OPTIGA™ TPM SLM 9670
産業用および厳しいアプリケーション向けの標準化された認証済みTPM 2.0セキュリティソリューション
OPTIGA™ TPM SLM 9670は、OPTIGA™ TPMファミリーの製品です。拡張動作温度範囲、長寿命、産業用グレード品質が必要とされる、産業用および厳しいアプリケーションの要件に対応しています。
標準的なTPMで実施される認定プロセスを上回る性能を備えたOPTIGA™ TPM SLM 9670は、厳しい環境条件で要求される性能を実現し、産業用JEDEC JESD47規格による認定を受けています。
OPTIGA™ TPM SLM 9670は、高度な柔軟性を備えており、以下に示すように、堅牢なセキュリティを必要とするスマートファクトリーおよびインダストリー4.0の革新的なユースケースに対応可能です。
- 強固なデジタルデバイスIDおよびデバイス認証
- データ秘匿およびIP保護のためのセキュア通信
- ソフトウェア更新を含む、デバイスおよびソフトウェアの完全性保護
The answer to smart factories` security challenges: OPTIGA™ TPM SLM 9670
OPTIGA™ TPM SLM 9670 offers high levels of flexibility to support innovative smart factory and Industry 4.0 use cases that call for robust security based on:
- Strong digital device IDs and device authentication
- Secured communication for data confidentiality and IP protection
- Integrity protection of devices and software , software updates included
SLM 9670 is equipped with a variety of functions to secure industrial devices and systems. These include:
- Key storage and management
- Identification and authentication
- Signature generation and verification
- Software and firmware integrity attestation
- Secured logging and secured time
OPTIGA™ TPM SLM 9670 is fully compliant with the Trusted Platform Module (TPM) standards issued by the Trusted Computing Group (TCG). It is listed within the TCG Certified Products List based on functional and security evaluations performed by an independent third party according to Common Criteria EAL4+. In addition, it is compliant with FIPS 140-2 Level 2 (Physical Security Level 3).
Based on the open, vendor-neutral global TPM standard created by TCG, the OPTIGA™ TPM family is a widely used and proven solution supported by a far-reaching ecosystem. Major rich operating systems support OPTIGA™ TPM, offering plug-and-play usability. Additionally, a wide selection of software offerings, including libraries and applications, is available from open source projects and leading commercial vendors – also through the Infineon Security Partner Network (ISPN).
- Standardized security chip compliant with TCG TPM 2.0 standard
- Secured storage for critical data and secrets
- Advanced protection mechanisms against physical and logical attacks
- Support of cryptographic algorithms RSA-1028, RSA-2048, ECC NIST P256, ECC BN256, SHA-1, SHA-256
- temp. range -40°C to 105°C
- lifetime of 20 years
- JEDEC JESD47 industrial qualification
- Independently security evaluated and certified
- Industrial PCs
- Servers
- Programmable Logic Controllers (PLC)
- Industrial Network Infrastructure & Equipment Including
- Gateways
- Routers
- Wireless Access Points
- Switches
TPMの機能ブロック
TPMは、独自のエンドースメント鍵および鍵階層により、鍵およびライフサイクル管理をサポートします。不揮発性メモリを使って、証明書などの秘密データをセキュアに保管することができます。センサー、秘密保護強化用メモリ暗号化機能など、50を超えるセキュリティ機能を持つ改ざん防止ハードウェアをベースにしています。TPMは、信頼できる時間ソースとしてセキュアなティックカウンタも備えています。
TPMによるセキュアなマイクロコントローラのブロック図
OPTIGA™ TPM SLM 9670ハードウェアは、改ざん防止のセキュアなマイクロコントローラ(MCU)をベースにしています。高度なハードウェアコプロセッサおよびセキュリティ周辺回路などの先進的なハードウェアセキュリティ技術を利用して、論理的および物理的な攻撃に対する強固な保護を実現しています。
Ecosystem and ISPN partner support of OPTIGA™ TPM
With more than 15 years of experience in designing TPM-based solutions and more than 20 scientific publications, the Fraunhofer Institute for Secure Information Technology (SIT) is one of the leading experts in the field of Trusted Computing. Fraunhofer SIT's involvement ranges from the standardization body over practical implementations to fundamental research. Fraunhofer SIT is involved throughout all application sectors, from desktop and server equipment, over automotive and railway to industrial applications.
Fraunhofer SIT's offers include:
*application sector specific design and architectures for TPM-based security solutions
*consultancy, teaching and empowerment on TPM integration
*extension and customizations of the Open Source Software Stack
GlobalSign provides PKI-based device identity enrollment and management solutions that leverage Infineon products such as the OPTIGA™ TPM SLM 9670 and SLB 9670 as the trust anchor. GlobalSign´s security products are targeted towards various IIoT verticals, including but not limited to - smart manufacturing, automotive, industrial automation and healthcare. GlobalSign brings experience and expertise in using PKI and SSL technologies and applying them towards solving cybersecurity problems in various small and large business contexts through their comprehensive product portfolio.
GlobalSign IoT Identity Platform can create and host custom PKI hierarchies that serve the core identity needs of devices embedded with Infineon OPTIGA™ TPMs.
GlobalSign IoT Edge Enroll is an endpoint software application that can provide device registration, enrollment and provisioning services. More information
Sectigo provides a complete certificate management solution starting with secure certificate creation & insertion at the customer´s factory using the OPTIGA™ TPM for private key storage. The Floodgate Factory CA Server enables key management and certificate signing during manufacturing. The Floodgate TPM Library provides the device-side software to streamline TPM usage and key storage, while the Floodgate CA Server allows management of PKI certificates after the device is deployed.Floodgate TPM Library and the Floodgate PKI Client enable OEMs to develop and deploy secure embedded connected devices with relative ease.
Together, Sectigo and Infineon provide:
- the APIs, libraries, and code running on the device to enable integration with the OPTIGA™ TPM
- key generation by the OPTIGA™ TPM and enrollment with Certificate Authority
- Certificate Signing Requests using the Simple Certificate Enrollment Protocol (SCEP), Enrollment over Secure Transport (EST), and Online Certificate Status Protocol (OCSP)
- Full integration with public and private Certificate Authorities
With about 15 years of experience in different security related projects and applications, Mixed Mode is a knowledgeable Infineon partner offering consulting services and software development for integration of the OPTIGA™ TPM. Amongst different projects, Mixed Mode developed and implemented a secure boot and secure update concept including hardware integration as well as verification of the LINUX image.
Mixed Mode has experience on different target embedded platforms, operating systems and use cases secured by OPTIGA™ TPM:
- Supported platforms: LINUX, RTOS, Bare Metal
- Supported use cases: Secure Communication, Secure Storage, Secure Boot, Secure Update
- Consulting services: Training, Workshops, Security Concepts / Security by Design, Code and Gap Analysis, ISO 62443 SL 3, Policy and Certificate Concepts
- Others: DRM (Digital Rights Management) and License Management on Embedded Platforms
wolfTPM is a TPM 2.0 project, designed for embedded use. It is highly portable, due to having been written in native C, having a single IO callback for SPI hardware interface, no external dependencies, and its compacted code with low resource usage.
It is generally very easy to compile on new platforms, so if your desired platform is not listed as supported or you would like assistance porting wolfTPM, please contact wolfSSL at facts@wolfssl.com.
Features:
*Provides all TPM 2.0 API's in compliance with the specification.
*Uses the TPM Interface Specification (TIS) to communicate over SPI.
*Includes wrappers for Key Generation, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV Access and Hashing.