Features of "Encryption Element Device" that realizes high security through hardware

Narrow down by specifying conditions

現在1888件がヒットしています。check

ProductsPickup SensorWireless Microchip _

Cryptographic element device with built-in ECDH and ECDHSA for high security

"ATECC508/608" is a cryptographic element device provided by Microchip.

It supports ECDH (elliptic curve Diffie-Hellman) operation and can perform cryptographic authentication that provides advanced authentication such as shared key functions.

Therefore, it is particularly suitable for communication between the cloud and IoT devices that require high security.

The ATECC508/608 has the following major features.

1. Realize high security for IoT products at the hardware level

The ATECC508/608 can perform confidential communication by combining with a microprocessor that executes encryption/decryption algorithms such as AES (Advanced Encryption Standard).

With built-in ECDH and ECDSA, authentication and general security are easy.

In addition, since hardware-based encryption key storage and encryption countermeasures can be used, security is higher than software-based.

Article header library 129265 pic01 2 — Achieving high security at the hardware level

2. Can be used by connecting with any microprocessor

There are no restrictions on the microprocessors that can be combined.

It provides all security features such as confidentiality, data integrity, and authentication for MCUs or MPUs that run encryption/decryption algorithms.

It is a device that can easily realize security of IOT products without being conscious of key generation etc. even in situations where there is no knowledge or experience related to security.

3. Operating voltage is 2.0 to 5.5V, reducing the effort and cost of power supply design

The operating voltage of ATECC508/608 is 2.0 to 5.5V, which is a wider voltage range than general devices. Therefore, since the existing power supply voltage can be used, the effort and cost of power supply design can be saved.

In addition, the standby current is "150 nA", realizing low power consumption.

4. Start development immediately with the Starter Kit

ATECC508/608 can start development immediately by using the Starter Kit (AT88CKECC-AWS-XSTK-B).

The software environment, sample code, and necessary materials are provided, so design work can be done smoothly.

Article header library 129265 pic02 3 — AT88CKECC-AWS-XSTK-B Starter Kit

How to use the Starter Kit to achieve commercialization

Using the Starter Kit (AT88CKECC-AWS-XSTK-B) for the ATECC508/608, you can connect your existing products to the AWS IoT cloud and evaluate them in the following steps to develop mass-produced products. .

AWS IoT Cloud is Amazon's service that enables two-way communication between IoT devices using Amazon Web Services.

1. Evaluation using the Starter Kit

Since AT88CKECC-AWS-XSTK-B is equipped with an ECC508-AWS device, it is possible to immediately connect existing products/systems to the AWS IoT cloud. It can be used for demonstration, evaluation and development.

2. Evaluation of mass production prototype using cryptographic element device

At the production prototype stage, the ATECC508A cryptographic element device can be used for prototype evaluation. The ATECC508A Cryptographic Element device is AWS IoT certified to help meet security standards. At this stage, you can test the connection to AWS IoT using the preconfigured "ATECC508A-xxxAW-x" device.

3. Setting up the device for production

In order to move to the mass production stage, it is necessary to set information security in the user application. The method is to mount the ATECC508A on a mass production board and set it from the AWS software development kit. It can be used simply by connecting the AWS-ECC508 device to the microcomputer via I2C.

Article header library 129265 pic03 2 — Seamless transition to mass production

Application example

IoT node security
Secure download and boot
Ecosystem control
message security

Article header library 129265 pic04 1 — Application example

Product Summary

Type name

ATECC508/608

Features

Seamless integration of AWS IoT into all IoT products
Ease of use: just pop a pre-configured ECC508 secure cryptographic device onto your PCB
Jointly developed with AWS to comply with AWS IoT security policy
No human intervention required: automatically registers with AWS servers on first connection
Internally generated and securely stored private keys to facilitate large-scale mass production logistics management and trust management chain
Flexible selection of packages and communication interfaces
Root CAs can include self-signed roots or third-party CAs

Features added to ATECC608

Secure boot feature with I/O encryption/authentication
KDF command (supports PRF, HKDF, AES)
AES commands (including encryption/decryption)
GFM calculator for AES GCM AEAD mode
Updated NIST SP800-90 A/B/C random number generator
Flexible SHA/HMAC commands (context can be saved/restored)
Significantly reduced SHA command execution time
Volatile key authorization to prevent device movement
Transport key lock to protect programmed devices in transit
Counter limit match function
Single-use key generation in SRAM (also supported by ECDH and KDF)
Verify command output can be verified using MAC
Encrypted output for ECDH
Added self-test command (optionally enables automatic self-test on power up)
Unmarshalled public key for built-in X.509 key certificate verification
Power saving option (increased execution time)
Configurable I2C address after data (secret) area lock

Features Removed in ATECC608

The HMAC command has been removed and replaced with the stronger SHA command.
OTP consumption mode has been removed and made read-only.
The Pause command has been removed along with the associated selector functionality in UpdateExtra.
Slot 15's Special Limited Use Counter feature has been removed and replaced with the standard Monotonic Limited Use Counter feature.
The SHA command no longer uses TempKey during computation.