Consumer devices, home appliances, industrial assets, and infrastructure controllers are already connected to the internet or will be soon. Many of them are designed to be autonomous and unattended. They now need state-of-the-art electronic security to prevent hackers from counterfeiting, cloning, stealing information, or misusing the equipment.
The new STSAFE-A100 from STMicroelectronics is a secure turnkey solution that brings their proven expertise in electronic security for applications such as banking, e-commerce, and identity protection to the IoT. As a secure element that provides authentication services and can be used in conjunction with an ordinary microcontroller, it features an embedded secure operating system and is certified to Common Criteria EAL5+[1], banking-level security-industry standards.
“STSAFE-A100 delivers an economical and certified solution for state-of-the-art security in IoT and brand protection, presenting an alternative with clear advantages over existing approaches like software-based security running on a general-purpose microcontroller or an uncertified crypto-companion IC,” said Laurent Degauque, Marketing Director, Secure Microcontroller Division, MDG Group, STMicroelectronics. “Seamless integration puts security at the heart of the product and frees developers to focus on maximizing added value at the application level.”
ST has made the design-in process for their new secure element easy for customers by providing a complete ecosystem that includes an expansion board with Arduino headers, a microcontroller library, and reference implementations. These simplify attaching the STSAFE-A100 to a microcontroller such as any from the STM32 family.
Technical Information:
STSAFE-A100 provides strong authentication services that help make sure only authorized IoT devices can access online services and only authorized accessories or consumables are recognized and accepted by an application. It is compliant with the USB Type-C device-authentication scheme and secures communications with a remote host using Transport Layer Security (TLS) handshaking.
Additional functions that further minimize any potential for security breaches include signature verification to ease secure boot and firmware upgrade, secure counters that allow usage monitoring, secure pairing with the host application processor, wrapping and unwrapping of local or remote host envelopes, and on-chip key-pair generation.
It supports asymmetric cryptography including Elliptic Curve Cryptography (ECC) with NIST[2] or Brainpool 256-bit and 384-bit curves, and symmetric cryptography using AES-128/AES-256. It comes with a unique serial number on each die and its operating system comprises a kernel for authentication and data management and provides strong protection against logical, fault, side-channel and physical attacks.