Security ICs

Microchip

World-class embedded security solutions ensure trust for every system design

Trust is what security is really all about today. Microchip security products make "trust" easy to embed in any system. Flexibility, advanced features, innovative cost-effective architectures and ultra-secure hardware defense mechanisms make Microchip hardware-based security devices an ideal way to add trust by design at scale. The most common use cases are:
  • IoT cloud authentication
  • Automotive security
  • Accessory authentication
  • Counterfeit protection
  • IP protection
  • Firmware validation

Secure Element Portfolio

CryptoAuthentication™ products — Offers product designers an extremely cost-effective, easy to design, tiny and ultra-secure hardware authentication capability.

Trusted Platform Module — The Microchip Trusted Platform Module (TPM) provides strong hardware-based public key (RSA) security on a single device for personal and tablet computers as well as embedded processor-based systems.

CryptoMemory® products — The Microchip CryptoMemory family offers a range of cost-efficient, high-security electrically erasable programmable read-only memory chips (EEPROMs) and host-side security for applications requiring comprehensive data protection.

CryptoRF® products — Microchip CryptoRF is a 13.56 MHz RFID device family employing a 64-bit embedded hardware encryption engine, mutual authentication and up to 64 Kbits of user memory.


CryptoAuthentication™ Devices

 

Microchip CryptoAuthentication devices offer hardware-based ultra secure key storage to ensure that a product with the consumables it uses, firmware it runs, accessories that supports it, and the network nodes it connects to are not cloned, counterfeited, or tampered with. Keeping products genuine helps maintaining a customer revenue flow by ensuring that only legitimate products can work with the host system. Microchip offers the industry's widest selection of authentication devices featuring hardware-based root of trust storage and cryptographic countermeasures that can fight off even the most aggressive attacks. Because attackers cannot see secret keys that are stored in protected hardware, they cannot attack. To help your design journey, Microchip approved Security Design Partners are here to help you scale with TLS stack providers, Cloud experts, Certificate Authority companies and CryptoAuthLib library expertise.
 
 

TLS

  • Generic TLS implementation
  • Public Key Infrastructure (PKI)
  • ECC hardware accelerator
  • Anti Tampering
  • TLS stack partners
 

Public Cloud

  • Private key isolation from software backdoors
  • In-manufacturing key Provisioning service
  • Mutual Authentication
  • Cloud Partner Use Cases

Counterfeit Protection

  • ECC/SHA/AES hardware accelerators
  • Anti Tampering
  • Secure boot
  • Anti-Cloning
  • Security design partner network

Cloud Authentication

AWS IoT Greengrass Hardware Security Interface (HSI)

For the ATECC608A Secure Element

When it comes to IoT security, private keys are the most sensitive material. If a private key is accessed by an unintended party, that person can now impersonate the IoT hardware and undertake undesired or malicious operations. Because of this, the most basic security practice to follow is to implement a secured hardware root of trust to remove exposure of private keys to software, firmware, manufacturing sites, end users or other third parties. Microchip’s ATECC608A secure element provides a JIL “high” rated secure key storage area to isolate keys. This is especially valuable in Linux® environments where software is a living entity and software backdoors to keys are likely to show up.

To further help adding hardware secure key storage, Amazon Web Service (AWS) offers IoT Greengrass Hardware Security Integration as part of its IoT Greengrass Core software. It is an interface between the IoT Greengrass Core and a hardware secure module based on PKCS#11. The ATECC608A is used in this implementation as the hardware secure key storage to isolate private keys needed for the authentication between AWS IoT and AWS IoT Greengrass from the Linux-based system enabled with IoT Greengrass. This microprocessor-agnostic solution adds true hardware secure key storage to any Linux-based IoT products. The ATEC608a is now part of the AWS Device Qualification Program supporting AWS IoT Greengrass.

Benefits of using the AWS IoT Greengrass Hardware Security Integration:

  • Leverage secure elements for AWS IoT Greengrass ecosystems
  • Provide a unique, trusted and protected identity
  • Optimum hardware security with secure key storage
  • Use standard PKCS#11 interface
  • Anti-tampering protection
  • Side-channel attack protections
  • JIL rated “high” secure key storage

Trusted and Secure Authentication with ATECC508A for AWS IoT

Why would you harden your IoT Security with the ATECC508A for AWS IoT?

Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. Consequently, governments and corporations across the globe are working to protect individual identities and privacy. Strong authentication is the start of robust security. This leads cloud providers to push towards hardware-based security to obtain strong device identity protection, prevent identity spoofing, but also to protect against unauthorized firmware updates and prevent proliferation.

An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points


Trusted and Secure Authentication with ATECC608A for AWS IoT

Why would you harden your IoT Security with the ATECC608A for AWS IoT?

Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. Consequently, governments and corporations across the globe are working to protect individual identities and privacy. Strong authentication is the start of robust security. This leads cloud providers to push towards hardware-based security to obtain strong device identity protection, prevent identity spoofing, but also to protect against unauthorized firmware updates and prevent proliferation.

An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points


Trusted and Secure Authentication with ATECC608A for Google Cloud IoT Core

Why would you harden your IoT Security with the ATECC608A for Google Cloud IoT Core?

Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. Consequently, governments and corporations across the globe are working to protect individual identities and privacy. Strong authentication is the start of robust security. This leads cloud providers to push towards hardware-based security to obtain strong device identity protection, prevent identity spoofing, but also to protect against unauthorized firmware updates and prevent proliferation.

An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points


LoRa Secure Authentication with the ATECC608A Secure Element

Security With The Things Industries Join Servers

When it comes to LoRa security, provisioning and storing network server and application server keys is as important as it is complex. Because of this, it is also a known security weakness that attackers may try to use to exploit your system by accessing these keys. This can be avoided by implementing a secure hardened key storage both at the node and in the LoRaWAN™ backend which will strengthen the authentication process by removing exposure of authentication keys to software, firmware, manufacturing sites, end users and other third parties. Microchip’s ATECC608A-MAHTN secure element provides a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRa systems which are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers.

To make adding hardware secure key storage easier, the secure element is paired with The Things Industries' (TTI) join server service for turnkey secure authentication. The corresponding AES128 authentication keys are also hosted and protected in TTI’s managed join servers. Through a claim procedure via the TTI portal, the protected keys in the secure element are “claimed” and then owned by the company. This process simplifies the cumbersome unsecure provisioning practice used without secure key storage. This join server is completely agnostic to the network server and/or application server providers to preserve business scalability by leaving freedom of choice to the architects. Flexibility doesn’t stop here, the ATECC608A-MAHTN secure element is a microcontroller-agnostic solution that adds true hardware secure key storage to any LoRa-connected products.

Benefits of using The Things Industries join server for LoRa-based designs

  • Add secure elements to LoRaWAN 1.0.x and 1.1
  • One year of TTI join server access included
  • Microcontroller-agnostic secure element
  • Network and application server agnostic TTI join server
  • Leverage Microchip’s secure provisioning service
  • Ability to provide a unique, trusted, protected and managed identity
  • Supported by Microchip and Arm® LoRaWan stacks
  • Pre-configured authentication, secure boot
  • Re-keying capability between TTI join servers and the secure element
  • JIL rated “high” secure key storage
  • Protection against anti-tampering, side-channel attacks


Counterfeit Protection Benefits

 

Not only do discounted and counterfeit copies corrupt a corporation’s brand image, but they can also negatively impact its revenue streams. Counterfeit protection is critical in preventing such losses. Preserving brand image is not just about attracting new customers; it’s imperative for customer satisfaction and retention, as well. Key to this is the code’s authenticity. The IP protection attached to a brand must be part of product development from inception through all phases of a product’s life cycle. When proper technical protection of the IP is established, revenue protection and optimal user experience is more easily maintained and controlled once the product hits the market. Microchip’s CryptoAuthentication devices offer the protection necessary to empower companies to keep control of their future within their hardware designs.

Physically isolate keys and secret from the application

 
 

Trusted Storage

In order to establish a robust counterfeit protection strategy, trust in the design, the device provider, the manufacturer must be optimum to decrease potential back-door and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands.nds.

Physical Protection

Microchip CryptoAuthentication devices integrates various vital features to strengthen your security at the root of the hardware design. The secure element portfolio is architected with various anti-tampering techniques and locking mechanisms such as active shield and side attack counter measures.

Cryptography

The capability of generating randomness is arguably the most critical block within a security device after secure storage. The CryptoAuthentication devices embeds a unique serial number per device, and most importantly provide high entropy FIPS certified random number generators (RNG).

Trusted Provisioning

Trust cannot rely only on the device but also on the manufacturing process. Exploiting human users and 3rd party weaknesses is one of the preferred target of hackers. Customers can now leave this burden to Microchip secured factories and leverage our trusted provisioning service already used by thousands of companies.

 

ECC based

  • Public Key Infrastructure (PKI)
  • High quality Random Number generator
  • ECC hardware accelerator
  • ECDSA-ECDHE key agreement
  • NIST ECC-P256 curve
  • Integrated SHA256 hash with HMAC option

SHA based

  • Cost effective symmetric authentication
  • SHA256 hardware hash algorithm with MAC
  • HMAC option
  • 4.5kb EEPROM for key and data
  • Guaranteed unique serial number

AES based

  • AES-CCM authentication
  • AES128 hardware accelerator
  • 32kb EEPROM split in 16 slots
  • 16 secured slots of 128 bit for key storage
  • 16 high endurance monotonic EEPROM counters
  • Serial EEPROM compatible pinout


CryptoAutomotive™ Security ICs

Quickly Integrate Security into Existing Automotive Networks with Minimal Design Impact

The Need for Automotive Security is Real

More and more consumer conveniences like Bluetooth®, 3G, 4G, LTE, etc. are being added to vehicles each year much to the delight of consumers… as well as the hackers. There is no shortage of real-world vehicle hacking stories and videos available on the web and virtually all OEMs in all regions have been negatively impacted by these attacks. The attack surface will certainly continue to grow so the pressure is mounting for OEMs and Tier 1 suppliers to quickly secure in-vehicle networks with long-term solutions.

A New Day in Automotive Cybersecurity

New OEM cybersecurity specs have begun to roll out requiring improved security including hardware-based secure boot and CAN message authentication. Implementing these new specs can be burdensome for Tier 1 suppliers to implement with the first investigation typically involving switching out their existing host microcontroller (MCU) to a higher horsepower dual-core 32-bit MCU with crypto. This can introduce significant additional silicon cost, software development expense and introduces risk associated with getting the new security software in the MCU implemented correctly. Microchip has introduced a solution that enables OEMs and Tier 1 suppliers to add security to existing systems without costly redesigns.

Industry’s First Automotive Security Development Kit

This CryptoAutomotive™ Security ICs In-Vehicle Network (IVN) TrustAnchor/Border Security Device (TA/BSD) development kit provides a way for developers to begin architecting their security into existing systems. The emulated secure companion solution initially targets secure boot and CAN message authentication use cases, and upcoming kit software releases for key agreement, TLS, content protection schemes and more will be available in the future. The kit can be conveniently paired with Microchip automotive host microcontroller development kits which include example projects for secure boot.

CryptoAutomotive Secure Element Advantages:

  • Significant cost and time-saving advantages compared to redesigning with a new MCU
  • Minimal MCU code updates resulting in little to no impact to existing host MCU functional safety ratings
  • Preprogrammed with built-in security measures removing the requirement for in-house security expertise
  • Eliminates risk associated with significant MCU code updates
  • More whole-chip tampers with a higher level of certifiability
  • True hardware key isolation


CryptoMemory

Making EEPROMs a Safe Place for Sensitive Data

The Microchip CryptoMemory® family offers a range of cost-efficient, high-security electrically erasable programmable read-only memory chips (EEPROMs) and host-side security for applications requiring comprehensive data protection, including mutual authentication between devices and host. CryptoMemory chips are the world's largest family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of nonreadable, 64-bit authentication keys, and four sets of nonreadable, 64-bit session encryption keys. The result: a truly secure means of preventing product counterfeiting and piracy. The chip family features a choice of memory densities and is easy to implement in a variety of applications.

Key Features

Designer's choice — The chips are available in memory densities ranging from 1 Kbit to 256 Kbits to accommodate diverse storage and cost requirements.

Multiple access levels — User memory can be divided into as many as 16 separate sections, allowing several different levels of read and write access.

No special expertise — A CryptoMemory design kit offers a library of simple API calls that execute the most complex host operations.

Standard interfaces — The chips provide standard 2-wire communication interfaces to Microchip and other microcontrollers, as well as a standard smart card interface to off-the-shelf readers.

Package options — Options include 8-lead SOIC, TSSOP, uDFN, and PDIP plastic packages, modules for smartcard applications, and wafers thinned down to 6 mils.

Host-side simplicity — The Microchip CryptoCompanion™ chip provides simple, plug-and-play authentication on a host device.

Devices

Device Family Summary Benefit Applications Technologies Key Parameters
CryptoCompanion Security companion chip to CryptoMemory

Securely implements host algorithms and stores host secrets

Verifies host firmware digests
Plug-and-play host-side cryptographic security for embedded systems

64-bit Cryptographic Algorithm

Secure EEPROM technology

Hardware Security technology

Random Number Generator

Host-side security

Hardware security
CryptoMemory (2.7V - 3.6V) Family of secure EEPROMs

64-bit embedded hardware encryption engine

EEPROM densities from 1 to 8 kbit available

Flexible security feature set to meet a wide variety of applications

Supports both 2-wire and ISO7816 interface protocols

Mutual authentication capability
Applications requiring authentication, data protection or secure storage

64-bit Cryptographic Algorithm

Secure EEPROM technology

Hardware Security technology

Hardware security

Secure EEPROM

Authentication
CryptoMemory (2.7V - 5.5V) Family of secure EEPROMs

64-bit embedded hardware encryption engine

EEPROM densities up to 256 kbits available

Flexible security feature set to meet a wide variety of applications

Supports both 2-wire and ISO7816 interface protocols

Mutual authentication capability
Applications requiring authentication, data protection or secure storage

64-bit Cryptographic Algorithm

Secure EEPROM technology

Hardware Security technology

Hardware security

Secure EEPROM

Authentication


CryptoRF

The Largest Selection of Memory Solutions for RFID

Microchip CryptoRF® is a 13.56MHz RFID (radio-frequency identification) device family equipped with a 64-bit embedded hardware encryption engine, mutual authentication capability, and up to 64Kbits of user memory. These low-cost chips are virtually impossible to copy and offer hardware security that is superior to software security solutions. CryptoRF ICs are ideal for applications that are prone to counterfeiting, require a permanent chain of ownership, or use contactless smart cards for cash transactions. They are also suitable for use in adverse environmental conditions where dust, dampness, or temperature extremes can cause problems for digital devices.

Key Features

  • Safer than passwords — Mutual authentication between host and client is accomplished with a unique cryptogram that is randomly generated for each transaction.
  • Attack isolation — The key diversification scheme limits any attack to only one unit.
  • Multiple access levels — User memory can be divided into as many as 16 separate sections, allowing several different levels of read and write access.
  • Diverse packages — The chips are available in many different shapes and sizes; tags in a variety of shapes can be developed for high-volume applications
  • Host-side simplicity — The Microchip CryptoCompanion™ chip provides simple, plug-and-play authentication on a host (interrogator) device.
  • Development tools — Comprehensive reference designs, demonstration kits, and application software facilitate implementation into existing products.

Devices

Device Family Summary Benefit Applications Technologies Key Parameters
CryptoCompanion Security companion chip to CryptoRF

Securely implements host algorithms and stores host secrets

Verifies host firmware digests
Plug-and-play host-side cryptographic security for embedded systems

64-bit Cryptographic Algorithm

Secure EEPROM technology

Hardware Security technology

Random Number Generator

Host-side security

Hardware security
CryptoRF Secure RFID solution

High frequency 13.56MHz ISO 14443 Type B protocol

EEPROM densities up to 64 kbits

64-bit embedded hardware encryption engine

Flexible security feature set to meet a wide variety of applications

Mutual authentication capability
Product authentication

Contactless payment

Patient safety

Anti-cloning of consumables

Loyalty and patron management

64-bit Cryptographic Algorithm

Secure EEPROM technology

Hardware Security technology

ISO 14443 Type B protocol

13.56MHz

Secure RFID

ISO 14443 Type B

13.56MHz RFID

Hardware Security

Authentication

Secure EEPROM
CryptoRF Reader ISO 14443 Type B reader

Supports both 2-wire and SPI serial interfaces

Compatible with both 3.3V and 5V host microcontrollers

Performs all RF communication, packet formatting, decoding, and communication error checking, reducing burden on host microcontroller
Product authentication

Contactless payment

Patient safety

Anti-cloning of consumables

Loyalty and patron management

RFID

13.56MHz

ISO 14443 Type B

RFID reader

13.56MHz

ISO 14443 Type B


Hardened TLS Benefits

Mitigate remote attacks, use a unique trusted identity

 

Transport Layer Security 1.2 (TLS 1.2) has become the de facto standard for connecting embedded systems to a network. While TLS 1.2 is undeniably robust, an embedded system still requires a unique, secure and trusted identity to prevent large-scale remote attacks. For example, a malicious attack can cause a hospital power grid to go down and potentially risk human lives, interrupt online services and advertising activities resulting in a loss of revenue, or suspend the production capabilities of industrial plants and their supply chains to almost instantaneously affect their profitability. When combined with the TLS 1.2 protocol, Microchip’s ATECC508A CryptoAuthentication™ device offers a unique, trusted, and verifiable identity that can help protect billions of connected devices.

How do Microchip's CryptoAuthentication devices help enhance TLS?

By physically isolating keys and secrets from the application

 

Secure Key Storage

In order to harden the TLS protocol, trust in the system, the device provider, the manufacturer must be optimum to decrease potential backdoors and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands. The ATECC508A is your solution.

Physical Protection

Microchip ECC based devices integrate various vital physical protection schemes to strengthen your TLS security at the root of the hardware design. The ECC based secure element family is architected with anti-tampering features such as active shield and side attack counter measures as well as robust secure key storage with locking mechanisms.

Hardware Cryptography

In terms of cryptography, the most important function is to provide a high entropy FIPS compliant random number generators (RNG). The ATECC family integrates best in class RNG enabling high entropy capabilities. In addition, the device is capable of providing both an ECC hardware accelerator and SHA256 hashing as well as a unique serial number per device.

Trusted Provisioning

Trust cannot rely only on the hardware device but also on the manufacturing process. Exploiting 3rd party weaknesses is one of the top target of hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can now leave this burden to Microchip secure factories and leverage our trusted provisioning service already used by thousands of companies.
 
 

ECC Based

  • Hardware based root of trust based on X509 certificate
  • Public Key Infrastructure (PKI)
  • ECC hardware accelerator
  • ECDHE-ECDSA sign
  • Tamper resistant
  • Keys are never sent, exposed, nor disclosed

Integrated TLS

  • Free integrated TLS stack from WiFi module ATWINC1500
  • Free integrated TLS stack from Bluetooth/Wifi combo ATWINC3400
  • Cost efficient solution
  • Enable connectivity to small microcontrollers

3rd Party Solutions

  • Certified 3rd party security partner TLS stacks
  • Certificate Authority options
  • Years of experience
  • Offer agnostic implementation to connectivities and microcontrollers
  • WolfSSL, CycloneSSL, OpenSSLstacks

Online-Shop
Ineltek auf Youtube
Recent Popular Info

Apologize, nothing found for this channel.

Apologize, nothing found for this channel.

Direktanfrage
Technische Anfrage
Termine