Introduction

Authors: James Boomer and Karthikeyan Logaswamy – Microchip Technology Inc.

The ATECC608B is a security enhanced version of the ATECC608A and a security enhanced and feature upgrade to the ATECC508A. All these devices are products in the Microchip CryptoAuthentication™ family of high-security cryptographic devices. The security changes implemented in the device are largely behind the scenes and are not directly observable during normal operation.

For new designs, it is recommended that users start directly with the ATECC608B. For designs that are going through an upgrade or a revision, it is recommended that part of the upgrade include the ATECC608B. For other designs, it is recommended that users do an overall security assessment and determine if they need to migrate to the ATECC608B.

The ATECC608B continues the line of security products developed as part of the Microchip CryptoAuthentication family of high-security cryptographic devices. These devices combine world-class hardware-based key storage with hardware cryptographic accelerators to implement various cryptographic functions and algorithms. All applications and use cases previously supported by the ATECC508A are also supported by the ATECC608B.

The ATECC608B device is compatible with the ATECC508A device and with some limited exceptions, allows for easy migration. If the ATECC608B is properly configured, the software written for the ATECC508A will work with the ATECC608B. For more information, see Section Migration from the ATECC508A to the ATECC608B. This application note lists the features, commands and configuration differences between the ATECC608B and the ATECC508A. It provides high-level details about the differences. For detailed information on the commands and configurations, compare the ATECC608B and the ATECC508A data sheets.

References

Applications Summary

  • Network/Internet of Things (IoT) Node Endpoint Security – Manages node identity authentication and session key creation and management. Support is provided for the ephemeral session key generation flow for multiple protocols including TLS 1.2 and TLS 1.3.
  • Firmware Validation (Secure Boot) – Supports the microcontroller (MCU) host by validating code digests and optionally enabling communication keys upon a successful secure boot. For an enhanced performance, various configurations are available.
  • Small Message Encryption – Contains a Hardware Advanced Encryption Standard (AES) engine to encrypt and/or decrypt small messages or data such as Personally Identifiable Information (PII). The device supports the AES-ECB mode directly. Other AES modes are supported with help from the host. Additional Galois Field Multiply (GFM) calculation functions support AES Galois Counter Mode (AES-GCM).
  • Secure Over-the-Air (OTA) Updates – Supports local protected key generation for downloaded images. Both broadcasts of one image to many systems, each with the same decryption key, and point-to-point downloads of unique images per system are supported.
  • Accessory/Disposable Authentication – Validates the authenticity of a system or component. This capability is often sought where disposable components are part of a system.