STMicroelectronics has partnered with software solutions provider Prove & Run to develop with a scalable security platform for IoT devices.

The platform combines Prove & Run’s ProvenCore-M secure operating system with ST's STM32L4 MCUs and its Common Criteria-certified STSAFETM-A100 secure element. The platform covers the full range of IoT security needs, from the most basic to the highest level of security requirements with Common Criteria-certified parts, according to ST.

The STM32L4 MCUs combine ST’s ultra-low-power microcontroller technology with ARM Cortex-M4 core, targeting next-generation energy-conscious consumer, industrial, medical and metering applications. STM32L4 devices achieve up to 100 DMIPS at just 37µA/MHz of active power consumption. In addition to a large set of smart peripherals, advanced and low-power analog circuits and up to 1MB of Flash and 320KB of SRAM, STM32L4 MCUs integrate numerous security mechanisms (MPU, debug life-cycle, execute-only protection).

Meanwhile, P&R said its ProvenCore is a highly secure RTOS with proven properties for enforcing the isolation of applications and stability of the platform. Conceived as a micro-kernel, it aims at having a minimal impact on integrating existing code as an application, while providing strong security services and enforcing state-of-the-art secure coding recipes. It also includes dedicated secure boot and secure application-update mechanisms that can optionally be integrated with STSAFE-A100 platform integrity services.

ST's STSAFE-A100 Secure Element is a Common Criteria EAL5+ -certified turnkey security solution for preventing counterfeiting, cloning and stealing information, and helping to fight against denials of service. The STSAFE-A100 features a secure embedded operating system that provides authentication, secure communication, secure data-management and platform integrity services, such as secure boot and firmware upgrade.

The new security platform eases the creation of secure IoT products, allowing customers to concentrate on the development of the functional part of their application, according to ST. Product developers without any special skills in security will benefit from the device's security services, including application isolation, secure boot, secure firmware update and key-storage resistant to physical attacks.