Trust&GO ATECC608 Secure Element for Microsoft^® Azure^® Secure Authentication

When it comes to IoT security, authentication is one of the foundational concepts that should be implemented first in your design. The trust between the device identity and the cloud platform relies on a chain of trust. Microsoft^® Azure^® supports generic certificate-based authentication, but the trust in the device identity will depend entirely on how well the device’s private key is protected. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. However, adding authentication presents you with several challenges: securely storing the private key in the device, shipping the private key across the globe for any project and system size, creating a possibly cost-prohibitive chain of trust and ensuring a secure manufacturing flow. These challenges can be addressed by using the Trust&GO ATECC608C-TNGTLS secure element from our Trust Platform family of solutions on Microsoft Azure cloud.

Defining a secure authentication model without expertise can be a daunting task. Finding and implementing a certificate authority provider to securely provision keys increases the cost and complexity of your project. The Trust&GO ATECC608C-TNGTLS comes pre-configured and pre-provisioned with a generic certificate for thumbprint authentication and key to significantly reduce costs and simplify your development. On the cloud side, the Microsoft Azure architecture offers a simple Application Programming Interface (API) to implement thumbprint certificate-based authentication. Since the implementation relies only on a single certificate layer, the controller code is extremely streamlined. A signature is issued using the private key in the secure element based on a challenge issued from the cloud. The controller uses the CryptoAuthLib™ library APIs to trigger the signature to be verified by the generic certificate. The corresponding generic certificate is provided in a manifest file downloadable from our online store after your devices have shipped.

At the device level, our ATECC608C-TNGTLS provides a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in TLS networks that are based on a certificate security model and leverage a wide variety of traditional low-power microcontrollers (MCUs).