STSAFE-A110 and Secure Cloud Connectivity, a different way to Automate Device Registration

Thanks to the STSAFE-A110 secure element and ST's Secure Factory processes, customers can now create family-wide security certificates to automate the authentication and attachment of devices to AWS and Azure clouds. And also to result in the feature much more accessible, we're opening it to productions of only 5,000 units or even more.

Experts know that the cloud includes a bright and dark side. On one side, it allows engineers to talk about an unimaginable quantity of information for connecting our physical world to data. On the other hand, securing a cloud is complex, and device attachment operations are sensitive as well as laborious. Requiring device makers to sign in and register each device might be tedious and expensive. ST's solution solves this by developing a system that automatically attaches a product family to a cloud account. Let us, therefore, explore this issue in additional details and see what teams can do today when preparing for this.

STSAFE-A110 and also the Cloud: The Need for a safe and secure Element and the Challenge of Per-Device Registration

Security in the Cloud and the Need for a Secure Element

The quickest way to take advantage of this feature would be to start developments on one of the ST boards that houses a STSAFE-A110 device. For example, developers can use the B-L4S5I-IOT01A, our latest Discovery Kit IoT Node. Teams focusing on industrial applications can also use the STEVAL-STWINKT1B, which can jumpstart projects relying on condition monitoring or AI at the edge. To assist engineers, ST also created example applications for both of those boards. For instance, FP-CLD-AWS1 can help applications connect to AWS by using traditional per-device registrations. Once designers are prepared for mass production, they are able to contact ST to create the self-signed family certification. The procedure usually takes in regards to a month.

Fundamentally, a tool connecting to a cloud must be authenticated by proving its identity and it is entitlement to a particular privileges. This type of process almost always involves a challenge-response authentication protocol. In this instance, the asymmetric scheme utilizes a private key and a certificate containing the device ID and public key. The server first requests the certificate and verifies its validity. Exactly the same server will challenge the sign-in process by asking for a challenge signature to confirm the certificate originated from the unit. The client device answers such requests by signing a challenge with its unique and hidden private key. The STSAFE-A110 assists along the way by providing tamper-proof secure storage and an optimized asymmetric authentication scheme. The device also comes with customer-specific keys and certificates securely loaded in the ST secure factory before shipment.

Workflow for Devices Attachment and also the Need for Automation

Such mechanism is efficient as it enables the attachment of every device to a cloud account by registering its certificate. However, one drawback for a group of devices is that each device must be registered one by one. Consequently, the procedure demands complex and sensitive manufacturing operations. Consequently, companies must, therefore, make specific investments since outsourcing the process would add significant security risks. Additionally, problems arise when teams should do this for thousands or perhaps millions of devices. When dealing with such volumes, the costs associated with individual registrations may become prohibitive. For instance, when installing connected nodes in a smart city, a business must activate them rapidly. ST is thus offering a solution that streamlines this method.

STSAFE-A110 and the Cloud: A New Way to Automate Attachment

Self-Signed Family Certificates and also the Means to fix the Attachment Automation Challenge

To facilitate the secure attachment of a family of devices, ST added a new capability to personalize the STSAFE-A110. The functionality depends on medium difficulty self-signed certificate allotted to several products and registered to a cloud account. Consequently, following the single registration of this intermediate certificate on a specific cloud account, the devices automatically attach themselves to that particular account on their own first connection. Moreover, outsourcing manufacturing becomes possible because the OEM (Original Equipment Manufacturer) controls the sole sensitive operation on their own premises without the need for any sort of secure processes during manufacturing. There's no need to purchase additional equipment or configure devices during assembly. To make the feature much more attractive, we provide the self-signed family certificate free of charge for any minimum order of 5,000 units.

Development Boards and Software programs to Jumpstart Projects

The quickest method to employ this feature is to start developments on a single from the ST boards that houses a STSAFE-A110 device. For example, developers may use the B-L4S5I-IOT01A, our latest Discovery Kit IoT Node. Teams working on industrial applications can also use the STEVAL-STWINKT1B, which can jumpstart projects relying on condition monitoring or AI in the edge. To help engineers, ST also created example applications for of those boards. For instance, FP-CLD-AWS1 can help applications connect with AWS by using traditional per-device registrations. Once designers are ready for mass production, they are able to contact ST to create the self-signed family certification. The procedure typically takes about a month.