Certificate of Compliance (C-of-C)

As new devices can be programmed by those possessing them, the devices must either be initialized using user keys in a trusted facility with vetted personnel, or another method should be used to ensure that the correct keys, security settings, and user-supplied design are programmed into the devices. The best practice is to bring the fully-assembled and programmed systems to a trusted facility where the programming can be verified, before they are put into any sensitive applications. Either of these approaches—using a trusted facility to preload keys, or afterwards, to verify programming—requires extra time and expense. This may include the cost of maintaining such facilities and staff, and the inconvenience of not being able to put otherwise finished systems into service until additional steps have been performed.

Both the device families offer an alternative approach that uses cryptographic techniques to provide assurance that they are programmed correctly, and not with some malicious entity's keys instead of the user's keys, or with (intentionally) wrong security settings, or with a different design than intended (perhaps containing a Trojan Horse).

During programming, the device can generate a short message called a certificate of conformance (C-of-C). This includes the keyed digests (message authentication code tags) for each bitstream component programmed. The input data for digest calculation includes the data programmed by that bitstream component, and the device serial number. This ensures that the C-of-C tag from each device is unique, even if the programmed data is the same. The key makes the tag impossible to forge.

The SPPS software can validate the returned C-of-C messages from each device and report the status in secure log files. This is one aspect of keeping tight accounting control over the number and identity of the parts programmed, the scrapped parts, and so on. The C-of-C proves that each component is programmed with the expected data.

The advantage of the C-of-C approach is that it provides this assurance minus the expense of shipping parts or systems around the world between less-trusted assembly facilities and more-trusted facilities where additional programming or verification steps must be performed, and it may even eliminate the need for the more expensive facilities. Programming can be performed in a less expensive facility without the risk of undetected tampering of the programming data. Generating and confirming the C-of-C is very efficient, and adds almost nothing to the programming time. It is completely automated by the Microchip SPPS tools.