STMicroelectronics STSAFE-A120

The STSAFE-A120 is a secure element, providing authentication and secure data management services to a local or remote host. It also provides cryptographic services like hashing, encryption, and decryption. It consists of a full turnkey solution with a secure operating system running on the latest generation of secure microcontrollers.The STSAFE-A120 can be integrated in consumables, accessories, IoT (Internet of Things) devices, smart-home, smart-city and industrial applications, and consumer electronics devices.

Key features

• Unique ID
• Authentication for:
  • Consumables and accessories anticloning
  • Connected objects secure connection and preattachment to clouds (Azure, AWS, and others)
  • Wireless chargers Qi 1.3 and Qi 2.0
  • Matter devices
  • Digital power supplies OCP M-CRPS
• Pairing and secure channel with host application processor
• Configurable secure storage
• Usage monitoring with secure counters
• Secure connection establishment with remote host including transport layer security (TLS 1.2 and TLS 1.3) handshake
• Signature verification service (secure boot and firmware upgrade)
• Secure storage in host nonvolatile memory based on wrapping and unwrapping of local host envelopes
• Data hashing
• Symmetric data encryption or decryption
• On-chip key pair generation
• Cryptography and security features
• Advanced asymmetric cryptography:
  • 5 Elliptic curve crytpography (ECC), nonvolatile private key slots + 1 ephemeral ECC key slot
  • Supported elliptic curves:
  • NIST P-256 P-384, P-521
  • Brainpool P-256 P-384, P-512
  • Edwards 25519
  • Curve25519
• Supported functionalities:
  • Digital signature generation and verification (ECDSA and EdDSA)
  • Diffie-Hellman shared secret establishment (ECDH)
• Advanced symmetric cryptography: 16 slots of symmetric cryptography with AES-128/256 CCM*, ECB, GCM, CMAC, and HKDF
• Pairing with host-applicative processor: AES 128-bit or 256-bit
• Local wrap/unwrap envelop key: 2 slots of keys with AES 128-bit or AES 256-bit
• Data hashing:
  • SHA-2 with SHA-256, SHA-384, SHA-512
  • SHA-3 with SHA3-256, SHA3-384, SHA3-512
• Random number generator: Random number generator with NIST SP 800-90B compliant entropy source
• Latest generation of highly secure MCUs:
  • Unique serial number on each die
  • CC EAL5+ AVA_VAN.5, and ALC_DVS.2 Common Criteria certified
  • Active shield
  • Monitoring of environmental parameters
  • Protection mechanism against fault injection
  • Protection against side-channel attacks
• Hardware characteristics
• 16 Kbytes of configurable nonvolatile memory
  • 25 years of data retention at 25°C
  • 500 000 erase/write cycle endurance at 25°C
• 2.7 V to 5.5 V continuous supply voltages
• Operating temperature: -40°C to +105°C
• Communication protocol
• I²C - bus slave interface:
  • Up to 400 kbps transmission speed (Fast mode)
  • 7-bit addressing
• Packages: ECOPACK-compliant SO8N 8-lead plastic small outline package and UFDFPN 8-lead ultrathin profile fine pitch dual flat package.

Applications

• IoT (Internet of Things) devices
• Smart-home
• Smart-city and industrial applications
• Consumer electronics devices