A71CH
NXP
This document describes how the A71CH security IC can be used to establish a secure connection with an AWS
Application NoteNxp
A71CH for secure connection to AWS
Guide for using the NXP A71CH security IC to establish secure MQTT connections to AWS IoT cloud via TLS and Just-in-Time Registration (JITR).
Overview
This application note describes the process of using the NXP A71CH security IC to create a secure connection between IoT devices and the Amazon Web Services (AWS) IoT cloud. The document outlines the use of the MQTT protocol over Transport Layer Security (TLS) and explains the AWS Just-in-time registration (JITR) mechanism for automatic certificate registration. Technical details include Public Key Infrastructure (PKI) fundamentals, Elliptic-Curve Cryptography (ECC) using the NIST-P256 curve, and the implementation of ECDSA for digital signatures and ECDH for key exchange. It provides a workflow for managing device credentials, OEM intermediate certificates, and root CAs to ensure tamper-resistant authentication and secure storage.
Use Cases
- Securing IoT device connections to AWS cloud services
- Automated device provisioning using Just-in-Time Registration (JITR)
- Implementing tamper-resistant credential storage in embedded systems
- Cryptographic node authentication for smart devices
Topics
Security IC
IoT
AWS IoT
A71CH
MQTT
TLS
ECDSA
ECDH
ECC
NIST-P256
i.MX6UltraLite
Secure Authentication
Referenced Parts
i.MX6UltraLite
NXP
The A7CH OpenSSL Engine is fully compatible with the i.MX6UltraLite embedded platform.
| A71CH | NXP | This document describes how the A71CH security IC can be used to establish a secure connection with an AWS |
| i.MX6UltraLite | NXP | The A7CH OpenSSL Engine is fully compatible with the i.MX6UltraLite embedded platform. |