4.2 Using the ATECC608B Secure Element

In the printers and cartridges use case, The secure element ATECC608B on the PIC32CM LS60 MCU helps prevent device cloning by adding an extra layer of security during the authentication process. The ATECC608B is a specialized hardware component that stores sensitive data and perform cryptographic operations in a secure environment.

Authentication Methods

The following methods utilize cryptographic techniques to establish secure communication and verify device identity, ultimately preventing unauthorized cloning attempts.

Symmetric Authentication: Symmetric authentication uses a challenge and response process. Here, the PIC32CM LS60 MCU host challenges a remote device to ensure it is authentic and can be trusted. The challenged device responds with the expected results. This method requires the host and remote devices to share the same key. Additionally, The remote device can send a unique serial number, so the responses are unique from those of other remote devices.

Asymmetric Authentication: In asymmetric authentication, a verifier checks the authenticity of the remote by validating the signature. Asymmetric authentication is based on the use of two keys.

• One of the keys needs to be kept secret. This key is called the Private Key.
• The second key is mathematically related to the Private Key and is called the Public Key.

The public key is openly shared. The key owner will use the Public Key to authenticate the signature. The host sends a random challenge to the remote device. The remote device responds with a signature. However, the host only needs the public key from the remote (not a secret key) to verify the signature on the challenge. If the signature verification matches, the remote device has successfully responded to the challenge, and the host can trust the remote device.

The ATECC608B secure element within genuine printer cartridges enables symmetric secure authentication using a challenge-response protocol.

Unique Keys for Secure Identification – Each genuine cartridge has a built-in ATECC608B secure element. During manufacturing, a unique cryptographic key is securely programmed into this secure element for each cartridge.

Challenge Response Protocol in Action

Power On or Cartridge Insertion – When the printer is powered on, or a new cartridge is inserted, it initiates a communication process with the cartridge's ATECC608B.

Challenge Issued – The printer sends a challenge to the cartridge. This challenge is typically a random number.

Secure Response from Cartridge – The cartridge's ATECC608B receives the challenge. Using its unique key, the ATECC608B securely decrypts the challenge. It then performs a cryptographic operation (calculates a Message Authentication Code or MAC) on the challenge and sends this response (MAC) back to the printer.

Verification and Decision – The printer receives the response (MAC) from the cartridge. The printer verifies the received MAC using a predetermined algorithm and the original challenge.

Success – If the calculated and received MAC values match, the cartridge is authenticated as genuine, and printing can proceed.

Failure – If the MAC values do not match, the printer identifies the cartridge as counterfeit. Depending on the printer's settings, it might refuse to print or display a warning message.