STMicroelectronics STSAFE-A120 Authentication ICs

STMicroelectronics STSAFE-A120 Authentication ICs are highly secure integrated circuits designed to protect sensitive data and devices through advanced cryptographic features and authentication protocols. STSAFE-A120 ICs provide a unique identifier for secure authentication in various applications, including consumables, accessories, connected objects, and wireless chargers (Qi 1.3 and Qi 2.0). These ICs support secure cloud preattachment and connection with services like Azure and AWS, ensuring that devices can securely pair with host processors and establish encrypted communication channels.

With a robust feature set, including support for elliptic curve cryptography (ECC), AES encryption, digital signatures, and data hashing, the STMicroelectronics STSAFE-A120 Authentication ICs safeguard against cloning, unauthorized access, and attacks like side-channel vulnerabilities and fault injections. Its 16KB of non-volatile memory and extensive security certifications (EAL5+) make it ideal for high-security applications in the Internet of Things (IoT), digital power supplies, and secure boot processes. Designed to withstand harsh environmental conditions with an operational temperature range of -40°C to +105°C, the STSAFE-A120 devices ensure long-lasting reliability and security in embedded systems.

Features

Unique ID
Authentication for:
- Consumables and accessories, anti-cloning
- Connected objects, secure connection, and preattachment to clouds (Azure, AWS, and others)
- Qi 1.3 and Qi 2.0 wireless chargers
- Matter devices
- OCP M-CRPS digital power supplies
Pairing and secure channel with host application processor
Configurable secure storage
Usage monitoring with secure counters
Secure connection establishment with remote host, including transport layer security (TLS 1.2 and TLS 1.3) handshake
Signature verification service (secure boot and firmware upgrade)
Secure storage in host nonvolatile memory based on wrapping and unwrapping of local host envelopes
Data hashing
Symmetric data encryption or decryption
On-chip key pair generation
Hardware
- 16K-bytes of configurable nonvolatile memory
  - 25 years of data retention at +25°C
  - 500,000 erase/write cycle endurance at +25°C
- 2.7V to 5.5V continuous supply voltages
- -40°C to +105°C operating temperature range
I²C bus slave interface communication protocol
- Up to 400kbps transmission speed (Fast mode)
- 7-bit addressing
Package options
- ECOPACK-compliant SO8N 8-lead plastic small outline package, 4mm x 5mm
- UFDFPN 8-lead ultrathin profile fine pitch dual flat package, 2mm x 3mm

Cryptography and security
- Advanced asymmetric cryptography
  - 5x Elliptic Curve Crytpography (ECC), nonvolatile private key slots + 1x ephemeral ECC key slot
  - Supported elliptic curves include NIST P-256 P-384, P-521; Brainpool P-256 P-384, P-512; Edwards 25519; and Curve25519
- Supported functionalities
  - Digital signature generation and verification (ECDSA and EdDSA)
  - Diffie-Hellman shared secret establishment (ECDH)
- Advanced symmetric cryptography, 16x slots of symmetric cryptography with AES-128/256 CCM, ECB, GCM, CMAC, and HKDF
- AES 128-bit or 256-bit pairing with host-applicative processor
- Local wrap/unwrap envelop key, 2x slots of keys with AES 128-bit or AES 256-bit
- Data hashing
  - SHA-2 with SHA-256, SHA-384, SHA-512
  - SHA-3 with SHA3-256, SHA3-384, SHA3-512
- Random number generator with NIST SP 800-90B compliant entropy source
- Highly secure MCUs
  - Unique serial number on each die
  - CC EAL5+ AVA_VAN.5, and ALC_DVS.2 Common Criteria certified
  - Active shield
  - Monitoring of environmental parameters
  - Protection mechanism against fault injection
  - Protection against side-channel attacks