The Microchip ATECC608B integrates ECDH (Elliptic Curve Diffie Hellman) security protocol an ultra-secure method to provide key agreement for encryption/decryption, along with ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify authentication for the Internet of Things (IoT) market including home automation, industrial networking, medical, as well as accessories and consumables authentication and more. In addition, the ATECC608B offer an integrated AES hardware accelerator strengthening hardware-based security for LoRaWAN applications and enable secure boot capabilities for very small microcontrollers.
The ATECC608B is a secure element from the Microchip CryptoAuthenticationTM portfolio with advanced Elliptic Curve Cryptography (ECC) capabilities. With ECDH and ECDSA being built right in, this device is ideal for the rapidly growing IoT market by easily supplying the full range of security such as confidentiality, data integrity, and authentication to systems with MCU or MPUs running encryption/decryption algorithms. Similar to all Microchip CryptoAuthentication products, the new ATECC608A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which eliminate potential backdoors linked to software weaknesses.
The device is agnostic of any microprocessor (MPU) or microcontroller (MCU) and compatible with Microchip AVR/ARM MCUs or MPUs. As with all CryptoAuthentication devices, the ATECCC608B delivers extremely low-power consumption, requires only a single GPIO over a wide voltage range, and has a tiny form factor making it ideal for a variety of applications that require longer battery life and flexible form factors.
To help accelerating your development, take a look at the Trust Platform for the ATECC608B and consider:
- ATECC608B Trust&GO for TLS based network secure authentication. The device comes pre-provisioned secure element with a generic static certificate to reduce third party certificate authority costs. No configuration needed allowing you to focus solely on your application code. Compatible with AWS IoT Multi-account registration architecture.
- ATECC608B Trust&GO for LoRaWAN based networks. The device comes pre-provisioned secure element with The Things Industries or Actility join server symmetric keys depending on the part number chosen. In addition, IEEE addresses are also part of the pre-provisioned device.
- ATECC608B TrustFLEX for TLS based network secure authentication in addition to many more use cases. The device comes pre-configured device with more use cases than just the device to cloud secure authentication Trust&GO offer. It offers pre-architected implementation for accessory authentication, firmware validation, secure boot assistance, key rotation and more. Compatible for AWS IoT, Microsoft Azure, Google Cloud Platform and in general any TLS networks with code examples for WolfSSL, mBedTLS, CycloneSSL.
- ATECC608B TrustCUSTOM secure element is a fully customizable device in case your security architecture demands to go beyond the Trust&GO and TrustFLEX use cases.
- For Linux systems, the Trust Platform ATECC608B variances leverage the PKCS#11 interface between the microprocessor and the secure element. Check our code example.
Cryptographic co-processor with secure hardware-based key storage
Protected storage for up to 16 Keys, certificates or data
ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman (ECDH)
NIST standard P256 elliptic curve support (ECC)
Hardware support for symmetric algorithms
SHA-256 & HMAC hash including off-chip context save/restore
AES-128: encrypt/decrypt, galois field multiply for GCM
Networking key management support
Turnkey PRF/HKDF calculation for TLS 1.2 & 1.3
Ephemeral key generation and key agreement in SRAM – Small message encryption with keys entirely protected
Secure boot support
Full ECDSA code signature validation, optional stored digest/signature – optional communication key disablement prior to secure boot
Encryption/Authentication for messages to prevent on-board attacks
Internal high-quality FIPS 800-90 A/B/C Random Number Generator (RNG)
Two high-endurance monotonic counters
Guaranteed unique 72-bit serial number
Two interface options available
High-speed single pin interface with One GPIO pin
8-pad UDFN, 8-lead SOIC, and 3-lead CONTACT packages
Operating temperature up to 100C
<150nA Sleep current
1.8V to 5.5V IO levels, 2.0V to 5.5V supply voltage
1MHz Standard I2C interface