OPTIGA™ TPM Provisioning
To further simplify the task of secured key provisioning during device manufacturing, Infineon collaborates with EBV. This alliance enables the secured provisioning of Infineon’s OPTIGA™ TPM with customer´s credentials using EBV’s state-of-the-art programming technology in a secured facility, thus simplifying the production process.
Advantages of pre-provisioned chips:
- no need to manage keys and provision credentials
- flexibility in production (in-house or outsourced to EMS) without investment in additional security measures
Infineon OPTIGA™ TPM Provisioning with EBV Secure it
OPTIGA™ TPM – simpler and faster secured key provisioning for IoT devices
IoT: Secured identity is key
IoT security starts with identity: Every IoT device needs a strong and unique identity so it can authenticate itself as trustworthy when it connects to the IoT.
Given the importance of this IDoT (Identity of Things), the secret keys and credentials establishing that identity must be protected against unauthorized access. Device credentials are usually provisioned during device manufacturing. Establishing a secured manufacturing environment is therefore required and can be challenging for OEMs. Consequently, outsourcing production can even further increase the security risks around provisioning.
Addressing today’s secured key provisioning challenges
- Secret keys may be leaked if the underlying security solutions offer weak resistance to tampering
- Secret keys may be leaked during the provisioning process if the outsourced production environment is not highly secure
- Provisioning of initial device credentials is usually complex and cost-intensive in volume production
OPTIGA™ TPM - Best choice for simpler and faster secured device key provisioning
The OPTIGA™ TPM (Trusted Platform Module) security controller supports the pre-provisioning of credentials in a secured chip. The chip provides a tamper-resistant memory to securely store the cryptographic keys and credentials needed for the device to authenticate and register with cloud services. It acts like a vault, safeguarding the keys along the entire value chain and beyond:
Do you have a Question?
Contact EBV
If you need any assistance, please click below to find your closest EBV sales office.
Related literature
Partner Use Case
Personalized security solutions based on hardware-based security like the OPTIGA™ TPM provide excellent protection for a large variety of application scenarios but also require custom certificates and programming.
IoT Device with TPM-based security
With OPTIGA™ TPM, secret keys are stored in a discrete, certified chip so they remain and are processed inside the chip. This reduces the attack surface, making key security highly immune to software vulnerabilities at operating system and application level.
Acting as a hardware trust anchor, the Infineon OPTIGA™ TPM is far more resistant to attacks than software-only approaches. It provides a secured storage vault for keys and also executes the associated cryptographic processes that use those keys. It thus secures the long-term cryptographic credentials for authentication and cloud connectivity. In addition, it supports authenticity checks for software updates and secures remote access.
Two approaches to IoT security: secured programming and secured provisioning
There are two main ways of securing an IoT device, through secured programming and secured provisioning.
Secured programming uses software on the device to provide security. This can protect the device’s firmware but may not offer enough protection from cyberattacks such as counterfeiting. And we know from experience that one of the main ways in which attackers compromise systems is by finding and exploiting programming bugs. In some cases, the exploits that follow from such security breaches are unrecoverable.
The secured programming approach is suitable for low-level applications in which a malfunction won’t cause injury or harm. It’s also suitable for devices that provide security without needing two-way communication with the programming system. Secured programming doesn’t rely on additional hardware, which saves money but doesn’t provide as much security as is possible with more costly approaches.
A second technique for device security is secured provisioning, which uses additional hardware to provide security protection throughout the device’s lifecycle. Although the extra hardware means greater upfront costs, the security it provides may be critical to protecting users, in turn avoiding reputational damage to brands and possible litigation.
Secured provisioning helps protect firmware from attacks such as counterfeiting and overbuilding, as well as against software bugs. A hardware root of trust can protect device software and operations from being subverted. It can also stop code being read by unauthorized parties. Secured provisioning protects devices that, if compromised, could cause harm to a person, property damage, loss of sensitive data or intellectual property.
EBV Elektronik can help you focus on places where your organisation offers the greatest competitive edge. We can help you to design and optimize your product, enabling you to focus on product differentiation. Partnering with EBV Elektronik can also help you develop safe and reliable connected devices, which protect your customers, your reputation, and your brand.
Infineon Technologies
OPTIGA™ TPM SLM9670
OPTIGA™ TPM SLM9670 industrial grade - qualified according to the industrial JEDEC JESD47 standard to enable the requisite performance under demanding environmental conditions
Infineon Technologies
OPTIGA™ TPM SLB 9672 FW16.xx
Ready-to-use TPM with SPI interface and PQC-protected firmware update mechanism optimized for IoT network and embedded control devices.
Infineon Technologies
OPTIGA™ TPM SLI9670
OPTIGA™ TPM SLI9670 automotive module - quality hardened Trusted Platform Module (TPM), specially designed for automotive applications
Infineon Technologies
OPTIGA™ TPM SLB 9670 (TPM 2.0)
The SLB 9670 offers the new SPI interface with TPM based on the TCG TPM2.0 standard.
Infineon Technologies
OPTIGA™ TPM SLB 9672 FW15.xx
Ready-to-use TPM with SPI interface and PQC-protected firmware update mechanism optimized for PCs and servers.