Icon Labs partners with Infineon on PKI Management Solution for OPTIGA TPM

Icon Labs announced its IoT Certificate management solution supports Infineon Technologies’ OPTIGA Trusted Platform Module (TPM). The partnership enables device manufacturers to manage PKI (Public Key Infrastructure) certificates throughout the product lifecycle using the OPTIGA TPM, including support for certificate injection during device manufacturing. Instead of having to manually install a certificate into each device, the device comes off the assembly line with a PKI certificate already installed. Infineon`s OPTIGA TPM chip complies with the internationally recognized security standards of the Trusted Computing Group.  

Security is a critical requirement for the IoT, and strong device authentication, using widely adopted PKI technology, enables managed security solutions for IoT deployments. Icon Labs’ Floodgate Certificate Authority and Floodgate PKI Client allow manufacturers to incorporate certificate-based authentication using the OPTIGA TPM for secure key storage. Capabilities include certificate creation during the manufacturing process using private keys stored in the TPM, certificate creation during device provisioning, and certificate management throughout the life of the device.

Icon Labs provides both the client- and server-sides of the PKI solution required to automate secure provisioning and enrollment. The Floodgate PKI Client is compatible with public and private CAs, providing the flexibility to operate a private PKI system without dependence on a public CA or to operate within the hierarchy of a public CA. The OPTIGA TPM securely stores the keys, the Floodgate Factory CA Server creates device authentication certificates, and the Floodgate PKI Client enables a connection in the field to a CA for issuance of TLS and other run-time certificates. The certificates create a Root of Trust enabling secure machine-to-machine communications, using keys secured by the OPTIGA TPM.

Creating a signed certificate during manufacturing requires several steps. First, the Floodgate PKI Client requests the OPTIGA TPM to generate a new public-private key pair. Using this key pair, a certificate signing request (CSR) is created while the private key does not leave the TPM. The Floodgate PKI Client sends the CSR to the Factory CA Server, which signs the request and returns a signed certificate to the PKI Client. This certificate can then be used to authenticate the device when the device is provisioned in the field.

Latest News from

Infineon simplifies speed measuring sensor designs
Infineon: smart power switches with PROFET+2 and High Current PROFET
Infineon: preventing cyber-attacks in rescue services
Infineon starts volume production of first full-SiC-module
Infineon: intelligent power module CIPOS Mini integrates power factor correction
Icon Labs partners with Infineon on PKI Management Solution for OPTIGA TPM
Infineon: flyback controller and integrated power IC CoolSET family
Infineon: logic level MOSFETs in PQFN package deliver high power density
Infineon: high voltage MOSFETs address power classes from 100 W to 15 kW
Infineon: EtherCAT implementation in next to no time
Infineon: RF solutions for fast, efficient and reliable 5G
Infineon: integrated MOSFET voltage regulator for high-density applications

ZES Zimmer on testing advanced power electronics

In this video Bernd Neuner from ZES Zimmer talks to Alix Paultre for Electronic News TV at the 2017 Power Electronics Conference in Nuremberg. The discussion deals with the issues involving test and m...

Weidmüller discusses the need for a better signal and power interface

In this video Rene Arntzen from Weidmüller talks to Alix Paultre of Electronic News TV about the importance of a good signal and power interface for industrial equipment. There is currently no good ...

Mouser talks about the state of engineering development today

In this video Mark Burr-Lonnon and Graham Maggs of Mouser Electronics, a major international electronics distributor, talk to Alix Paultre about the state of engineering development today. With massiv...

Infineon launches a new family of configurable industrial drive boards

In this video Infineon explains their new family of configurable industrial drive boards at SPS-IPC Drives 2017. Intended to enable easy setup and deployment, the XMC-based automation boards can handl...

STMicro explains their STSPIN family of single-chip motor drivers

In this video STMicroelectronics explains their STSPIN single-chip motor drivers at SPS-IPC Drives 2017. The STSPIN family embeds can drive motors efficiently and with high accuracy, with an advanced ...