The cryptographic algorithm’s
requirements: Cryptographic accelerators alone do not solve security and
this is what the ISA/IEC 62443 is demonstrating. Where the
ATECC608 parts excel is their very low power
consumption (30 nA) in Sleep mode, which is where most of the device lifetime will
be. Combine that benefit with its hardware-based crypto accelerators, reducing
execution time, and the device becomes an outstanding solution for power budget
optimization by offloading the heavy cryptographic operations to the ATECC608.
The JIL High secure key storage:
This is where Microchip secure elements stand out to help meet ISA/IEC 62443 compliance. Cryptographic algorithms are just
mathematical operations. Without the protection of their associated keys, there is
virtually no security. Essentially, every time a cryptographic algorithm is called
for, secure key storage becomes a must-have. The ATECC608 was tested following Common Criteria testing practices on secure
key storage. The rating is on the JIL scale. With a JIL High, the highest JIL grade
possible for secure key storage, the ATECC608 brings
a high level of confidence that keys will be protected at a very effective price
point.
Secure Key Provisioning: Similarly, the same analogy can be drawn between
secure key storage and secure key provisioning. Handling the cryptographic keys
following a secure manufacturing process is essential to preserve as much isolation
as possible between keys and any outside variable. This is a benefit that the
ISA/IEC62443-4-1 standard also emphasizes. Microchip offers an in-house secure key
provisioning service where the cryptographic keys will be loaded on the customer’s
behalf. The Microchip Trust Platform will be the starting point.
CryptoAuthLib Library: An
essential element that will bring flexibility to the choice of microcontroller or
microprocessor (consider using PKCS11). The CryptoAuthLib Library offers a hardware abstraction
layer (HAL) where the I2C or SWI drivers will exist and keep the secure
element agnostic of the microcontroller or microprocessor.
The online versions of the documents are provided as a courtesy. Verify all content and data in the device’s PDF documentation found on the device product page.
