Cloud IoT Core verifies the signed token and authorizes the
communication. The Cloud IoT Core Authentication Use Case
video provides additional details.
The advantage of this solution resides in the simplicity of
the implementation. The small code size required for JWT
authentication allows you to use small and cost-effective
MCUs like the SAM D21 device. The heavy lifting is done by
the ATWINC1500, which completely handles the TLS function
so that you do not need to have expertise with the TLS stack
to implement this solution. In addition to being the vault for the
private key, the ATECC608A runs the "ECDHA sign" operation,
which makes this implementation even more agnostic regarding
the TLS stack provider. Some may argue that this solution could
theoretically be transport agnostic too.
But the most obvious benefit is that this total system solution
enables you to connect your IoT devices to one of the most
robust, scalable, and widely adopted cloud computing platforms
in the world, backed by the global infrastructure, intelligence,
and expertise of Google Cloud Platform. To protect your
connected system from hackers and malicious attacks consider
the Microchip Technology ATECC608A CryptoAuthentication
Device for your next design.
Protecting Private Keys in IoT Hardware
Working in collaboration with Google Cloud Platform,
Microchip has implemented a JSON Web Token (JWT) based
authentication system. This solution is based on Cloud IoT Core
and Microchip's ATECC608A CryptoAuthentication Devices, a
cost-effective Arm Cortex-M0+ based SAM D21 microcontroller
(MCU) and the popular ATWINC1500 Wi-Fi module.
How does this solution work? The ATWINC1500, with its
integrated TLS 1.2 stack, establishes a TLS session. An
authenticated MQTT connection must be established for Google
Cloud IoT Core to authorize the device to push messages to
the cloud. To do this, the device issues an MQTT CONNECT
request with a JWT as a password. The private key that resides
safely inside the ATECC608A signs the JWT that is presented
by the MCU. The ATECC608A then provides a signature to the
MCU, which appends it to the JWT. This is then transmitted
as a password to the CONNECT message (username field
is ignored). The MQTT message is then carried to Cloud
IoT Core, which holds the public key—which Microchip has
securely delivered to the Google backend—that mathematically
corresponds to the private key used in the ATECC608A.
| 8 |
ATECC608A
CryptoAuthentication Devices
ATWINC1500 SmartConnect
IoT Modules
• Cryptographic co-processor with secure
hardware-based key storage
• Protected storage for up to 16
Keys, certificates
or data
• Compatible with Microchip AVR/
ARM MCUs or MPUs
• Ideal add-on to existing MCU solutions bringing
Wi-Fi and Network capabilities
through SPI-to-Wi-Fi interface
• Connects to any SAM or PIC MCU
with minimal resource requirements
• Option of printed antenna or a
micro co-ax (u.FL) connector for an
external antenna
Figure 1
Learn more > Learn more >
s
