Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Trust&GO ATECC608A Secure Element for TLS-Based Networks

Leverage the Simplicity of Thumbprint Certificate Authentication

The vast majority of networks mandate Transport Layer Security (TLS), which relies on certificate-based authentication. The trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. The TLS stack takes good care of the key agreement and the encryption. However, implementing secure authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size, creating a possibly cost-prohibitive chain of trust and ensuring a secure manufacturing flow. These challenges can be addressed by using the Trust&GO ATECC608A-TNGTLS secure element from our Trust Platform family with TLS stack providers.

Benefits of Using the Trust&GO ATECC608A with TLS:

  • Pre-configured device and pre-provisioned private key
  • Create secure authentication for TLS networks
  • Leverage the simplicity of thumbprint certificate authentication
  • Implement a unique, trusted, protected and managed device identity
  • Turn-key code examples
  • Leverage Microchip’s secure provisioning service
  • Simplify logistics of shipping private keys and reduce manufacturing costs
  • Microcontroller-agnostic implementation
  • JIL rated “high” secure key storage
  • Protection against known tamper, side-channel attacks
ATECC608A

Trust&GO ATECC608A-TNGTLS Features

  • Thumbprint Certificate Authentication: Use the default thumbprint certificates already locked inside the Trust&GO device; the cloud architecture will not need to use a root certificate to verify the thumbprint certificate, but the server will have to be set up to implement this policy.
  • Token Authentication: Leverage a private key to perform an Elliptic Curve Digital Signature Algorithm (ECDSA) sign operation on a token that will be verified by its corresponding public key somewhere else in the network.
  • Secure Boot (with key attestation): Perform an ECDSA verification at boot using a public key corresponding to a private key used to sign the code that the system will boot from. The public key becomes highly sensitive as it will allow a system to boot. The public key that will need to be inside the device is not available in the device at time of purchase. It will have to be loaded separately.

Ready to Get Started with Trust&GO and a TLS Stack Provider?

mBedTLS

WolfSSL

Linux® OS