We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
0
$0.00
Item Qty
Your cart is empty.

Trust Platform for the CryptoAuthentication™ Family

Live Chat

Need Help?

Privacy Policy

Choose the Right Fit for Your Threat Model

  • Devices are pre-configured and pre-provisioned with keys and generic certificates for thumbprint authentication
  • MOQ is 10 units including provisioning
  • Code examples are available for the following use cases:
    • AWS IoT authentication
    • Microsoft Azure IoT Hub authentication
    • Google IoT authentication
    • LoRa® authentication
    • Third-party TLS authentication
  • Buy the device, claim it and you’re done
  • Devices are pre-configured and provisioned with default generic certificates for thumbprint authentication, but they can be replaced with your credentials
  • MOQ is 2,000 units including provisioning
  • We offer the following most commonly requested use cases:
  • PKI for any cloud
  • Certificate authentication
  • Token authentication
  • Secure boot and firmware verification
  • Over the Air (OTA) verification
  • IP protection
  • Message encryption
  • Qi® 1.3 WPC authentication
  • Accessories authentication
  • Key rotation
  • Devices are fully customizable if your needs go beyond the Trust&GO and TrustFLEX offerings
  • MOQ is 4,000 units including provisioning
  • Fully customizable
  • Start with a blank device

The main differences between the three Trust Platform tiers include the level of involvement you have in choosing or defining a secure element configuration for your use case, deciding what credentials you want to provision, and selecting the Minimum Orderable Quantity (MOQ) that will best suit your project requirements.  Take advantage of our Trust Platform Design Suite tool to guide you through your development, from prototyping up to production. 

Leverage Our Secure Manufacturing Infrastructure to Provision Credentials in Your Products

For deployments of as few as ten units to up to many thousands of devices, our Trust Platform is a cost-effective and flexible solution for onboarding our secure elements in your design and accelerating your product’s time to market. The Trust Platform is composed of a family of pre-provisioned, pre-configured or fully customizable secure elements. Credentials are generated inside each secure element’s boundary by leveraging our Hardware Secure Modules (HSMs) that are installed in our factories. The devices also come with hardware and software development tools to make prototyping easy and to fast track your development. The Trust Platform offers three tiers of secure elements—Trust&GO, TrustFLEX and TrustCUSTOM—to provide you with the options and flexibility to meet the requirements of your company’s security model.

When you use our Trust Platform, you will optimize your overall provisioning logistic costs by benefitting from an existing and amortized HSM infrastructure integrated into our factories. Generally, it is financially and technically challenging for third-party contractors that offer provisioning services to provide an efficient and cost-effective model, especially for smaller orders. When you leverage our provisioning service along with our Trust&GO, TrustFLEX or TrustCUSTOM secure elements, you can select the option that best meets your current needs, and then scale as your business or market share spreads across the globe. Trust&GO has a minimum orderable quantity of just ten units, making it easy for you to get started on a small scale.

Why Choose Our Trust Platform?

Without secure key provisioning, as your sensitive keys are injected during manufacturing they are exposed to third-party software, microcontroller firmware, contract manufacturers and operators. With the risks so high in these mass-production conditions, it’s important that the credentials are placed inside secure storage using a process that follows good security practices. The objective of our Trust Platform provisioning service is to isolate credentials from being exposed any time during and after production while eliminating the need for you to have extensive knowledge about handling and securing keys.

Ready to Get Started With the Trust Platform?

To prototype with the proposed development kits, use the tutorials and code examples within the Trust Platform Design Suite software available for Windows® and macOS® operating systems.

When you are ready to go to production, order the pre-provisioned devices and download the manifest file from Microchip Direct or from our distribution partners. Upload the list of public credentials in the corresponding cloud account.

Learn More About Trust Platform Design Suite
Buy the Development Kit

Factory Security Certifications

Our factories are certified against Common Criteria standards:

  • SLC_CMC.5
  • ALC_CMS.5
  • ALC_DVS.2
  • ALC_LCD.1.
  • ALC_DEL.1

These site certifications ensure that we hold the processes in our supply chain to the highest standards.

Learn more about the certifications at our factory in the Philippines and our primary and secondary factories in Thailand. 

Still Not Sure How To Get Started?

  • To help with your configuration setup and transaction diagram, we handpicked a team of trusted design partners that offer their expertise to guide you along the way. They will also help with your project development from use case definition all the way through to production.
  • If you need more information about our secure elements, please visit our CryptoAuthentication™ ICs page.

Trust Platform Devices

View All Parametrics
X
View All Parametrics
X

Development Tools

CryptoAuth Trust Platform Development Kit

Part Number: DM320118

  • On-board ATECC608B
  • USB-based development kit
  • Arm® Cortex® M0+ based SAM D21 MCU, debugger, mikroBUS™ socket 
  • Trust&GO, TrustFLEX and TrustCUSTOM options

ATECC608B Trust Platform Kit

Part Number: DT100104

  • Add-on board to the DM320118
  • mikroBUS™ footprint 
  • ATECC608 Trust&GO, TrustFLEX or TrustCUSTOM

SHA104/SHA105 mikroBUS™ Evaluation Board

Part Number: EV97M19A

ECC204 mikroBUS™ Evaluation Board 

Part Number: EV92R58A

  • ECC204 add-on board
  • mikroBUS footprint 
  • Compatible with DM320118

TA010 mikroBUS™ Evaluation Board 

Part Number: EV74C12A

  • TA010 add-on board
  • mikroBUS footprint 
  • Compatible with DM320118

TA100 24-Pad VQFN Socket Kit

Part Number: EV39Y17A

2-Lead uVSFN mikroBUS™ Socket Board 

Part Number: EV98D91A

3-Lead Contact Socket Board 

Part Number: EV27Y72A

Secure SOIC Click 

Part Number: MIKROE-3788

Secure UDFN Click

Part Number: MIKROE-3746

TA100 8-pin CrytoAutomotive™ Device Socket Board 

Part Number: AC164167

CryptoAuthentication™ Device UDFN Socket Kit

Part Number: AT88CKSCKTUDFN-XPRO

  • uDFN8 socket to accommodate an ATECC608 or ATSHA204A  
  • Xplained Pro (XPro) interface 

CryptoAuthentication™ Device SOIC Socket Kit

Part Number: AT88CKSCKTSOIC-PRO

  • SOIC8 socket to accommodate an ATECC608 or ATSHA204A  
  • Xplained Pro (XPro) interface 

PIC32CM LS60 Curiosity Pro Evaluation Kit

Part Number: EV76R77A

  • PIC32CM LS60 32-bit MCU
  • TrustPlatform secure subsystem
  • Arm® TrustZone® technology
  • Arduino® Uno connector and mikroBUS™ footprint
  • On-board embedded debugger

WiFi 7 Click

  • Click board™ from MikroElektronika
  • ATWINC1500 Wi-Fi® module
  • Compatible with DM320118

mikroBUS™ Shuttle

  • Provided by MikroElectronica
  • mikroBUS expander

Shuttle Click

  • Click board™ from MikroElektronika
  • Add multiple mikroBUS™-enabled boards on a single platform

Learning

Title Description
How to Use Microsoft® Azure® RTOS and the ATECC608 TrustFLEX Secure Element In this blog you can read about how to implement a secure boot and Transport Layer Security (TLS) mutual authentication for your Internet of Things (IoT) device.
How Transport Layer Security (TLS) and Secure Elements Work In this blog you can learn about the importance of TLS and the embedded security pillars as encryption is weak without robust secure key storage to protect the private key.
Asymmetric Authentication Use Case Example The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Secure Firmware Download Use Case Example In this use case example, you will see a demonstration of the authentication of a firmware update. The example uses asymmetric cryptography to establish a chain of trust to validate the update.
Securing Cloud-Connected Devices with Google Cloud IoT and Microchip This blog article written by Google discusses how the ATECC608B secure element strengthens authentication between IoT Core and IoT hardware.
Symmetric Authentication Use Case Example The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Symmetric Authentication with a Non-Secure MCU Use Case Example In this use case example, you will learn how to authenticate an object using one-way symmetric authentication, which avoids the need for an Internet connection and white (or black) list. A white list is a lookup table for identifying approved units and a blacklist is a lookup table for identifying non-approved units.
Zero Touch Secure Provisioning Kit for AWS IoT - End-to-End Security with AWS Cloud This user's guide provides a detailed walkthrough of provisioning the Zero Touch Secure Provisioning Kit to connect and communicate with the Amazon Web Services (AWS) IoT service.

AWS IoT Security: The New Frontiers

In this session from AWS re:Invent 2016, AWS explains the value of Just in Time Registration (JITR) and Bring you Own Certificate (BYOC) using an ATECC508A secure element.

AWS re:Invent 2016: Introduction to AWS IoT in the Cloud

In this session from AWS re:Invent 2016, an AWS IoT product manager discusses why protecting a devices identity is important and how it can be implemented using the ATECC508A secure element with the AWS IoT service.

Hardware Root of Trust with Google Cloud IoT Core and Microchip

Check out how to improve IoT security by securing the authentication between Google Cloud IoT Core and IoT devices using an ATECC608B secure element.

Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)

Security is a critical concern when deploying and managing IoT devices. Learn how Cloud IoT provisioning service simplifies the device provisioning and on-boarding experience for Cloud IoT customers and OEMs. We will demonstrate how to efficiently do bulk provisioning of 8-, 16- and 32-bit microcontrollers. You will also learn about best practices and practical examples of how to provision devices in the wild and keep them secure for their lifetime.

IoT Security: Solving the Primary Hurdle to IoT Deployments (Cloud Next '18)

Security is a huge hurdle to IoT deployment. No company wants to be in the news for having its product as part of a large, IoT-driven DDoS attack. In this session you will learn how Google and Microchip have partnered to offer a seamless and highly secure solution for IoT devices connecting to Google Cloud IoT.

Secure Authentication for LoRa® with the ATECC608B and The Things Industries (TTI) Join Server

In this archived Livestream event, our security experts discuss how to easily develop a LoRa-connected device with secure authentication using our robust, yet simple-to-use, hardware-based security solution using our ATECC608B secure element, SAM R34 radio and The Things Industries (TTI) join server.

Secure Provisioning Service with the Trust Platform for the CryptoAuthentication™ Device Family

In this episode of the Microchip SHIELDS UP! series of security webinars, we provide an overview of the Trust Platform service for the CryptoAuthentication™ family of devices. You will learn about the pre-provisioned Trust&GO, pre-configured TrustFLEX and fully customizable TrustCUSTOM options for the ATECC608B. You will also be given a high-level description of the on-boarding process and the basic information you need to get started with using the provisioning services available from our factories.

Secure Download Firmware Update (DFU)

Learn how to implement a secure, Over-the-Air (OTA) firmware update with a traditional microcontroller using a Microchip secure element such as the ATECC608B. This simple-to-use, cost-efficient and robust security implementation protects the key by verifying the signed code comes from a legitimate source. The key remains protected by leveraging the ATECC608B secure element. Both asymmetric and symmetric architectures are covered in the video.

AWS IoT Authentication Use Case

Microchip explains how hardware root of trust works using the ATECC608B secure element and AWS IoT. The Just In Time Registration and Use Your Own certificates functions from AWS IoT allow large-scale authentication of automated systems, while maintaining security by protecting private keys from users, software and manufacturing backdoors.

Cryptography Primer (Part 1): Why Security Today?

During this tutorial about embedded security, Microchip discusses why security is an important consideration.

Cryptography Primer (Part 2): Authenticity, Integrity and Confidentiality

During this tutorial about embedded security, Microchip discusses the three key pillars of security: authentication, integrity and confidentiality.

Cryptography Primer (Part 3): Hashing, Secret Key and Symmetric Cryptography

In this video, learn about the basics of embedded security and how and when to use hashing.

Cryptography Primer (Part 4): Public Key and Asymmetric Authentication

During this tutorial about embedded security, Microchip discusses the concepts of asymmetric cryptography, illustrates how authentication can be implemented and highlights the importance of protecting private keys in hardware secure key storage.

Cryptography Primer (Part 5): Chain of Trust

In this cryptography primer tutorial, Microchip discusses how to implement robust authentication between a host and a client using Public Key Infrastructure (PKI).

Google Cloud IoT Core Authentication Use Case

Check out how Google Cloud IoT combined with the ATECC608B secure element strengthens device-to-cloud authentication. This flexible and TLS-agnostic implementation leverages the JWT token and optimizes code size to enable connectivity and security for very small microcontrollers.

Hardware Root of Trust for AWS IoT with ATECC608B

The threat model for IoT devices is very different from the threat model for cloud applications. During this session at AWS re:Invent, we discussed how all IoT solutions must incorporate end-to-end security from the start, how to mitigate threats and how to avoid common pitfalls. You will also learn about the steps to take in the manufacturing process, how to provision and authenticate devices in the field and how to comply with IT requirements during the maintenance phase of the product lifecycle.

How to Build a Secure Provision Workflow - The Things Conference 2019

Manipulating application and network server keys is not only a daunting process but also opens backdoors in LoRaWAN™ connected products. In this workshop recorded at The Things Conference 2019, you’ll find out how to use Microchip’s secure element to build a secure provision workflow and strengthen authentication to The Things Industry’s (TTI’s) join server.

Secure Boot for Small Microcontrollers

Learn how to implement a secure boot architecture on very small microcontrollers using the ATECC608B secure element. Keys are protected from users, factory operators and equipment as well as software.

Secure Boot with ATECC608B

Learn how to architect a secure boot with Microchip's ATECC608B secure element. This solution implements strong security by verifying the signed boot image of a small microcontroller with an immutable public key kept in the secure element.

General Questions:

Q: How can I get started with the Trust Platform?
A: Use the “Let Us Guide You to the Right Option” on the Trust Platform page, which will help you take the first step. You will find additional information about getting started with Trust&GOTrustFLEX and TrustCUSTOM on their pages.

Q: I am a distribution partner. How do I enroll in the Trust Platform program?
A: Contact your local Microchip sales office to request assistance with joining the program.

Trust&GO Questions:

Q: Do I need to contact Microchip to provision my Trust&GO secure element?

A: No. When you buy the device, it is already provisioned with keys and certificates specific to the use case you have selected that are locked inside the device. Trust&GO cannot be altered and is intended to be used as is.

Q: Where can I obtain the public keys and certificates for my Trust&GO device?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file.

TrustFLEX Questions:

Q: Do I need to contact Microchip to provision my TrustFLEX secure elements?  
A: Yes. When you buy the device, it comes pre-configured with your selected use case(s). By default, the TrustFLEX device also come with keys and generic certificates for thumbprint authentication that are overwritable internally if you have not already locked them using the lock bit. While the configuration cannot be altered, the default credentials can be changed if you have not already locked them. If you decide to use the default credentials, you will have to lock them after receiving the device. If you don’t want to use the default credentials, you can replace them with yours and then lock them. After you have made your decision, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the public keys and certificates for my TrustFLEX device when I use the default credentials?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file. WARNING: If you have overwritten the default credentials in your device, the manifest file will no longer be compatible with the device’s new credentials.

TrustCUSTOM Questions:

Q: Do I need to contact Microchip to provision my TrustCUSTOM secure element?
A: Yes. When you buy the device, it will be blank. You will need to use the TrustCUSTOM configurator, which is available under Non-Disclosure Agreement (NDA) to define the configuration, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the secret packet exchange for my TrustCUSTOM device?
A: This utility is only available through a Non-Disclosure Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Q: Where can I get the full data sheet for my TrustCUSTOM device?
A: This document is only available through a Non-Discloser Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Credentials: Identity verification tools or methods that include X.509 certificates, generic certificates for thumbprint authentication, keys and data packets

Customization: The action of creating a unique device/system through its configuration and set of secrets

Firmware Verification: When a key and cryptographic operation are used to verify a signed image on a device at boot up or during run time

IP Protection: When a key and a cryptographic operation are used to verify signed (or hashed) firmware that is considered Intellectual Property (IP) of a product

Key(s): A set of binary numbers that is used to trigger a cryptographic algorithm that implements asymmetric or symmetric encryption

Over-the-Air (OTA) Verification: When a key and a cryptographic operation are used to verify a signed image that has been loaded into a connected device by a push notification from a cloud service

PKI: Public Key Infrastructure

Provisioning: The action of generating a credential into an embedded storage area

Birth Certificate: An X.509 certificate not issued by a certificate authority company that is used for authentication to the cloud

Find More Definitions

 

Trust Platform Design Suite v2 Introduction</a>">Trust Platform Design Suite v2 Introduction

Cryptography Primer</a>">Cryptography Primer

An Introduction to the ISA/IEC 62443 Standard</a>">An Introduction to the ISA/IEC 62443 Standard

Securely Connecting to AWS IoT Core With the ATECC608B</a>">Securely Connecting to AWS IoT Core With the ATECC608B

View our Security Design Partners page to find additional expertise.

Hardware-Based Security for IoT of Any Size

Microchip simplifies hardware-based IoT security with the industry’s first pre-provisioned solutions for deployments of any size.