NXP Semiconductors EdgeLock A5000, Примечание к применению

Страница: 9 / 45

NXP Semiconductors
AN13500
EdgeLock A5000 Secure Authenticator for electronic anti-counterfeit protection using device-to-device
authentication
4 Evaluating A5000 for anticounterfeit protection
This chapter describes how to evaluate the A5000 Secure Authenticator for
anticounterfeit protection using device-to-device authentication. The following description
is provided only for demonstration. Therefore, the subsequent procedure must be
adapted and adjusted accordingly for commercial deployment.
The Plug Trust Middleware offers out of the box several software libraries to implement
and verify a device-to-device authentication on devices running an embedded Linux
distribution.
• OpenSSL
•
PKCS11
• Plug&Trust Middleware SSS API
The following chapters are demonstrating the principal of the machine and control unit
authentication flow based on the theoretical example described in Section 3 “. To simplify
the hardware setup a single A5000 Secure Authenticator IC is used.
To keep the example as simple as possible only A5000 pre-provisioned credentials are
used to demonstrate the Mutual Authentication.
The examples are divided into the following steps to introduce the A5000 and the
Plug&Trust OpenSSL engine and the ssscli tools:
1.
Section 4.1 Hard- and software setup
2. Section 4.2 OpenSLL engine overview
3. Section 4.3 Plug & Trust Middleware ssscli tool introduction
4. Section 4.4 Pre-provisioned A5000 device certificates used by the example
5. Section 4.5 Retrieve the pre-provisioned A5000 credentials
6. Section 4.6 Chain of trust of the pre-provisioned device certificates
7. Section 4.7 Mutual authentication flow
a. Section 4.7.1 Control unit authentication
b. Section 4.7.2 Machine authentication
The physical I2C connection between the Raspberry Pi and the A5000 Secure
Authenticator can be established either in plain or secured (authenticated and encrypted)
using the Global Platform Secure Channel Protocol 03 (SCP03). Section 4.8 gives a brief
overview about Global Platform Secure Channel Protocol 03 and explains how to run the
examples using Platform SCP.
How to manage access from multiple Linux processes to the A5000 authenticator
application is briefly discussed in Section 4.9 .
4.1 Hard- and software setup
The following hardware is used for this demo as a reference for any other embedded
Linux board like the NXP i.MX8:
• Raspberry Pi3 Model B+ or Pi4 Model B
•
OM-A5000ARD development kit ( NXP 12NC: 935424319598 )
• Optional - OM-SE050RPI adapter board for Raspberry Pi ( NXP 12NC: 935379833598 )
The AN12570 "Quick start guide with Raspberry Pi" describes the hardware and software
for the NXP SE05x Secure Element. Chapter “3.3. Build EdgeLock SE Plug & Trust
AN13500 All information provided in this document is subject to legal disclaimers. © NXP B.V. 2022. All rights reserved.
Application note Rev. 1.0 — 28 March 2022
9 / 45