News

First Trusted Platform Module for Industrial Applications Controls Access to Sensitive Data

March 28, 2019 by Scott McMahan

Infineon Technologies AG will present the first Trusted Platform Module (TPM) specifically for industrial applications at this year's Hannover Messe (Hannover, Germany, April 1-5, 2019). The OPTIGA™ TPM SLM 9670 protects the integrity and identity of industrial PCs, servers, industrial controllers or edge gateways. It controls access to sensitive data in key positions in a connected, automated factory as well as at the interface to the cloud.

The Internet of Things is increasing the fields of application for the TPM. With its extensive OPTIGA TPM product family, Infineon offers application-specific solutions for business PCs and routers, connected vehicles, or cloud applications. Additional uses include industrial PCs, servers, industrial controllers, programmable logic controllers, and edge gateways.

The TPM serves as a vault for sensitive data in connected devices and lowers the risk of data and production losses due to cyber attacks. Infineon asserts that users' benefits are not limited to security only as TPMs also help to shorten time to market and reduce costs for industrial applications.

Through the use of Infineon's audited and certified TPMs, producers of industrial devices can deliver higher security levels of the IEC 62443 standard and accelerate their certification processes. They can also cut costs for maintenance of the devices through secured remote software updates.

The IEC 62443 standard defines the IT security requirements for industrial communication networks.

The OPTIGA TPM SLM 9670 fully meets the TPM 2.0 standard of the Trusted Computing Group and is listed within the TCG Certified Products List based on functional and security evaluations performed by an independent third party according to Common Criteria EAL4+. In addition, it is compliant with FIPS 140-2 Level 2 (Physical Security Level 3).

TPM Diagram (Click on image to enlarge)

Based on the open, vendor-neutral global TPM standard created by TCG, the OPTIGA TPM family is a widely used and proven solution supported by a far-reaching ecosystem. Infineon says that major rich operating systems support OPTIGA TPM, offering plug-and-play usability. Additionally, a wide selection of software offerings, including libraries and applications, is available from open source projects and leading commercial vendors - also through the Infineon Security Partner Network (ISPN).

A service life of 20 years and the ability to update the firmware on the chip, enables the TPM to cope with long-term security risks that may be faced in an industrial environment. The chip boasts an extended temperature range of -40°C to 105°C and meets the rigorous requirements of industry in terms of robustness and quality as it is qualified according to the industrial JEDEC JESD47 standard.

Availability

Infineon manufactures the OPTIGA TPM SLM 9670 at it security-certified facilities in Germany and will be available in large volumes from the second half of 2019.

Infineon at the Hannover Messe

In addition to presenting its OPTIGA TPM SLM 9670 for the first time at Hannover Messe, a leading industrial show. Infineon will showcase various products.  The company will also show a demonstrator for energy-efficient and secured smart factories at the stand of Amazon Web Services (Hall 6, Stand F46). This demo includes also an edge gateway which is suitable application for the strong security of the OPTIGA TPM SLM 9670 because of the gateway's central and security-critical function in industrial networks.

Supports Smart factory and Industry 4.0 use cases that call for robust security based on:

  • Strong digital device IDs and device authentication
  • Secured communication for data confidentiality and IP protection
  • Integrity protection of devices and software , software updates included

Functions for Securing Industrial Devices and Systems

  • Key storage and management
  • Identification and authentication
  • Signature generation and verification
  • Software and firmware integrity attestation
  • Secured logging and secured time

Features

  • Standardized security chip compliant with TCG TPM 2.0 standard
  • Secured storage for critical data and secrets
  • Advanced protection mechanisms against physical and logical attacks
  • Support of cryptographic algorithms RSA-1028, RSA-2048, ECC NIST P256, ECC BN256, SHA-1, SHA-256
  • Temp. range -40°C to 105°C
  • Lifetime of 20 years
  • JEDEC JESD47 industrial qualification
  • Independently security evaluated and certified