NXP Semiconductors EdgeLock® SE050 Plug & Trust Secure Element Family
NXP Semiconductors EdgeLock® SE050 Plug and Trust Secure Element Family offers enhanced Common Criteria EAL 6+ and FIPS 140-2 certified security. The certified security is for strong protection against attack scenarios, and an extended feature set for a broad range of IoT use cases. This ready-to-use secure element for IoT devices provides a root of trust at the IC level. It delivers real end-to-end security – from edge to cloud – without the need to implement security code or handle critical keys and credentials.
Featured Product - EdgeLock SE050E
The Common Criteria EAL6+ certified EdgeLock SE050E is a market-ready variant of the EdgeLock SE050 family covering the main features required by most IoT projects. This included various ECC curves, symmetric crypto, MIFARE KDF, TPM functionality, and extended user memory with a dynamic file system to store credentials for multiple applications running on one chip.
EdgeLock SE050 supports a broad range of IoT security use cases such as TLS connection, cloud onboarding, device-to-device authentication, device integrity protection, attestation, sensor data protection, Qi 1.3 Wireless Charging Authentication, Wi-Fi® credential protection, secure access to IoT services, IoT device commissioning and personalization.
Delivered as a ready-to-use solution, the EdgeLock SE050, part of the EdgeVerse edge computing platform, comes with multiple cryptographic algorithms and protocols pre-implemented and a complete product support package that simplifies design-in and reduces time to market. In addition to libraries for different MCUs and MPUs, the support package also offers integration with the many common OSs, including Linux®, RTOS, and Android®. Time-saving design tools, such as sample code for major use cases, extensive application notes, and compatible development kits for i.MX and Kinetis® microcontrollers accelerate the final system integration.
The EdgeLock SE050, part of the Certified EdgeLock Assurance program, is designed to meet industry standards and follows NXP's security-by-design approach. It has been certified by an independent lab.
Features
- Key Benefits
- Plug and Trust for fast and easy design-in with a complete product support package and example codes for a broad range of use cases
- Extended user memory with a dynamic file system to store credentials for multiple applications running on one chip
- Easy integration with different MCU/MPU platforms and OSs (Linux, RTOS, Android)
- Turnkey solution to reach system-level security with any MCU/MPU without the need to implement security or handle critical keys and credentials
- Supports compliance with many security standards like IEC 62443, DLMS/COSEM, OPC-UA, and ISO15118
- Real end-to-end security, from edge to cloud
- Trust anchor for IoT devices with secure credential injection at a hardware level
- Key Features
- EdgeLock SE050 is available in two ready configurations. The available features depend on the chosen configuration:
- EdgeLock SE050E, Common Criteria (CC) certified EAL 6+ with an extended range of ECC and symmetric cryptographic options
- EdgeLock SE050F, Common Criteria (CC) EAL 6+ and FIPS-certified (140-2 security level 3 for OS and applet and security level 4 for the physical security of the hardware) with support of FIPS-approved algorithms
- Product Family Features*
- ECC cryptographic support of an extended set of ECC curves, including NIST (up to 521-bit key length), Brainpool, Twisted Edwards, and Montgomery
- RSA up to 4096Bits
- 3DES and AES (AES modes: CBC, CTR, ECB, CCM, GCM)
- HMAC, CMAC, GMAC, SHA-1, SHA-224/256/384/512
- HKDF, MIFARE® KDF, PRF (TLS-PSK)
- DRBG/TRNG compliant with NIST SP800-90A/B
- Support of main TPM functionalities
- Secured flash user memory up to 50kB
- Contactless interface for late-stage parameter configuration of unpowered devices
- I2C target (up to high speed mode, 3.4Mbit/s), I2C controller (fast mode, 400kbit/s)
- Secure binding with host MCU/MPU and bus encryption
- Secure credential injection with end-to-end encryption
- Advanced access control policies to credentials and data stored on-chip
- Extended temperature range for industrial applications (-40°C to +105°C)
- Small and very thin footprint HX2QFN20 package (3mm × 3mm) with max 0.33mm height
- * Features vary according to the specific variant (EdgeLock SE050E, EdgeLock SE050F)
Applications
- Industrial
- Energy management systems and smart metering
- EV chargers and battery systems
- Smart home and routers
- Mobile accessories and gaming
- Smart city infrastructure and transportation
- Security systems and surveillance cameras
- Healthcare
- Communication infrastructure
Use Cases
Secure Credential Provisioning and Protection - Secure provisioning of credentials at the certified hardware level and SE customization without the need for a customer to set up a costly PKI infrastructure.
Secure Cloud Onboarding - Use zero-touch secure connectivity based on proven, hardware-based security algorithms to connect with public and private clouds.
Device Integrity Protection, Attestation, and Traceability - verify the originality and integrity of the devices with the protection of the credentials stored in the secure storage of the SE. Use the credentials to attest device and data, as well as manage access to the devices.
Device-to-Device Authentication - Ensure only authorized devices connect to a given network, site, or service with mutual authentication and hardware-protected keys.
Protect Sensor Data - Verify that sensitive data was collected locally by encrypting it prior to transmission to the host MCU/MPU and ultimately to the cloud or server for treatment and analysis.
Qi 1.3 Wireless Charging Authentication - Integrate the EdgeLock SE050 into your wireless charger to securely store the private key and certificate of the charger and prove it is an authentic Qi-certified product.
Support Secure Operation for MIFARE products - Store the master key and derive multiple keys for different users and/or sessions for environments e.g. based on MIFARE DESFire®.
Secure Wi-Fi Connection - Securely set up a WPA2 Wi-Fi connection. Use key derivation for multiple session keys to securely connect to a Wi-Fi router, without having the master key leave the EdgeLock SE050.
Matter Ready - Provide the necessary cryptographic functions to support the upcoming Matter standard for connecting smart home devices.
Part Attributes
Short table part attributes:
Videos
Development Tools
Arduino Portenta C33 System-on-Module
Ideal for developing cost-effective, real-time applications & features Renesas Arm® Cortex® M33 MCU.
NXP Semiconductors OM-SE050ARD-E Development Kit
SE050E Arduino® compatible development kit.
NXP Semiconductors Kit de desarrollo SE050 (DE-SE050ARD)
Plataforma de evaluación y creación de prototipos para la familia Plug & Trust Secure Element SE050 de EdgeLock™.
NXP Semiconductors MR-CANHUBK344 Evaluation Board for Mobile Robotics
An evaluation board for mobile robotics applications such as autonomous mobile robots.
Plug & Trust Middleware
Export Compliance
NXP Semiconductors makes product Export Control Classification Number (ECCN) and Harmonized Tariff Schedule (HTS) classifications available for informational purposes only and the classifications are subject to change without notice. Anyone importing or exporting/re-exporting an NXP item is solely responsible for assuring the ECCN and HTS use are correct. Further, NXP does not provide guidance regarding the exportability of its products, software, or technology. Such questions should be directed to the exporter’s internal Trade Compliance organization or legal counsel.