https://community.nxp.com/t5/Secure-Authentication/Why-there-is-a-se50-while-MPU-has-trustzone/m-p/995598#M174 <HTML><HEAD></HEAD><BODY><P>Hi Wei,</P><P></P><P>One of the measures for increasing the robustness of IoT designs is the addition of a security as an isolated closed system in addition to the Host controller. that's why we recommend the security IC like SE050 for that purpose.. <BR />&nbsp;<BR />This security IC provides a protected access to device keys since those keys never leave this tamper resistant IC.<BR />It prevents the insertion of counterfeit devices by allowing the secure storage of the credentials used to verify the authenticity and proof-of-origin of the device. It also enables trusted and authenticated connections with the cloud by securely storing the keys used to establish a TLS encrypted link.<BR />&nbsp;<BR />In addition, this security IC can also contributes in limiting (mitigating) the attack scope of:<BR />-Potential software bugs, by preventing device credentials from being compromised.<BR />-Malicious code execution, by providing root of trust of the public key used to verify the signed code binary (run-time protection). <BR />-Data leakage, by enabling an encrypted TLS connection with the keys securely stored in the IC.<BR />&nbsp;<BR />Therefore, the level of security depends on how secrets are generated, stored, and handled.</P><P></P><P>Hope that makes sense,</P><P></P><P>Have a great day,<BR />Kan</P><P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P></BODY></HTML> Mon, 23 Mar 2020 08:16:20 GMT Kan_Li 2020-03-23T08:16:20Z https://community.nxp.com/t5/Secure-Authentication/Why-there-is-a-se50-while-MPU-has-trustzone/m-p/995597#M173 <HTML><HEAD></HEAD><BODY><P>Hi , I have a question when I learnt through&nbsp;<A class="link-titled" href="https://www.nxp.com/design/training/advance-your-iot-security-leveraging-hardware-protected-keys-on-microcontrollers:TIP-ADVANCE-YOUR-IOT-SECURITY" title="https://www.nxp.com/design/training/advance-your-iot-security-leveraging-hardware-protected-keys-on-microcontrollers:TIP-ADVANCE-YOUR-IOT-SECURITY">Advance your IoT Security Leveraging Hardware Protected Keys on Microcontrollers | NXP</A>&nbsp;.</P><P>It says we need a se50 or other secure element to achieve highest level of security&nbsp;even if the MPU has TrustZone.</P><P>Why there is a se50 while MPU has trustzone? Thank you.</P></BODY></HTML> Fri, 20 Mar 2020 09:57:14 GMT https://community.nxp.com/t5/Secure-Authentication/Why-there-is-a-se50-while-MPU-has-trustzone/m-p/995597#M173 brucezhao 2020-03-20T09:57:14Z https://community.nxp.com/t5/Secure-Authentication/Why-there-is-a-se50-while-MPU-has-trustzone/m-p/995598#M174 <HTML><HEAD></HEAD><BODY><P>Hi Wei,</P><P></P><P>One of the measures for increasing the robustness of IoT designs is the addition of a security as an isolated closed system in addition to the Host controller. that's why we recommend the security IC like SE050 for that purpose.. <BR />&nbsp;<BR />This security IC provides a protected access to device keys since those keys never leave this tamper resistant IC.<BR />It prevents the insertion of counterfeit devices by allowing the secure storage of the credentials used to verify the authenticity and proof-of-origin of the device. It also enables trusted and authenticated connections with the cloud by securely storing the keys used to establish a TLS encrypted link.<BR />&nbsp;<BR />In addition, this security IC can also contributes in limiting (mitigating) the attack scope of:<BR />-Potential software bugs, by preventing device credentials from being compromised.<BR />-Malicious code execution, by providing root of trust of the public key used to verify the signed code binary (run-time protection). <BR />-Data leakage, by enabling an encrypted TLS connection with the keys securely stored in the IC.<BR />&nbsp;<BR />Therefore, the level of security depends on how secrets are generated, stored, and handled.</P><P></P><P>Hope that makes sense,</P><P></P><P>Have a great day,<BR />Kan</P><P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P></BODY></HTML> Mon, 23 Mar 2020 08:16:20 GMT https://community.nxp.com/t5/Secure-Authentication/Why-there-is-a-se50-while-MPU-has-trustzone/m-p/995598#M174 Kan_Li 2020-03-23T08:16:20Z