NXP uses MCUXpresso SEC tool and smart cards for secure manufacturing

NXP uses MCUXpresso SEC tool and smart cards for secure manufacturing

NXP offers solution with new smart card trusted provisioning capabilities

Original equipment manufacturers (OEMs) developing edge connectivity technologies need to consider their software intellectual property and their reputation as security product providers. Cost-effective production is often in direct conflict with protecting intellectual property and device certifications used in the cloud. NXP believes that security can never be compromised and offers a solution with a new Smart Card Trust Provisioning feature.

Security is at the heart of NXP. Every element of NXP's device or software is secure, and we also want to make every customer-manufactured product secure. Even if the manufacturing site itself does not provide strong security, with highly secure technology, the manufacturing process is safer. With the new smart card trusted provisioning solution, NXP has introduced a variety of features to support OEMs in protecting their intellectual property and their revenue. This solution leverages our smart cards and MCUXpresso Secure Provisioning Tool (SEC) to provide customers a way to manage the root of trust in their manufacturing processes. In addition, this solution ensures that customers' confidential information used to identify OEM products and their software intellectual property is protected. It is a cost-effective, secure and reliable solution for customers of all sizes, and leverages NXP's highly secure SmartMX microcontrollers (MCUs) to implement the smart cards themselves, a technology that has been the backbone of high security for many years App provides support.

NXP's Smart Card Trusted Provisioning solution supports the deployment of secure authentication and intellectual property from customer premises to commissioned factories. Our MCUs have secure boot built into ROM to ensure that only signed images are run. The MCU also includes secure flash memory and device-unique key generation based on Physical Unclonable Function (PUF) technology. Customer certifications and intellectual property are signed and encrypted using the MCUXpresso SEC tool at their trusted development site, and can only be verified and decrypted by genuine NXP devices.

Keys used in customer applications, for example, can be securely stored in smart cards before being sealed to prevent tampering. In this way, the smart card becomes the basic element of security like a hardware security module (HSM). These certifications can then be securely transferred to the target device inside the customer's end product without being exposed to the contract manufacturer (CM) factory. Using the SEC tool, only genuine devices with the appropriate built-in NXP certificate can be equipped with the customer's key and programmed with customer-signed software. Even at the final step from the host running the SEC tool to the customer's target system, the secure link between that computer and the NXP MCU is protected during provisioning and programming.

Overproduction in CM factories can also be a concern for many OEMs. The smart card trusted configuration solution provides basic production management functions (ie production limit control) to solve this problem. Customers get SEC tools to personalize smart cards and limit production quantities, while creating production packages for their CMs to use in manufacturing their products. Once at the factory, the SEC tool that performs device configuration communicates with the smart card to securely count the number of manufactured products and prevent any attempts to exceed preset limits. The SEC tool generates a factory audit log at the end of the production process for the CM to return to the customer site for audit.

In every secure edge connectivity application, each device requires a unique identity for cloud registration. NXP builds the configuration process from designing the microcontroller and injects encryption keys and digital certificates into these devices at the factory during the manufacturing process for use in the customer's manufacturing process. Our customers can generate their own device-unique certificates and replace (or revoke) the default NXP device certificates using SEC tools to generate certificates and secure them with smart cards. This way, they can take ownership of the device during factory assignment and use the audit log generated by the SEC tool to obtain the resulting device certificate. These device certificates can then be used to upload to the service provider for use in device registration.

Smart card provisioning solutions replace traditional, more expensive HSMs and third-party device programming services. We enable our customers to take advantage of the advanced security features of NXP MCUs to protect their valuable assets. By purchasing cost-effective smart cards and using the free MCUXpresso SEC tool, our customers can prepare secure images to protect their intellectual property, manage keys and perform device assignments. With no minimum order quantities and full control over production quantities, smart card configuration solutions make secure manufacturing affordable for all.