We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Pre-Configured and Pre-Provisioned Secure Elements for Cloud Authentication or LoRaWAN® Networks


Are you looking for a quick and easy way to implement secure authentication for  your Internet of Things (IoT) design? Our Trust&GO platform is designed to streamline the process of enabling network authentication using our ATECC608B secure elements. With a Minimum Orderable Quantity (MOQ) of just ten units, this solution is a great option for the smallest projects up to large-scale deployments. All you need to do is buy the devices, claim them and you are ready to get started.

  • If you are using TLS-based authentication, we offer devices with a pre-established locked configuration and pre-provisioned and locked generic certificate for thumbprint authentication and keys
  • If you are developing a solution for the fast-growing LoRaWAN ecosystem, we offer devices that are pre-configured and pre-provisioned with the necessary keys for secure authentication on a LoRaWAN network
  • We also offer code examples for a selection of use cases to support your application development

Ready to Get Started With Trust&GO?


To prototype with the proposed development kits, use the tutorials and code examples within the Trust Platform Design Suite software available for Windows® and macOS® operating systems.

When you are ready to go to production, order the pre-provisioned devices and download the manifest file from Microchip Direct or from our distribution partners. Upload the list of public credentials in the corresponding cloud account.

Factory Security Certifications


Our factories are certified against Common Criteria standard SLC_CMC.5 ALC_CMS.5 ALC_DVS.2 ALC_LCD.1. These site certifications ensure that we hold the processes in our supply chain to the highest standards.

Learn more about the certifications at our factory in the Philippines and our primary and secondary factories in Thailand. 

What Are the Benefits of Using Trust&GO Devices?


  • Significantly reduces your development time because the secure element configuration tasks are already done
  • Eliminates the need to purchase an expensive certificate chain since the credentials are built into the Trust&GO device
  • Leverages our provisioning infrastructure to automatically implement secure key storage without the risk of exposing your credentials during the manufacturing process or mismanaging them after deployment
  • Provides complete code examples for a variety of popular use cases so you can focus on your application code
  • Comes with a manifest file containing public certificates and keys corresponding to the private keys protected inside the device
  • Offers a low MOQ for small-volume projects of as few as ten units

Trust&GO Use Case Resources


Trust Platform Devices


Development Tools


Learning


Title Description
How to Use Microsoft® Azure® RTOS and the ATECC608 TrustFLEX Secure Element In this blog you can read about how to implement a secure boot and Transport Layer Security (TLS) mutual authentication for your Internet of Things (IoT) device.
How Transport Layer Security (TLS) and Secure Elements Work In this blog you can learn about the importance of TLS and the embedded security pillars as encryption is weak without robust secure key storage to protect the private key.
Symmetric Authentication Use Case Example The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Symmetric Authentication with a Non-Secure MCU Use Case Example In this use case example, you will learn how to authenticate an object using one-way symmetric authentication, which avoids the need for an Internet connection and white (or black) list. A white list is a lookup table for identifying approved units and a blacklist is a lookup table for identifying non-approved units.
Zero Touch Secure Provisioning Kit for AWS IoT - End-to-End Security with AWS Cloud This user's guide provides a detailed walkthrough of provisioning the Zero Touch Secure Provisioning Kit to connect and communicate with the Amazon Web Services (AWS) IoT service.
Asymmetric Authentication Use Case Example The purpose of authentication is to prevent cloning and counterfeiting and to ensure that an object is genuine and authorized to connect to a product. In this use case example, find out how to authenticate an object, such as an accessory, peripheral, battery or cartridge, that is typically removable and replaceable by the consumer.
Secure Firmware Download Use Case Example In this use case example, you will see a demonstration of the authentication of a firmware update. The example uses asymmetric cryptography to establish a chain of trust to validate the update.
Securing Cloud-Connected Devices with Google Cloud IoT and Microchip This blog article written by Google discusses how the ATECC608B secure element strengthens authentication between IoT Core and IoT hardware.

 

General Questions:

Q: How can I get started with the Trust Platform?
A:
 Use the “Let Us Guide You to the Right Option” on the Trust Platform page, which will help you take the first step. You will find additional information about getting started with Trust&GOTrustFLEX and TrustCUSTOM on their pages.

Q: I am a distribution partner. How do I enroll in the Trust Platform program?
A:
 Contact your local Microchip sales office to request assistance with joining the program.

Trust&GO Questions:

Q: Do I need to contact Microchip to provision my Trust&GO secure element?

A: No. When you buy the device, it is already provisioned with keys and certificates specific to the use case you have selected that are locked inside the device. Trust&GO cannot be altered and is intended to be used as is.

Q: Where can I obtain the public keys and certificates for my Trust&GO device?
A: Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file.

TrustFLEX Questions:

Q: Do I need to contact Microchip to provision my TrustFLEX secure elements?  
A:
 Yes. When you buy the device, it comes pre-configured with your selected use case(s). By default, the TrustFLEX device also come with keys and generic certificates for thumbprint authentication that are overwritable internally if you have not already locked them using the lock bit. While the configuration cannot be altered, the default credentials can be changed if you have not already locked them. If you decide to use the default credentials, you will have to lock them after receiving the device. If you don’t want to use the default credentials, you can replace them with yours and then lock them. After you have made your decision, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the public keys and certificates for my TrustFLEX device when I use the default credentials?
A:
 Log into your customer account at the ecommerce website where you purchased the device after device shipment, and you should be able to download a manifest file containing all the necessary public keys and certificates. Contact the vendor if you have any trouble finding this file. WARNING: If you have overwritten the default credentials in your device, the manifest file will no longer be compatible with the device’s new credentials.

TrustCUSTOM Questions:

Q: Do I need to contact Microchip to provision my TrustCUSTOM secure element?
A:
 Yes. When you buy the device, it will be blank. You will need to use the TrustCUSTOM configurator, which is available under Non-Disclosure Agreement (NDA) to define the configuration, create the secret packet exchange, encrypt it and upload it into a support ticket on Microchip’s technical support portal. We will provision your devices and ship them according to your instructions.

Q: Where can I obtain the secret packet exchange for my TrustCUSTOM device?
A:
 This utility is only available through a Non-Disclosure Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Q: Where can I get the full data sheet for my TrustCUSTOM device?
A:
 This document is only available through a Non-Discloser Agreement (NDA). Contact your local Microchip sales office or distributor to request it.

Credentials: Identity verification tools or methods that include X.509 certificates, generic certificates for thumbprint authentication, keys and data packets

Customization: The action of creating a unique device/system through its configuration and set of secrets

Firmware Verification: When a key and cryptographic operation are used to verify a signed image on a device at boot up or during run time

IP Protection: When a key and a cryptographic operation are used to verify signed (or hashed) firmware that is considered Intellectual Property (IP) of a product

Key(s): A set of binary numbers that is used to trigger a cryptographic algorithm that implements asymmetric or symmetric encryption

Over-the-Air (OTA) Verification: When a key and a cryptographic operation are used to verify a signed image that has been loaded into a connected device by a push notification from a cloud service

PKI: Public Key Infrastructure

Provisioning: The action of generating a credential into an embedded storage area

Birth Certificate: An X.509 certificate not issued by a certificate authority company that is used for authentication to the cloud

Trust Platform Design Suite v2 Introduction</a>">Trust Platform Design Suite v2 Introduction

Cryptography Primer</a>">Cryptography Primer

An Introduction to the ISA/IEC 62443 Standard</a>">An Introduction to the ISA/IEC 62443 Standard

Securely Connecting to AWS IoT Core With the ATECC608B</a>">Securely Connecting to AWS IoT Core With the ATECC608B

View our Security Design Partners page to find additional expertise.