Manage the Security of Connected Devices with TrustMANAGER

The Microchip ECC608 TrustMANAGER device helps you manage the trust of connected devices in an IoT network. Combined with the Kudelski IoT keySTREAM™ SaaS, TrustMANAGER sets up a self-serve Public Key Infrastructure (PKI) service that provisions your devices while they are connected in the field to automatically activate them in your account.

A shield with a checkmark

Use cases

a powerful force in
end-to-end IoT security

TrustMANAGER also enables the bulk upload of credentials with one click and only charges for the activation when devices connect. Once your IoT device is connected, the keySTREAM SaaS will remotely provision various cryptographic credentials and dynamically manage the security lifecycle of your product from deployment to end of life. Redefine key and certificate management with theECC608 TrustMANAGER device, the first security IC in the TrustMANAGER series.

Custom PKI setup

• Root Certificate Authority (CA) creation
• Self-service PKI
• Protection with IT-grade Hardware Security Modules (HSMs)
• Kudelski HSM with 99.99% SLA
• Ability to set up in minutes
• Cost-effective managed PKI
Watch Tutorial

Automated Device Onboarding

• Bulk upload of certificates with one click
• Take ownership with in-field provisioning
Watch Tutorial

Certificate Management

• Expiration date
• Rotation
• Revocation
• Renewal
Watch Tutorial


Ready to get started with TrustMANAGER

To begin prototyping with the development kit, use the TrustMANAGER examples and documentation within the Trust Platform Design Suite software, available for Windows® and macOS® operating systems. Then, open your keySTREAM account with Kudelski IoT.


Why use TrustMANAGER Devices?

Keep your self-serve PKI up to date

Set up your IT-grade custom PKI using a proper HSM with no expertise in minutes

Protect your root certificate and associated private key in keySTREAM

Reduce onboarding time and leverage the automation and scale of keySTREAM to claim your devices

Remove the need for customization during manufacturing with in-field provisioning, reducing the risk of mishandled keys

Manage keys remotely to keep your IoT device security up to date


Scalable Manufacturing Solution

Because the keys, certificates and data intended to be loaded in the ECC608 will be provisioned by keySTREAM in the field at the time of connection, there is no need to expose those credentials to contract manufacturers nor spend test time and infrastructure cost in their factories.

Additionally, although you will have a custom root CA associated with your company name, there are no custom part numbers involved. As a result, you can better manage your inventory across multiple product lines. Financially, charges for in-field provisioning only occur if your customer connects the device; you only pay for what your customer really uses.