Automated factory provisioning of certificates for IoT
Sectigo has announced a partnership with Infineon Technologies to provide automated provisioning of certificates for IoT, specifically for Infineon’s OPTIGA Trusted Platform Module (TPM) 2.0 using Sectigo IoT Identity Manager.
The integration provides manufacturers with a complete certificate management solution, including issuance and renewal, starting right on the factory floor, with secure certificate creation and insertion using the OPTIGA TPM for private key storage.
“Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices,” explained Alan Grau, VP of IoT/Embedded Solutions at Sectigo. “Together,Sectigo and Infineon are enabling device manufactures to leverage strong authentication and secure communication for IoT devices during the manufacturing of the device itself. This integration not only automates the process of provisioning certificates for IoT devices, but also delivers a complete PKI solution leveraging Sectigo’s highly secure cloud infrastructure.”
Device manufacturers across industries increasingly recognize the need to strengthen the security of their devices. The Sectigo-Infineon joint solution enables manufacturers to provide the enhanced levels of security required to protect their devices and to ensure compliance with ever-emerging and evolving IoT security standards and regulations across the globe.
For example, manufacturers are able to provision certificates into devices before they leave the factory, so that their connected IoT and IIoT productscomply with the authentication requirements of the California IoT Security Law, along with other similar legislation.
Device identity certificates enable strong authentication and the TPM—a specializedchipon an endpoint device—provides secure key storage to ensure keys are protected against attacks. The joint solution enables the insertion of certificates into the device during the manufacturing of the device, when the device is first provisioned into a network, or into the TPM chip itself before the chip is shipped to the manufacturer.
By installing certificates into the TPM chip prior to manufacturing, manufacturers are able to track the component throughout the supply chain to protect against device counterfeiting, ensuring that only authentic devices are manufactured.
“Infineon’s audited and certified TPMs enable manufacturers of connected devices to achieve higher levels of security. Together with our partner Sectigo, we are now also able to offer automated factory provisioning. This gives our customers a proven path combining ease of integration with the benefits of higher security performance,” said Lars Wemme, Head of IoT Security at Infineon Technologies.
The Sectigo IoT Identity Platform removes the complexity associated with securing and authenticating connected devices so that businesses can protect their infrastructure in an easy, scalable, cost-effective, way. The platform enables enterprises and OEMs to ensure the integrity and identity of their devices and maintain that security by managing certificates throughout the lifecycle of the device.
Infineon’s OPTIGA security solutions, including the OPTIGA TPM, offer a broad portfolio of security controllers to protect the integrity and authenticity of embedded devices and systems. With a secure key store and support for a variety of encryption algorithms, the security chips provide robust protection for critical data and processes through their rich functionality—and are essential for strong device identity solutions because the crypto co-processor can securely store the private key of the device.
Infineon’s proven key storage, coupled with Sectigo’s automated certificate issuance and management, delivers a robust, automated and easy-to-use PKI solution for device manufacturers.