EBV Infineon OPTIGA Hero Banner (HB)

Display portlet menu

Infineon OPTIGA™ product family

EBV - Infineon OPTIGA TPM Provisioning Sub Navigation (SN)

Display portlet menu

EBV - Infineon OPTIGA TPM Provisioning Static HTML

Display portlet menu

OPTIGA™ TPM Provisioning

To further simplify the task of secured key provisioning during device manufacturing, Infineon collaborates with EBV. This alliance enables the secured provisioning of Infineon’s OPTIGA™ TPM  with customer´s credentials using EBV’s state-of-the-art programming technology in a secured facility, thus simplifying the production process.

Advantages of pre-provisioned chips:

  • no need to manage keys and provision credentials
  • flexibility in production (in-house or outsourced to EMS) without investment in additional security measures

 

INFIN Grafiken TPM Provisioning


Infineon OPTIGA™ TPM Provisioning with EBV Secure it

OPTIGA™ TPM – simpler and faster secured key provisioning for IoT devices

IoT: Secured identity is key

IoT security starts with identity: Every IoT device needs a strong and unique identity so it can authenticate itself as trustworthy when it connects to the IoT.
Given the importance of this IDoT (Identity of Things), the secret keys and credentials establishing that identity must be protected against unauthorized access. Device credentials are usually provisioned during device manufacturing. Establishing a secured manufacturing environment is therefore required and can be challenging for OEMs. Consequently, outsourcing production can even further increase the security risks around provisioning.
 

Addressing today’s secured key provisioning challenges

  • Secret keys may be leaked if the underlying security solutions offer weak resistance to tampering
  • Secret keys may be leaked during the provisioning process if the outsourced production environment is not highly secure
  • Provisioning of initial device credentials is usually complex and cost-intensive in volume production

 

OPTIGA™ TPM  - Best choice for simpler and faster secured device key provisioning

The OPTIGA™ TPM (Trusted Platform Module) security controller supports the pre-provisioning of credentials in a secured chip. The chip provides a tamper-resistant memory to securely store the cryptographic keys and credentials needed for the device to authenticate and register with cloud services. It acts like a vault, safeguarding the keys along the entire value chain and beyond:
 

 

Do you have a Question?

Contact EBV

If you need any assistance, please click below to find your closest EBV sales office.

EBV - Infineon OPTIGA Trust Grid Box Light - Simple (GBLS)

Display portlet menu

EBV - Infineon Optiga - TPM Provisioning Use case Grid Box Light (GBL)

Display portlet menu

Partner Use Case

Personalized security solutions based on hardware-based security like the OPTIGA™ TPM provide excellent protection for a large variety of application scenarios but also require custom certificates and programming.

EBV - Infineon OPTIGA TPM Static HTML

Display portlet menu

Image of IFX-TPM Provisioning Visual

OPTIGA™ TPM  is the solution of choice for secured key provisioning

EBV - Infineon OPTIGA Provisioning Static HTML

Display portlet menu

 

INFIN Grafiken TPM Provisioning

 

 

 

Keys are typically provisioned during device manufacturing

EBV - Infineon OPTIGA TPM Provisioning table Static HTML

Display portlet menu

 

Keeping secret keys safe and well secured is at the heart of IoT security. See below why OPTIGA™ TPM is the preferred choice for this challenge.

 

Image of Software vs Hardware TPM

EBV - Infineon OPTIGA TPM Software only Static HTML

Display portlet menu

IoT device with Software-only security

Usually, secret keys are kept in the shared memory. Software vulnerabilities in the operating system could be exploited to expose or access the keys, for example.

EBV - Infineon OPTIGA TPM based security Static HTML

Display portlet menu

IoT Device with TPM-based security

With OPTIGA™ TPM, secret keys are stored in a discrete, certified chip so they remain and are processed inside the chip. This reduces the attack surface, making key security highly immune to software vulnerabilities at operating system and application level.

EBV - Infineon OPTIGA TPM security Static HTML

Display portlet menu


Acting as a hardware trust anchor, the Infineon OPTIGA™ TPM is far more resistant to attacks than software-only approaches. It provides a secured storage vault for keys and also executes the associated cryptographic processes that use those keys. It thus secures the long-term cryptographic credentials for authentication and cloud connectivity. In addition, it supports authenticity checks for software updates and secures remote access.

 

EBV - Infineon OPTIGA Secure programming Static HTML

Display portlet menu

Two approaches to IoT security: secured programming and secured provisioning

There are two main ways of securing an IoT device, through secured programming and secured provisioning.

Secured programming uses software on the device to provide security. This can protect the device’s firmware but may not offer enough protection from cyberattacks such as counterfeiting. And we know from experience that one of the main ways in which attackers compromise systems is by finding and exploiting programming bugs. In some cases, the exploits that follow from such security breaches are unrecoverable.

The secured programming approach is suitable for low-level applications in which a malfunction won’t cause injury or harm. It’s also suitable for devices that provide security without needing two-way communication with the programming system. Secured programming doesn’t rely on additional hardware, which saves money but doesn’t provide as much security as is possible with more costly approaches.

A second technique for device security is secured provisioning, which uses additional hardware to provide security protection throughout the device’s lifecycle. Although the extra hardware means greater upfront costs, the security it provides may be critical to protecting users, in turn avoiding reputational damage to brands and possible litigation.

Secured provisioning helps protect firmware from attacks such as counterfeiting and overbuilding, as well as against software bugs. A hardware root of trust can protect device software and operations from being subverted. It can also stop code being read by unauthorized parties. Secured provisioning protects devices that, if compromised, could cause harm to a person, property damage, loss of sensitive data or intellectual property.

EBV Elektronik can help you focus on places where your organisation offers the greatest competitive edge. We can help you to design and optimize your product, enabling you to focus on product differentiation. Partnering with EBV Elektronik can also help you develop safe and reliable connected devices, which protect your customers, your reputation, and your brand.

 

EBV - Optiga - OPTIGA TPM SLM9670 Grid Box Light (GBL)

Display portlet menu

Infineon Technologies

OPTIGA™ TPM SLM9670

OPTIGA™ TPM SLM9670 industrial grade - qualified according to the industrial JEDEC JESD47 standard to enable the requisite performance under demanding environmental conditions

EBV - Infineon - OPTIGA TPM SLB 9672 FW16.xx Grid Box Light (GBL)

Display portlet menu

Infineon Technologies

OPTIGA™ TPM SLB 9672 FW16.xx

Ready-to-use TPM with SPI interface and PQC-protected firmware update mechanism optimized for IoT network and embedded control devices.

EBV - Optiga - OPTIGA™ TPM SLI9670 Grid Box Light (GBL)

Display portlet menu

Infineon Technologies

OPTIGA™ TPM SLI9670

OPTIGA™ TPM SLI9670 automotive module - quality hardened Trusted Platform Module (TPM), specially designed for automotive applications

EBV - Infineon OPTIGA TPM SLB 9670 v2 Grid Box Light (GBL)

Display portlet menu

Infineon Technologies

OPTIGA™ TPM SLB 9670 (TPM 2.0)

The SLB 9670 offers the new SPI interface with TPM based on the TCG TPM2.0 standard.

EBV - Optiga product family - TPM SLB 9672 FW15.xx Grid Box Light (GBL)

Display portlet menu

Infineon Technologies

OPTIGA™ TPM SLB 9672 FW15.xx

Ready-to-use TPM with SPI interface and PQC-protected firmware update mechanism optimized for PCs and servers.