To increase security on IoT products and facilitate easier setup and management, Microchip Technology has added the ECC608 TrustMANAGER with Kudelski IoT keySTREAM, Software as a Service (SaaS) to its Trust Platform portfolio of devices, services and tools.
With security credentials managed and updated in the field via keystream, rather than being limited to a static certificate chain implemented during manufacturing, the ECC608 TrustMANAGER allows custom cryptographic credentials to be accurately provisioned at the end point without requiring supply chain customiation and can be managed by the end user.
keySTREAM has been designed to offer a device-to-cloud solution for securing key assets end-to-end in an IoT ecosystem throughout a product’s lifecycle.
The ECC608 TrustMANAGER relies on a secure authentication IC that is designed to store and protect cryptographic keys and certificates, which are then managed by the keySTREAM SaaS.
The combined silicon component and key management SaaS allow the user to set up a self-serve root Certificate Authority (root CA), and the associated public key infrastructure (PKI) secured by Kudelski IoT, to create and manage a dynamic certificate chain and provision devices in the field the first time they are connected.
Once claimed in the SaaS account, the devices are automatically activated in the user’s keySTREAM service via in-field provisioning.
“As the volume of connected devices rapidly increases and security standards and regulations tighten, IoT designers are seeking more efficient ways of managing their devices once products are in their customers’ hands,” explained Nuri Dagdeviren, corporate vice president of Microchip’s security computing group. He continued, “Our partnership with Kudelski and adding keySTREAM to our ECC608 TrustMANAGER enables customers to manage, scale and update IoT ecosystems efficiently via a cloud-based security SaaS for in-field provisioning and certificate management.”
Security standards and upcoming regulations are increasingly requiring upgradability of security infrastructure for IoT devices.
This is difficult to address with traditionally static IoT security implementations, which require physical upgrades like changing out the security ICs in each device to stay in compliance.
With the ECC608 TrustMANAGER, the process is automated and highly scalable, allowing devices to be managed securely and efficiently throughout their lifecycle. It also enables easy device ownership management without needing to change hardware, as security keys are updated digitally from the cloud into the device.
“Our collaboration with Microchip is not just about bringing advanced security solutions to the market, it’s about setting a new standard for smart device security across the board,” said Hardy Schmidbauer, senior vice president of Kudelski IoT. “By leveraging Microchip’s semiconductor technologies alongside Kudelski IoT’s security services, we are poised to deliver protection and a new ease of provisioning for IoT device manufacturers.”
This type of dynamic in-field provisioning and device management meets IoT security standards and will be useful in device certificate updates needed to stay in compliance with evolving security requirements.
The keySTREAM SaaS allows for ongoing updates of keys designed to prevent and protect against evolving threats and security requirements. In-field provisioning also removes the need for customization for more efficient manufacturing.
The ECC608 is the first security IC in Microchip’s TrustMANAGER series.