3.2.1.3 Certificate Storage

The ECC608-TFLXWPC supports multiple certificate chains for different use case applications. There is the possibility to support up to three X.509 certificate chains. X.509 certificates tend to be larger than what will fit into a single ECC608-TFLXWPC device slot, therefore, a compressed format is used. This technique may be better called a partial certificate, as it stores dynamic certificate information on the device and imposes some limitations. Dynamic information is the certificate content that can be expected to change from device to device (e.g., public key, validity dates, etc.). Static data will be constant across all devices. Firmware is expected to have a certificate definition with a template for fully reconstructing each of the X.509 certificates for a specific use case. The full certificate is made up of a combination of dynamic and static data.

For the ECC608-TFLXWPC, there are two types of X.509 certificates to support the IoT TLS use case and the WPC authentication use case. Each of these use a different X.509 format, and, therefore, the ECC608-TFLXWPC will have a different compressed certificate format. If the WPC Slot 1 is not used and a propriety extension is used in WPC Slot 2 or WPC Slot 3, an additional type of certification chain may be required.