STMicroelectronics

OUR HISTORY OF SUPPORTING ST-BASED PRODUCTS

CommScope PKI Center™ has been offering device credential provisioning and code signing services for ST-based products since 2010. We possess extensive expertise in various ST secure elements, microcontrollers, and SoCs, including STSAFE, STM32WB, STM32L4, STM32U5, STi5202, STi7105, and STiH207 Liege, among others.,

COMMSCOPE PRODUCTS AND SERVICES

Lightweight Security Provisioning Client Software is designed to streamline the provisioning of device keys and certificates across various devices.

  • Integrated with the STM32 platform and STSAFE/PSA security element.
  • Supports ECC with NIST P-256 and P-384 curves for device certificates.
  • Provides optional software for use in factory programming stations or with host companion devices, ensuring that keys and certificates are provisioned securely and accurately to the intended device.

Credential Provisioning Platforms and Services are built to provision devices with unique keys and certificates.

  • Factory Provisioning: Supports automated device provisioning in factories; adaptable to various manufacturing processes.
  • In-Field Provisioning: Enables secure, automated provisioning of deployed devices using proven solutions, tested in many real-world deployments.
  • Cloud Onboarding: Facilitates secure registration and enrollment with leading IoT cloud service providers, including Azure, AWS, and other public and private cloud services, as well as integration with the FIDO process.

Code Signing and Encryption Services protect device firmware, accessible anytime by authorized users.

  • Easy Onboarding: Streamlined process for developers, build engineers, and managers.
  • Testing and Evaluation: Free online test with example signing and verification keys.
  • Key Protection: Signing keys are generated in a multi-party-controlled event, hosted online, and protected by FIPS-certified Hardware Security Modules (HSMs) with comprehensive security, including backup and disaster recovery.
  • Custom Policies: Customer-defined permissions for human or machine access, with product-specific signing keys and configurations.

Certificate Authority (CA) Services are configured to issue device credentials (certificates and/or keys) for specific customer and vendor devices.

  • CSA Matter-Specific PKI: Includes the Product Attestation Authority (PAA) and Product Attestation Intermediate (PAI) to issue Device Attestation Certificates (DACs), along with the CAs needed to issue Node Operational Certificates (NOCs).
  • Enterprise Private CAs: Supports specific ecosystems, clouds, and applications under different Roots of Trust.
  • CA Key Protection: All CA keys are generated in a multi-party key ceremony and are securely hosted online using FIPS 140-2 compliant Hardware Security Modules (HSMs).

Device Credential Lifecycle Management is used to discover and manage the certificates and/or keys in use with comprehensive dashboard and reporting.

  • Centralized Management: Provides a unified platform for storing, discovering, and tracking device certificates, ensuring real-time visibility and efficient management.
  • Automated Processes: Supports automated certificate renewal and revocation, reducing the risk of service disruption and enhancing security.
  • Monitoring: Offers detailed monitoring, alerts for certificate expiration, and self-service capabilities with certificate inventory management.

BENEFITS FOR ST CUSTOMERS

  • A pre-integrated and tested solution for CSA Matter DAC provisioning on STM32WB, prioritizing production efficiency to reduce errors and accelerate production launch, minimizing your development efforts.
  • Robust security measures without the need for heavy investment in technical expertise and infrastructure, ensuring compliance with specific government and industry standards and regulations.
  • No costs for operating and maintaining PKI infrastructure with Hardware Security Modules (HSMs) for customer specific CAs and signing key protection.
  • Your geographically dispersed product teams can access and use a single set of keys with granular permissions and usage tracking, providing protection against irreversible risks in your software supply chain.
  • We handle complexity, you enjoy simplicity, productivity, and security.

STM32WB55 MATTER PROVISIONING CLIENT

CommScope and STMicroelectronics jointly offer an STM32WB55 Matter provisioning client that can be used to provision test Matter DACs to STM32WB55 devices. This client can be downloaded from the CommScope software distribution system SODIACS. Follow the steps below to download the client.

  1. Go to the SODIACS access request page.
  2. Follow the on-screen instructions to complete the SODIACS onboarding process. When asked which product you want to download, enter "STM32WB55 Matter Provisioning Client".
  3. Once your SODIACS account is set up, you will receive an email with a link to the SODIACS page for the client.
  4. Click the link in the email to go to the SODIACS page that has a download link for the client.
  5. Click the download link for the client.

Resources

CSA Matter Device Attestation Certificate (DAC) Provisioning

Provisioning STM32WB55 with Matter DAC

Click to view slides

Provisioning STM32WB5M demo

Provisioning STM32WB5M demo thumbnail

Click to watch video

Provisioning STM32L4 and STSAFE with credentials trusted by AWS

Provisioning STM32L4 and STSAFE demo thumbnail

Click to watch video

Contact Us

If you are interested in CommScope’s security service, please fill and submit the following form:

Before submitting any information, we ask that you read and acknowledge your agreement with our Privacy Policy.
By clicking the 'Submit' button below, you are confirming your agreement with the terms above, which will be legally binding, as well as acknowledging that you meet the eligibility terms as described in the Privacy Policy, and will otherwise comply with them.

Partner link: www.st.com