Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

TrustFLEX ATECC608A Secure Element for Microsoft Azure IoT Hub Secure Authentication

Start with the Most Popular Pre-configured Use Cases and Use Your Own Credentials

When it comes to IoT security, authentication is one of the foundational concepts to implement first in your design. The trust between the device identity and the cloud platform relies on a chain of trust. Microsoft Azure supports custom certificate-based authentication, but the trust in the device identity will depend entirely on how well the device private key is protected. Because of this, you will need answers to a few challenging questions:

  • Is the private key securely stored in the device?
  • How will you securely ship the private key around the globe for a variety of projects and system sizes?
  • How can you ensure secure manufacturing?
  • Have you considered securing all your authentication use cases?

These challenges can be addressed by using the TrustFLEX ATECC608A-TFLXTLS from the Trust Platform family. In addition to offering  pre-configured use cases, this solution allows  to use your certificate authority of choice.

Benefits of Using the TrustFLEX ATECC608A with Microsoft Azure IoT Hub

  • Create secure authentication to IoT devices powered by Microsoft Azure IoT Hub
  • Most popular use cases already pre-configured
  • Provide a unique, trusted, protected and managed device identity
  • Use your own certificate authority
  • Leverage Microchip’s secure provisioning service
  • Simplify logistics of shipping private keys and reduce manufacturing costs
  • Microcontroller-agnostic implementation
  • JIL rated “high” secure key storage
  • Protection against anti-tampering, side-channel attacks
AWS_DeviceQualification_LogoLockup_iot_500px ATECC608A

TrustFLEX ATECC608A-TFLXTLS Pre-configured Use Cases:

Each of the device slots are pre-configured to offer the following use cases:

  • Custom Certificate Authentication: Use the default generic certificates for thumbprint authentication already inside the TrustFLEX device or overwrite them with your own certificates.
  • Token Authentication: Leverage a private key to perform an Elliptic Curve Digital Signature Algorithm (ECDSA) sign operation on a token that will be verified by its corresponding public key somewhere else in the network.
  • Secure Boot (with key attestation): Perform an ECDSA verification at boot using a public key corresponding to a private key used to sign the code which the system will boot from. The public key becomes highly sensitive as it will allow a system to boot.
  • Over the Air (OTA) Verification: Perform an ECDSA verification after an update using a public key corresponding to a private key used to sign the code the system will be updated with. The public key becomes highly sensitive as it will allow a system to be updated with a new code that needs to be trusted.
  • Firmware Intellectual Property (IP) Protection: Perform a verification during the system runtime using a key corresponding the one used to sign the code the system will run on. The verification key becomes highly sensitive as it will allow a system to run on a genuine code image.
  • Message Encryption: Provides the capability to encrypt very small packet of data using the integrated hardware Advanced Encryption Standard (AES) engine.
  • Key Rotation: Provides the capability to rotate private keys within the secure boundaries of the secure element.
  • I/O Protection Key: Provides the capability to uniquely pair the MCU and the secure element.
  • Host Accessory Authentication: Provides the capability to create an ecosystem control strategy by having a main host authenticate its peripherals using as basic PKI architecture.

Visit the ATECC608A-TFLXTLS product page to learn more about the device’s features.

Ready to Get Started with TrustFLEX and Microsoft Azure IoT Hub?

Just follow these steps:

Step 1: Download the data sheet.


Step 2: Use the Microsoft code example located inside the Trust Platform Design Suite, available for Windows® and macOS® operating systems, to prototype your secure element. (Coming soon: code example for the ATECC608A-TFLXTLS)

Step 3: Buy the Trust Platform hardware featuring an Arm® Cortex®-M0+ based SAM D21 MCU and our WINC1500 Wi-Fi® IoT network controller.

Step 4: Once the C code for the secure element is working in your embedded application, you are ready to move on to production. Use our Secret Exchange package to obtain your provisioned validation devices from our Hardware Secure Module (HSM) equipped factories. The Secret Exchange package includes a TrustFLEX configurator and an encryption utility. Open a Microchip support ticket to upload your TrustFLEX encrypted secret package exchange and request “Provisioning for TrustFLEX.”

After you have completed the provisioning process with the TrustFLEX platform, you will receive  your securely provisioned devices from Microchip delivered directly to your destination of choice.