Microchip Technology has expanded the capabilities of its TA101-based Trust platform to support compliance with cybersecurity regulations required during the development of industrial and automotive products. This expansion focuses on helping manufacturers more easily implement security features during the product development and operation phases by combining security authentication ICs with cloud-based cryptographic key management services.

Microchip announced on March 16 that it has expanded its Trust platform, centering on the TA101 TrustFLEX security authentication IC and the TA101 TrustMANAGER service. TrustMANAGER integrates with the keySTREAM service from security technology firm Kudelski Labs to provide both cryptographic key management and firmware update capabilities.

With the recent tightening of the international regulatory environment, such as the EU Cyber Resilience Act (CRA), manufacturers are now in a situation where they must incorporate security features from the product design stage. In particular, as the structure in which industrial facilities and automotive electronic systems are networked becomes more widespread, there is a growing trend of regulations requiring security systems, such as device authentication, secure communication, and software update management.

The TA101-based Trust platform is designed with a structure that combines hardware security and cloud services to meet these demands. Companies operating their own cloud infrastructure can utilize TrustFLEX security-certified ICs pre-configured at the factory, while companies without separate infrastructure can use TrustMANAGER to manage cryptographic keys and Firmware-Over-The-Air (FOTA) update services in a cloud-based manner.

In industrial environments, it supports device authentication, secure communication, and centrally managed security policies based on Public Key Infrastructure (PKI) to help comply with IEC 62443 standards and CRA regulations. Additionally, it is designed to simplify certification procedures and technical documentation preparation through provisioning services conducted at factories or on-site.

In the automotive sector, a security update system is provided that ensures electronic control units (ECUs) execute only authenticated software. The purpose is to implement scalable secure FOTA and key management functions in a software-based vehicle (SDV) architecture environment and to support compliance with vehicle cybersecurity regulations such as ISO/SAE 21434 and UNECE WP.29.

Nuri Dagdeviren, Vice President of Microchip's Security Computing Group, explained that as security requirements expand, cryptographic key management and the implementation of security updates are becoming critical challenges for developers, and that the Trust platform will help reduce the burden during the product development process by simplifying security management procedures.

Microchip announced that it can establish a hardware-based trust system extending from the manufacturing stage to field operations through the TA101 TrustFLEX and TrustMANAGER. The company believes that this approach will impact compliance with security regulations and product launch processes required in the development of industrial equipment and automotive electronic systems.