Protected storage for up to 16 Keys, certificates or data

Hardware support for asymmetric sign, verify, key agreement – ECDSA: FIPS186-3 Elliptic Curve Digital Signature

ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman

NIST standard P256 elliptic curve support
• Hardware support for symmetric algorithms

SHA-256 & HMAC hash including off-chip context save/restore

AES-128: encrypt/decrypt, galois field multiply for GCM
• Networking key management support

Turnkey PRF/HKDF calculation for TLS 1.2 & 1.3
• Ephemeral key generation and key agreement in SRAM – Small message encryption with keys entirely protected
• Secure boot support
• Full ECDSA code signature validation, optional stored digest/signature – optional communication key disablement prior to secure boot
• Encryption/Authentication for messages to prevent on-board attacks
• Internal high-quality FIPS 800-90 A/B/C Random Number Generator (RNG)
• Two high-endurance monotonic counters
• Guaranteed unique 72-bit serial number
• Two interface options available
• High-speed single pin interface with One GPIO pin
• Operating temperature up to 100C
• 1MHz Standard I2C interface
• 1.8V to 5.5V IO levels, 2.0V to 5.5V supply voltage
• <150nA Sleep current
• 8-pad UDFN, 8-lead SOIC, and 3-lead CONTACT packages

The Microchip ATECC608B-TNGTLS is the Trust&GO secure element part of the Trust Platform for the CryptoAuthentication family. The device comes pre-configured and pre-provisioned with default thumbprint certificates and key. The configuration and credentials are locked in the device and cannot be changed. The cloud infrastructure, either it's a public of private network, needs to accommodate device authentication relying only on the thumbprint certificate from the ATECC608B-TNGTLS. In other words, the cloud infrastructure would not require verification of the thumbprint certificate by a certificate authority. This secure element integrates ECDH (Elliptic Curve Diffie Hellman) security protocol an ultra-secure method to provide key agreement for encryption/decryption, along with ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify authentication for the Internet of Things (IoT) market including home automation, industrial networking, medical, retail or any TLS connected networks. Other important feature integrated in the ATECC608B-TNGTLS is the AES128 hardware accelerator and hardware-based cryptographic key storage and cryptographic countermeasures which eliminate potential backdoors linked to software weaknesses.

The device is agnostic of any microprocessor (MPU) or microcontroller (MCU) and compatible with virtually any MCUs or MPUs thanks to the CryptoAuthLib library. As with all CryptoAuthentication devices, the ATECCC608B delivers extremely low-power consumption, requires only a single GPIO over a wide voltage range, and has a tiny form factor making it ideal for a variety of applications that require longer battery life and flexible form factors.

The ATECC608B-TNGTLS comes preconfigured with default thumbprint certificates and key that are locked in the device and not changeable. It help reduce the cost incurred by a third party certificate authority as well as the complexity to deal with certificates as a whole. 

Take a look at the various code examples by leveraging our "Microchip Trust Platform" software development tool:

Cloud authentication for AWS IoT (32-bit MCU)

Cloud Authentication for AWS Greengrass (Linux)

Cloud Authentication for Microsoft Azure (32-bit MCU)

Cloud Authentication for Google Cloud IoT Core (32/16/8 bit MCU)

LoRa Authentication for The Things Industries (TTI) or Actility join servers

TLS network authentication with third party stacks