Microchip’s Trust Platform: Securely Provision Credentials in Your Products

Secure key provisioning is crucial for protecting sensitive data against unauthorized access and malicious attacks. Given the elevated risks in mass production, it's crucial to securely store credentials using a process aligned with good security practices. To address this, our Trust Platform provisioning service isolates cryptographic assets during manufacturing, preventing backend exposure of customer secrets.

In this edition of the Microchip Insider LinkedIn Newsletter, we’ll outline the four tiers of the Trust Platform and the threat models they address, and explore our most recent additions to the TrustFLEX portfolio of devices, services and tools – the ECC204, SHA104 and SHA105 CryptoAuthentication? ICs.

Get to Know the Microchip Trust Platform

The Trust Platform is a cost-effective and flexible solution for deploying Microchip's secure elements in your design, whether you need tens or millions of units. It includes pre-provisioned, pre-configured and fully customizable security ICs with credentials that are generated using our factory-equipped Hardware Secure Modules (HSMs). Our cost-effective, robust and scalable key-provisioning service protects your sensitive keys from third-party contract manufacturers and our hardware and software development tools make prototyping easy and fast track your development.

The Trust Platform offers four tiers based on the desired level of involvement in choosing or defining a security IC configuration among other variables—1) Trust&GO , 2) TrustMANAGER , 3) TrustFLEX and 4) TrustCUSTOM .

Let’s take a look at each tier.

Trust&GO

Are you seeking a fast and simple method to implement secure authentication for your Internet of Things (IoT) project? Our Trust&GO platform simplifies the process with our ATECC608B secure elements, making network authentication effortless. With a Minimum Orderable Quantity (MOQ) of only ten units, this solution is ideal for projects of any size. Simply purchase the devices, claim them by uploading a manifest to the cloud, and you’re ready to go.?

TrustMANAGER

Our ECC608 TrustMANAGER device is designed to help you manage the trust of connected devices within an IoT network. When combined with Kudelski IoT keySTREAM? SaaS , TrustMANAGER establishes a self-serve Public Key Infrastructure (PKI) that provisions devices in the field, automatically activating them in your account.

TrustMANAGER also allows for bulk, single-click upload of credentials and charges only for devices that are connected within your fleet. Once your IoT device is connected, keySTREAM SaaS remotely provisions various cryptographic credentials and dynamically manages the security lifecycle of your product from deployment to end of life.

Together, TrustMANAGER and keySTREAM form a robust solution for end-to-end IoT security. TrustMANAGER also lays the groundwork for enabling secure firmware updates for any valuable firmware on the connected device.[AL1]?

To learn more about the enhanced capabilities of the ECC608 TrustMANAGER with Kudelski IoT's keySTREAM SaaS integration, watch our recent webinar: In-Field Provisioning of Credentials with ECC608 TrustMANAGER and keySTREAM SaaS from Kudelski IoT .

TrustFLEX

If you’ve explored the Trust&GO platform and realized that you need a more flexible way to implement security ICs into your design, our TrustFLEX platform enables you to order a variety of security ICs with pre-established locked configurations that address the most common embedded security use cases. TrustFLEX supports secure authentication ICs , 32-bit microcontrollers and platform root of trust ICs .

To lower the barrier of entry into secure key provisioning and enable more rapid prototyping, we recently added the ECC204, SHA104 and SHA105 CryptoAuthentication? ICs to our TrustFLEX portfolio of devices, services and tools. They are preconfigured to streamline the development process with defined use cases, customizable components and code examples.?

Each of the CryptoAuthentication ICs are compatible with any microprocessor (MPUs) or microcontroller (MCUs) and provide flexible solutions for securing industrial applications, medical devices, battery powered equipment and disposable applications, among others. Additionally, the ECC204 is a Wireless Power Consortium (WPC) approved Qi authentication Secure Storage Subsystem (SSS).

To learn more about this expansion of our TrustFLEX platform, see our press release and a Chiptorial focusing on the new ICs. You can also learn more about TrustFLEX offering in our recent Chiptorial focused specifically on the CEC173x TrustFLEX Trust Platform Design Suite configurator.?

Microchip Product Marketing Manager @Xavier Bignalet recently joined our Microchip Is… podcast to discuss these developments to our security solutions. Listen in, here .

TrustCUSTOM

If you've already reviewed our Trust&GO and TrustFLEX options and found that you need more customization for your secure element, the TrustCUSTOM platform is your ideal choice. This platform allows you to fully customize secure key storage in your design. You will begin with a blank ATECC608B-TCSM or ATSHA204A-TCSM secure element and use our tools to configure it to meet your specific security authentication needs. Once configured, you can order your devices and securely provision them using our Hardware Secure Modules (HSMs) installed in our secure factories.

Our TrustCUSTOM platform offers an adaptable solution that can meet the requirements of the vast majority of secure authentication models. It provides cloud authentication based on certificates or tokens, accessory authentication, IP protection, firmware validation, message signing, secure boot with attestation, key rotation and many other use cases. By leveraging the provisioning infrastructure integrated into our factories, it optimizes your costs and significantly reduces development time with complete code examples, the TrustCUSTOM configurator and the TrustCUSTOM secret package exchange. Additionally, it features a Minimum Orderable Quantity (MOQ) of 4,000 units for provisioned devices, accommodating the production needs of even small projects.

To learn more about getting started with TrustCUSTOM, find a step-by-step guide here .

Trust Platform Design Suite

Regardless of the Trust Platform tier you select, our Trust Platform Design Suite is a comprehensive onboarding tool for security-related solutions. The full onboarding experience encompasses training and education on security concepts, prototyping with dummy key generation, easy-to-access code examples and access to our provisioning system via a secure sub-system configurator and secret exchange process.

Learn more about the design suite and find links to download, here .

Additional Resources

In case you’re still unsure how best to begin, or would like to explore other facets of our Trust Platform, find additional resources below:

● To assist with your configuration setup and transaction diagram, we have selected a team of trusted design partners whose expertise will help guide you throughout the process. They will also support project development from defining use cases through full-scale production.

●?For more information about our secure elements, please visit our CryptoAuthentication? IC page .

●?Coffee Break | S13E4 | Improving Security Strength With Our Trust Anchor 101 (TA101) Security IC

●?For those interested in safeguarding medical disposables against counterfeiters, dive into the world of powerful CryptoAuthentication? techniques based on Microchip’s family of easy-to-use products. In our free eBook, learn how cryptographic authentication works and how to incorporate it into your designs. You will also discover how Microchip’s family of easy-to-use developer tools speeds these designs to market, and explore real-life examples of the benefits of using CryptoAuthentication techniques to authenticate medical disposables. Download the eBook here .

Thanks for joining us in this issue of the Microchip Insider LinkedIn Newsletter, and we’ll see you soon for the next one.