We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here
Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here
Complete your profile to access more resources. Update Here
Cross-reference search

TrustFLEX ATECC608 Secure Element for AWS® IoT Core Secure Authentication

View All Parametrics

Start with the Most Popular Pre-Configured Use Cases and Use Your Own Credentials

When it comes to IoT security, authentication is one of the foundational concepts that should be implemented first in your design. The trust between the device identity and the cloud platform relies on a chain of trust. AWS® IoT supports certificate-based authentication, but the trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. However, adding authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size and ensuring a secure manufacturing flow. These challenges can be addressed by using the TrustFLEX ATECC608C-TFLXTLS secure element from our Trust Platform family of solutions.

Defining the secure element’s configuration is generally a time-consuming task. The TrustFLEX ATECC608C-TFLXTLS comes pre-configured with the most commonly used use cases to speed up your development and reduce the complexity of the onboarding process. To further simplify onboarding, the device also comes with default generic certificates for thumbprint authentication and overwritable keys. This allows you to either choose the default certificates and keys and lock them afterwards or overwrite the default credentials with your own. When combined with AWS IoT Core Application Program Interfaces (APIs), such as Just-In-Time-Registration and Use Your Own Certificate, you can use a Certificate Authority provider of your choice to create an end-to-end secure authentication. The device’s private keys will have to be provisioned in the secure element using our provisioning infrastructure and the Hardware Secure Modules (HSMs) that are installed in our factories. The key will then be isolated from exposure to software, firmware, manufacturing sites, end users and other third parties. Our ATECC608C-TFLXTLS provides a common criteria JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in TLS networks that are based on a Public Key Infrastructure (PKI) security model and leverage a wide variety of traditional low-power microcontrollers (MCUs).

Benefits and Use Cases

TrustFLEX Logo

Benefits of Using the TrustFLEX ATECC608 with AWS IoT Core

  • Create secure authentication to IoT devices powered by AWS IoT Core
  • Benefit from the scalability of AWS IoT Core (including China)
  • Leverage AWS Thingpress
  • Provide a unique, trusted, protected and managed device identity
  • Pre-configured with most popular use cases
  • Turn-key code examples available for each use case 
  • Leverage Microchip’s secure provisioning service
  • Simplify logistics of shipping private keys and reduce manufacturing costs
  • Microcontroller-agnostic implementation
  • JIL rated “high” secure key storage
  • Protection against known tamper, side-channel attacks
Read AWS Partner Network Article
ATECC608C-TNGTLS Device

TrustFLEX ATECC608C-TFLXTLS Use Cases

Each of the device slots are pre-configured to offer the following use cases:

  • Custom Certificate Authentication
  • Token Authentication
  • Secure Boot (with key attestation)
  • Over-the-Air (OTA) Verification
  • Firmware Intellectual Property (IP) Protection
  • Message Encryption
  • Key Rotation
  • I/O Protection Key
  • Host Accessory Authentication
View Product Details

Take Advantage of AWS Thingpress

Thingpress is a tool that makes AWS IoT device onboarding fast and easy. Many IoT devices use pre-provisioned x.509 certificates for secure authentication. Manufacturers inject these certificates into secure chips during production—but they still need to be registered with AWS IoT.

Thingpress automates this process at scale by importing hundreds of thousands (or even millions) of certificates per day. It allows Trust&GO users to drag and drop the manifest file delivered with each purchase of Integrated Circuits (ICs) into their AWS environment in a properly set up S3 bucket. A cloud-formation script is provided to illustrate the implementation. Typically, the batch uploads approximately 100,000 certificates per hour, including all requested object associations.

More than certificate import:

  • Creates an AWS IoT thing based on the Certificate Name (CN) value
  • Links the certificate to the thing
  • Optionally attaches:
    • AWS IoT policy for authorization
    • Thing type for fleet management
    •  Thing group for organizing devices

These associations help align with your application design and device lifecycle goals.
Check out the Getting Started section for step-by-step guidance.

Ready to Get Started With TrustFLEX and AWS IoT Core?

Step 1: Download the Trust Platform Design Suite (TPDS), available for Windows® and macOS®, to prototype with your secure element.

Step 2: Buy the development kit of your choice, then prototype and integrate your application code in the microcontroller.

Step 3: Once the C code is working in your embedded application, you are ready to create the configuration file using the TrustFLEX configurator that is available in the Design Suite. After the configuration file is finalized, submit a support ticket to obtain your encryption key. Encrypt the configuration file using the provided utility, load it in the support ticket and you will receive provisioned validation devices by our Hardware Secure Module (HSM) equipped factories.

Trust Platform Design Suite

Tools and Software

Part Number: Quantity: Price per Unit (in USD): Total Amt:
Continue Shopping Go to Cart
DM320118
CRYPTOAUTH TRUST PLATFORM DEVELOPMENT KIT

 The CryptoAuth Trust Platform provides a compact development solution for developing IoT solutions with the ATECC608B-TNGTLS and ATECC608B-TFLXTLS and ATECC608B-MAHDA devices or the ATECC608C equivalents.

EV89U05A
EV89U05A CryptoAuth Pro Trust Platform

The Microchip CryptoAuth Pro Trust Platform is an enhanced version of the CryptoAuth Trust Platform Board containing and has a Arm® Cortex®-M4F Microcontroller, four on-board CryptoAuthentication devices, two mikroBUS™ sockets, and an on-board 10/100 Mbit Ethernet phy. Programming can be done via the on-board PKoB4 debugger which is compatible with MPLAB®X IDE.   The board has been developed to work with Microchip's Trust Platform Development Suite of tools.

Part Number: Quantity: Price per Unit (in USD): Total Amt:
Continue Shopping Go to Cart
TPDS
Trust Platform Design Suite

The Trust Platform Design Suite (TPDS) is our onboarding tool for our security-related solutions. The full onboarding experience includes, but is not limited to:

  • Training and education about security concepts 
  • Prototyping, including dummy key generation and code examples, available via our interactive application notes 
  • Access to our provisioning system through a secure sub-system configurator and secure exchange process
MPLAB-X-IDE
MPLAB X Integrated Development Environment (IDE)

MPLAB X IDE is a highly configurable software platform that provides powerful, free tools for developing, debugging and qualifying embedded designs that use microcontrollers and digital signal controllers.

Live Chat

Need Help?

Privacy Policy