Secure-element IC adds security & IP protection to IoT applications

June 15, 2016 // By Graham Prophet
STMicroelectronics has added a device it positions as a “strong yet easy-to-use” secure element to protect connected devices in the consumer and industrial Internet of Things (IoT) and to prevent cloning or copying of genuine products by ensuring authenticity.


The STSAFE-A100 optimized secure element provides built-in authentication, secure communication, key provisioning, and highest security standards for IoT devices (CC EAL5+); it simplifies integration for equipment designers, with a full support ecosystem available. STSAFE-A100 can be designed-in by developers without specialist security expertise.


Consumer devices, home appliances, industrial assets, and infrastructure controllers connected to the internet need state-of-the-art security to prevent hackers from counterfeiting, cloning, stealing information, or misusing the equipment. STSAFE-A100 is a secure turnkey solution that brings the expertise in electronic security for applications such as banking, e-commerce, and identity protection to the IoT. As a secure element that provides authentication services and can be used in conjunction with an ordinary microcontroller, it features an embedded secure operating system and is certified to Common Criteria EAL5+[1], banking-level security-industry standards.


STSAFE-A100 provides strong authentication services that help make sure only authorized IoT devices can access online services and only authorized accessories or consumables are recognized and accepted by an application. It is compliant with the USB Type-C device-authentication scheme and secures communications with a remote host using Transport Layer Security (TLS) handshaking.


Additional functions that further minimize any potential for security breaches include signature verification to ease secure boot and firmware upgrade, secure counters that allow usage monitoring, secure pairing with the host application processor, wrapping and unwrapping of local or remote host envelopes, and on-chip key-pair generation.


The STSAFE-A100 supports asymmetric cryptography including Elliptic Curve Cryptography (ECC) with NIST or Brainpool 256-bit and 384-bit curves, and symmetric cryptography using AES-128/AES-256. The STSAFE-A100 comes with a unique serial number on each die and its operating system comprises a kernel for authentication and data management and provides strong protection against logical, fault, side-channel and physical attacks.


“STSAFE-A100 delivers an economical and certified solution for state-of-the-art security in IoT and brand protection, presenting an alternative with clear advantages over existing approaches like software-based security running