A71CH: Plug and Trust - The fast, easy way to deploy secure IoT connections

Google Cloud IoT Core

NXP’s A71CH Plug &Trust for IoT Security is a trust anchor, a ready-to-use security solution designed for integration into next-generation IoT devices, such as edge nodes and gateways. When embedded into devices, the security chip generates and signs a JWT (Jason Web token) token and is validated by Google IoT Core to enable seamless connections between the IoT device and Google Cloud Platform Apps and Services, leveraging secure key storage and key management provided by A71CH.

To automate the process of onboarding to Google Cloud IoT Core, device credentials are pre-injected into an A71CH and public keys are delivered to the customer thereby eliminating the need for complex, costly OEM configuration processes. Injection of device credentials can be made at the NXP secure manufacturing facilities or through NXP approved programming partners.

Together with Google Cloud IoT, NXP enabled the Plug & Trust experience for devices manufacturers:

Google Cloud IoT Core | How to image

To learn more about how A71CH streamlines device-to-cloud onboarding, watch the webinar below.

Watch the webinar “Securing today's IoT - How NXP and Google Cloud IoT simplify IoT Device Provisioning and Security”

Get started and build your product with NXP’s A71CH Plug & Trust and securely connect to Google Cloud IoT Core:

Application note Tutorial video A71CH Arduino kit

IBM Watson IoT

The A71CH Provisioned & Programmable ‘Ready for IBM Watson IoT’ is an off-the-shelf and ready-to-use solution that provides a root of trust at the IC level and delivers proven, chip-to-cloud security right out of the box. It allows devices to be securely connected to the Watson IoT Platform without exposing keys for the entire lifetime of the device. This specific solution provides a secure identity to IoT devices, preventing attackers from impersonating a device or giving it a new identity.

The A71CH Provisioned & Programmable comes with X.509 certificates and keys trusted by Watson IoT Platform and injected at NXP secure certified facilities. NXP’s trust provisioning service ensures keys are kept safe, and credentials are injected in a trusted environment. When embedded into devices, the chips have the necessary keys to establish a secure TLS connection with IBM Watson IoT enabling seamless device-to-cloud connections. Thus, the IBM Watson IoT Platform together with IBM Cloud provides end-to-end secure communication starting from the secure identity delivered by NXP’s A71CH.

The solution is suitable for product introduction phase e.g. low volumes up to mass production.

Watch the intro to A71CH ‘Ready for IBM Watson IoT’

The dedicated A71CH version which is ‘Ready for IBM Watson IoT’ can be purchased here:

Buy

  • A7101CHTK2/T0BC2BJ: With standard temp range (-25 to +85 °C)
  • A7102CHTK2/T0BC2CJ: With extended temp range (-40 to +90 °C)

Get started and build your product with NXP’s A71CH ‘Ready for IBM Watson IoT’:

Application note Recipe proof A71CH Arduino kit

IBM Validated Solution

AWS IoT

In 2016, AWS IoT introduced the Just-in-time registration (JITR) flow, which automates the enrollment of IoT devices to AWS IoT. With this, device manufacturers do not need to manually register upfront each device certificate to AWS IoT console. In fact, it enables the auto registration of device certificates to AWS IoT at first connect to cloud, which tremendously simplifies the registration process of devices by OEMs.

This process works perfectly in combination with NXP’s Plug & Trust security chip, A71CH, and the Trust Provisioning process set up by NXP and qualified partners. Dedicated keys and certificates for AWS IoT are pre-injected into the A71CH at secure manufacturing facilities, without ever exposing them to the outside world. NXP enables OEMs to bring their own certificates into the devices and allows scalability in terms of deployment size, through key injection on A71CH either by NXP or qualified partners.

With this, the A71CH provides a root of trust to the IoT device. The A71CH securely stores the device certificates and keys and allows the IoT device to securely enroll and authenticate to AWS IoT using JITR. Device manufacturers do not need to invest time and money in any security infrastructure or write any security code. Instead, they can rely on NXP and its partner’s process to manage the process of key generation and provisioning and thus reduce the overall deployment cost.

Watch the video showing how to securely connect to AWS IoT with NXP’s A71CH Secure Element

Get started and build your product with NXP’s A71CH Plug & Trust and securely connect to AWS IoT:

Application note A71CH Arduino kit

AWS image