Infineon has implemented cross-signing certificates in its cryptographic chips

The fourth-generation smart plant (Industry 4.0) operates autonomously. Conveyor robots communicate with each other, reducing the percentage of rejects and waste

One of the world's largest chip manufacturers Infineon has entered into an agreement with the global certification authority GlobalSign to cross-sign certificates that the manufacturer independently issues for its industrial cryptographic chips Optiga TPM SLM 9670 . Now these signatures are verified right up to the GlobalSign root certification authority, which greatly simplifies their management.

The Optiga TPM SLM 9670 is considered the first industrial cryptographic chip to meet the TPM 2.0 standard. This is the latest model in the Optiga TPM family .


Optiga TPM SLM 9670 module

The chip is designed primarily for installation in industrial devices where reliability, stability over a wide temperature range and long-term guarantee are important. These are industrial computers, servers, PLC controllers, industrial network devices and equipment, including routers, gateways, wireless access points and switches.

TPM 2.0 is part of Industry 4.0 specifications and Smart Factories. Specifications include the following requirements:

• Strong digital identifiers and device authentication
  
• Secure communications for data privacy and intellectual property protection
  
• Protecting device and software integrity, including software updates

The fourth industrial revolution (Industry 4.0) provides for the introduction of cyber-physical systems and autonomous plants.

The SLM 9670 module went on sale in the second half of 2019. It supports all the functions that modern industrial equipment requires:

• Secure storage of critical data and private keys
  
• Advanced defense mechanisms against physical and logical attacks
  
• Support for cryptographic algorithms RSA-1028, RSA-2048, ECC NIST P256, ECC BN256, SHA-1, SHA-256
  
• Operational temperature range from −40 ° C to 105 ° C
  
• Service life 20 years
  
• Industrial Qualification JEDEC JESD47
  
• Independent Security Assessment and Certification

Optiga TPM SLM 9670 Functional Diagram An

agreement with GlobalSign provides for cross-signature by the local Infineon certification authority and the globally recognized GlobalSign certification authority, which increases the overall reliability of certificates that Infineon independently issues and automatically flashes in each Optiga TPM SLM 9670 chip. Now these certificates are verified up to root CA GlobalSign.

With a verifiable certificate, each Infineon TPM can connect to the GlobalSign IoT Edge Enroll Registration Centeron the IoT Identity Platform at any time throughout its life cycle.



Among other things, cross-signing certificates simplifies device enrollment in cloud-based device management services such as the Microsoft Azure IoT Hub and IoT Hub Device Provisioning Service. It alleviates the complex problems of integrating device identifiers and provides a proven path for securing IoT devices literally from chip to cloud.

“Unique device identifiers are essential for a secure connection to the cloud,” said Juergen Rebel, vice president and general manager of embedded security at Infineon Technologies. “With our new Optiga TPM integration kit, you can safely connect your device to Microsoft Azure IoT in less than an hour.”