We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Pre-Configured and Pre-Provisioned Secure Elements for Cloud Authentication or LoRaWAN™ Networks

Are you looking for a quick and easy way to implement secure authentication for  your Internet of Things (IoT) design? Our Trust&GO platform is designed to streamline the process of enabling network authentication using our ATECC608B secure elements. With a Minimum Orderable Quantity (MOQ) of just ten units, this solution is a great option for the smallest projects up to large-scale deployments. All you need to do is buy the devices, claim them and you are ready to get started.

  • If you are using TLS-based authentication, we offer devices with a pre-established locked configuration and pre-provisioned and locked generic certificate for thumbprint authentication and keys
  • If you are developing a solution for the fast-growing LoRaWAN ecosystem, we offer devices that are pre-configured and pre-provisioned with the necessary keys for secure authentication on a LoRaWAN network
  • We also offer code examples for a selection of use cases to support your application development

What Are the Benefits of Using Trust&GO Devices?


  • Significantly reduces your development time because the secure element configuration tasks are already done
  • Eliminates the need to purchase an expensive certificate chain since the credentials are built into the Trust&GO device
  • Leverages our provisioning infrastructure to automatically implement secure key storage without the risk of exposing your credentials during the manufacturing process or mismanaging them after deployment
  • Provides complete code examples for a variety of popular use cases so you can focus on your application code
  • Comes with a manifest file containing public certificates and keys corresponding to the private keys protected inside the device
  • Offers a low MOQ for small-volume projects of as few as ten units

Is Trust&GO the Best Option for You?


Ready to Get Started with the Trust Platform?


Step 1: Purchase your prototype device and the development kit.

Step 2: Select the full stack example of your choice listed below, test and validate using the hardware development tools and the Trust Platform Design Suite.

Step 3: Prototype with your Trust&GO pre-provisioned device and download the manifest file from your account at the ecommerce website where you purchased the device.

Step 4: Place your production order with Microchip’s online store or from the ecommerce website of one of our participating distribution partners.

Trust Platform Devices


View All Parametrics
Product Provisioning Algorithm Type Density Interface Type Temp (C)
ATECC608B-TCSM TrustCUSTOM ECC-P256 (ECDH and ECDSA), SHA256, AES128-GCM 10.5Kb Single-wire; I2C -40 to 85
ATECC608B-TFLXTLS TrustFLEX ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 10.5Kb Single-wire; I2C -40 to 85
ATECC608B-TNGTLS Trust&GO ECC-P256 (ECDH and ECDSA), SHA256, AES128-GCM 10.5Kb Single-wire; I2C -40 to 85
ATSHA204A-TCSM TrustCUSTOM SHA256 4.5Kb Single-wire; I2C -40 to 85

Development Tools


Development Tool Description
Trust Platform Design Suite Install the Trust Platform Design Suite software package to get started with any of the Trust&GO or TrustFLEX secure elements available with our Trust Platform. Our tutorial will guide you through the installation of the tools that will simplify your development from prototyping to production and accelerate your time to market.
CryptoAuth Trust Platform Development Kit
(DM320118)
This USB-based development kit includes a SAM D21 MCU, debugger, mikroBUS™ socket and on-board ATECC608B secure element with Trust&GO, TrustFLEX and TrustCUSTOM options.
ATECC608B Trust Platform Kit
(DT100104)
For use as an add-on board to the CryptoAuth Trust Platform Development Kit (DM320118), this kit provides a mikroBUS footprint for adding soldered-down versions of Trust&GO, TrustFLEX or TrustCUSTOM secure elements.
CryptoAuthentication™ SOIC Socket Kit
(AT88CKSCKTSOIC-XPRO)
This board provides an SOIC8 socket to accommodate an ATECC608B or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.
CryptoAuthentication UDFN Socket Kit
(AT88CKSCKTUDFN-XPRO)
This board provides a uDFN8 socket to accommodate an ATECC608B or ATSHA204A secure element and an Xplained Pro (XPro) interface to develop solutions using the microcontrollers featured on our Xplained Pro boards.
Secure UDFN click This Click board™ from MikroElektronika provides a uDFN8 socket to accommodate an ATECC608B or ATSHA204A secure element and operate it on the CryptoAuth Trust Platform Development Kit (DM320118).
WiFi 7 click This Click board™ from MikroElektronika includes an ATWINC1500 Wi-Fi® module which can be used to add TCP/IP and TLS links to the CryptoAuth Trust Platform Development Kit (DM320118).
Shuttle click This Click board™ from MikroElektronika provides an easy and elegant solution for stacking up to four Click boards on a single mikroBUS™ socket.
mikroBUS Shuttle This small add-on board is intended to be used with Shuttle click to expand the mikroBUS™ socket with additional stacking options. One Shuttle click can support up to four mikroBUS Shuttles, allowing a simple and elegant stacking solution for the Click board™ line of products.

Definitions


Credentials: Identity verification tools or methods that include X.509 certificates, generic certificates for thumbprint authentication, keys and data packets

Customization: The action of creating a unique device/system through its configuration and set of secrets

Firmware Verification: When a key and cryptographic operation are used to verify a signed image on a device at boot up or during run time

IP Protection: When a key and a cryptographic operation are used to verify signed (or hashed) firmware that is considered Intellectual Property (IP) of a product

Key(s): A set of binary numbers that is used to trigger a cryptographic algorithm that implements asymmetric or symmetric encryption

Over-the-Air (OTA) Verification: When a key and a cryptographic operation are used to verify a signed image that has been loaded into a connected device by a push notification from a cloud service

PKI: Public Key Infrastructure

Provisioning: The action of generating a credential into an embedded storage area

Thumbprint Certificate: An X.509 certificate not issued by a certificate authority that is used for authentication to the cloud

FAQS


General Questions:

Q: How can I get started with the Trust Platform?
A:
 Use the “Let Us Guide You to the Right Option” on the Trust Platform page, which will help you take the first step. You will find additional information about getting started with Trust&GOTrustFLEX and TrustCUSTOM on their pages.

Q: I am a distribution partner. How do I enroll in the Trust Platform program?
A:
 Contact your local Microchip sales office to request assistance with joining the program.

 

Trust&GO Questions:

Q: Do I need to contact Microchip to provision my Trust&GO secure element?

A: No. When you buy the device, it is already provisioned with keys and certificates specific to the use case you have selected that are locked inside the device. Trust&GO cannot be altered and is intended to be used as is.

Q: Where can I obtain the public keys and certificates for my Trust&GO device?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file.

 

TrustFLEX Questions:

Q: Do I need to contact Microchip to provision my TrustFLEX secure elements?  
A:
 Yes. When you buy the device, it comes pre-configured with your selected use case(s). By default, the TrustFLEX device also come with keys and generic certificates for thumbprint authentication that are overwritable internally if you have not already locked them using the lock bit. While the configuration cannot be altered, the default credentials can be changed if you have not already locked them. If you decide to use the default credentials, you will have to lock them after receiving the device. If you don’t want to use the default credentials, you can replace them with yours and then lock them. After you have made your decision, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the public keys and certificates for my TrustFLEX device when I use the default credentials?
A:
 Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file. WARNING: If you have overwritten the default credentials in your device, the manifest file will no longer be compatible with the device’s new credentials.

 

TrustCUSTOM Questions:

Q: Do I need to contact Microchip to provision my TrustCUSTOM secure element?
A:
 Yes. When you buy the device, it will be blank. You will need to use the TrustCUSTOM configurator, which is available under Non-Disclosure Agreement (NDA) to define the configuration, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the secret packet exchange for my TrustCUSTOM device?
A:
 This utility is only available through a Non-Disclosure Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Q: Where can I get the full data sheet for my TrustCUSTOM device?
A:
 This document is only available through a Non-Discloser Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Training

Title Description
Securing Cloud-Connected Devices with Google Cloud IoT and Microchip This blog article written by Google discusses how the ATECC608B secure element strengthens authentication between IoT Core and IoT hardware.
Zero Touch Secure Provisioning Kit for AWS IoT - End-to-End Security with AWS Cloud

This user's guide provides a detailed walkthrough of provisioning the Zero Touch Secure Provisioning Kit to connect and communicate with the Amazon Web Services (AWS) IoT service.

 

Secure Provisioning Service with the Trust Platform for the CryptoAuthentication™ Device Family

In this episode of the Microchip SHIELDS UP! series of security webinars, we provide an overview of the Trust Platform service for the CryptoAuthentication™ family of devices. You will learn about the pre-provisioned Trust&GO, pre-configured TrustFLEX and fully customizable TrustCUSTOM options for the ATECC608B. You will also be given a high-level description of the on-boarding process and the basic information you need to get started with using the provisioning services available from our factories.

Trust&GO: How to Connect an Embedded Device Securely to AWS IoT

Learn how the new multi-account registration feature available in AWS IoT can be combined with our secure element provisioning service for faster, easier on boarding. You will also see how to build a prototype using the Trust&GO ATECC608B-TNGTLS secure element that comes pre-provisioned with generic certificates, add it to a SAM D21 Xplained Pro Evaluation Kit and connect a ATWINC1500 Wi-Fi® module to mutually authenticate with AWS IoT. You will also find out how this security solution can be taken to mass production and how it can be scaled worldwide.

AWS IoT Authentication Use Case

Microchip explains how hardware root of trust works using the ATECC608B secure element and AWS IoT. The Just In Time Registration and Use Your Own certificates functions from AWS IoT allow large-scale authentication of automated systems, while maintaining security by protecting private keys from users, software and manufacturing backdoors.

AWS IoT Security: The New Frontiers

In this session from AWS re:Invent 2016, AWS explains the value of Just in Time Registration (JITR) and Bring you Own Certificate (BYOC) using an ATECC508A secure element.

AWS re:Invent 2016: Introduction to AWS IoT in the Cloud

In this session from AWS re:Invent 2016, an AWS IoT product manager discusses why protecting a devices identity is important and how it can be implemented using the ATECC508A secure element with the AWS IoT service.

Google Cloud IoT Core Authentication Use Case

Check out how Google Cloud IoT combined with the ATECC608B secure element strengthens device-to-cloud authentication. This flexible and TLS-agnostic implementation leverages the JWT token and optimizes code size to enable connectivity and security for very small microcontrollers.

Hardware Root of Trust for AWS IoT with ATECC608B

The threat model for IoT devices is very different from the threat model for cloud applications. During this session at AWS re:Invent, we discussed how all IoT solutions must incorporate end-to-end security from the start, how to mitigate threats and how to avoid common pitfalls. You will also learn about the steps to take in the manufacturing process, how to provision and authenticate devices in the field and how to comply with IT requirements during the maintenance phase of the product lifecycle.

Hardware Root of Trust with Google Cloud IoT Core and Microchip

Check out how to improve IoT security by securing the authentication between Google Cloud IoT Core and IoT devices using an ATECC608B secure element.

How to Build a Secure Provision Workflow - The Things Conference 2019

Manipulating application and network server keys is not only a daunting process but also opens backdoors in LoRaWAN™ connected products. In this workshop recorded at The Things Conference 2019, you’ll find out how to use Microchip’s secure element to build a secure provision workflow and strengthen authentication to The Things Industry’s (TTI’s) join server.

Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)

Security is a critical concern when deploying and managing IoT devices. Learn how Cloud IoT provisioning service simplifies the device provisioning and on-boarding experience for Cloud IoT customers and OEMs. We will demonstrate how to efficiently do bulk provisioning of 8-, 16- and 32-bit microcontrollers. You will also learn about best practices and practical examples of how to provision devices in the wild and keep them secure for their lifetime.

IoT Security: Solving the Primary Hurdle to IoT Deployments (Cloud Next '18)

Security is a huge hurdle to IoT deployment. No company wants to be in the news for having its product as part of a large, IoT-driven DDoS attack. In this session you will learn how Google and Microchip have partnered to offer a seamless and highly secure solution for IoT devices connecting to Google Cloud IoT.

Partners


Partner Location Contact
  Bristol BS34 8RB, 
United Kingdom
info@cerb-labs.com

Tampere,
Finland
jouni.hautamaki@crosshill.fi

San Diego, CA
USA
Dean Gereaux
deang@goldenbits.com

Tampa, FL
USA
info@occamtechgroup.com

Chicago, IL
USA
info@optimaldesignco.com

BSD City, 
Indonesia
Edy Gunawan
edy@mailc.net

Munich,
Germany
sales@sematicon.com