECCSIGNER Module Kit into a third party certificate chain.
11/2015
ATECC Production Provisioning Guide
Discusses the software and steps required to integrate an ECC-based device provisioning into a production environment.
12/2015
ATECC108A/508A Factory Default Test Data
ATECC108A and ATECC508A preset factory configuration.
07/2015

ATECC508A Node Authentication Example Using Asymmetric PKI
Application note explains the all-in-one project example which demonstrates the various stages of the node authentication sequence using public key asymmetric techniques of the CryptoAuthentication devices.

10/2015
ATECC508A Public Key Validation
Discusses the handling of public keys for which the validation function is intended and PubInfo is set to one, the operation after the Data zone is locked, and describes the command sequences in terms of the Child, Encryption, and Parent Keys.
01/2016
ATSHA204 Authentication Modes
General application of the ATSHA204 device for Fixed Challenge Authentication, Unique Challenge Authentication, Random Challenge Authentication, and Diversified Key Authentication.
11/2012
ATSHA204 Product Uses
Use case examples which provide brief descriptions of the possible ATSHA204 CryptoAuthentication applications and how these applications can be implemented.
12/2012
ATSHA204A and ATECC508A Personalization Guide 07/2015
Authentication Counting 04/2015
CryptoAuthentication Data Zone CRC Calculation
Data and OTP Zone CRC calculation for the ATSHA204A, ATECC108A, and ATECC508A devices.
08/2015
CryptoAuthentication Encrypted Reads and Writes
Keeps the traffic between the CryptoAuthentication device and microcontroller encrypted to prevent snooping on the bus during personalization or system operation. The encrypted read and encrypted write are configurations of the Read and Write commands and provide a mechanism for limiting access, enabling features, or updating a key value.
10/2015
CryptoAuthentication SWI and I2C Interfaces Seamless Debugging Using Saleae Logic Analyzer
The purpose of this document is to help the user gain a better understanding of how to use the ATSHA204A, ATECC108A, and ATECC508A devices with the Saleae Logic Analyzer.
08/2015

CryptoAuthLib: Driver Support for CryptoAuthentication Devices
Covers how to get started and incorporate into an application, general design and use patterns, and the integration details required if CryptoAuthLib is to be ported into a hardware platform not currently supported by CryptoAuthLib.

01/2016
Generating Random Secrets: ATSHA204A, ATECC108A, and ATECC508A
Explanation on how to generate high-quality random secrets using the ATSHA204A, ATECC108A, and ATECC508A devices and Atmel Crypto Evaluation Studio (ACES).
09/2015
How To Implement Firmware Anti-cloning Protection (from Pico Instruments website)
PCB Mounting Guidelines for Surface Mount Packages 04/2016
Secure Personalization with Transport Key Authentication
Describes how a transport key allows for secure programming of the ATSHA204A, ATECC108A, and ATECC508A devices without the third party programming company having access to the value of the Data zone.
11/2015
Unique Keys for ATSHA204 04/2013
Upgrading the CryptoAuthentication and Temperature Sensor Kit Firmware Using FLIP
This Application Note describes how to upgrade the firmware in the following kits: AT88Microbase, AT30TK175STK, AT88CK101STK8, AT88CK201STK, AT88SC-ADK2, AT88CK490, and AT88CK490.
11/2015
Using the ATSHA204 for Secure Password Operations 04/2011

AT15735: Smart Plug Firmware User Guide
This document introduces the smart plug reference design kit firmware architecture, function blocks, source project structure, and some main APIs.

03/2016
AT15736: Smart Plug Getting Started Guide
This application note helps users to get started with the smart plug reference design kit - a highly integrated IoT solution featuring MCU, Wi-Fi, Security, and Sensing technology from Microchip.
03/2016

AT16225: Smart Plug Hardware User Guide
The Smart Plug Reference Design provides a system solution for a Wi-Fi enabled power plug. This document describes the hardware design of the smart plug reference design.

07/2016

AT16267: Firmware User Guide on JD Smart Cloud Service Integration with Smart Plug
This document focuses on smart plug firmware design based on JD smart cloud, provided by JD, a Chinese retail giant. It explains the smart plug functions, firmware structure, and communication process, etc.

04/2016
AT16268: JD Smart Cloud Based Smart Plug Getting Started Guide
This application note aims to help readers to get started with the Microchip© smart plug reference design working with the JD smart cloud, including both Engilsh and Chinese version.
04/2016
AT17284: Proximetry Cloud Based Smart Plug User Guide
This Application note introduces the Proximetry cloud based Smart Plug.It explains how to get the firmware code from Start, the source project structure and the APIs of Proximetry Cloud Agent Library, etc.
04/2016

Articles

Title Date Published Type Size
Forward Secrecy Made Real Easy 02/2016 PDF 131 KB
The "Three-Legged Stool" of Cryptography 02/2016 PDF 162 KB
More Secure, Less Costly IoT Edge Node Security Provisioning 11/2015 PDF 210 KB

Brochures and Flyers

Title Date Published Type Size
Hardware-TLS (HW-TLS) Hardening Transport Layer Security for IoT 02/2016 PDF 368 KB
ATSHA204A, ATAES132A, ATECC108A, and ATECC508A CryptoAuthentication Family of Hardware Security Solutions 11/2015 PDF 703 KB
ATECC508A Flyer 02/2015 PDF 446 KB

Gerber Files

Title Date Published Type Size
CryptoAuth Xplained Pro Gerber Files 09/2015 ZIP 65 KB

Schematics

Title Date Published Type Size
AT88CK590 Schematic 05/2015 PDF 152 KB
CryptoAuth Xplained Pro Schematic 08/2015 PDF 515 KB

User Guides

Title Date Published Type Size
AT88CK101 Development Kit Hardware User Guide
Development kit hardware user guide which supports the ATSHA204A, ATAES132A, ATECC108A, and ATECC508A devices.
11/2015 PDF 590 KB
AT88CK490/590 Kits Hardware User Guide
AT88CK490/590 USB dongle demo-evaluation hardware user guide for ATSHA204A, ATAES132A, and ATECC108A/508A devices.
05/2015 PDF 1.57 MB
AT88CK490/590 Kits Quick Start User Guide
AT88CK490/590 USB dongle demo-evaluation quick start guide for ATSHA204A, ATAES132A, and ATECC108A/508A devices.
05/2015 PDF 318 KB
ATSHA204A and ATECC108A/508A Firmware Development Library User Guide 07/2015 PDF 500 KB
CryptoAuth Xplained Pro Hardware User Guide 09/2015 PDF 625 KB
Security Provisioning Kits Quick Start Guide
Quick start guide for the Security Provisioning Kits which include the AT88CKECCROOT, AT88CKECCSIGNER, and AT88CKECCPROVISION USB module kits.
12/2015 PDF 275 KB
Security Provisioning Root Module Kit User Guide
User guide for the AT88CKECCROOT USB Provisioning Root Module kit to easily and securely create a certificate authority for provisioning the ECC-based CryptoAuthentication devices. Document describes un-configured Root Module Flow to create customized Certificate Authority and configured Root Module flow to create additional Root modules.
12/2015 PDF 794 KB
Security Provisioning Signer Module Kit User Guide
User guide for the AT88CKECCSIGNER USB Provisioning Signer Module kit to easily and securely create an intermediate certificate authority for provisioning the ECC-based CryptoAuthentication devices. Document describes un-configured Signer Module Flow to create customized Certificate Authority and configured Signer Module flow to create additional intermediate Certificate Authorities.
12/2015 PDF 922 KB

White Papers

Title Date Published Type Size
Attack Methods to Steal Digital Secrets 06/2015 PDF 279 KB
RSA vs ECC Comparison for Embedded Systems 07/2015 PDF 358 KB
Security for Intelligent, Connected IoT Edge Nodes 11/2015 PDF 661 KB

Evaluation Kit

Title

Description

AT88CK590 Evaluation Kit

Evaluation Kit for the Microchip CryptoAuthentication™ ATSHA204A, ATAES132A, and ATECC508A Devices

CryptoAuth Xplained Pro

Evaluation and development extension platform for embedded Microchip ATSHA204A, ATAES132A, and ATECC508A design applications

AT88CKSCKTSOIC-XPRO

The AT88CKSCKTSOIC-XPRO is an XPRO extension board that attaches 8-pin SOIC CryptoAuthentication devices to Microchip MCU's that support an XPRO interface. All Microchip Crypto Authentication devices regardless of interface can be used with this board.

AT88CKSCKTUDFN-XPRO

The AT88CKSCKTUDFN-XPRO is an XPRO extension board that attaches 8-pin UDFN CryptoAuthentication devices to Microchip MCU's that support an XPRO interface. All Microchip Crypto Authentication devices regardless of interface can be used with this board.

ATXPANDER-XPRO

The ATXpander-XPRO passively expands an XPRO extension header from a single kit to up to 3 kits. The board also allows for easy wiring modifications to be made if so required.

Starter Kit

Title

Description

AT88CKECC-AWS-XSTK

AWS Zero Touch Secure Provisioning Kit

Development Kit

Title

Description

AT88CK101 Development Kit

Single socket secure authentication development kit for the Microchip ATSHA204A, ATECC508A, and ATAES132A CryptoAuthentication™ devices. Supports the Xplained Pro series.

Programmer

Title

Description

Security Provisioning Kits

Part of the Microchip Certified-ID platform, these USB module kits are used for provisioning Microchip ECC-based devices during production of boards/products.


Software Libraries

Title

Description

Microchip Hardware-TLS Platform

Microchip Hardware-TLS software libraries for wolfSSL and OpenSSL enable hardware-based elliptic curve mutual authentication for TLS using the ATECC508A Crypto co-processor. With Microchip HW-TLS support libraries, system designers using wolfSSL or OpenSSL can take advantage of Microchip Crypto hardware to enable strong mutual authentication between communicating devices as well as store keys, certificates and other sensitive data in a protected hardware storage.

CryptoAuthLib

Software library support for the ATSHA204A, ATECC108A, and ATECC508A CryptoAuthentication devices written in C.

Software Tools

Title

Description

Microchip Crypto Evaluation Studio (ACES)

The ACES package is a suite of software tools to configure and demonstrate the Microchip CryptoAuthentication Family of devices using various evaluation kits.